diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml
index 6e5951207f9..b73542fe344 100644
--- a/.buildkite/pipeline.yaml
+++ b/.buildkite/pipeline.yaml
@@ -1,16 +1,39 @@
 steps:
-  - label: ":books: Build spec"
+  - label: ":snake: Build swagger definitions for matrix.org"
     command:
-      - python3 -m venv env
-      - env/bin/pip install -r scripts/requirements.txt
-      - ". env/bin/activate; scripts/generate-matrix-org-assets"
+      # Install the python dependencies necessary to build the spec
+      - python3 -m venv env && . env/bin/activate
+      - pip install -r scripts/requirements.txt
+      # Build the spec
+      - scripts/generate-matrix-org-assets
     artifact_paths:
       - assets.tar.gz
     plugins:
-      - docker#v3.0.1:
-          image: "python:3.6"
+      - docker#v3.7.0:
+          image: python:3.9
 
   - label: "rebuild matrix.org"
     trigger: "matrix-dot-org"
     async: true
     branches: "master"
+
+  - label: ":books: Build the spec"
+    command:
+      # Install package dependencies
+      - apk add nodejs npm git hugo
+      # Install the node dependencies necessary to build the spec
+      - npm i
+      # Pull all git submodules, required for the hugo theme
+      - git submodule update --init --recursive
+      # Pull current proposal information
+      - npm run get-proposals
+      # Build the spec, will build to './spec'
+      # Set the baseURL as we're deploying to https://spec.matrix.org/unstable
+      - hugo --baseURL "/unstable" -d "spec"
+      # Compress the result and make it available as an artifact
+      - tar -czf spec.tar.gz spec
+    artifact_paths:
+      - spec.tar.gz
+    plugins:
+      - docker#v3.7.0:
+          image: alpine
\ No newline at end of file
diff --git a/.circleci/config.yml b/.circleci/config.yml
index bf4404ce95f..e0815d7623b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,13 +1,19 @@
 gendoc: &gendoc
   name: Generate the docs
+  # Note: Node dependencies are required for the hugo build.
+  # Note: We use a custom config file for circleci due to some specifics with hosting the
+  #       site using CircleCI's artifacts platform. See config-circleci.toml for details.
   command: |
-    source /env/bin/activate
-    scripts/gendoc.py
+    apk add nodejs npm git hugo
+    npm i
+    cat config-circleci.toml config.toml > hugo-config.toml
+    hugo --config hugo-config.toml --baseURL "/${CIRCLE_NODE_INDEX}/public"
 
 genswagger: &genswagger
-  name: Generate the swagger
+  name: Validate sources and generate swagger json
   command: |
     source /env/bin/activate
+    scripts/check-swagger-sources.py
     scripts/dump-swagger.py
 
 buildswaggerui: &buildswaggerui
@@ -27,23 +33,14 @@ checkexamples: &checkexamples
   name: Check Event Examples
   command: |
     source /env/bin/activate
-    cd event-schemas
-    ./check_examples.py
-    cd ../api
-    ./check_examples.py
-
-genmatrixassets: &genmatrixassets
-  name: Generate/Verify matrix.org assets
-  command: |
-    source /env/bin/activate
-    ./scripts/generate-matrix-org-assets
+    scripts/check-event-schema-examples.py
 
 validateapi: &validateapi
   name: Validate OpenAPI specifications
   command: |
-    cd api
+    cd scripts
     npm install
-    node validator.js -s "client-server"
+    node validator.js -s "../data/api/client-server"
 
 buildspeculator: &buildspeculator
   name: Build Speculator
@@ -51,12 +48,6 @@ buildspeculator: &buildspeculator
     cd scripts/speculator
     go build -v
 
-buildcontinuserv: &buildcontinuserv
-  name: Build Continuserv
-  command: |
-    cd scripts/continuserv
-    go build -v
-
 version: 2
 jobs:
   validate-docs:
@@ -71,18 +62,21 @@ jobs:
     steps:
       - checkout
       - run: *checkexamples
-      - run: *genmatrixassets # We don't actually use the assets, but we do want to make sure they build
   build-docs:
     docker:
-      - image: uhoreg/matrix-doc-build
+      - image: alpine
     steps:
+      # Note: We install git in the image so we can pull git submodules. The hugo theme in use
+      # is a git submodule, which has its own submodules, and all need to be loaded.
+      - run: apk add git
       - checkout
+      - run: git submodule update --init --recursive
       - run: *gendoc
       - store_artifacts:
-          path: scripts/gen
+          path: public
       - run:
           name: "Doc build is available at:"
-          command: DOCS_URL="${CIRCLE_BUILD_URL}/artifacts/${CIRCLE_NODE_INDEX}/${CIRCLE_WORKING_DIRECTORY/#\~/$HOME}/scripts/gen/index.html"; echo $DOCS_URL
+          command: DOCS_URL="${CIRCLE_BUILD_URL}/artifacts/${CIRCLE_NODE_INDEX}/public/index.html"; echo $DOCS_URL
   build-swagger:
     docker:
       - image: uhoreg/matrix-doc-build
@@ -104,8 +98,6 @@ jobs:
           name: Install Dependencies
           command: |
             go get -v github.com/hashicorp/golang-lru
-            go get -v gopkg.in/fsnotify/fsnotify.v1
-      - run: *buildcontinuserv
       - run: *buildspeculator
 
 workflows:
diff --git a/.github/ISSUE_TEMPLATE/clarification.md b/.github/ISSUE_TEMPLATE/clarification.md
new file mode 100644
index 00000000000..1aaa35c6123
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/clarification.md
@@ -0,0 +1,13 @@
+---
+name: Clarity problem
+about: Report an area of the spec that is unclear.
+title: ''
+labels: 'clarification'
+assignees: ''
+
+---
+
+**Link to problem area**:
+
+**Issue**
+What is wrong? How can we improve?
diff --git a/.github/ISSUE_TEMPLATE/config.yaml b/.github/ISSUE_TEMPLATE/config.yaml
new file mode 100644
index 00000000000..79bc995d473
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yaml
@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+ - name: Matrix Spec Discussion
+   url: "https://matrix.to/#/#matrix-spec:matrix.org"
+   about: Questions about the spec and proposal process can be asked here.
+ - name: Matrix Security Policy
+   url: https://www.matrix.org/security-disclosure-policy/
+   about: Learn more about our security disclosure policy.
diff --git a/.github/ISSUE_TEMPLATE/cosmetic-bug.md b/.github/ISSUE_TEMPLATE/cosmetic-bug.md
new file mode 100644
index 00000000000..1012302b26c
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/cosmetic-bug.md
@@ -0,0 +1,13 @@
+---
+name: Cosmetic issue
+about: Report an issue with how the spec looks.
+title: ''
+labels: 'aesthetic'
+assignees: ''
+
+---
+
+**Link to problem area**:
+
+**Issue**
+What is wrong? What can we do to improve?
diff --git a/.github/ISSUE_TEMPLATE/idea.md b/.github/ISSUE_TEMPLATE/idea.md
new file mode 100644
index 00000000000..028012a576c
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/idea.md
@@ -0,0 +1,12 @@
+---
+name: Spec idea
+about: Suggest a future MSC idea.
+title: ''
+labels: 'improvement'
+assignees: ''
+
+---
+
+**Suggestion**
+What would you like to see in Matrix? If your idea is vaguely complete enough, we
+recommend submitting [an MSC](https://matrix.org/docs/spec/proposals) instead.
diff --git a/.github/ISSUE_TEMPLATE/spec-bug.md b/.github/ISSUE_TEMPLATE/spec-bug.md
new file mode 100644
index 00000000000..590234cac16
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/spec-bug.md
@@ -0,0 +1,16 @@
+---
+name: Documentation error
+about: Report an issue with the spec itself (incorrect text).
+title: ''
+labels: 'spec-bug'
+assignees: ''
+
+---
+
+**Link to problem area**:
+
+**Issue**
+What is wrong?
+
+**Expected behaviour**
+How can the issue be fixed? Links to implementations/documents which prove the spec is wrong are appreciated.
diff --git a/.gitignore b/.gitignore
index 9cc27b85582..a0c5cef073b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,15 +1,20 @@
 /api/node_modules
-/assets
 /assets.tar.gz
+/data/msc
 /env*
+/node_modules
+/resources
 /scripts/gen
 /scripts/continuserv/continuserv
 /scripts/speculator/speculator
 /scripts/swagger
 /scripts/tmp
 /templating/out
+/hugo-config.toml
+/public
 *.pyc
 *.swp
 _rendered.rst
 /.vscode/
 /.idea/
+/spec/
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000000..5e606ab20e5
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,4 @@
+[submodule "themes/docsy"]
+	path = themes/docsy
+	url = https://github.com/matrix-org/docsy.git
+	branch = master
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 2d26e8a8ca7..2e72e1860d7 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -29,9 +29,7 @@ some time to complete.
 Changes to the protocol (new endpoints, ideas, etc) need to go through the
 `proposals process <https://matrix.org/docs/spec/proposals>`_. Other changes,
 such as fixing bugs, typos, or clarifying existing behaviour do not need a proposal.
-If you're not sure, visit us at `#matrix-spec:matrix.org`_
-and ask.
-
+If you're not sure, visit us at `#matrix-spec:matrix.org`_ and ask.
 
 Other changes
 ~~~~~~~~~~~~~
@@ -64,12 +62,17 @@ following:
   to fix. On the other hand, introducing new behaviour is best represented by a
   proposal.
 
+* Design or aesthetic changes, such as improving accessibility, colour schemes,
+  etc. Please check in with us at `#matrix-docs:matrix.org`_ with your proposed
+  design change before opening a PR so we can work with you on it.
+
 For such changes, please do just open a `pull request`_. If you're not sure if
 your change is covered by the above, please visit `#matrix-spec:matrix.org` and
 ask.
 
 .. _`pull request`: https://help.github.com/articles/about-pull-requests
 .. _`#matrix-spec:matrix.org`: https://matrix.to/#/#matrix-spec:matrix.org
+.. _`#matrix-docs:matrix.org`: https://matrix.to/#/#matrix-docs:matrix.org
 
 
 Adding to the changelog
@@ -86,8 +89,8 @@ To create a changelog entry, create a file named in the format ``prNumber.type``
 the ``newsfragments`` directory. The ``type`` can be one of the following:
 
 * ``new`` - Used when adding new endpoints. Please have the file contents be the
-  method and route being added, surrounded in RST code tags. For example: ``POST
-  /accounts/whoami``
+  method and route being added, surrounded in markdown code tags. For example: \`POST
+  /accounts/whoami\`.
 
 * ``feature`` - Used when adding backwards-compatible changes to the API.
 
@@ -100,8 +103,7 @@ the ``newsfragments`` directory. The ``type`` can be one of the following:
 
 All news fragments must have a brief summary explaining the change in the
 contents of the file. The summary must end in a full stop to be in line with
-the style guide and and formatting must be done using `Restructured Text
-<http://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html>`_.
+the style guide and formatting must be done using Markdown.
 
 Changes that do not change the spec, such as changes to the build script, formatting,
 CSS, etc should not get a news fragment.
diff --git a/README.md b/README.md
new file mode 100644
index 00000000000..75f55affaac
--- /dev/null
+++ b/README.md
@@ -0,0 +1,102 @@
+# Matrix Specification
+
+This repository contains the Matrix Specification, rendered at [spec.matrix.org](http://spec.matrix.org/).
+
+Developers looking to use Matrix should join [#matrix-dev:matrix.org](https://matrix.to/#/#matrix-dev:matrix.org)
+on Matrix for help.
+
+Spec authors and proposal writers are welcome to join [#matrix-spec:matrix.org](https://matrix.to/#/#matrix-spec:matrix.org).
+We welcome contributions! See [CONTRIBUTING.rst](./CONTRIBUTING.rst) for details.
+
+## Structure
+
+The Matrix spec is compiled with [Hugo](https://gohugo.io/) (a static site generator) with the following structure:
+
+* `/assets`: assets that need postprocessing using [Hugo Pipes](https://gohugo.io/hugo-pipes/introduction/).
+  For example, Sass files would go here.
+
+* `/content`: files that will become pages in the site go here. Typically these are Markdown files with some YAML front
+  matter indicating, [among other things](https://gohugo.io/content-management/front-matter/), what layout should be
+  applied to this page. The organization of files under `/content` determines the organization of pages in the built
+  site.
+
+* `/data`: this can contain TOML, YAML, or JSON files. Files kept here are directly available to template code as
+  [data objects](https://gohugo.io/templates/data-templates/), so templates don't need to load them from a file and
+  parse them. This is also where our Swagger/OpenAPI definitions and schemas are.
+
+* `/layouts`: this contains [Hugo templates](https://gohugo.io/templates/). Some templates define the overall layout of
+  a page: for example, whether it has header, footer, sidebar, and so on.
+    * `/layouts/partials`: these templates can be called from other templates, so they can be used to factor out
+      template code that's used in more than one template. An obvious example here is something like a sidebar, where
+      several different page layouts might all include the sidebar. But also, partial templates can return values: this
+      means they can be used like functions, that can be called by multiple templates to do some common processing.
+    * `/layouts/shortcodes`: these templates can be called directly from files in `/content`.
+
+* `/static`: static files which don't need preprocessing. JS or CSS files could live here.
+
+* `/themes`: you can use just Hugo or use it with a theme. Themes primarily provide additional templates, which are
+  supplied in a `/themes/$theme_name/layouts` directory. You can use a theme but customise it by providing your own
+  versions of any of the theme layouts in the base `/layouts` directory. That is, if a theme provides
+  `/themes/$theme_name/layouts/sidebar.html` and you provide `/layouts/sidebar.html`, then your version of the
+  template will be used.
+
+It also has the following top-level file:
+
+* `config.toml`: site-wide configuration settings. Some of these are built-in and you can add your own. Config settings
+  defined here are available in templates. All these directories above are configurable via `config.toml` settings.
+
+Additionally, the following directories may be of interest:
+
+* `/attic`: Here contains historical sections of specification and legacy drafts for the specification.
+* `/changelogs`: Various bits of changelog for the specification areas.
+* `/data-definitions`: Bits of structured data consumable by Matrix implementations.
+* `/meta`: Documentation relating to the spec's processes that are otherwise untracked (release instructions, etc).
+* `/scripts`: Various scripts for generating the spec and validating its contents.
+* `/proposals`: Matrix Spec Change (MSC) proposals. See <https://spec.matrix.org/unstable/proposals/>.
+
+## Authoring changes to the spec
+
+Please read [CONTRIBUTING.rst](./CONTRIBUTING.rst) before authoring a change to the spec. Note that spec authoring takes
+place after an MSC has been accepted, not as part of a proposal itself.
+
+1. Install the extended version (often the OS default) of Hugo:
+   <https://gohugo.io/getting-started/installing>. Note that at least Hugo
+   v0.74 is required.
+
+   Alternatively, use the Docker image at https://hub.docker.com/r/klakegg/hugo/.
+2. Run `git submodule update --init --recursive` for good measure.
+3. Run `npm i` to install the dependencies. Note that this will require NodeJS to be installed.
+4. Run `npm run get-proposals` to seed proposal data. This is merely for populating the content of the "Spec Change Proposals"
+   page and is not required.
+5. Run `hugo serve` (or `docker run --rm -it -v $(pwd):/src -p 1313:1313
+   klakegg/hugo serve`) to run a local webserver which builds whenever a file
+   change is detected. If watching doesn't appear to be working for you, try
+   adding `--disableFastRender` to the commandline.
+6. Edit the specification 🙂
+
+We use a highly customized [Docsy](https://www.docsy.dev/) theme for our generated site, which uses Bootstrap and Font
+Awesome. If you're looking at making design-related changes to the spec site, please coordinate with us in
+[#matrix-docs:matrix.org](https://matrix.to/#/#matrix-docs:matrix.org) before opening a PR.
+
+## Building the specification
+
+If for some reason you're not a CI/CD system and want to render a static version of the spec for yourself, follow the above
+steps for authoring changes to the specification and instead of `hugo serve` run `hugo -d "spec"` - this will generate the
+spec to `/spec`. If you'd like to serve the spec off a path instead of a domain root (eg: `/unstable`), add `--baseURL "/unstable"`
+to the `hugo -d "spec"` command.
+
+For building the swagger definitions, create a python3 virtualenv and activate it. Then run `pip install -r ./scripts/requirements.txt`
+and finally `python ./scripts/dump-swagger.py` to generate it to `./scripts/swagger/api-docs.json`. To make use of the generated file,
+there are a number of options:
+
+* It can be uploaded from your filesystem to an online editor/viewer such as [on the swagger website](http://editor.swagger.io/).
+* You can run a local HTTP server by running `./scripts/swagger-http-server.py`, and then view the documentation via an
+  online viewer; for example, at <http://petstore.swagger.io/?url=http://localhost:8000/api-docs.json>.
+* You can host the swagger UI yourself. See <https://github.com/swagger-api/swagger-ui#how-to-run> for advice on how to
+  do so.
+
+## Issue tracking
+
+Specification issues are tracked on github at <https://github.com/matrix-org/matrix-doc/issues>.
+
+See [meta/github-labels.rst](./meta/github-labels.rst) for information on what the labels mean.
diff --git a/README.rst b/README.rst
deleted file mode 100644
index 61c27f15079..00000000000
--- a/README.rst
+++ /dev/null
@@ -1,143 +0,0 @@
-This repository contains the Matrix specification.
-
-If you want to ask more about the specification, join us on
-`#matrix-dev:matrix.org <http://matrix.to/#/#matrix-dev:matrix.org>`_.
-
-We welcome contributions to the spec! See the notes below on `Building the
-specification`_, and `<CONTRIBUTING.rst>`_ to get started making contributions.
-
-Note that the Matrix Project lists, which were previously kept in this
-repository, are now in https://github.com/matrix-org/matrix.org.
-
-Structure of this repository
-============================
-
-- ``api`` : `OpenAPI`_ (swagger) specifications for the the HTTP APIs.
-- ``attic``: historical sections of specification for reference
-  purposes.
-- ``changelogs``: change logs for the various parts of the
-  specification.
-- ``drafts``: Previously, contained documents which were under discussion for
-  future incusion into the specification and/or supporting documentation. This
-  is now historical, as we use separate discussion documents (see
-  `<CONTRIBUTING.rst>`_).
-- ``event-schemas``: the `JSON Schema`_ for all Matrix events
-  contained in the specification, along with example JSON files.
-- ``meta``: documents outlining the processes involved when writing
-  documents, e.g. documentation style, guidelines.
-- ``scripts``: scripts to generate formatted versions of the
-  documentation, typically HTML.
-- ``specification``: the specification split up into sections.
-
-.. _OpenAPI: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md
-.. _JSON Schema: http://json-schema.org/
-
-Building the specification
-==========================
-
-The Matrix Spec is generated by a set of scripts, from the RST documents, API
-specs and event schemas in this repository.
-
-Preparation
------------
-
-To use the scripts, it is best to create a Python 3.4+ virtualenv as follows::
-
-  virtualenv -p python3 env
-  env/bin/pip install -r scripts/requirements.txt
-
-(Benjamin Saunders has contributed a script for `Nix`_ users, which can be
-invoked with ``nix-shell scripts/contrib/shell.nix``.)
-
-.. TODO: Possibly we need some libs installed; should record what they are.
-
-.. _`Nix`: https://nixos.org/nix/
-
-Generating the specification
-----------------------------
-
-To rebuild the specification, use ``scripts/gendoc.py``::
-
-  source env/bin/activate
-  ./scripts/gendoc.py
-
-The above will write the rendered version of the specification to
-``scripts/gen``. To view it, point your browser at ``scripts/gen/index.html``.
-
-Windows users
-~~~~~~~~~~~~~
-The ``source`` program does not exist on Windows, so instead run one of the 
-``activate`` files in ``.\env\Scripts\`` to activate the virtual environment.
-
-If you're on Windows Vista or higher, be sure that the "Symbolic Links"
-option was selected when installing Git prior to cloning this repository. If
-you're still seeing errors about files not being found it is likely because
-the symlink at ``api/client-server/definitions/event-schemas`` looks like a
-file. To correct the problem, open an Administrative/Elevated Command Prompt in your
-cloned matrix-doc directory and run the following::
-
-  cd api\client-server\definitions
-  del event-schemas
-  mklink /D event-schemas "..\..\..\event-schemas"
-
-This will delete the file and replace it with a symlink. Git should not detect
-this as a change, and you should be able to go back to building the project.
-
-Generating the OpenAPI (Swagger) specs
---------------------------------------
-
-`Swagger`_ is a framework for representing RESTful APIs. We use it to generate
-interactive documentation for our APIs.
-
-Before the Swagger docs can be used in the Swagger UI (or other tool expecting
-a Swagger specs, they must be combined into a single json file. This can be
-done as follows::
-
-  source env/bin/activate
-  ./scripts/dump-swagger.py
-
-By default, ``dump-swagger`` will write to ``scripts/swagger/api-docs.json``.
-
-To make use of the generated file, there are a number of options:
-
-* It can be uploaded from your filesystem to an online editor/viewer such as
-  http://editor.swagger.io/
-* You can run a local HTTP server by running
-  ``./scripts/swagger-http-server.py``, and then view the documentation via an
-  online viewer; for example, at
-  http://petstore.swagger.io/?url=http://localhost:8000/api-docs.json
-* You can host the swagger UI yourself. See
-  https://github.com/swagger-api/swagger-ui#how-to-run for advice on how to do
-  so.
-
-.. _`Swagger`: http://swagger.io/
-
-Continuserv
------------
-
-Continuserv is a script which will rebuild the specification every time a file
-is changed, and will serve it to a browser over HTTP. It is intended for use by
-specification authors, so that they can quickly see the effects of their
-changes.
-
-It is written in Go, so you will need the ``go`` compiler installed on your
-computer. You will also need to install fsnotify by running::
-
-  go get gopkg.in/fsnotify/fsnotify.v1
-
-Then, create a virtualenv as described above under `Preparation`_,
-and::
-
-  source env/bin/activate
-  go run ./scripts/continuserv/main.go
-
-You will then be able to view the generated spec by visiting
-http://localhost:8000/index.html.
-
-Issue tracking
-==============
-
-Issues with the Matrix specification are tracked in `GitHub
-<https://github.com/matrix-org/matrix-doc/issues>`_.
-
-See `meta/github-labels.rst <meta/github-labels.rst>`_ for notes on what the labels mean.
diff --git a/api/README b/api/README
deleted file mode 100644
index 7b971fac956..00000000000
--- a/api/README
+++ /dev/null
@@ -1,2 +0,0 @@
-This directory contains swagger-compatible representations of our APIs. See
-the main README.rst for details on how to make use of them.
diff --git a/api/client-server/definitions/event-schemas b/api/client-server/definitions/event-schemas
deleted file mode 120000
index 376cf90c03c..00000000000
--- a/api/client-server/definitions/event-schemas
+++ /dev/null
@@ -1 +0,0 @@
-../../../event-schemas
\ No newline at end of file
diff --git a/api/client-server/sso_login_redirect.yaml b/api/client-server/sso_login_redirect.yaml
deleted file mode 100644
index acbafc57892..00000000000
--- a/api/client-server/sso_login_redirect.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 2019 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Client-Server SSO Login API"
-  version: "1.0.0"
-host: localhost:8008
-schemes:
-  - https
-  - http
-basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%
-paths:
-  "/login/sso/redirect":
-    get:
-      summary: Redirect the user's browser to the SSO interface.
-      description: |-
-        A web-based Matrix client should instruct the user's browser to
-        navigate to this endpoint in order to log in via SSO.
-
-        The server MUST respond with an HTTP redirect to the SSO interface.
-      operationId: redirectToSSO
-      parameters:
-        - in: query
-          type: string
-          name: redirectUrl
-          description: |-
-            URI to which the user will be redirected after the homeserver has
-            authenticated the user with SSO.
-          required: true
-      responses:
-        302:
-          description: A redirect to the SSO interface.
-          headers:
-            Location:
-              type: "string"
diff --git a/api/files/backbone-min.js b/api/files/backbone-min.js
deleted file mode 100644
index c1c0d4fff28..00000000000
--- a/api/files/backbone-min.js
+++ /dev/null
@@ -1,38 +0,0 @@
-// Backbone.js 0.9.2
-
-// (c) 2010-2012 Jeremy Ashkenas, DocumentCloud Inc.
-// Backbone may be freely distributed under the MIT license.
-// For all details and documentation:
-// http://backbonejs.org
-(function(){var l=this,y=l.Backbone,z=Array.prototype.slice,A=Array.prototype.splice,g;g="undefined"!==typeof exports?exports:l.Backbone={};g.VERSION="0.9.2";var f=l._;!f&&"undefined"!==typeof require&&(f=require("underscore"));var i=l.jQuery||l.Zepto||l.ender;g.setDomLibrary=function(a){i=a};g.noConflict=function(){l.Backbone=y;return this};g.emulateHTTP=!1;g.emulateJSON=!1;var p=/\s+/,k=g.Events={on:function(a,b,c){var d,e,f,g,j;if(!b)return this;a=a.split(p);for(d=this._callbacks||(this._callbacks=
-{});e=a.shift();)f=(j=d[e])?j.tail:{},f.next=g={},f.context=c,f.callback=b,d[e]={tail:g,next:j?j.next:f};return this},off:function(a,b,c){var d,e,h,g,j,q;if(e=this._callbacks){if(!a&&!b&&!c)return delete this._callbacks,this;for(a=a?a.split(p):f.keys(e);d=a.shift();)if(h=e[d],delete e[d],h&&(b||c))for(g=h.tail;(h=h.next)!==g;)if(j=h.callback,q=h.context,b&&j!==b||c&&q!==c)this.on(d,j,q);return this}},trigger:function(a){var b,c,d,e,f,g;if(!(d=this._callbacks))return this;f=d.all;a=a.split(p);for(g=
-z.call(arguments,1);b=a.shift();){if(c=d[b])for(e=c.tail;(c=c.next)!==e;)c.callback.apply(c.context||this,g);if(c=f){e=c.tail;for(b=[b].concat(g);(c=c.next)!==e;)c.callback.apply(c.context||this,b)}}return this}};k.bind=k.on;k.unbind=k.off;var o=g.Model=function(a,b){var c;a||(a={});b&&b.parse&&(a=this.parse(a));if(c=n(this,"defaults"))a=f.extend({},c,a);b&&b.collection&&(this.collection=b.collection);this.attributes={};this._escapedAttributes={};this.cid=f.uniqueId("c");this.changed={};this._silent=
-{};this._pending={};this.set(a,{silent:!0});this.changed={};this._silent={};this._pending={};this._previousAttributes=f.clone(this.attributes);this.initialize.apply(this,arguments)};f.extend(o.prototype,k,{changed:null,_silent:null,_pending:null,idAttribute:"id",initialize:function(){},toJSON:function(){return f.clone(this.attributes)},get:function(a){return this.attributes[a]},escape:function(a){var b;if(b=this._escapedAttributes[a])return b;b=this.get(a);return this._escapedAttributes[a]=f.escape(null==
-b?"":""+b)},has:function(a){return null!=this.get(a)},set:function(a,b,c){var d,e;f.isObject(a)||null==a?(d=a,c=b):(d={},d[a]=b);c||(c={});if(!d)return this;d instanceof o&&(d=d.attributes);if(c.unset)for(e in d)d[e]=void 0;if(!this._validate(d,c))return!1;this.idAttribute in d&&(this.id=d[this.idAttribute]);var b=c.changes={},h=this.attributes,g=this._escapedAttributes,j=this._previousAttributes||{};for(e in d){a=d[e];if(!f.isEqual(h[e],a)||c.unset&&f.has(h,e))delete g[e],(c.silent?this._silent:
-b)[e]=!0;c.unset?delete h[e]:h[e]=a;!f.isEqual(j[e],a)||f.has(h,e)!=f.has(j,e)?(this.changed[e]=a,c.silent||(this._pending[e]=!0)):(delete this.changed[e],delete this._pending[e])}c.silent||this.change(c);return this},unset:function(a,b){(b||(b={})).unset=!0;return this.set(a,null,b)},clear:function(a){(a||(a={})).unset=!0;return this.set(f.clone(this.attributes),a)},fetch:function(a){var a=a?f.clone(a):{},b=this,c=a.success;a.success=function(d,e,f){if(!b.set(b.parse(d,f),a))return!1;c&&c(b,d)};
-a.error=g.wrapError(a.error,b,a);return(this.sync||g.sync).call(this,"read",this,a)},save:function(a,b,c){var d,e;f.isObject(a)||null==a?(d=a,c=b):(d={},d[a]=b);c=c?f.clone(c):{};if(c.wait){if(!this._validate(d,c))return!1;e=f.clone(this.attributes)}a=f.extend({},c,{silent:!0});if(d&&!this.set(d,c.wait?a:c))return!1;var h=this,i=c.success;c.success=function(a,b,e){b=h.parse(a,e);if(c.wait){delete c.wait;b=f.extend(d||{},b)}if(!h.set(b,c))return false;i?i(h,a):h.trigger("sync",h,a,c)};c.error=g.wrapError(c.error,
-h,c);b=this.isNew()?"create":"update";b=(this.sync||g.sync).call(this,b,this,c);c.wait&&this.set(e,a);return b},destroy:function(a){var a=a?f.clone(a):{},b=this,c=a.success,d=function(){b.trigger("destroy",b,b.collection,a)};if(this.isNew())return d(),!1;a.success=function(e){a.wait&&d();c?c(b,e):b.trigger("sync",b,e,a)};a.error=g.wrapError(a.error,b,a);var e=(this.sync||g.sync).call(this,"delete",this,a);a.wait||d();return e},url:function(){var a=n(this,"urlRoot")||n(this.collection,"url")||t();
-return this.isNew()?a:a+("/"==a.charAt(a.length-1)?"":"/")+encodeURIComponent(this.id)},parse:function(a){return a},clone:function(){return new this.constructor(this.attributes)},isNew:function(){return null==this.id},change:function(a){a||(a={});var b=this._changing;this._changing=!0;for(var c in this._silent)this._pending[c]=!0;var d=f.extend({},a.changes,this._silent);this._silent={};for(c in d)this.trigger("change:"+c,this,this.get(c),a);if(b)return this;for(;!f.isEmpty(this._pending);){this._pending=
-{};this.trigger("change",this,a);for(c in this.changed)!this._pending[c]&&!this._silent[c]&&delete this.changed[c];this._previousAttributes=f.clone(this.attributes)}this._changing=!1;return this},hasChanged:function(a){return!arguments.length?!f.isEmpty(this.changed):f.has(this.changed,a)},changedAttributes:function(a){if(!a)return this.hasChanged()?f.clone(this.changed):!1;var b,c=!1,d=this._previousAttributes,e;for(e in a)if(!f.isEqual(d[e],b=a[e]))(c||(c={}))[e]=b;return c},previous:function(a){return!arguments.length||
-!this._previousAttributes?null:this._previousAttributes[a]},previousAttributes:function(){return f.clone(this._previousAttributes)},isValid:function(){return!this.validate(this.attributes)},_validate:function(a,b){if(b.silent||!this.validate)return!0;var a=f.extend({},this.attributes,a),c=this.validate(a,b);if(!c)return!0;b&&b.error?b.error(this,c,b):this.trigger("error",this,c,b);return!1}});var r=g.Collection=function(a,b){b||(b={});b.model&&(this.model=b.model);b.comparator&&(this.comparator=b.comparator);
-this._reset();this.initialize.apply(this,arguments);a&&this.reset(a,{silent:!0,parse:b.parse})};f.extend(r.prototype,k,{model:o,initialize:function(){},toJSON:function(a){return this.map(function(b){return b.toJSON(a)})},add:function(a,b){var c,d,e,g,i,j={},k={},l=[];b||(b={});a=f.isArray(a)?a.slice():[a];c=0;for(d=a.length;c<d;c++){if(!(e=a[c]=this._prepareModel(a[c],b)))throw Error("Can't add an invalid model to a collection");g=e.cid;i=e.id;j[g]||this._byCid[g]||null!=i&&(k[i]||this._byId[i])?
-l.push(c):j[g]=k[i]=e}for(c=l.length;c--;)a.splice(l[c],1);c=0;for(d=a.length;c<d;c++)(e=a[c]).on("all",this._onModelEvent,this),this._byCid[e.cid]=e,null!=e.id&&(this._byId[e.id]=e);this.length+=d;A.apply(this.models,[null!=b.at?b.at:this.models.length,0].concat(a));this.comparator&&this.sort({silent:!0});if(b.silent)return this;c=0;for(d=this.models.length;c<d;c++)if(j[(e=this.models[c]).cid])b.index=c,e.trigger("add",e,this,b);return this},remove:function(a,b){var c,d,e,g;b||(b={});a=f.isArray(a)?
-a.slice():[a];c=0;for(d=a.length;c<d;c++)if(g=this.getByCid(a[c])||this.get(a[c]))delete this._byId[g.id],delete this._byCid[g.cid],e=this.indexOf(g),this.models.splice(e,1),this.length--,b.silent||(b.index=e,g.trigger("remove",g,this,b)),this._removeReference(g);return this},push:function(a,b){a=this._prepareModel(a,b);this.add(a,b);return a},pop:function(a){var b=this.at(this.length-1);this.remove(b,a);return b},unshift:function(a,b){a=this._prepareModel(a,b);this.add(a,f.extend({at:0},b));return a},
-shift:function(a){var b=this.at(0);this.remove(b,a);return b},get:function(a){return null==a?void 0:this._byId[null!=a.id?a.id:a]},getByCid:function(a){return a&&this._byCid[a.cid||a]},at:function(a){return this.models[a]},where:function(a){return f.isEmpty(a)?[]:this.filter(function(b){for(var c in a)if(a[c]!==b.get(c))return!1;return!0})},sort:function(a){a||(a={});if(!this.comparator)throw Error("Cannot sort a set without a comparator");var b=f.bind(this.comparator,this);1==this.comparator.length?
-this.models=this.sortBy(b):this.models.sort(b);a.silent||this.trigger("reset",this,a);return this},pluck:function(a){return f.map(this.models,function(b){return b.get(a)})},reset:function(a,b){a||(a=[]);b||(b={});for(var c=0,d=this.models.length;c<d;c++)this._removeReference(this.models[c]);this._reset();this.add(a,f.extend({silent:!0},b));b.silent||this.trigger("reset",this,b);return this},fetch:function(a){a=a?f.clone(a):{};void 0===a.parse&&(a.parse=!0);var b=this,c=a.success;a.success=function(d,
-e,f){b[a.add?"add":"reset"](b.parse(d,f),a);c&&c(b,d)};a.error=g.wrapError(a.error,b,a);return(this.sync||g.sync).call(this,"read",this,a)},create:function(a,b){var c=this,b=b?f.clone(b):{},a=this._prepareModel(a,b);if(!a)return!1;b.wait||c.add(a,b);var d=b.success;b.success=function(e,f){b.wait&&c.add(e,b);d?d(e,f):e.trigger("sync",a,f,b)};a.save(null,b);return a},parse:function(a){return a},chain:function(){return f(this.models).chain()},_reset:function(){this.length=0;this.models=[];this._byId=
-{};this._byCid={}},_prepareModel:function(a,b){b||(b={});a instanceof o?a.collection||(a.collection=this):(b.collection=this,a=new this.model(a,b),a._validate(a.attributes,b)||(a=!1));return a},_removeReference:function(a){this==a.collection&&delete a.collection;a.off("all",this._onModelEvent,this)},_onModelEvent:function(a,b,c,d){("add"==a||"remove"==a)&&c!=this||("destroy"==a&&this.remove(b,d),b&&a==="change:"+b.idAttribute&&(delete this._byId[b.previous(b.idAttribute)],this._byId[b.id]=b),this.trigger.apply(this,
-arguments))}});f.each("forEach,each,map,reduce,reduceRight,find,detect,filter,select,reject,every,all,some,any,include,contains,invoke,max,min,sortBy,sortedIndex,toArray,size,first,initial,rest,last,without,indexOf,shuffle,lastIndexOf,isEmpty,groupBy".split(","),function(a){r.prototype[a]=function(){return f[a].apply(f,[this.models].concat(f.toArray(arguments)))}});var u=g.Router=function(a){a||(a={});a.routes&&(this.routes=a.routes);this._bindRoutes();this.initialize.apply(this,arguments)},B=/:\w+/g,
-C=/\*\w+/g,D=/[-[\]{}()+?.,\\^$|#\s]/g;f.extend(u.prototype,k,{initialize:function(){},route:function(a,b,c){g.history||(g.history=new m);f.isRegExp(a)||(a=this._routeToRegExp(a));c||(c=this[b]);g.history.route(a,f.bind(function(d){d=this._extractParameters(a,d);c&&c.apply(this,d);this.trigger.apply(this,["route:"+b].concat(d));g.history.trigger("route",this,b,d)},this));return this},navigate:function(a,b){g.history.navigate(a,b)},_bindRoutes:function(){if(this.routes){var a=[],b;for(b in this.routes)a.unshift([b,
-this.routes[b]]);b=0;for(var c=a.length;b<c;b++)this.route(a[b][0],a[b][1],this[a[b][1]])}},_routeToRegExp:function(a){a=a.replace(D,"\\$&").replace(B,"([^/]+)").replace(C,"(.*?)");return RegExp("^"+a+"$")},_extractParameters:function(a,b){return a.exec(b).slice(1)}});var m=g.History=function(){this.handlers=[];f.bindAll(this,"checkUrl")},s=/^[#\/]/,E=/msie [\w.]+/;m.started=!1;f.extend(m.prototype,k,{interval:50,getHash:function(a){return(a=(a?a.location:window.location).href.match(/#(.*)$/))?a[1]:
-""},getFragment:function(a,b){if(null==a)if(this._hasPushState||b){var a=window.location.pathname,c=window.location.search;c&&(a+=c)}else a=this.getHash();a.indexOf(this.options.root)||(a=a.substr(this.options.root.length));return a.replace(s,"")},start:function(a){if(m.started)throw Error("Backbone.history has already been started");m.started=!0;this.options=f.extend({},{root:"/"},this.options,a);this._wantsHashChange=!1!==this.options.hashChange;this._wantsPushState=!!this.options.pushState;this._hasPushState=
-!(!this.options.pushState||!window.history||!window.history.pushState);var a=this.getFragment(),b=document.documentMode;if(b=E.exec(navigator.userAgent.toLowerCase())&&(!b||7>=b))this.iframe=i('<iframe src="javascript:0" tabindex="-1" />').hide().appendTo("body")[0].contentWindow,this.navigate(a);this._hasPushState?i(window).bind("popstate",this.checkUrl):this._wantsHashChange&&"onhashchange"in window&&!b?i(window).bind("hashchange",this.checkUrl):this._wantsHashChange&&(this._checkUrlInterval=setInterval(this.checkUrl,
-this.interval));this.fragment=a;a=window.location;b=a.pathname==this.options.root;if(this._wantsHashChange&&this._wantsPushState&&!this._hasPushState&&!b)return this.fragment=this.getFragment(null,!0),window.location.replace(this.options.root+"#"+this.fragment),!0;this._wantsPushState&&this._hasPushState&&b&&a.hash&&(this.fragment=this.getHash().replace(s,""),window.history.replaceState({},document.title,a.protocol+"//"+a.host+this.options.root+this.fragment));if(!this.options.silent)return this.loadUrl()},
-stop:function(){i(window).unbind("popstate",this.checkUrl).unbind("hashchange",this.checkUrl);clearInterval(this._checkUrlInterval);m.started=!1},route:function(a,b){this.handlers.unshift({route:a,callback:b})},checkUrl:function(){var a=this.getFragment();a==this.fragment&&this.iframe&&(a=this.getFragment(this.getHash(this.iframe)));if(a==this.fragment)return!1;this.iframe&&this.navigate(a);this.loadUrl()||this.loadUrl(this.getHash())},loadUrl:function(a){var b=this.fragment=this.getFragment(a);return f.any(this.handlers,
-function(a){if(a.route.test(b))return a.callback(b),!0})},navigate:function(a,b){if(!m.started)return!1;if(!b||!0===b)b={trigger:b};var c=(a||"").replace(s,"");this.fragment!=c&&(this._hasPushState?(0!=c.indexOf(this.options.root)&&(c=this.options.root+c),this.fragment=c,window.history[b.replace?"replaceState":"pushState"]({},document.title,c)):this._wantsHashChange?(this.fragment=c,this._updateHash(window.location,c,b.replace),this.iframe&&c!=this.getFragment(this.getHash(this.iframe))&&(b.replace||
-this.iframe.document.open().close(),this._updateHash(this.iframe.location,c,b.replace))):window.location.assign(this.options.root+a),b.trigger&&this.loadUrl(a))},_updateHash:function(a,b,c){c?a.replace(a.toString().replace(/(javascript:|#).*$/,"")+"#"+b):a.hash=b}});var v=g.View=function(a){this.cid=f.uniqueId("view");this._configure(a||{});this._ensureElement();this.initialize.apply(this,arguments);this.delegateEvents()},F=/^(\S+)\s*(.*)$/,w="model,collection,el,id,attributes,className,tagName".split(",");
-f.extend(v.prototype,k,{tagName:"div",$:function(a){return this.$el.find(a)},initialize:function(){},render:function(){return this},remove:function(){this.$el.remove();return this},make:function(a,b,c){a=document.createElement(a);b&&i(a).attr(b);c&&i(a).html(c);return a},setElement:function(a,b){this.$el&&this.undelegateEvents();this.$el=a instanceof i?a:i(a);this.el=this.$el[0];!1!==b&&this.delegateEvents();return this},delegateEvents:function(a){if(a||(a=n(this,"events"))){this.undelegateEvents();
-for(var b in a){var c=a[b];f.isFunction(c)||(c=this[a[b]]);if(!c)throw Error('Method "'+a[b]+'" does not exist');var d=b.match(F),e=d[1],d=d[2],c=f.bind(c,this),e=e+(".delegateEvents"+this.cid);""===d?this.$el.bind(e,c):this.$el.delegate(d,e,c)}}},undelegateEvents:function(){this.$el.unbind(".delegateEvents"+this.cid)},_configure:function(a){this.options&&(a=f.extend({},this.options,a));for(var b=0,c=w.length;b<c;b++){var d=w[b];a[d]&&(this[d]=a[d])}this.options=a},_ensureElement:function(){if(this.el)this.setElement(this.el,
-!1);else{var a=n(this,"attributes")||{};this.id&&(a.id=this.id);this.className&&(a["class"]=this.className);this.setElement(this.make(this.tagName,a),!1)}}});o.extend=r.extend=u.extend=v.extend=function(a,b){var c=G(this,a,b);c.extend=this.extend;return c};var H={create:"POST",update:"PUT","delete":"DELETE",read:"GET"};g.sync=function(a,b,c){var d=H[a];c||(c={});var e={type:d,dataType:"json"};c.url||(e.url=n(b,"url")||t());if(!c.data&&b&&("create"==a||"update"==a))e.contentType="application/json",
-e.data=JSON.stringify(b.toJSON());g.emulateJSON&&(e.contentType="application/x-www-form-urlencoded",e.data=e.data?{model:e.data}:{});if(g.emulateHTTP&&("PUT"===d||"DELETE"===d))g.emulateJSON&&(e.data._method=d),e.type="POST",e.beforeSend=function(a){a.setRequestHeader("X-HTTP-Method-Override",d)};"GET"!==e.type&&!g.emulateJSON&&(e.processData=!1);return i.ajax(f.extend(e,c))};g.wrapError=function(a,b,c){return function(d,e){e=d===b?e:d;a?a(b,e,c):b.trigger("error",b,e,c)}};var x=function(){},G=function(a,
-b,c){var d;d=b&&b.hasOwnProperty("constructor")?b.constructor:function(){a.apply(this,arguments)};f.extend(d,a);x.prototype=a.prototype;d.prototype=new x;b&&f.extend(d.prototype,b);c&&f.extend(d,c);d.prototype.constructor=d;d.__super__=a.prototype;return d},n=function(a,b){return!a||!a[b]?null:f.isFunction(a[b])?a[b]():a[b]},t=function(){throw Error('A "url" property or function must be specified');}}).call(this);
diff --git a/api/files/css b/api/files/css
deleted file mode 100644
index 3b5a0643df4..00000000000
--- a/api/files/css
+++ /dev/null
@@ -1,16 +0,0 @@
-/* latin */
-@font-face {
-  font-family: 'Droid Sans';
-  font-style: normal;
-  font-weight: 400;
-  src: local('Droid Sans'), local('DroidSans'), url(http://fonts.gstatic.com/s/droidsans/v5/s-BiyweUPV0v-yRb-cjciPk_vArhqVIZ0nv9q090hN8.woff2), format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000;
-}
-/* latin */
-@font-face {
-  font-family: 'Droid Sans';
-  font-style: normal;
-  font-weight: 700;
-  src: local('Droid Sans Bold'), local('DroidSans-Bold'), url(http://fonts.gstatic.com/s/droidsans/v5/EFpQQyG9GqCrobXxL-KRMYWiMMZ7xLd792ULpGE4W_Y.woff2), format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000;
-}
diff --git a/api/files/handlebars-1.0.0.js b/api/files/handlebars-1.0.0.js
deleted file mode 100644
index c70f09d1de6..00000000000
--- a/api/files/handlebars-1.0.0.js
+++ /dev/null
@@ -1,2278 +0,0 @@
-/*
-
-Copyright (C) 2011 by Yehuda Katz
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
-*/
-
-// lib/handlebars/browser-prefix.js
-var Handlebars = {};
-
-(function(Handlebars, undefined) {
-;
-// lib/handlebars/base.js
-
-Handlebars.VERSION = "1.0.0";
-Handlebars.COMPILER_REVISION = 4;
-
-Handlebars.REVISION_CHANGES = {
-  1: '<= 1.0.rc.2', // 1.0.rc.2 is actually rev2 but doesn't report it
-  2: '== 1.0.0-rc.3',
-  3: '== 1.0.0-rc.4',
-  4: '>= 1.0.0'
-};
-
-Handlebars.helpers  = {};
-Handlebars.partials = {};
-
-var toString = Object.prototype.toString,
-    functionType = '[object Function]',
-    objectType = '[object Object]';
-
-Handlebars.registerHelper = function(name, fn, inverse) {
-  if (toString.call(name) === objectType) {
-    if (inverse || fn) { throw new Handlebars.Exception('Arg not supported with multiple helpers'); }
-    Handlebars.Utils.extend(this.helpers, name);
-  } else {
-    if (inverse) { fn.not = inverse; }
-    this.helpers[name] = fn;
-  }
-};
-
-Handlebars.registerPartial = function(name, str) {
-  if (toString.call(name) === objectType) {
-    Handlebars.Utils.extend(this.partials,  name);
-  } else {
-    this.partials[name] = str;
-  }
-};
-
-Handlebars.registerHelper('helperMissing', function(arg) {
-  if(arguments.length === 2) {
-    return undefined;
-  } else {
-    throw new Error("Missing helper: '" + arg + "'");
-  }
-});
-
-Handlebars.registerHelper('blockHelperMissing', function(context, options) {
-  var inverse = options.inverse || function() {}, fn = options.fn;
-
-  var type = toString.call(context);
-
-  if(type === functionType) { context = context.call(this); }
-
-  if(context === true) {
-    return fn(this);
-  } else if(context === false || context == null) {
-    return inverse(this);
-  } else if(type === "[object Array]") {
-    if(context.length > 0) {
-      return Handlebars.helpers.each(context, options);
-    } else {
-      return inverse(this);
-    }
-  } else {
-    return fn(context);
-  }
-});
-
-Handlebars.K = function() {};
-
-Handlebars.createFrame = Object.create || function(object) {
-  Handlebars.K.prototype = object;
-  var obj = new Handlebars.K();
-  Handlebars.K.prototype = null;
-  return obj;
-};
-
-Handlebars.logger = {
-  DEBUG: 0, INFO: 1, WARN: 2, ERROR: 3, level: 3,
-
-  methodMap: {0: 'debug', 1: 'info', 2: 'warn', 3: 'error'},
-
-  // can be overridden in the host environment
-  log: function(level, obj) {
-    if (Handlebars.logger.level <= level) {
-      var method = Handlebars.logger.methodMap[level];
-      if (typeof console !== 'undefined' && console[method]) {
-        console[method].call(console, obj);
-      }
-    }
-  }
-};
-
-Handlebars.log = function(level, obj) { Handlebars.logger.log(level, obj); };
-
-Handlebars.registerHelper('each', function(context, options) {
-  var fn = options.fn, inverse = options.inverse;
-  var i = 0, ret = "", data;
-
-  var type = toString.call(context);
-  if(type === functionType) { context = context.call(this); }
-
-  if (options.data) {
-    data = Handlebars.createFrame(options.data);
-  }
-
-  if(context && typeof context === 'object') {
-    if(context instanceof Array){
-      for(var j = context.length; i<j; i++) {
-        if (data) { data.index = i; }
-        ret = ret + fn(context[i], { data: data });
-      }
-    } else {
-      for(var key in context) {
-        if(context.hasOwnProperty(key)) {
-          if(data) { data.key = key; }
-          ret = ret + fn(context[key], {data: data});
-          i++;
-        }
-      }
-    }
-  }
-
-  if(i === 0){
-    ret = inverse(this);
-  }
-
-  return ret;
-});
-
-Handlebars.registerHelper('if', function(conditional, options) {
-  var type = toString.call(conditional);
-  if(type === functionType) { conditional = conditional.call(this); }
-
-  if(!conditional || Handlebars.Utils.isEmpty(conditional)) {
-    return options.inverse(this);
-  } else {
-    return options.fn(this);
-  }
-});
-
-Handlebars.registerHelper('unless', function(conditional, options) {
-  return Handlebars.helpers['if'].call(this, conditional, {fn: options.inverse, inverse: options.fn});
-});
-
-Handlebars.registerHelper('with', function(context, options) {
-  var type = toString.call(context);
-  if(type === functionType) { context = context.call(this); }
-
-  if (!Handlebars.Utils.isEmpty(context)) return options.fn(context);
-});
-
-Handlebars.registerHelper('log', function(context, options) {
-  var level = options.data && options.data.level != null ? parseInt(options.data.level, 10) : 1;
-  Handlebars.log(level, context);
-});
-;
-// lib/handlebars/compiler/parser.js
-/* Jison generated parser */
-var handlebars = (function(){
-var parser = {trace: function trace() { },
-yy: {},
-symbols_: {"error":2,"root":3,"program":4,"EOF":5,"simpleInverse":6,"statements":7,"statement":8,"openInverse":9,"closeBlock":10,"openBlock":11,"mustache":12,"partial":13,"CONTENT":14,"COMMENT":15,"OPEN_BLOCK":16,"inMustache":17,"CLOSE":18,"OPEN_INVERSE":19,"OPEN_ENDBLOCK":20,"path":21,"OPEN":22,"OPEN_UNESCAPED":23,"CLOSE_UNESCAPED":24,"OPEN_PARTIAL":25,"partialName":26,"params":27,"hash":28,"dataName":29,"param":30,"STRING":31,"INTEGER":32,"BOOLEAN":33,"hashSegments":34,"hashSegment":35,"ID":36,"EQUALS":37,"DATA":38,"pathSegments":39,"SEP":40,"$accept":0,"$end":1},
-terminals_: {2:"error",5:"EOF",14:"CONTENT",15:"COMMENT",16:"OPEN_BLOCK",18:"CLOSE",19:"OPEN_INVERSE",20:"OPEN_ENDBLOCK",22:"OPEN",23:"OPEN_UNESCAPED",24:"CLOSE_UNESCAPED",25:"OPEN_PARTIAL",31:"STRING",32:"INTEGER",33:"BOOLEAN",36:"ID",37:"EQUALS",38:"DATA",40:"SEP"},
-productions_: [0,[3,2],[4,2],[4,3],[4,2],[4,1],[4,1],[4,0],[7,1],[7,2],[8,3],[8,3],[8,1],[8,1],[8,1],[8,1],[11,3],[9,3],[10,3],[12,3],[12,3],[13,3],[13,4],[6,2],[17,3],[17,2],[17,2],[17,1],[17,1],[27,2],[27,1],[30,1],[30,1],[30,1],[30,1],[30,1],[28,1],[34,2],[34,1],[35,3],[35,3],[35,3],[35,3],[35,3],[26,1],[26,1],[26,1],[29,2],[21,1],[39,3],[39,1]],
-performAction: function anonymous(yytext,yyleng,yylineno,yy,yystate,$$,_$) {
-
-var $0 = $$.length - 1;
-switch (yystate) {
-case 1: return $$[$0-1]; 
-break;
-case 2: this.$ = new yy.ProgramNode([], $$[$0]); 
-break;
-case 3: this.$ = new yy.ProgramNode($$[$0-2], $$[$0]); 
-break;
-case 4: this.$ = new yy.ProgramNode($$[$0-1], []); 
-break;
-case 5: this.$ = new yy.ProgramNode($$[$0]); 
-break;
-case 6: this.$ = new yy.ProgramNode([], []); 
-break;
-case 7: this.$ = new yy.ProgramNode([]); 
-break;
-case 8: this.$ = [$$[$0]]; 
-break;
-case 9: $$[$0-1].push($$[$0]); this.$ = $$[$0-1]; 
-break;
-case 10: this.$ = new yy.BlockNode($$[$0-2], $$[$0-1].inverse, $$[$0-1], $$[$0]); 
-break;
-case 11: this.$ = new yy.BlockNode($$[$0-2], $$[$0-1], $$[$0-1].inverse, $$[$0]); 
-break;
-case 12: this.$ = $$[$0]; 
-break;
-case 13: this.$ = $$[$0]; 
-break;
-case 14: this.$ = new yy.ContentNode($$[$0]); 
-break;
-case 15: this.$ = new yy.CommentNode($$[$0]); 
-break;
-case 16: this.$ = new yy.MustacheNode($$[$0-1][0], $$[$0-1][1]); 
-break;
-case 17: this.$ = new yy.MustacheNode($$[$0-1][0], $$[$0-1][1]); 
-break;
-case 18: this.$ = $$[$0-1]; 
-break;
-case 19:
-    // Parsing out the '&' escape token at this level saves ~500 bytes after min due to the removal of one parser node.
-    this.$ = new yy.MustacheNode($$[$0-1][0], $$[$0-1][1], $$[$0-2][2] === '&');
-  
-break;
-case 20: this.$ = new yy.MustacheNode($$[$0-1][0], $$[$0-1][1], true); 
-break;
-case 21: this.$ = new yy.PartialNode($$[$0-1]); 
-break;
-case 22: this.$ = new yy.PartialNode($$[$0-2], $$[$0-1]); 
-break;
-case 23: 
-break;
-case 24: this.$ = [[$$[$0-2]].concat($$[$0-1]), $$[$0]]; 
-break;
-case 25: this.$ = [[$$[$0-1]].concat($$[$0]), null]; 
-break;
-case 26: this.$ = [[$$[$0-1]], $$[$0]]; 
-break;
-case 27: this.$ = [[$$[$0]], null]; 
-break;
-case 28: this.$ = [[$$[$0]], null]; 
-break;
-case 29: $$[$0-1].push($$[$0]); this.$ = $$[$0-1]; 
-break;
-case 30: this.$ = [$$[$0]]; 
-break;
-case 31: this.$ = $$[$0]; 
-break;
-case 32: this.$ = new yy.StringNode($$[$0]); 
-break;
-case 33: this.$ = new yy.IntegerNode($$[$0]); 
-break;
-case 34: this.$ = new yy.BooleanNode($$[$0]); 
-break;
-case 35: this.$ = $$[$0]; 
-break;
-case 36: this.$ = new yy.HashNode($$[$0]); 
-break;
-case 37: $$[$0-1].push($$[$0]); this.$ = $$[$0-1]; 
-break;
-case 38: this.$ = [$$[$0]]; 
-break;
-case 39: this.$ = [$$[$0-2], $$[$0]]; 
-break;
-case 40: this.$ = [$$[$0-2], new yy.StringNode($$[$0])]; 
-break;
-case 41: this.$ = [$$[$0-2], new yy.IntegerNode($$[$0])]; 
-break;
-case 42: this.$ = [$$[$0-2], new yy.BooleanNode($$[$0])]; 
-break;
-case 43: this.$ = [$$[$0-2], $$[$0]]; 
-break;
-case 44: this.$ = new yy.PartialNameNode($$[$0]); 
-break;
-case 45: this.$ = new yy.PartialNameNode(new yy.StringNode($$[$0])); 
-break;
-case 46: this.$ = new yy.PartialNameNode(new yy.IntegerNode($$[$0])); 
-break;
-case 47: this.$ = new yy.DataNode($$[$0]); 
-break;
-case 48: this.$ = new yy.IdNode($$[$0]); 
-break;
-case 49: $$[$0-2].push({part: $$[$0], separator: $$[$0-1]}); this.$ = $$[$0-2]; 
-break;
-case 50: this.$ = [{part: $$[$0]}]; 
-break;
-}
-},
-table: [{3:1,4:2,5:[2,7],6:3,7:4,8:6,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,5],22:[1,14],23:[1,15],25:[1,16]},{1:[3]},{5:[1,17]},{5:[2,6],7:18,8:6,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,19],20:[2,6],22:[1,14],23:[1,15],25:[1,16]},{5:[2,5],6:20,8:21,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,5],20:[2,5],22:[1,14],23:[1,15],25:[1,16]},{17:23,18:[1,22],21:24,29:25,36:[1,28],38:[1,27],39:26},{5:[2,8],14:[2,8],15:[2,8],16:[2,8],19:[2,8],20:[2,8],22:[2,8],23:[2,8],25:[2,8]},{4:29,6:3,7:4,8:6,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,5],20:[2,7],22:[1,14],23:[1,15],25:[1,16]},{4:30,6:3,7:4,8:6,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,5],20:[2,7],22:[1,14],23:[1,15],25:[1,16]},{5:[2,12],14:[2,12],15:[2,12],16:[2,12],19:[2,12],20:[2,12],22:[2,12],23:[2,12],25:[2,12]},{5:[2,13],14:[2,13],15:[2,13],16:[2,13],19:[2,13],20:[2,13],22:[2,13],23:[2,13],25:[2,13]},{5:[2,14],14:[2,14],15:[2,14],16:[2,14],19:[2,14],20:[2,14],22:[2,14],23:[2,14],25:[2,14]},{5:[2,15],14:[2,15],15:[2,15],16:[2,15],19:[2,15],20:[2,15],22:[2,15],23:[2,15],25:[2,15]},{17:31,21:24,29:25,36:[1,28],38:[1,27],39:26},{17:32,21:24,29:25,36:[1,28],38:[1,27],39:26},{17:33,21:24,29:25,36:[1,28],38:[1,27],39:26},{21:35,26:34,31:[1,36],32:[1,37],36:[1,28],39:26},{1:[2,1]},{5:[2,2],8:21,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,19],20:[2,2],22:[1,14],23:[1,15],25:[1,16]},{17:23,21:24,29:25,36:[1,28],38:[1,27],39:26},{5:[2,4],7:38,8:6,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,19],20:[2,4],22:[1,14],23:[1,15],25:[1,16]},{5:[2,9],14:[2,9],15:[2,9],16:[2,9],19:[2,9],20:[2,9],22:[2,9],23:[2,9],25:[2,9]},{5:[2,23],14:[2,23],15:[2,23],16:[2,23],19:[2,23],20:[2,23],22:[2,23],23:[2,23],25:[2,23]},{18:[1,39]},{18:[2,27],21:44,24:[2,27],27:40,28:41,29:48,30:42,31:[1,45],32:[1,46],33:[1,47],34:43,35:49,36:[1,50],38:[1,27],39:26},{18:[2,28],24:[2,28]},{18:[2,48],24:[2,48],31:[2,48],32:[2,48],33:[2,48],36:[2,48],38:[2,48],40:[1,51]},{21:52,36:[1,28],39:26},{18:[2,50],24:[2,50],31:[2,50],32:[2,50],33:[2,50],36:[2,50],38:[2,50],40:[2,50]},{10:53,20:[1,54]},{10:55,20:[1,54]},{18:[1,56]},{18:[1,57]},{24:[1,58]},{18:[1,59],21:60,36:[1,28],39:26},{18:[2,44],36:[2,44]},{18:[2,45],36:[2,45]},{18:[2,46],36:[2,46]},{5:[2,3],8:21,9:7,11:8,12:9,13:10,14:[1,11],15:[1,12],16:[1,13],19:[1,19],20:[2,3],22:[1,14],23:[1,15],25:[1,16]},{14:[2,17],15:[2,17],16:[2,17],19:[2,17],20:[2,17],22:[2,17],23:[2,17],25:[2,17]},{18:[2,25],21:44,24:[2,25],28:61,29:48,30:62,31:[1,45],32:[1,46],33:[1,47],34:43,35:49,36:[1,50],38:[1,27],39:26},{18:[2,26],24:[2,26]},{18:[2,30],24:[2,30],31:[2,30],32:[2,30],33:[2,30],36:[2,30],38:[2,30]},{18:[2,36],24:[2,36],35:63,36:[1,64]},{18:[2,31],24:[2,31],31:[2,31],32:[2,31],33:[2,31],36:[2,31],38:[2,31]},{18:[2,32],24:[2,32],31:[2,32],32:[2,32],33:[2,32],36:[2,32],38:[2,32]},{18:[2,33],24:[2,33],31:[2,33],32:[2,33],33:[2,33],36:[2,33],38:[2,33]},{18:[2,34],24:[2,34],31:[2,34],32:[2,34],33:[2,34],36:[2,34],38:[2,34]},{18:[2,35],24:[2,35],31:[2,35],32:[2,35],33:[2,35],36:[2,35],38:[2,35]},{18:[2,38],24:[2,38],36:[2,38]},{18:[2,50],24:[2,50],31:[2,50],32:[2,50],33:[2,50],36:[2,50],37:[1,65],38:[2,50],40:[2,50]},{36:[1,66]},{18:[2,47],24:[2,47],31:[2,47],32:[2,47],33:[2,47],36:[2,47],38:[2,47]},{5:[2,10],14:[2,10],15:[2,10],16:[2,10],19:[2,10],20:[2,10],22:[2,10],23:[2,10],25:[2,10]},{21:67,36:[1,28],39:26},{5:[2,11],14:[2,11],15:[2,11],16:[2,11],19:[2,11],20:[2,11],22:[2,11],23:[2,11],25:[2,11]},{14:[2,16],15:[2,16],16:[2,16],19:[2,16],20:[2,16],22:[2,16],23:[2,16],25:[2,16]},{5:[2,19],14:[2,19],15:[2,19],16:[2,19],19:[2,19],20:[2,19],22:[2,19],23:[2,19],25:[2,19]},{5:[2,20],14:[2,20],15:[2,20],16:[2,20],19:[2,20],20:[2,20],22:[2,20],23:[2,20],25:[2,20]},{5:[2,21],14:[2,21],15:[2,21],16:[2,21],19:[2,21],20:[2,21],22:[2,21],23:[2,21],25:[2,21]},{18:[1,68]},{18:[2,24],24:[2,24]},{18:[2,29],24:[2,29],31:[2,29],32:[2,29],33:[2,29],36:[2,29],38:[2,29]},{18:[2,37],24:[2,37],36:[2,37]},{37:[1,65]},{21:69,29:73,31:[1,70],32:[1,71],33:[1,72],36:[1,28],38:[1,27],39:26},{18:[2,49],24:[2,49],31:[2,49],32:[2,49],33:[2,49],36:[2,49],38:[2,49],40:[2,49]},{18:[1,74]},{5:[2,22],14:[2,22],15:[2,22],16:[2,22],19:[2,22],20:[2,22],22:[2,22],23:[2,22],25:[2,22]},{18:[2,39],24:[2,39],36:[2,39]},{18:[2,40],24:[2,40],36:[2,40]},{18:[2,41],24:[2,41],36:[2,41]},{18:[2,42],24:[2,42],36:[2,42]},{18:[2,43],24:[2,43],36:[2,43]},{5:[2,18],14:[2,18],15:[2,18],16:[2,18],19:[2,18],20:[2,18],22:[2,18],23:[2,18],25:[2,18]}],
-defaultActions: {17:[2,1]},
-parseError: function parseError(str, hash) {
-    throw new Error(str);
-},
-parse: function parse(input) {
-    var self = this, stack = [0], vstack = [null], lstack = [], table = this.table, yytext = "", yylineno = 0, yyleng = 0, recovering = 0, TERROR = 2, EOF = 1;
-    this.lexer.setInput(input);
-    this.lexer.yy = this.yy;
-    this.yy.lexer = this.lexer;
-    this.yy.parser = this;
-    if (typeof this.lexer.yylloc == "undefined")
-        this.lexer.yylloc = {};
-    var yyloc = this.lexer.yylloc;
-    lstack.push(yyloc);
-    var ranges = this.lexer.options && this.lexer.options.ranges;
-    if (typeof this.yy.parseError === "function")
-        this.parseError = this.yy.parseError;
-    function popStack(n) {
-        stack.length = stack.length - 2 * n;
-        vstack.length = vstack.length - n;
-        lstack.length = lstack.length - n;
-    }
-    function lex() {
-        var token;
-        token = self.lexer.lex() || 1;
-        if (typeof token !== "number") {
-            token = self.symbols_[token] || token;
-        }
-        return token;
-    }
-    var symbol, preErrorSymbol, state, action, a, r, yyval = {}, p, len, newState, expected;
-    while (true) {
-        state = stack[stack.length - 1];
-        if (this.defaultActions[state]) {
-            action = this.defaultActions[state];
-        } else {
-            if (symbol === null || typeof symbol == "undefined") {
-                symbol = lex();
-            }
-            action = table[state] && table[state][symbol];
-        }
-        if (typeof action === "undefined" || !action.length || !action[0]) {
-            var errStr = "";
-            if (!recovering) {
-                expected = [];
-                for (p in table[state])
-                    if (this.terminals_[p] && p > 2) {
-                        expected.push("'" + this.terminals_[p] + "'");
-                    }
-                if (this.lexer.showPosition) {
-                    errStr = "Parse error on line " + (yylineno + 1) + ":\n" + this.lexer.showPosition() + "\nExpecting " + expected.join(", ") + ", got '" + (this.terminals_[symbol] || symbol) + "'";
-                } else {
-                    errStr = "Parse error on line " + (yylineno + 1) + ": Unexpected " + (symbol == 1?"end of input":"'" + (this.terminals_[symbol] || symbol) + "'");
-                }
-                this.parseError(errStr, {text: this.lexer.match, token: this.terminals_[symbol] || symbol, line: this.lexer.yylineno, loc: yyloc, expected: expected});
-            }
-        }
-        if (action[0] instanceof Array && action.length > 1) {
-            throw new Error("Parse Error: multiple actions possible at state: " + state + ", token: " + symbol);
-        }
-        switch (action[0]) {
-        case 1:
-            stack.push(symbol);
-            vstack.push(this.lexer.yytext);
-            lstack.push(this.lexer.yylloc);
-            stack.push(action[1]);
-            symbol = null;
-            if (!preErrorSymbol) {
-                yyleng = this.lexer.yyleng;
-                yytext = this.lexer.yytext;
-                yylineno = this.lexer.yylineno;
-                yyloc = this.lexer.yylloc;
-                if (recovering > 0)
-                    recovering--;
-            } else {
-                symbol = preErrorSymbol;
-                preErrorSymbol = null;
-            }
-            break;
-        case 2:
-            len = this.productions_[action[1]][1];
-            yyval.$ = vstack[vstack.length - len];
-            yyval._$ = {first_line: lstack[lstack.length - (len || 1)].first_line, last_line: lstack[lstack.length - 1].last_line, first_column: lstack[lstack.length - (len || 1)].first_column, last_column: lstack[lstack.length - 1].last_column};
-            if (ranges) {
-                yyval._$.range = [lstack[lstack.length - (len || 1)].range[0], lstack[lstack.length - 1].range[1]];
-            }
-            r = this.performAction.call(yyval, yytext, yyleng, yylineno, this.yy, action[1], vstack, lstack);
-            if (typeof r !== "undefined") {
-                return r;
-            }
-            if (len) {
-                stack = stack.slice(0, -1 * len * 2);
-                vstack = vstack.slice(0, -1 * len);
-                lstack = lstack.slice(0, -1 * len);
-            }
-            stack.push(this.productions_[action[1]][0]);
-            vstack.push(yyval.$);
-            lstack.push(yyval._$);
-            newState = table[stack[stack.length - 2]][stack[stack.length - 1]];
-            stack.push(newState);
-            break;
-        case 3:
-            return true;
-        }
-    }
-    return true;
-}
-};
-/* Jison generated lexer */
-var lexer = (function(){
-var lexer = ({EOF:1,
-parseError:function parseError(str, hash) {
-        if (this.yy.parser) {
-            this.yy.parser.parseError(str, hash);
-        } else {
-            throw new Error(str);
-        }
-    },
-setInput:function (input) {
-        this._input = input;
-        this._more = this._less = this.done = false;
-        this.yylineno = this.yyleng = 0;
-        this.yytext = this.matched = this.match = '';
-        this.conditionStack = ['INITIAL'];
-        this.yylloc = {first_line:1,first_column:0,last_line:1,last_column:0};
-        if (this.options.ranges) this.yylloc.range = [0,0];
-        this.offset = 0;
-        return this;
-    },
-input:function () {
-        var ch = this._input[0];
-        this.yytext += ch;
-        this.yyleng++;
-        this.offset++;
-        this.match += ch;
-        this.matched += ch;
-        var lines = ch.match(/(?:\r\n?|\n).*/g);
-        if (lines) {
-            this.yylineno++;
-            this.yylloc.last_line++;
-        } else {
-            this.yylloc.last_column++;
-        }
-        if (this.options.ranges) this.yylloc.range[1]++;
-
-        this._input = this._input.slice(1);
-        return ch;
-    },
-unput:function (ch) {
-        var len = ch.length;
-        var lines = ch.split(/(?:\r\n?|\n)/g);
-
-        this._input = ch + this._input;
-        this.yytext = this.yytext.substr(0, this.yytext.length-len-1);
-        //this.yyleng -= len;
-        this.offset -= len;
-        var oldLines = this.match.split(/(?:\r\n?|\n)/g);
-        this.match = this.match.substr(0, this.match.length-1);
-        this.matched = this.matched.substr(0, this.matched.length-1);
-
-        if (lines.length-1) this.yylineno -= lines.length-1;
-        var r = this.yylloc.range;
-
-        this.yylloc = {first_line: this.yylloc.first_line,
-          last_line: this.yylineno+1,
-          first_column: this.yylloc.first_column,
-          last_column: lines ?
-              (lines.length === oldLines.length ? this.yylloc.first_column : 0) + oldLines[oldLines.length - lines.length].length - lines[0].length:
-              this.yylloc.first_column - len
-          };
-
-        if (this.options.ranges) {
-            this.yylloc.range = [r[0], r[0] + this.yyleng - len];
-        }
-        return this;
-    },
-more:function () {
-        this._more = true;
-        return this;
-    },
-less:function (n) {
-        this.unput(this.match.slice(n));
-    },
-pastInput:function () {
-        var past = this.matched.substr(0, this.matched.length - this.match.length);
-        return (past.length > 20 ? '...':'') + past.substr(-20).replace(/\n/g, "");
-    },
-upcomingInput:function () {
-        var next = this.match;
-        if (next.length < 20) {
-            next += this._input.substr(0, 20-next.length);
-        }
-        return (next.substr(0,20)+(next.length > 20 ? '...':'')).replace(/\n/g, "");
-    },
-showPosition:function () {
-        var pre = this.pastInput();
-        var c = new Array(pre.length + 1).join("-");
-        return pre + this.upcomingInput() + "\n" + c+"^";
-    },
-next:function () {
-        if (this.done) {
-            return this.EOF;
-        }
-        if (!this._input) this.done = true;
-
-        var token,
-            match,
-            tempMatch,
-            index,
-            col,
-            lines;
-        if (!this._more) {
-            this.yytext = '';
-            this.match = '';
-        }
-        var rules = this._currentRules();
-        for (var i=0;i < rules.length; i++) {
-            tempMatch = this._input.match(this.rules[rules[i]]);
-            if (tempMatch && (!match || tempMatch[0].length > match[0].length)) {
-                match = tempMatch;
-                index = i;
-                if (!this.options.flex) break;
-            }
-        }
-        if (match) {
-            lines = match[0].match(/(?:\r\n?|\n).*/g);
-            if (lines) this.yylineno += lines.length;
-            this.yylloc = {first_line: this.yylloc.last_line,
-                           last_line: this.yylineno+1,
-                           first_column: this.yylloc.last_column,
-                           last_column: lines ? lines[lines.length-1].length-lines[lines.length-1].match(/\r?\n?/)[0].length : this.yylloc.last_column + match[0].length};
-            this.yytext += match[0];
-            this.match += match[0];
-            this.matches = match;
-            this.yyleng = this.yytext.length;
-            if (this.options.ranges) {
-                this.yylloc.range = [this.offset, this.offset += this.yyleng];
-            }
-            this._more = false;
-            this._input = this._input.slice(match[0].length);
-            this.matched += match[0];
-            token = this.performAction.call(this, this.yy, this, rules[index],this.conditionStack[this.conditionStack.length-1]);
-            if (this.done && this._input) this.done = false;
-            if (token) return token;
-            else return;
-        }
-        if (this._input === "") {
-            return this.EOF;
-        } else {
-            return this.parseError('Lexical error on line '+(this.yylineno+1)+'. Unrecognized text.\n'+this.showPosition(),
-                    {text: "", token: null, line: this.yylineno});
-        }
-    },
-lex:function lex() {
-        var r = this.next();
-        if (typeof r !== 'undefined') {
-            return r;
-        } else {
-            return this.lex();
-        }
-    },
-begin:function begin(condition) {
-        this.conditionStack.push(condition);
-    },
-popState:function popState() {
-        return this.conditionStack.pop();
-    },
-_currentRules:function _currentRules() {
-        return this.conditions[this.conditionStack[this.conditionStack.length-1]].rules;
-    },
-topState:function () {
-        return this.conditionStack[this.conditionStack.length-2];
-    },
-pushState:function begin(condition) {
-        this.begin(condition);
-    }});
-lexer.options = {};
-lexer.performAction = function anonymous(yy,yy_,$avoiding_name_collisions,YY_START) {
-
-var YYSTATE=YY_START
-switch($avoiding_name_collisions) {
-case 0: yy_.yytext = "\\"; return 14; 
-break;
-case 1:
-                                   if(yy_.yytext.slice(-1) !== "\\") this.begin("mu");
-                                   if(yy_.yytext.slice(-1) === "\\") yy_.yytext = yy_.yytext.substr(0,yy_.yyleng-1), this.begin("emu");
-                                   if(yy_.yytext) return 14;
-                                 
-break;
-case 2: return 14; 
-break;
-case 3:
-                                   if(yy_.yytext.slice(-1) !== "\\") this.popState();
-                                   if(yy_.yytext.slice(-1) === "\\") yy_.yytext = yy_.yytext.substr(0,yy_.yyleng-1);
-                                   return 14;
-                                 
-break;
-case 4: yy_.yytext = yy_.yytext.substr(0, yy_.yyleng-4); this.popState(); return 15; 
-break;
-case 5: return 25; 
-break;
-case 6: return 16; 
-break;
-case 7: return 20; 
-break;
-case 8: return 19; 
-break;
-case 9: return 19; 
-break;
-case 10: return 23; 
-break;
-case 11: return 22; 
-break;
-case 12: this.popState(); this.begin('com'); 
-break;
-case 13: yy_.yytext = yy_.yytext.substr(3,yy_.yyleng-5); this.popState(); return 15; 
-break;
-case 14: return 22; 
-break;
-case 15: return 37; 
-break;
-case 16: return 36; 
-break;
-case 17: return 36; 
-break;
-case 18: return 40; 
-break;
-case 19: /*ignore whitespace*/ 
-break;
-case 20: this.popState(); return 24; 
-break;
-case 21: this.popState(); return 18; 
-break;
-case 22: yy_.yytext = yy_.yytext.substr(1,yy_.yyleng-2).replace(/\\"/g,'"'); return 31; 
-break;
-case 23: yy_.yytext = yy_.yytext.substr(1,yy_.yyleng-2).replace(/\\'/g,"'"); return 31; 
-break;
-case 24: return 38; 
-break;
-case 25: return 33; 
-break;
-case 26: return 33; 
-break;
-case 27: return 32; 
-break;
-case 28: return 36; 
-break;
-case 29: yy_.yytext = yy_.yytext.substr(1, yy_.yyleng-2); return 36; 
-break;
-case 30: return 'INVALID'; 
-break;
-case 31: return 5; 
-break;
-}
-};
-lexer.rules = [/^(?:\\\\(?=(\{\{)))/,/^(?:[^\x00]*?(?=(\{\{)))/,/^(?:[^\x00]+)/,/^(?:[^\x00]{2,}?(?=(\{\{|$)))/,/^(?:[\s\S]*?--\}\})/,/^(?:\{\{>)/,/^(?:\{\{#)/,/^(?:\{\{\/)/,/^(?:\{\{\^)/,/^(?:\{\{\s*else\b)/,/^(?:\{\{\{)/,/^(?:\{\{&)/,/^(?:\{\{!--)/,/^(?:\{\{![\s\S]*?\}\})/,/^(?:\{\{)/,/^(?:=)/,/^(?:\.(?=[}\/ ]))/,/^(?:\.\.)/,/^(?:[\/.])/,/^(?:\s+)/,/^(?:\}\}\})/,/^(?:\}\})/,/^(?:"(\\["]|[^"])*")/,/^(?:'(\\[']|[^'])*')/,/^(?:@)/,/^(?:true(?=[}\s]))/,/^(?:false(?=[}\s]))/,/^(?:-?[0-9]+(?=[}\s]))/,/^(?:[^\s!"#%-,\.\/;->@\[-\^`\{-~]+(?=[=}\s\/.]))/,/^(?:\[[^\]]*\])/,/^(?:.)/,/^(?:$)/];
-lexer.conditions = {"mu":{"rules":[5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31],"inclusive":false},"emu":{"rules":[3],"inclusive":false},"com":{"rules":[4],"inclusive":false},"INITIAL":{"rules":[0,1,2,31],"inclusive":true}};
-return lexer;})()
-parser.lexer = lexer;
-function Parser () { this.yy = {}; }Parser.prototype = parser;parser.Parser = Parser;
-return new Parser;
-})();;
-// lib/handlebars/compiler/base.js
-
-Handlebars.Parser = handlebars;
-
-Handlebars.parse = function(input) {
-
-  // Just return if an already-compile AST was passed in.
-  if(input.constructor === Handlebars.AST.ProgramNode) { return input; }
-
-  Handlebars.Parser.yy = Handlebars.AST;
-  return Handlebars.Parser.parse(input);
-};
-;
-// lib/handlebars/compiler/ast.js
-Handlebars.AST = {};
-
-Handlebars.AST.ProgramNode = function(statements, inverse) {
-  this.type = "program";
-  this.statements = statements;
-  if(inverse) { this.inverse = new Handlebars.AST.ProgramNode(inverse); }
-};
-
-Handlebars.AST.MustacheNode = function(rawParams, hash, unescaped) {
-  this.type = "mustache";
-  this.escaped = !unescaped;
-  this.hash = hash;
-
-  var id = this.id = rawParams[0];
-  var params = this.params = rawParams.slice(1);
-
-  // a mustache is an eligible helper if:
-  // * its id is simple (a single part, not `this` or `..`)
-  var eligibleHelper = this.eligibleHelper = id.isSimple;
-
-  // a mustache is definitely a helper if:
-  // * it is an eligible helper, and
-  // * it has at least one parameter or hash segment
-  this.isHelper = eligibleHelper && (params.length || hash);
-
-  // if a mustache is an eligible helper but not a definite
-  // helper, it is ambiguous, and will be resolved in a later
-  // pass or at runtime.
-};
-
-Handlebars.AST.PartialNode = function(partialName, context) {
-  this.type         = "partial";
-  this.partialName  = partialName;
-  this.context      = context;
-};
-
-Handlebars.AST.BlockNode = function(mustache, program, inverse, close) {
-  var verifyMatch = function(open, close) {
-    if(open.original !== close.original) {
-      throw new Handlebars.Exception(open.original + " doesn't match " + close.original);
-    }
-  };
-
-  verifyMatch(mustache.id, close);
-  this.type = "block";
-  this.mustache = mustache;
-  this.program  = program;
-  this.inverse  = inverse;
-
-  if (this.inverse && !this.program) {
-    this.isInverse = true;
-  }
-};
-
-Handlebars.AST.ContentNode = function(string) {
-  this.type = "content";
-  this.string = string;
-};
-
-Handlebars.AST.HashNode = function(pairs) {
-  this.type = "hash";
-  this.pairs = pairs;
-};
-
-Handlebars.AST.IdNode = function(parts) {
-  this.type = "ID";
-
-  var original = "",
-      dig = [],
-      depth = 0;
-
-  for(var i=0,l=parts.length; i<l; i++) {
-    var part = parts[i].part;
-    original += (parts[i].separator || '') + part;
-
-    if (part === ".." || part === "." || part === "this") {
-      if (dig.length > 0) { throw new Handlebars.Exception("Invalid path: " + original); }
-      else if (part === "..") { depth++; }
-      else { this.isScoped = true; }
-    }
-    else { dig.push(part); }
-  }
-
-  this.original = original;
-  this.parts    = dig;
-  this.string   = dig.join('.');
-  this.depth    = depth;
-
-  // an ID is simple if it only has one part, and that part is not
-  // `..` or `this`.
-  this.isSimple = parts.length === 1 && !this.isScoped && depth === 0;
-
-  this.stringModeValue = this.string;
-};
-
-Handlebars.AST.PartialNameNode = function(name) {
-  this.type = "PARTIAL_NAME";
-  this.name = name.original;
-};
-
-Handlebars.AST.DataNode = function(id) {
-  this.type = "DATA";
-  this.id = id;
-};
-
-Handlebars.AST.StringNode = function(string) {
-  this.type = "STRING";
-  this.original =
-    this.string =
-    this.stringModeValue = string;
-};
-
-Handlebars.AST.IntegerNode = function(integer) {
-  this.type = "INTEGER";
-  this.original =
-    this.integer = integer;
-  this.stringModeValue = Number(integer);
-};
-
-Handlebars.AST.BooleanNode = function(bool) {
-  this.type = "BOOLEAN";
-  this.bool = bool;
-  this.stringModeValue = bool === "true";
-};
-
-Handlebars.AST.CommentNode = function(comment) {
-  this.type = "comment";
-  this.comment = comment;
-};
-;
-// lib/handlebars/utils.js
-
-var errorProps = ['description', 'fileName', 'lineNumber', 'message', 'name', 'number', 'stack'];
-
-Handlebars.Exception = function(message) {
-  var tmp = Error.prototype.constructor.apply(this, arguments);
-
-  // Unfortunately errors are not enumerable in Chrome (at least), so `for prop in tmp` doesn't work.
-  for (var idx = 0; idx < errorProps.length; idx++) {
-    this[errorProps[idx]] = tmp[errorProps[idx]];
-  }
-};
-Handlebars.Exception.prototype = new Error();
-
-// Build out our basic SafeString type
-Handlebars.SafeString = function(string) {
-  this.string = string;
-};
-Handlebars.SafeString.prototype.toString = function() {
-  return this.string.toString();
-};
-
-var escape = {
-  "&": "&amp;",
-  "<": "&lt;",
-  ">": "&gt;",
-  '"': "&quot;",
-  "'": "&#x27;",
-  "`": "&#x60;"
-};
-
-var badChars = /[&<>"'`]/g;
-var possible = /[&<>"'`]/;
-
-var escapeChar = function(chr) {
-  return escape[chr] || "&amp;";
-};
-
-Handlebars.Utils = {
-  extend: function(obj, value) {
-    for(var key in value) {
-      if(value.hasOwnProperty(key)) {
-        obj[key] = value[key];
-      }
-    }
-  },
-
-  escapeExpression: function(string) {
-    // don't escape SafeStrings, since they're already safe
-    if (string instanceof Handlebars.SafeString) {
-      return string.toString();
-    } else if (string == null || string === false) {
-      return "";
-    }
-
-    // Force a string conversion as this will be done by the append regardless and
-    // the regex test will do this transparently behind the scenes, causing issues if
-    // an object's to string has escaped characters in it.
-    string = string.toString();
-
-    if(!possible.test(string)) { return string; }
-    return string.replace(badChars, escapeChar);
-  },
-
-  isEmpty: function(value) {
-    if (!value && value !== 0) {
-      return true;
-    } else if(toString.call(value) === "[object Array]" && value.length === 0) {
-      return true;
-    } else {
-      return false;
-    }
-  }
-};
-;
-// lib/handlebars/compiler/compiler.js
-
-/*jshint eqnull:true*/
-var Compiler = Handlebars.Compiler = function() {};
-var JavaScriptCompiler = Handlebars.JavaScriptCompiler = function() {};
-
-// the foundHelper register will disambiguate helper lookup from finding a
-// function in a context. This is necessary for mustache compatibility, which
-// requires that context functions in blocks are evaluated by blockHelperMissing,
-// and then proceed as if the resulting value was provided to blockHelperMissing.
-
-Compiler.prototype = {
-  compiler: Compiler,
-
-  disassemble: function() {
-    var opcodes = this.opcodes, opcode, out = [], params, param;
-
-    for (var i=0, l=opcodes.length; i<l; i++) {
-      opcode = opcodes[i];
-
-      if (opcode.opcode === 'DECLARE') {
-        out.push("DECLARE " + opcode.name + "=" + opcode.value);
-      } else {
-        params = [];
-        for (var j=0; j<opcode.args.length; j++) {
-          param = opcode.args[j];
-          if (typeof param === "string") {
-            param = "\"" + param.replace("\n", "\\n") + "\"";
-          }
-          params.push(param);
-        }
-        out.push(opcode.opcode + " " + params.join(" "));
-      }
-    }
-
-    return out.join("\n");
-  },
-  equals: function(other) {
-    var len = this.opcodes.length;
-    if (other.opcodes.length !== len) {
-      return false;
-    }
-
-    for (var i = 0; i < len; i++) {
-      var opcode = this.opcodes[i],
-          otherOpcode = other.opcodes[i];
-      if (opcode.opcode !== otherOpcode.opcode || opcode.args.length !== otherOpcode.args.length) {
-        return false;
-      }
-      for (var j = 0; j < opcode.args.length; j++) {
-        if (opcode.args[j] !== otherOpcode.args[j]) {
-          return false;
-        }
-      }
-    }
-
-    len = this.children.length;
-    if (other.children.length !== len) {
-      return false;
-    }
-    for (i = 0; i < len; i++) {
-      if (!this.children[i].equals(other.children[i])) {
-        return false;
-      }
-    }
-
-    return true;
-  },
-
-  guid: 0,
-
-  compile: function(program, options) {
-    this.children = [];
-    this.depths = {list: []};
-    this.options = options;
-
-    // These changes will propagate to the other compiler components
-    var knownHelpers = this.options.knownHelpers;
-    this.options.knownHelpers = {
-      'helperMissing': true,
-      'blockHelperMissing': true,
-      'each': true,
-      'if': true,
-      'unless': true,
-      'with': true,
-      'log': true
-    };
-    if (knownHelpers) {
-      for (var name in knownHelpers) {
-        this.options.knownHelpers[name] = knownHelpers[name];
-      }
-    }
-
-    return this.program(program);
-  },
-
-  accept: function(node) {
-    return this[node.type](node);
-  },
-
-  program: function(program) {
-    var statements = program.statements, statement;
-    this.opcodes = [];
-
-    for(var i=0, l=statements.length; i<l; i++) {
-      statement = statements[i];
-      this[statement.type](statement);
-    }
-    this.isSimple = l === 1;
-
-    this.depths.list = this.depths.list.sort(function(a, b) {
-      return a - b;
-    });
-
-    return this;
-  },
-
-  compileProgram: function(program) {
-    var result = new this.compiler().compile(program, this.options);
-    var guid = this.guid++, depth;
-
-    this.usePartial = this.usePartial || result.usePartial;
-
-    this.children[guid] = result;
-
-    for(var i=0, l=result.depths.list.length; i<l; i++) {
-      depth = result.depths.list[i];
-
-      if(depth < 2) { continue; }
-      else { this.addDepth(depth - 1); }
-    }
-
-    return guid;
-  },
-
-  block: function(block) {
-    var mustache = block.mustache,
-        program = block.program,
-        inverse = block.inverse;
-
-    if (program) {
-      program = this.compileProgram(program);
-    }
-
-    if (inverse) {
-      inverse = this.compileProgram(inverse);
-    }
-
-    var type = this.classifyMustache(mustache);
-
-    if (type === "helper") {
-      this.helperMustache(mustache, program, inverse);
-    } else if (type === "simple") {
-      this.simpleMustache(mustache);
-
-      // now that the simple mustache is resolved, we need to
-      // evaluate it by executing `blockHelperMissing`
-      this.opcode('pushProgram', program);
-      this.opcode('pushProgram', inverse);
-      this.opcode('emptyHash');
-      this.opcode('blockValue');
-    } else {
-      this.ambiguousMustache(mustache, program, inverse);
-
-      // now that the simple mustache is resolved, we need to
-      // evaluate it by executing `blockHelperMissing`
-      this.opcode('pushProgram', program);
-      this.opcode('pushProgram', inverse);
-      this.opcode('emptyHash');
-      this.opcode('ambiguousBlockValue');
-    }
-
-    this.opcode('append');
-  },
-
-  hash: function(hash) {
-    var pairs = hash.pairs, pair, val;
-
-    this.opcode('pushHash');
-
-    for(var i=0, l=pairs.length; i<l; i++) {
-      pair = pairs[i];
-      val  = pair[1];
-
-      if (this.options.stringParams) {
-        if(val.depth) {
-          this.addDepth(val.depth);
-        }
-        this.opcode('getContext', val.depth || 0);
-        this.opcode('pushStringParam', val.stringModeValue, val.type);
-      } else {
-        this.accept(val);
-      }
-
-      this.opcode('assignToHash', pair[0]);
-    }
-    this.opcode('popHash');
-  },
-
-  partial: function(partial) {
-    var partialName = partial.partialName;
-    this.usePartial = true;
-
-    if(partial.context) {
-      this.ID(partial.context);
-    } else {
-      this.opcode('push', 'depth0');
-    }
-
-    this.opcode('invokePartial', partialName.name);
-    this.opcode('append');
-  },
-
-  content: function(content) {
-    this.opcode('appendContent', content.string);
-  },
-
-  mustache: function(mustache) {
-    var options = this.options;
-    var type = this.classifyMustache(mustache);
-
-    if (type === "simple") {
-      this.simpleMustache(mustache);
-    } else if (type === "helper") {
-      this.helperMustache(mustache);
-    } else {
-      this.ambiguousMustache(mustache);
-    }
-
-    if(mustache.escaped && !options.noEscape) {
-      this.opcode('appendEscaped');
-    } else {
-      this.opcode('append');
-    }
-  },
-
-  ambiguousMustache: function(mustache, program, inverse) {
-    var id = mustache.id,
-        name = id.parts[0],
-        isBlock = program != null || inverse != null;
-
-    this.opcode('getContext', id.depth);
-
-    this.opcode('pushProgram', program);
-    this.opcode('pushProgram', inverse);
-
-    this.opcode('invokeAmbiguous', name, isBlock);
-  },
-
-  simpleMustache: function(mustache) {
-    var id = mustache.id;
-
-    if (id.type === 'DATA') {
-      this.DATA(id);
-    } else if (id.parts.length) {
-      this.ID(id);
-    } else {
-      // Simplified ID for `this`
-      this.addDepth(id.depth);
-      this.opcode('getContext', id.depth);
-      this.opcode('pushContext');
-    }
-
-    this.opcode('resolvePossibleLambda');
-  },
-
-  helperMustache: function(mustache, program, inverse) {
-    var params = this.setupFullMustacheParams(mustache, program, inverse),
-        name = mustache.id.parts[0];
-
-    if (this.options.knownHelpers[name]) {
-      this.opcode('invokeKnownHelper', params.length, name);
-    } else if (this.options.knownHelpersOnly) {
-      throw new Error("You specified knownHelpersOnly, but used the unknown helper " + name);
-    } else {
-      this.opcode('invokeHelper', params.length, name);
-    }
-  },
-
-  ID: function(id) {
-    this.addDepth(id.depth);
-    this.opcode('getContext', id.depth);
-
-    var name = id.parts[0];
-    if (!name) {
-      this.opcode('pushContext');
-    } else {
-      this.opcode('lookupOnContext', id.parts[0]);
-    }
-
-    for(var i=1, l=id.parts.length; i<l; i++) {
-      this.opcode('lookup', id.parts[i]);
-    }
-  },
-
-  DATA: function(data) {
-    this.options.data = true;
-    if (data.id.isScoped || data.id.depth) {
-      throw new Handlebars.Exception('Scoped data references are not supported: ' + data.original);
-    }
-
-    this.opcode('lookupData');
-    var parts = data.id.parts;
-    for(var i=0, l=parts.length; i<l; i++) {
-      this.opcode('lookup', parts[i]);
-    }
-  },
-
-  STRING: function(string) {
-    this.opcode('pushString', string.string);
-  },
-
-  INTEGER: function(integer) {
-    this.opcode('pushLiteral', integer.integer);
-  },
-
-  BOOLEAN: function(bool) {
-    this.opcode('pushLiteral', bool.bool);
-  },
-
-  comment: function() {},
-
-  // HELPERS
-  opcode: function(name) {
-    this.opcodes.push({ opcode: name, args: [].slice.call(arguments, 1) });
-  },
-
-  declare: function(name, value) {
-    this.opcodes.push({ opcode: 'DECLARE', name: name, value: value });
-  },
-
-  addDepth: function(depth) {
-    if(isNaN(depth)) { throw new Error("EWOT"); }
-    if(depth === 0) { return; }
-
-    if(!this.depths[depth]) {
-      this.depths[depth] = true;
-      this.depths.list.push(depth);
-    }
-  },
-
-  classifyMustache: function(mustache) {
-    var isHelper   = mustache.isHelper;
-    var isEligible = mustache.eligibleHelper;
-    var options    = this.options;
-
-    // if ambiguous, we can possibly resolve the ambiguity now
-    if (isEligible && !isHelper) {
-      var name = mustache.id.parts[0];
-
-      if (options.knownHelpers[name]) {
-        isHelper = true;
-      } else if (options.knownHelpersOnly) {
-        isEligible = false;
-      }
-    }
-
-    if (isHelper) { return "helper"; }
-    else if (isEligible) { return "ambiguous"; }
-    else { return "simple"; }
-  },
-
-  pushParams: function(params) {
-    var i = params.length, param;
-
-    while(i--) {
-      param = params[i];
-
-      if(this.options.stringParams) {
-        if(param.depth) {
-          this.addDepth(param.depth);
-        }
-
-        this.opcode('getContext', param.depth || 0);
-        this.opcode('pushStringParam', param.stringModeValue, param.type);
-      } else {
-        this[param.type](param);
-      }
-    }
-  },
-
-  setupMustacheParams: function(mustache) {
-    var params = mustache.params;
-    this.pushParams(params);
-
-    if(mustache.hash) {
-      this.hash(mustache.hash);
-    } else {
-      this.opcode('emptyHash');
-    }
-
-    return params;
-  },
-
-  // this will replace setupMustacheParams when we're done
-  setupFullMustacheParams: function(mustache, program, inverse) {
-    var params = mustache.params;
-    this.pushParams(params);
-
-    this.opcode('pushProgram', program);
-    this.opcode('pushProgram', inverse);
-
-    if(mustache.hash) {
-      this.hash(mustache.hash);
-    } else {
-      this.opcode('emptyHash');
-    }
-
-    return params;
-  }
-};
-
-var Literal = function(value) {
-  this.value = value;
-};
-
-JavaScriptCompiler.prototype = {
-  // PUBLIC API: You can override these methods in a subclass to provide
-  // alternative compiled forms for name lookup and buffering semantics
-  nameLookup: function(parent, name /* , type*/) {
-    if (/^[0-9]+$/.test(name)) {
-      return parent + "[" + name + "]";
-    } else if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) {
-      return parent + "." + name;
-    }
-    else {
-      return parent + "['" + name + "']";
-    }
-  },
-
-  appendToBuffer: function(string) {
-    if (this.environment.isSimple) {
-      return "return " + string + ";";
-    } else {
-      return {
-        appendToBuffer: true,
-        content: string,
-        toString: function() { return "buffer += " + string + ";"; }
-      };
-    }
-  },
-
-  initializeBuffer: function() {
-    return this.quotedString("");
-  },
-
-  namespace: "Handlebars",
-  // END PUBLIC API
-
-  compile: function(environment, options, context, asObject) {
-    this.environment = environment;
-    this.options = options || {};
-
-    Handlebars.log(Handlebars.logger.DEBUG, this.environment.disassemble() + "\n\n");
-
-    this.name = this.environment.name;
-    this.isChild = !!context;
-    this.context = context || {
-      programs: [],
-      environments: [],
-      aliases: { }
-    };
-
-    this.preamble();
-
-    this.stackSlot = 0;
-    this.stackVars = [];
-    this.registers = { list: [] };
-    this.compileStack = [];
-    this.inlineStack = [];
-
-    this.compileChildren(environment, options);
-
-    var opcodes = environment.opcodes, opcode;
-
-    this.i = 0;
-
-    for(l=opcodes.length; this.i<l; this.i++) {
-      opcode = opcodes[this.i];
-
-      if(opcode.opcode === 'DECLARE') {
-        this[opcode.name] = opcode.value;
-      } else {
-        this[opcode.opcode].apply(this, opcode.args);
-      }
-    }
-
-    return this.createFunctionContext(asObject);
-  },
-
-  nextOpcode: function() {
-    var opcodes = this.environment.opcodes;
-    return opcodes[this.i + 1];
-  },
-
-  eat: function() {
-    this.i = this.i + 1;
-  },
-
-  preamble: function() {
-    var out = [];
-
-    if (!this.isChild) {
-      var namespace = this.namespace;
-
-      var copies = "helpers = this.merge(helpers, " + namespace + ".helpers);";
-      if (this.environment.usePartial) { copies = copies + " partials = this.merge(partials, " + namespace + ".partials);"; }
-      if (this.options.data) { copies = copies + " data = data || {};"; }
-      out.push(copies);
-    } else {
-      out.push('');
-    }
-
-    if (!this.environment.isSimple) {
-      out.push(", buffer = " + this.initializeBuffer());
-    } else {
-      out.push("");
-    }
-
-    // track the last context pushed into place to allow skipping the
-    // getContext opcode when it would be a noop
-    this.lastContext = 0;
-    this.source = out;
-  },
-
-  createFunctionContext: function(asObject) {
-    var locals = this.stackVars.concat(this.registers.list);
-
-    if(locals.length > 0) {
-      this.source[1] = this.source[1] + ", " + locals.join(", ");
-    }
-
-    // Generate minimizer alias mappings
-    if (!this.isChild) {
-      for (var alias in this.context.aliases) {
-        if (this.context.aliases.hasOwnProperty(alias)) {
-          this.source[1] = this.source[1] + ', ' + alias + '=' + this.context.aliases[alias];
-        }
-      }
-    }
-
-    if (this.source[1]) {
-      this.source[1] = "var " + this.source[1].substring(2) + ";";
-    }
-
-    // Merge children
-    if (!this.isChild) {
-      this.source[1] += '\n' + this.context.programs.join('\n') + '\n';
-    }
-
-    if (!this.environment.isSimple) {
-      this.source.push("return buffer;");
-    }
-
-    var params = this.isChild ? ["depth0", "data"] : ["Handlebars", "depth0", "helpers", "partials", "data"];
-
-    for(var i=0, l=this.environment.depths.list.length; i<l; i++) {
-      params.push("depth" + this.environment.depths.list[i]);
-    }
-
-    // Perform a second pass over the output to merge content when possible
-    var source = this.mergeSource();
-
-    if (!this.isChild) {
-      var revision = Handlebars.COMPILER_REVISION,
-          versions = Handlebars.REVISION_CHANGES[revision];
-      source = "this.compilerInfo = ["+revision+",'"+versions+"'];\n"+source;
-    }
-
-    if (asObject) {
-      params.push(source);
-
-      return Function.apply(this, params);
-    } else {
-      var functionSource = 'function ' + (this.name || '') + '(' + params.join(',') + ') {\n  ' + source + '}';
-      Handlebars.log(Handlebars.logger.DEBUG, functionSource + "\n\n");
-      return functionSource;
-    }
-  },
-  mergeSource: function() {
-    // WARN: We are not handling the case where buffer is still populated as the source should
-    // not have buffer append operations as their final action.
-    var source = '',
-        buffer;
-    for (var i = 0, len = this.source.length; i < len; i++) {
-      var line = this.source[i];
-      if (line.appendToBuffer) {
-        if (buffer) {
-          buffer = buffer + '\n    + ' + line.content;
-        } else {
-          buffer = line.content;
-        }
-      } else {
-        if (buffer) {
-          source += 'buffer += ' + buffer + ';\n  ';
-          buffer = undefined;
-        }
-        source += line + '\n  ';
-      }
-    }
-    return source;
-  },
-
-  // [blockValue]
-  //
-  // On stack, before: hash, inverse, program, value
-  // On stack, after: return value of blockHelperMissing
-  //
-  // The purpose of this opcode is to take a block of the form
-  // `{{#foo}}...{{/foo}}`, resolve the value of `foo`, and
-  // replace it on the stack with the result of properly
-  // invoking blockHelperMissing.
-  blockValue: function() {
-    this.context.aliases.blockHelperMissing = 'helpers.blockHelperMissing';
-
-    var params = ["depth0"];
-    this.setupParams(0, params);
-
-    this.replaceStack(function(current) {
-      params.splice(1, 0, current);
-      return "blockHelperMissing.call(" + params.join(", ") + ")";
-    });
-  },
-
-  // [ambiguousBlockValue]
-  //
-  // On stack, before: hash, inverse, program, value
-  // Compiler value, before: lastHelper=value of last found helper, if any
-  // On stack, after, if no lastHelper: same as [blockValue]
-  // On stack, after, if lastHelper: value
-  ambiguousBlockValue: function() {
-    this.context.aliases.blockHelperMissing = 'helpers.blockHelperMissing';
-
-    var params = ["depth0"];
-    this.setupParams(0, params);
-
-    var current = this.topStack();
-    params.splice(1, 0, current);
-
-    // Use the options value generated from the invocation
-    params[params.length-1] = 'options';
-
-    this.source.push("if (!" + this.lastHelper + ") { " + current + " = blockHelperMissing.call(" + params.join(", ") + "); }");
-  },
-
-  // [appendContent]
-  //
-  // On stack, before: ...
-  // On stack, after: ...
-  //
-  // Appends the string value of `content` to the current buffer
-  appendContent: function(content) {
-    this.source.push(this.appendToBuffer(this.quotedString(content)));
-  },
-
-  // [append]
-  //
-  // On stack, before: value, ...
-  // On stack, after: ...
-  //
-  // Coerces `value` to a String and appends it to the current buffer.
-  //
-  // If `value` is truthy, or 0, it is coerced into a string and appended
-  // Otherwise, the empty string is appended
-  append: function() {
-    // Force anything that is inlined onto the stack so we don't have duplication
-    // when we examine local
-    this.flushInline();
-    var local = this.popStack();
-    this.source.push("if(" + local + " || " + local + " === 0) { " + this.appendToBuffer(local) + " }");
-    if (this.environment.isSimple) {
-      this.source.push("else { " + this.appendToBuffer("''") + " }");
-    }
-  },
-
-  // [appendEscaped]
-  //
-  // On stack, before: value, ...
-  // On stack, after: ...
-  //
-  // Escape `value` and append it to the buffer
-  appendEscaped: function() {
-    this.context.aliases.escapeExpression = 'this.escapeExpression';
-
-    this.source.push(this.appendToBuffer("escapeExpression(" + this.popStack() + ")"));
-  },
-
-  // [getContext]
-  //
-  // On stack, before: ...
-  // On stack, after: ...
-  // Compiler value, after: lastContext=depth
-  //
-  // Set the value of the `lastContext` compiler value to the depth
-  getContext: function(depth) {
-    if(this.lastContext !== depth) {
-      this.lastContext = depth;
-    }
-  },
-
-  // [lookupOnContext]
-  //
-  // On stack, before: ...
-  // On stack, after: currentContext[name], ...
-  //
-  // Looks up the value of `name` on the current context and pushes
-  // it onto the stack.
-  lookupOnContext: function(name) {
-    this.push(this.nameLookup('depth' + this.lastContext, name, 'context'));
-  },
-
-  // [pushContext]
-  //
-  // On stack, before: ...
-  // On stack, after: currentContext, ...
-  //
-  // Pushes the value of the current context onto the stack.
-  pushContext: function() {
-    this.pushStackLiteral('depth' + this.lastContext);
-  },
-
-  // [resolvePossibleLambda]
-  //
-  // On stack, before: value, ...
-  // On stack, after: resolved value, ...
-  //
-  // If the `value` is a lambda, replace it on the stack by
-  // the return value of the lambda
-  resolvePossibleLambda: function() {
-    this.context.aliases.functionType = '"function"';
-
-    this.replaceStack(function(current) {
-      return "typeof " + current + " === functionType ? " + current + ".apply(depth0) : " + current;
-    });
-  },
-
-  // [lookup]
-  //
-  // On stack, before: value, ...
-  // On stack, after: value[name], ...
-  //
-  // Replace the value on the stack with the result of looking
-  // up `name` on `value`
-  lookup: function(name) {
-    this.replaceStack(function(current) {
-      return current + " == null || " + current + " === false ? " + current + " : " + this.nameLookup(current, name, 'context');
-    });
-  },
-
-  // [lookupData]
-  //
-  // On stack, before: ...
-  // On stack, after: data[id], ...
-  //
-  // Push the result of looking up `id` on the current data
-  lookupData: function(id) {
-    this.push('data');
-  },
-
-  // [pushStringParam]
-  //
-  // On stack, before: ...
-  // On stack, after: string, currentContext, ...
-  //
-  // This opcode is designed for use in string mode, which
-  // provides the string value of a parameter along with its
-  // depth rather than resolving it immediately.
-  pushStringParam: function(string, type) {
-    this.pushStackLiteral('depth' + this.lastContext);
-
-    this.pushString(type);
-
-    if (typeof string === 'string') {
-      this.pushString(string);
-    } else {
-      this.pushStackLiteral(string);
-    }
-  },
-
-  emptyHash: function() {
-    this.pushStackLiteral('{}');
-
-    if (this.options.stringParams) {
-      this.register('hashTypes', '{}');
-      this.register('hashContexts', '{}');
-    }
-  },
-  pushHash: function() {
-    this.hash = {values: [], types: [], contexts: []};
-  },
-  popHash: function() {
-    var hash = this.hash;
-    this.hash = undefined;
-
-    if (this.options.stringParams) {
-      this.register('hashContexts', '{' + hash.contexts.join(',') + '}');
-      this.register('hashTypes', '{' + hash.types.join(',') + '}');
-    }
-    this.push('{\n    ' + hash.values.join(',\n    ') + '\n  }');
-  },
-
-  // [pushString]
-  //
-  // On stack, before: ...
-  // On stack, after: quotedString(string), ...
-  //
-  // Push a quoted version of `string` onto the stack
-  pushString: function(string) {
-    this.pushStackLiteral(this.quotedString(string));
-  },
-
-  // [push]
-  //
-  // On stack, before: ...
-  // On stack, after: expr, ...
-  //
-  // Push an expression onto the stack
-  push: function(expr) {
-    this.inlineStack.push(expr);
-    return expr;
-  },
-
-  // [pushLiteral]
-  //
-  // On stack, before: ...
-  // On stack, after: value, ...
-  //
-  // Pushes a value onto the stack. This operation prevents
-  // the compiler from creating a temporary variable to hold
-  // it.
-  pushLiteral: function(value) {
-    this.pushStackLiteral(value);
-  },
-
-  // [pushProgram]
-  //
-  // On stack, before: ...
-  // On stack, after: program(guid), ...
-  //
-  // Push a program expression onto the stack. This takes
-  // a compile-time guid and converts it into a runtime-accessible
-  // expression.
-  pushProgram: function(guid) {
-    if (guid != null) {
-      this.pushStackLiteral(this.programExpression(guid));
-    } else {
-      this.pushStackLiteral(null);
-    }
-  },
-
-  // [invokeHelper]
-  //
-  // On stack, before: hash, inverse, program, params..., ...
-  // On stack, after: result of helper invocation
-  //
-  // Pops off the helper's parameters, invokes the helper,
-  // and pushes the helper's return value onto the stack.
-  //
-  // If the helper is not found, `helperMissing` is called.
-  invokeHelper: function(paramSize, name) {
-    this.context.aliases.helperMissing = 'helpers.helperMissing';
-
-    var helper = this.lastHelper = this.setupHelper(paramSize, name, true);
-    var nonHelper = this.nameLookup('depth' + this.lastContext, name, 'context');
-
-    this.push(helper.name + ' || ' + nonHelper);
-    this.replaceStack(function(name) {
-      return name + ' ? ' + name + '.call(' +
-          helper.callParams + ") " + ": helperMissing.call(" +
-          helper.helperMissingParams + ")";
-    });
-  },
-
-  // [invokeKnownHelper]
-  //
-  // On stack, before: hash, inverse, program, params..., ...
-  // On stack, after: result of helper invocation
-  //
-  // This operation is used when the helper is known to exist,
-  // so a `helperMissing` fallback is not required.
-  invokeKnownHelper: function(paramSize, name) {
-    var helper = this.setupHelper(paramSize, name);
-    this.push(helper.name + ".call(" + helper.callParams + ")");
-  },
-
-  // [invokeAmbiguous]
-  //
-  // On stack, before: hash, inverse, program, params..., ...
-  // On stack, after: result of disambiguation
-  //
-  // This operation is used when an expression like `{{foo}}`
-  // is provided, but we don't know at compile-time whether it
-  // is a helper or a path.
-  //
-  // This operation emits more code than the other options,
-  // and can be avoided by passing the `knownHelpers` and
-  // `knownHelpersOnly` flags at compile-time.
-  invokeAmbiguous: function(name, helperCall) {
-    this.context.aliases.functionType = '"function"';
-
-    this.pushStackLiteral('{}');    // Hash value
-    var helper = this.setupHelper(0, name, helperCall);
-
-    var helperName = this.lastHelper = this.nameLookup('helpers', name, 'helper');
-
-    var nonHelper = this.nameLookup('depth' + this.lastContext, name, 'context');
-    var nextStack = this.nextStack();
-
-    this.source.push('if (' + nextStack + ' = ' + helperName + ') { ' + nextStack + ' = ' + nextStack + '.call(' + helper.callParams + '); }');
-    this.source.push('else { ' + nextStack + ' = ' + nonHelper + '; ' + nextStack + ' = typeof ' + nextStack + ' === functionType ? ' + nextStack + '.apply(depth0) : ' + nextStack + '; }');
-  },
-
-  // [invokePartial]
-  //
-  // On stack, before: context, ...
-  // On stack after: result of partial invocation
-  //
-  // This operation pops off a context, invokes a partial with that context,
-  // and pushes the result of the invocation back.
-  invokePartial: function(name) {
-    var params = [this.nameLookup('partials', name, 'partial'), "'" + name + "'", this.popStack(), "helpers", "partials"];
-
-    if (this.options.data) {
-      params.push("data");
-    }
-
-    this.context.aliases.self = "this";
-    this.push("self.invokePartial(" + params.join(", ") + ")");
-  },
-
-  // [assignToHash]
-  //
-  // On stack, before: value, hash, ...
-  // On stack, after: hash, ...
-  //
-  // Pops a value and hash off the stack, assigns `hash[key] = value`
-  // and pushes the hash back onto the stack.
-  assignToHash: function(key) {
-    var value = this.popStack(),
-        context,
-        type;
-
-    if (this.options.stringParams) {
-      type = this.popStack();
-      context = this.popStack();
-    }
-
-    var hash = this.hash;
-    if (context) {
-      hash.contexts.push("'" + key + "': " + context);
-    }
-    if (type) {
-      hash.types.push("'" + key + "': " + type);
-    }
-    hash.values.push("'" + key + "': (" + value + ")");
-  },
-
-  // HELPERS
-
-  compiler: JavaScriptCompiler,
-
-  compileChildren: function(environment, options) {
-    var children = environment.children, child, compiler;
-
-    for(var i=0, l=children.length; i<l; i++) {
-      child = children[i];
-      compiler = new this.compiler();
-
-      var index = this.matchExistingProgram(child);
-
-      if (index == null) {
-        this.context.programs.push('');     // Placeholder to prevent name conflicts for nested children
-        index = this.context.programs.length;
-        child.index = index;
-        child.name = 'program' + index;
-        this.context.programs[index] = compiler.compile(child, options, this.context);
-        this.context.environments[index] = child;
-      } else {
-        child.index = index;
-        child.name = 'program' + index;
-      }
-    }
-  },
-  matchExistingProgram: function(child) {
-    for (var i = 0, len = this.context.environments.length; i < len; i++) {
-      var environment = this.context.environments[i];
-      if (environment && environment.equals(child)) {
-        return i;
-      }
-    }
-  },
-
-  programExpression: function(guid) {
-    this.context.aliases.self = "this";
-
-    if(guid == null) {
-      return "self.noop";
-    }
-
-    var child = this.environment.children[guid],
-        depths = child.depths.list, depth;
-
-    var programParams = [child.index, child.name, "data"];
-
-    for(var i=0, l = depths.length; i<l; i++) {
-      depth = depths[i];
-
-      if(depth === 1) { programParams.push("depth0"); }
-      else { programParams.push("depth" + (depth - 1)); }
-    }
-
-    return (depths.length === 0 ? "self.program(" : "self.programWithDepth(") + programParams.join(", ") + ")";
-  },
-
-  register: function(name, val) {
-    this.useRegister(name);
-    this.source.push(name + " = " + val + ";");
-  },
-
-  useRegister: function(name) {
-    if(!this.registers[name]) {
-      this.registers[name] = true;
-      this.registers.list.push(name);
-    }
-  },
-
-  pushStackLiteral: function(item) {
-    return this.push(new Literal(item));
-  },
-
-  pushStack: function(item) {
-    this.flushInline();
-
-    var stack = this.incrStack();
-    if (item) {
-      this.source.push(stack + " = " + item + ";");
-    }
-    this.compileStack.push(stack);
-    return stack;
-  },
-
-  replaceStack: function(callback) {
-    var prefix = '',
-        inline = this.isInline(),
-        stack;
-
-    // If we are currently inline then we want to merge the inline statement into the
-    // replacement statement via ','
-    if (inline) {
-      var top = this.popStack(true);
-
-      if (top instanceof Literal) {
-        // Literals do not need to be inlined
-        stack = top.value;
-      } else {
-        // Get or create the current stack name for use by the inline
-        var name = this.stackSlot ? this.topStackName() : this.incrStack();
-
-        prefix = '(' + this.push(name) + ' = ' + top + '),';
-        stack = this.topStack();
-      }
-    } else {
-      stack = this.topStack();
-    }
-
-    var item = callback.call(this, stack);
-
-    if (inline) {
-      if (this.inlineStack.length || this.compileStack.length) {
-        this.popStack();
-      }
-      this.push('(' + prefix + item + ')');
-    } else {
-      // Prevent modification of the context depth variable. Through replaceStack
-      if (!/^stack/.test(stack)) {
-        stack = this.nextStack();
-      }
-
-      this.source.push(stack + " = (" + prefix + item + ");");
-    }
-    return stack;
-  },
-
-  nextStack: function() {
-    return this.pushStack();
-  },
-
-  incrStack: function() {
-    this.stackSlot++;
-    if(this.stackSlot > this.stackVars.length) { this.stackVars.push("stack" + this.stackSlot); }
-    return this.topStackName();
-  },
-  topStackName: function() {
-    return "stack" + this.stackSlot;
-  },
-  flushInline: function() {
-    var inlineStack = this.inlineStack;
-    if (inlineStack.length) {
-      this.inlineStack = [];
-      for (var i = 0, len = inlineStack.length; i < len; i++) {
-        var entry = inlineStack[i];
-        if (entry instanceof Literal) {
-          this.compileStack.push(entry);
-        } else {
-          this.pushStack(entry);
-        }
-      }
-    }
-  },
-  isInline: function() {
-    return this.inlineStack.length;
-  },
-
-  popStack: function(wrapped) {
-    var inline = this.isInline(),
-        item = (inline ? this.inlineStack : this.compileStack).pop();
-
-    if (!wrapped && (item instanceof Literal)) {
-      return item.value;
-    } else {
-      if (!inline) {
-        this.stackSlot--;
-      }
-      return item;
-    }
-  },
-
-  topStack: function(wrapped) {
-    var stack = (this.isInline() ? this.inlineStack : this.compileStack),
-        item = stack[stack.length - 1];
-
-    if (!wrapped && (item instanceof Literal)) {
-      return item.value;
-    } else {
-      return item;
-    }
-  },
-
-  quotedString: function(str) {
-    return '"' + str
-      .replace(/\\/g, '\\\\')
-      .replace(/"/g, '\\"')
-      .replace(/\n/g, '\\n')
-      .replace(/\r/g, '\\r')
-      .replace(/\u2028/g, '\\u2028')   // Per Ecma-262 7.3 + 7.8.4
-      .replace(/\u2029/g, '\\u2029') + '"';
-  },
-
-  setupHelper: function(paramSize, name, missingParams) {
-    var params = [];
-    this.setupParams(paramSize, params, missingParams);
-    var foundHelper = this.nameLookup('helpers', name, 'helper');
-
-    return {
-      params: params,
-      name: foundHelper,
-      callParams: ["depth0"].concat(params).join(", "),
-      helperMissingParams: missingParams && ["depth0", this.quotedString(name)].concat(params).join(", ")
-    };
-  },
-
-  // the params and contexts arguments are passed in arrays
-  // to fill in
-  setupParams: function(paramSize, params, useRegister) {
-    var options = [], contexts = [], types = [], param, inverse, program;
-
-    options.push("hash:" + this.popStack());
-
-    inverse = this.popStack();
-    program = this.popStack();
-
-    // Avoid setting fn and inverse if neither are set. This allows
-    // helpers to do a check for `if (options.fn)`
-    if (program || inverse) {
-      if (!program) {
-        this.context.aliases.self = "this";
-        program = "self.noop";
-      }
-
-      if (!inverse) {
-       this.context.aliases.self = "this";
-        inverse = "self.noop";
-      }
-
-      options.push("inverse:" + inverse);
-      options.push("fn:" + program);
-    }
-
-    for(var i=0; i<paramSize; i++) {
-      param = this.popStack();
-      params.push(param);
-
-      if(this.options.stringParams) {
-        types.push(this.popStack());
-        contexts.push(this.popStack());
-      }
-    }
-
-    if (this.options.stringParams) {
-      options.push("contexts:[" + contexts.join(",") + "]");
-      options.push("types:[" + types.join(",") + "]");
-      options.push("hashContexts:hashContexts");
-      options.push("hashTypes:hashTypes");
-    }
-
-    if(this.options.data) {
-      options.push("data:data");
-    }
-
-    options = "{" + options.join(",") + "}";
-    if (useRegister) {
-      this.register('options', options);
-      params.push('options');
-    } else {
-      params.push(options);
-    }
-    return params.join(", ");
-  }
-};
-
-var reservedWords = (
-  "break else new var" +
-  " case finally return void" +
-  " catch for switch while" +
-  " continue function this with" +
-  " default if throw" +
-  " delete in try" +
-  " do instanceof typeof" +
-  " abstract enum int short" +
-  " boolean export interface static" +
-  " byte extends long super" +
-  " char final native synchronized" +
-  " class float package throws" +
-  " const goto private transient" +
-  " debugger implements protected volatile" +
-  " double import public let yield"
-).split(" ");
-
-var compilerWords = JavaScriptCompiler.RESERVED_WORDS = {};
-
-for(var i=0, l=reservedWords.length; i<l; i++) {
-  compilerWords[reservedWords[i]] = true;
-}
-
-JavaScriptCompiler.isValidJavaScriptVariableName = function(name) {
-  if(!JavaScriptCompiler.RESERVED_WORDS[name] && /^[a-zA-Z_$][0-9a-zA-Z_$]+$/.test(name)) {
-    return true;
-  }
-  return false;
-};
-
-Handlebars.precompile = function(input, options) {
-  if (input == null || (typeof input !== 'string' && input.constructor !== Handlebars.AST.ProgramNode)) {
-    throw new Handlebars.Exception("You must pass a string or Handlebars AST to Handlebars.precompile. You passed " + input);
-  }
-
-  options = options || {};
-  if (!('data' in options)) {
-    options.data = true;
-  }
-  var ast = Handlebars.parse(input);
-  var environment = new Compiler().compile(ast, options);
-  return new JavaScriptCompiler().compile(environment, options);
-};
-
-Handlebars.compile = function(input, options) {
-  if (input == null || (typeof input !== 'string' && input.constructor !== Handlebars.AST.ProgramNode)) {
-    throw new Handlebars.Exception("You must pass a string or Handlebars AST to Handlebars.compile. You passed " + input);
-  }
-
-  options = options || {};
-  if (!('data' in options)) {
-    options.data = true;
-  }
-  var compiled;
-  function compile() {
-    var ast = Handlebars.parse(input);
-    var environment = new Compiler().compile(ast, options);
-    var templateSpec = new JavaScriptCompiler().compile(environment, options, undefined, true);
-    return Handlebars.template(templateSpec);
-  }
-
-  // Template is only compiled on first use and cached after that point.
-  return function(context, options) {
-    if (!compiled) {
-      compiled = compile();
-    }
-    return compiled.call(this, context, options);
-  };
-};
-
-;
-// lib/handlebars/runtime.js
-
-Handlebars.VM = {
-  template: function(templateSpec) {
-    // Just add water
-    var container = {
-      escapeExpression: Handlebars.Utils.escapeExpression,
-      invokePartial: Handlebars.VM.invokePartial,
-      programs: [],
-      program: function(i, fn, data) {
-        var programWrapper = this.programs[i];
-        if(data) {
-          programWrapper = Handlebars.VM.program(i, fn, data);
-        } else if (!programWrapper) {
-          programWrapper = this.programs[i] = Handlebars.VM.program(i, fn);
-        }
-        return programWrapper;
-      },
-      merge: function(param, common) {
-        var ret = param || common;
-
-        if (param && common) {
-          ret = {};
-          Handlebars.Utils.extend(ret, common);
-          Handlebars.Utils.extend(ret, param);
-        }
-        return ret;
-      },
-      programWithDepth: Handlebars.VM.programWithDepth,
-      noop: Handlebars.VM.noop,
-      compilerInfo: null
-    };
-
-    return function(context, options) {
-      options = options || {};
-      var result = templateSpec.call(container, Handlebars, context, options.helpers, options.partials, options.data);
-
-      var compilerInfo = container.compilerInfo || [],
-          compilerRevision = compilerInfo[0] || 1,
-          currentRevision = Handlebars.COMPILER_REVISION;
-
-      if (compilerRevision !== currentRevision) {
-        if (compilerRevision < currentRevision) {
-          var runtimeVersions = Handlebars.REVISION_CHANGES[currentRevision],
-              compilerVersions = Handlebars.REVISION_CHANGES[compilerRevision];
-          throw "Template was precompiled with an older version of Handlebars than the current runtime. "+
-                "Please update your precompiler to a newer version ("+runtimeVersions+") or downgrade your runtime to an older version ("+compilerVersions+").";
-        } else {
-          // Use the embedded version info since the runtime doesn't know about this revision yet
-          throw "Template was precompiled with a newer version of Handlebars than the current runtime. "+
-                "Please update your runtime to a newer version ("+compilerInfo[1]+").";
-        }
-      }
-
-      return result;
-    };
-  },
-
-  programWithDepth: function(i, fn, data /*, $depth */) {
-    var args = Array.prototype.slice.call(arguments, 3);
-
-    var program = function(context, options) {
-      options = options || {};
-
-      return fn.apply(this, [context, options.data || data].concat(args));
-    };
-    program.program = i;
-    program.depth = args.length;
-    return program;
-  },
-  program: function(i, fn, data) {
-    var program = function(context, options) {
-      options = options || {};
-
-      return fn(context, options.data || data);
-    };
-    program.program = i;
-    program.depth = 0;
-    return program;
-  },
-  noop: function() { return ""; },
-  invokePartial: function(partial, name, context, helpers, partials, data) {
-    var options = { helpers: helpers, partials: partials, data: data };
-
-    if(partial === undefined) {
-      throw new Handlebars.Exception("The partial " + name + " could not be found");
-    } else if(partial instanceof Function) {
-      return partial(context, options);
-    } else if (!Handlebars.compile) {
-      throw new Handlebars.Exception("The partial " + name + " could not be compiled when running in runtime-only mode");
-    } else {
-      partials[name] = Handlebars.compile(partial, {data: data !== undefined});
-      return partials[name](context, options);
-    }
-  }
-};
-
-Handlebars.template = Handlebars.VM.template;
-;
-// lib/handlebars/browser-suffix.js
-})(Handlebars);
-;
diff --git a/api/files/highlight.7.3.pack.js b/api/files/highlight.7.3.pack.js
deleted file mode 100644
index 9a95a75ea16..00000000000
--- a/api/files/highlight.7.3.pack.js
+++ /dev/null
@@ -1 +0,0 @@
-var hljs=new function(){function l(o){return o.replace(/&/gm,"&amp;").replace(/</gm,"&lt;").replace(/>/gm,"&gt;")}function b(p){for(var o=p.firstChild;o;o=o.nextSibling){if(o.nodeName=="CODE"){return o}if(!(o.nodeType==3&&o.nodeValue.match(/\s+/))){break}}}function h(p,o){return Array.prototype.map.call(p.childNodes,function(q){if(q.nodeType==3){return o?q.nodeValue.replace(/\n/g,""):q.nodeValue}if(q.nodeName=="BR"){return"\n"}return h(q,o)}).join("")}function a(q){var p=(q.className+" "+q.parentNode.className).split(/\s+/);p=p.map(function(r){return r.replace(/^language-/,"")});for(var o=0;o<p.length;o++){if(e[p[o]]||p[o]=="no-highlight"){return p[o]}}}function c(q){var o=[];(function p(r,s){for(var t=r.firstChild;t;t=t.nextSibling){if(t.nodeType==3){s+=t.nodeValue.length}else{if(t.nodeName=="BR"){s+=1}else{if(t.nodeType==1){o.push({event:"start",offset:s,node:t});s=p(t,s);o.push({event:"stop",offset:s,node:t})}}}}return s})(q,0);return o}function j(x,v,w){var p=0;var y="";var r=[];function t(){if(x.length&&v.length){if(x[0].offset!=v[0].offset){return(x[0].offset<v[0].offset)?x:v}else{return v[0].event=="start"?x:v}}else{return x.length?x:v}}function s(A){function z(B){return" "+B.nodeName+'="'+l(B.value)+'"'}return"<"+A.nodeName+Array.prototype.map.call(A.attributes,z).join("")+">"}while(x.length||v.length){var u=t().splice(0,1)[0];y+=l(w.substr(p,u.offset-p));p=u.offset;if(u.event=="start"){y+=s(u.node);r.push(u.node)}else{if(u.event=="stop"){var o,q=r.length;do{q--;o=r[q];y+=("</"+o.nodeName.toLowerCase()+">")}while(o!=u.node);r.splice(q,1);while(q<r.length){y+=s(r[q]);q++}}}}return y+l(w.substr(p))}function f(q){function o(s,r){return RegExp(s,"m"+(q.cI?"i":"")+(r?"g":""))}function p(y,w){if(y.compiled){return}y.compiled=true;var s=[];if(y.k){var r={};function z(A,t){t.split(" ").forEach(function(B){var C=B.split("|");r[C[0]]=[A,C[1]?Number(C[1]):1];s.push(C[0])})}y.lR=o(y.l||hljs.IR,true);if(typeof y.k=="string"){z("keyword",y.k)}else{for(var x in y.k){if(!y.k.hasOwnProperty(x)){continue}z(x,y.k[x])}}y.k=r}if(w){if(y.bWK){y.b="\\b("+s.join("|")+")\\s"}y.bR=o(y.b?y.b:"\\B|\\b");if(!y.e&&!y.eW){y.e="\\B|\\b"}if(y.e){y.eR=o(y.e)}y.tE=y.e||"";if(y.eW&&w.tE){y.tE+=(y.e?"|":"")+w.tE}}if(y.i){y.iR=o(y.i)}if(y.r===undefined){y.r=1}if(!y.c){y.c=[]}for(var v=0;v<y.c.length;v++){if(y.c[v]=="self"){y.c[v]=y}p(y.c[v],y)}if(y.starts){p(y.starts,w)}var u=[];for(var v=0;v<y.c.length;v++){u.push(y.c[v].b)}if(y.tE){u.push(y.tE)}if(y.i){u.push(y.i)}y.t=u.length?o(u.join("|"),true):{exec:function(t){return null}}}p(q)}function d(D,E){function o(r,M){for(var L=0;L<M.c.length;L++){var K=M.c[L].bR.exec(r);if(K&&K.index==0){return M.c[L]}}}function s(K,r){if(K.e&&K.eR.test(r)){return K}if(K.eW){return s(K.parent,r)}}function t(r,K){return K.i&&K.iR.test(r)}function y(L,r){var K=F.cI?r[0].toLowerCase():r[0];return L.k.hasOwnProperty(K)&&L.k[K]}function G(){var K=l(w);if(!A.k){return K}var r="";var N=0;A.lR.lastIndex=0;var L=A.lR.exec(K);while(L){r+=K.substr(N,L.index-N);var M=y(A,L);if(M){v+=M[1];r+='<span class="'+M[0]+'">'+L[0]+"</span>"}else{r+=L[0]}N=A.lR.lastIndex;L=A.lR.exec(K)}return r+K.substr(N)}function z(){if(A.sL&&!e[A.sL]){return l(w)}var r=A.sL?d(A.sL,w):g(w);if(A.r>0){v+=r.keyword_count;B+=r.r}return'<span class="'+r.language+'">'+r.value+"</span>"}function J(){return A.sL!==undefined?z():G()}function I(L,r){var K=L.cN?'<span class="'+L.cN+'">':"";if(L.rB){x+=K;w=""}else{if(L.eB){x+=l(r)+K;w=""}else{x+=K;w=r}}A=Object.create(L,{parent:{value:A}});B+=L.r}function C(K,r){w+=K;if(r===undefined){x+=J();return 0}var L=o(r,A);if(L){x+=J();I(L,r);return L.rB?0:r.length}var M=s(A,r);if(M){if(!(M.rE||M.eE)){w+=r}x+=J();do{if(A.cN){x+="</span>"}A=A.parent}while(A!=M.parent);if(M.eE){x+=l(r)}w="";if(M.starts){I(M.starts,"")}return M.rE?0:r.length}if(t(r,A)){throw"Illegal"}w+=r;return r.length||1}var F=e[D];f(F);var A=F;var w="";var B=0;var v=0;var x="";try{var u,q,p=0;while(true){A.t.lastIndex=p;u=A.t.exec(E);if(!u){break}q=C(E.substr(p,u.index-p),u[0]);p=u.index+q}C(E.substr(p));return{r:B,keyword_count:v,value:x,language:D}}catch(H){if(H=="Illegal"){return{r:0,keyword_count:0,value:l(E)}}else{throw H}}}function g(s){var o={keyword_count:0,r:0,value:l(s)};var q=o;for(var p in e){if(!e.hasOwnProperty(p)){continue}var r=d(p,s);r.language=p;if(r.keyword_count+r.r>q.keyword_count+q.r){q=r}if(r.keyword_count+r.r>o.keyword_count+o.r){q=o;o=r}}if(q.language){o.second_best=q}return o}function i(q,p,o){if(p){q=q.replace(/^((<[^>]+>|\t)+)/gm,function(r,v,u,t){return v.replace(/\t/g,p)})}if(o){q=q.replace(/\n/g,"<br>")}return q}function m(r,u,p){var v=h(r,p);var t=a(r);if(t=="no-highlight"){return}var w=t?d(t,v):g(v);t=w.language;var o=c(r);if(o.length){var q=document.createElement("pre");q.innerHTML=w.value;w.value=j(o,c(q),v)}w.value=i(w.value,u,p);var s=r.className;if(!s.match("(\\s|^)(language-)?"+t+"(\\s|$)")){s=s?(s+" "+t):t}r.innerHTML=w.value;r.className=s;r.result={language:t,kw:w.keyword_count,re:w.r};if(w.second_best){r.second_best={language:w.second_best.language,kw:w.second_best.keyword_count,re:w.second_best.r}}}function n(){if(n.called){return}n.called=true;Array.prototype.map.call(document.getElementsByTagName("pre"),b).filter(Boolean).forEach(function(o){m(o,hljs.tabReplace)})}function k(){window.addEventListener("DOMContentLoaded",n,false);window.addEventListener("load",n,false)}var e={};this.LANGUAGES=e;this.highlight=d;this.highlightAuto=g;this.fixMarkup=i;this.highlightBlock=m;this.initHighlighting=n;this.initHighlightingOnLoad=k;this.IR="[a-zA-Z][a-zA-Z0-9_]*";this.UIR="[a-zA-Z_][a-zA-Z0-9_]*";this.NR="\\b\\d+(\\.\\d+)?";this.CNR="(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)";this.BNR="\\b(0b[01]+)";this.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|\\.|-|-=|/|/=|:|;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~";this.BE={b:"\\\\[\\s\\S]",r:0};this.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[this.BE],r:0};this.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[this.BE],r:0};this.CLCM={cN:"comment",b:"//",e:"$"};this.CBLCLM={cN:"comment",b:"/\\*",e:"\\*/"};this.HCM={cN:"comment",b:"#",e:"$"};this.NM={cN:"number",b:this.NR,r:0};this.CNM={cN:"number",b:this.CNR,r:0};this.BNM={cN:"number",b:this.BNR,r:0};this.inherit=function(q,r){var o={};for(var p in q){o[p]=q[p]}if(r){for(var p in r){o[p]=r[p]}}return o}}();hljs.LANGUAGES.xml=function(a){var c="[A-Za-z0-9\\._:-]+";var b={eW:true,c:[{cN:"attribute",b:c,r:0},{b:'="',rB:true,e:'"',c:[{cN:"value",b:'"',eW:true}]},{b:"='",rB:true,e:"'",c:[{cN:"value",b:"'",eW:true}]},{b:"=",c:[{cN:"value",b:"[^\\s/>]+"}]}]};return{cI:true,c:[{cN:"pi",b:"<\\?",e:"\\?>",r:10},{cN:"doctype",b:"<!DOCTYPE",e:">",r:10,c:[{b:"\\[",e:"\\]"}]},{cN:"comment",b:"<!--",e:"-->",r:10},{cN:"cdata",b:"<\\!\\[CDATA\\[",e:"\\]\\]>",r:10},{cN:"tag",b:"<style(?=\\s|>|$)",e:">",k:{title:"style"},c:[b],starts:{e:"</style>",rE:true,sL:"css"}},{cN:"tag",b:"<script(?=\\s|>|$)",e:">",k:{title:"script"},c:[b],starts:{e:"<\/script>",rE:true,sL:"javascript"}},{b:"<%",e:"%>",sL:"vbscript"},{cN:"tag",b:"</?",e:"/?>",c:[{cN:"title",b:"[^ />]+"},b]}]}}(hljs);hljs.LANGUAGES.json=function(a){var e={literal:"true false null"};var d=[a.QSM,a.CNM];var c={cN:"value",e:",",eW:true,eE:true,c:d,k:e};var b={b:"{",e:"}",c:[{cN:"attribute",b:'\\s*"',e:'"\\s*:\\s*',eB:true,eE:true,c:[a.BE],i:"\\n",starts:c}],i:"\\S"};var f={b:"\\[",e:"\\]",c:[a.inherit(c,{cN:null})],i:"\\S"};d.splice(d.length,0,b,f);return{c:d,k:e,i:"\\S"}}(hljs);
\ No newline at end of file
diff --git a/api/files/jquery-1.8.0.min.js b/api/files/jquery-1.8.0.min.js
deleted file mode 100644
index f121291c4c7..00000000000
--- a/api/files/jquery-1.8.0.min.js
+++ /dev/null
@@ -1,2 +0,0 @@
-/*! jQuery v@1.8.0 jquery.com | jquery.org/license */
-(function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:+d+""===d?+d:H.test(d)?p.parseJSON(d):d}catch(f){}p.data(a,c,d)}else d=b}return d}function K(a){var b;for(b in a){if(b==="data"&&p.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function ba(){return!1}function bb(){return!0}function bh(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function bi(a,b){do a=a[b];while(a&&a.nodeType!==1);return a}function bj(a,b,c){b=b||0;if(p.isFunction(b))return p.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return p.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=p.grep(a,function(a){return a.nodeType===1});if(be.test(b))return p.filter(b,d,!c);b=p.filter(b,d)}return p.grep(a,function(a,d){return p.inArray(a,b)>=0===c})}function bk(a){var b=bl.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function bC(a,b){return a.getElementsByTagName(b)[0]||a.appendChild(a.ownerDocument.createElement(b))}function bD(a,b){if(b.nodeType!==1||!p.hasData(a))return;var c,d,e,f=p._data(a),g=p._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;d<e;d++)p.event.add(b,c,h[c][d])}g.data&&(g.data=p.extend({},g.data))}function bE(a,b){var c;if(b.nodeType!==1)return;b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase(),c==="object"?(b.parentNode&&(b.outerHTML=a.outerHTML),p.support.html5Clone&&a.innerHTML&&!p.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):c==="input"&&bv.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):c==="option"?b.selected=a.defaultSelected:c==="input"||c==="textarea"?b.defaultValue=a.defaultValue:c==="script"&&b.text!==a.text&&(b.text=a.text),b.removeAttribute(p.expando)}function bF(a){return typeof a.getElementsByTagName!="undefined"?a.getElementsByTagName("*"):typeof a.querySelectorAll!="undefined"?a.querySelectorAll("*"):[]}function bG(a){bv.test(a.type)&&(a.defaultChecked=a.checked)}function bX(a,b){if(b in a)return b;var c=b.charAt(0).toUpperCase()+b.slice(1),d=b,e=bV.length;while(e--){b=bV[e]+c;if(b in a)return b}return d}function bY(a,b){return a=b||a,p.css(a,"display")==="none"||!p.contains(a.ownerDocument,a)}function bZ(a,b){var c,d,e=[],f=0,g=a.length;for(;f<g;f++){c=a[f];if(!c.style)continue;e[f]=p._data(c,"olddisplay"),b?(!e[f]&&c.style.display==="none"&&(c.style.display=""),c.style.display===""&&bY(c)&&(e[f]=p._data(c,"olddisplay",cb(c.nodeName)))):(d=bH(c,"display"),!e[f]&&d!=="none"&&p._data(c,"olddisplay",d))}for(f=0;f<g;f++){c=a[f];if(!c.style)continue;if(!b||c.style.display==="none"||c.style.display==="")c.style.display=b?e[f]||"":"none"}return a}function b$(a,b,c){var d=bO.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function b_(a,b,c,d){var e=c===(d?"border":"content")?4:b==="width"?1:0,f=0;for(;e<4;e+=2)c==="margin"&&(f+=p.css(a,c+bU[e],!0)),d?(c==="content"&&(f-=parseFloat(bH(a,"padding"+bU[e]))||0),c!=="margin"&&(f-=parseFloat(bH(a,"border"+bU[e]+"Width"))||0)):(f+=parseFloat(bH(a,"padding"+bU[e]))||0,c!=="padding"&&(f+=parseFloat(bH(a,"border"+bU[e]+"Width"))||0));return f}function ca(a,b,c){var d=b==="width"?a.offsetWidth:a.offsetHeight,e=!0,f=p.support.boxSizing&&p.css(a,"boxSizing")==="border-box";if(d<=0){d=bH(a,b);if(d<0||d==null)d=a.style[b];if(bP.test(d))return d;e=f&&(p.support.boxSizingReliable||d===a.style[b]),d=parseFloat(d)||0}return d+b_(a,b,c||(f?"border":"content"),e)+"px"}function cb(a){if(bR[a])return bR[a];var b=p("<"+a+">").appendTo(e.body),c=b.css("display");b.remove();if(c==="none"||c===""){bI=e.body.appendChild(bI||p.extend(e.createElement("iframe"),{frameBorder:0,width:0,height:0}));if(!bJ||!bI.createElement)bJ=(bI.contentWindow||bI.contentDocument).document,bJ.write("<!doctype html><html><body>"),bJ.close();b=bJ.body.appendChild(bJ.createElement(a)),c=bH(b,"display"),e.body.removeChild(bI)}return bR[a]=c,c}function ch(a,b,c,d){var e;if(p.isArray(b))p.each(b,function(b,e){c||cd.test(a)?d(a,e):ch(a+"["+(typeof e=="object"?b:"")+"]",e,c,d)});else if(!c&&p.type(b)==="object")for(e in b)ch(a+"["+e+"]",b[e],c,d);else d(a,b)}function cy(a){return function(b,c){typeof b!="string"&&(c=b,b="*");var d,e,f,g=b.toLowerCase().split(s),h=0,i=g.length;if(p.isFunction(c))for(;h<i;h++)d=g[h],f=/^\+/.test(d),f&&(d=d.substr(1)||"*"),e=a[d]=a[d]||[],e[f?"unshift":"push"](c)}}function cz(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h,i=a[f],j=0,k=i?i.length:0,l=a===cu;for(;j<k&&(l||!h);j++)h=i[j](c,d,e),typeof h=="string"&&(!l||g[h]?h=b:(c.dataTypes.unshift(h),h=cz(a,c,d,e,h,g)));return(l||!h)&&!g["*"]&&(h=cz(a,c,d,e,"*",g)),h}function cA(a,c){var d,e,f=p.ajaxSettings.flatOptions||{};for(d in c)c[d]!==b&&((f[d]?a:e||(e={}))[d]=c[d]);e&&p.extend(!0,a,e)}function cB(a,c,d){var e,f,g,h,i=a.contents,j=a.dataTypes,k=a.responseFields;for(f in k)f in d&&(c[k[f]]=d[f]);while(j[0]==="*")j.shift(),e===b&&(e=a.mimeType||c.getResponseHeader("content-type"));if(e)for(f in i)if(i[f]&&i[f].test(e)){j.unshift(f);break}if(j[0]in d)g=j[0];else{for(f in d){if(!j[0]||a.converters[f+" "+j[0]]){g=f;break}h||(h=f)}g=g||h}if(g)return g!==j[0]&&j.unshift(g),d[g]}function cC(a,b){var c,d,e,f,g=a.dataTypes.slice(),h=g[0],i={},j=0;a.dataFilter&&(b=a.dataFilter(b,a.dataType));if(g[1])for(c in a.converters)i[c.toLowerCase()]=a.converters[c];for(;e=g[++j];)if(e!=="*"){if(h!=="*"&&h!==e){c=i[h+" "+e]||i["* "+e];if(!c)for(d in i){f=d.split(" ");if(f[1]===e){c=i[h+" "+f[0]]||i["* "+f[0]];if(c){c===!0?c=i[d]:i[d]!==!0&&(e=f[0],g.splice(j--,0,e));break}}}if(c!==!0)if(c&&a["throws"])b=c(b);else try{b=c(b)}catch(k){return{state:"parsererror",error:c?k:"No conversion from "+h+" to "+e}}}h=e}return{state:"success",data:b}}function cK(){try{return new a.XMLHttpRequest}catch(b){}}function cL(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function cT(){return setTimeout(function(){cM=b},0),cM=p.now()}function cU(a,b){p.each(b,function(b,c){var d=(cS[b]||[]).concat(cS["*"]),e=0,f=d.length;for(;e<f;e++)if(d[e].call(a,b,c))return})}function cV(a,b,c){var d,e=0,f=0,g=cR.length,h=p.Deferred().always(function(){delete i.elem}),i=function(){var b=cM||cT(),c=Math.max(0,j.startTime+j.duration-b),d=1-(c/j.duration||0),e=0,f=j.tweens.length;for(;e<f;e++)j.tweens[e].run(d);return h.notifyWith(a,[j,d,c]),d<1&&f?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:p.extend({},b),opts:p.extend(!0,{specialEasing:{}},c),originalProperties:b,originalOptions:c,startTime:cM||cT(),duration:c.duration,tweens:[],createTween:function(b,c,d){var e=p.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(e),e},stop:function(b){var c=0,d=b?j.tweens.length:0;for(;c<d;c++)j.tweens[c].run(1);return b?h.resolveWith(a,[j,b]):h.rejectWith(a,[j,b]),this}}),k=j.props;cW(k,j.opts.specialEasing);for(;e<g;e++){d=cR[e].call(j,a,k,j.opts);if(d)return d}return cU(j,k),p.isFunction(j.opts.start)&&j.opts.start.call(a,j),p.fx.timer(p.extend(i,{anim:j,queue:j.opts.queue,elem:a})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}function cW(a,b){var c,d,e,f,g;for(c in a){d=p.camelCase(c),e=b[d],f=a[c],p.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=p.cssHooks[d];if(g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}}function cX(a,b,c){var d,e,f,g,h,i,j,k,l=this,m=a.style,n={},o=[],q=a.nodeType&&bY(a);c.queue||(j=p._queueHooks(a,"fx"),j.unqueued==null&&(j.unqueued=0,k=j.empty.fire,j.empty.fire=function(){j.unqueued||k()}),j.unqueued++,l.always(function(){l.always(function(){j.unqueued--,p.queue(a,"fx").length||j.empty.fire()})})),a.nodeType===1&&("height"in b||"width"in b)&&(c.overflow=[m.overflow,m.overflowX,m.overflowY],p.css(a,"display")==="inline"&&p.css(a,"float")==="none"&&(!p.support.inlineBlockNeedsLayout||cb(a.nodeName)==="inline"?m.display="inline-block":m.zoom=1)),c.overflow&&(m.overflow="hidden",p.support.shrinkWrapBlocks||l.done(function(){m.overflow=c.overflow[0],m.overflowX=c.overflow[1],m.overflowY=c.overflow[2]}));for(d in b){f=b[d];if(cO.exec(f)){delete b[d];if(f===(q?"hide":"show"))continue;o.push(d)}}g=o.length;if(g){h=p._data(a,"fxshow")||p._data(a,"fxshow",{}),q?p(a).show():l.done(function(){p(a).hide()}),l.done(function(){var b;p.removeData(a,"fxshow",!0);for(b in n)p.style(a,b,n[b])});for(d=0;d<g;d++)e=o[d],i=l.createTween(e,q?h[e]:0),n[e]=h[e]||p.style(a,e),e in h||(h[e]=i.start,q&&(i.end=i.start,i.start=e==="width"||e==="height"?1:0))}}function cY(a,b,c,d,e){return new cY.prototype.init(a,b,c,d,e)}function cZ(a,b){var c,d={height:a},e=0;for(;e<4;e+=2-b)c=bU[e],d["margin"+c]=d["padding"+c]=a;return b&&(d.opacity=d.width=a),d}function c_(a){return p.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}var c,d,e=a.document,f=a.location,g=a.navigator,h=a.jQuery,i=a.$,j=Array.prototype.push,k=Array.prototype.slice,l=Array.prototype.indexOf,m=Object.prototype.toString,n=Object.prototype.hasOwnProperty,o=String.prototype.trim,p=function(a,b){return new p.fn.init(a,b,c)},q=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,r=/\S/,s=/\s+/,t=r.test(" ")?/^[\s\xA0]+|[\s\xA0]+$/g:/^\s+|\s+$/g,u=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^[\],:{}\s]*$/,x=/(?:^|:|,)(?:\s*\[)+/g,y=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,z=/"[^"\\\r\n]*"|true|false|null|-?(?:\d\d*\.|)\d+(?:[eE][\-+]?\d+|)/g,A=/^-ms-/,B=/-([\da-z])/gi,C=function(a,b){return(b+"").toUpperCase()},D=function(){e.addEventListener?(e.removeEventListener("DOMContentLoaded",D,!1),p.ready()):e.readyState==="complete"&&(e.detachEvent("onreadystatechange",D),p.ready())},E={};p.fn=p.prototype={constructor:p,init:function(a,c,d){var f,g,h,i;if(!a)return this;if(a.nodeType)return this.context=this[0]=a,this.length=1,this;if(typeof a=="string"){a.charAt(0)==="<"&&a.charAt(a.length-1)===">"&&a.length>=3?f=[null,a,null]:f=u.exec(a);if(f&&(f[1]||!c)){if(f[1])return c=c instanceof p?c[0]:c,i=c&&c.nodeType?c.ownerDocument||c:e,a=p.parseHTML(f[1],i,!0),v.test(f[1])&&p.isPlainObject(c)&&this.attr.call(a,c,!0),p.merge(this,a);g=e.getElementById(f[2]);if(g&&g.parentNode){if(g.id!==f[2])return d.find(a);this.length=1,this[0]=g}return this.context=e,this.selector=a,this}return!c||c.jquery?(c||d).find(a):this.constructor(c).find(a)}return p.isFunction(a)?d.ready(a):(a.selector!==b&&(this.selector=a.selector,this.context=a.context),p.makeArray(a,this))},selector:"",jquery:"1.8.0",length:0,size:function(){return this.length},toArray:function(){return k.call(this)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=p.merge(this.constructor(),a);return d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")"),d},each:function(a,b){return p.each(this,a,b)},ready:function(a){return p.ready.promise().done(a),this},eq:function(a){return a=+a,a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(k.apply(this,arguments),"slice",k.call(arguments).join(","))},map:function(a){return this.pushStack(p.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:j,sort:[].sort,splice:[].splice},p.fn.init.prototype=p.fn,p.extend=p.fn.extend=function(){var a,c,d,e,f,g,h=arguments[0]||{},i=1,j=arguments.length,k=!1;typeof h=="boolean"&&(k=h,h=arguments[1]||{},i=2),typeof h!="object"&&!p.isFunction(h)&&(h={}),j===i&&(h=this,--i);for(;i<j;i++)if((a=arguments[i])!=null)for(c in a){d=h[c],e=a[c];if(h===e)continue;k&&e&&(p.isPlainObject(e)||(f=p.isArray(e)))?(f?(f=!1,g=d&&p.isArray(d)?d:[]):g=d&&p.isPlainObject(d)?d:{},h[c]=p.extend(k,g,e)):e!==b&&(h[c]=e)}return h},p.extend({noConflict:function(b){return a.$===p&&(a.$=i),b&&a.jQuery===p&&(a.jQuery=h),p},isReady:!1,readyWait:1,holdReady:function(a){a?p.readyWait++:p.ready(!0)},ready:function(a){if(a===!0?--p.readyWait:p.isReady)return;if(!e.body)return setTimeout(p.ready,1);p.isReady=!0;if(a!==!0&&--p.readyWait>0)return;d.resolveWith(e,[p]),p.fn.trigger&&p(e).trigger("ready").off("ready")},isFunction:function(a){return p.type(a)==="function"},isArray:Array.isArray||function(a){return p.type(a)==="array"},isWindow:function(a){return a!=null&&a==a.window},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):E[m.call(a)]||"object"},isPlainObject:function(a){if(!a||p.type(a)!=="object"||a.nodeType||p.isWindow(a))return!1;try{if(a.constructor&&!n.call(a,"constructor")&&!n.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||n.call(a,d)},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},error:function(a){throw new Error(a)},parseHTML:function(a,b,c){var d;return!a||typeof a!="string"?null:(typeof b=="boolean"&&(c=b,b=0),b=b||e,(d=v.exec(a))?[b.createElement(d[1])]:(d=p.buildFragment([a],b,c?null:[]),p.merge([],(d.cacheable?p.clone(d.fragment):d.fragment).childNodes)))},parseJSON:function(b){if(!b||typeof b!="string")return null;b=p.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(w.test(b.replace(y,"@").replace(z,"]").replace(x,"")))return(new Function("return "+b))();p.error("Invalid JSON: "+b)},parseXML:function(c){var d,e;if(!c||typeof c!="string")return null;try{a.DOMParser?(e=new DOMParser,d=e.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(f){d=b}return(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&p.error("Invalid XML: "+c),d},noop:function(){},globalEval:function(b){b&&r.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(A,"ms-").replace(B,C)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var e,f=0,g=a.length,h=g===b||p.isFunction(a);if(d){if(h){for(e in a)if(c.apply(a[e],d)===!1)break}else for(;f<g;)if(c.apply(a[f++],d)===!1)break}else if(h){for(e in a)if(c.call(a[e],e,a[e])===!1)break}else for(;f<g;)if(c.call(a[f],f,a[f++])===!1)break;return a},trim:o?function(a){return a==null?"":o.call(a)}:function(a){return a==null?"":a.toString().replace(t,"")},makeArray:function(a,b){var c,d=b||[];return a!=null&&(c=p.type(a),a.length==null||c==="string"||c==="function"||c==="regexp"||p.isWindow(a)?j.call(d,a):p.merge(d,a)),d},inArray:function(a,b,c){var d;if(b){if(l)return l.call(b,a,c);d=b.length,c=c?c<0?Math.max(0,d+c):c:0;for(;c<d;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,c){var d=c.length,e=a.length,f=0;if(typeof d=="number")for(;f<d;f++)a[e++]=c[f];else while(c[f]!==b)a[e++]=c[f++];return a.length=e,a},grep:function(a,b,c){var d,e=[],f=0,g=a.length;c=!!c;for(;f<g;f++)d=!!b(a[f],f),c!==d&&e.push(a[f]);return e},map:function(a,c,d){var e,f,g=[],h=0,i=a.length,j=a instanceof p||i!==b&&typeof i=="number"&&(i>0&&a[0]&&a[i-1]||i===0||p.isArray(a));if(j)for(;h<i;h++)e=c(a[h],h,d),e!=null&&(g[g.length]=e);else for(f in a)e=c(a[f],f,d),e!=null&&(g[g.length]=e);return g.concat.apply([],g)},guid:1,proxy:function(a,c){var d,e,f;return typeof c=="string"&&(d=a[c],c=a,a=d),p.isFunction(a)?(e=k.call(arguments,2),f=function(){return a.apply(c,e.concat(k.call(arguments)))},f.guid=a.guid=a.guid||f.guid||p.guid++,f):b},access:function(a,c,d,e,f,g,h){var i,j=d==null,k=0,l=a.length;if(d&&typeof d=="object"){for(k in d)p.access(a,c,k,d[k],1,g,e);f=1}else if(e!==b){i=h===b&&p.isFunction(e),j&&(i?(i=c,c=function(a,b,c){return i.call(p(a),c)}):(c.call(a,e),c=null));if(c)for(;k<l;k++)c(a[k],d,i?e.call(a[k],k,c(a[k],d)):e,h);f=1}return f?a:j?c.call(a):l?c(a[0],d):g},now:function(){return(new Date).getTime()}}),p.ready.promise=function(b){if(!d){d=p.Deferred();if(e.readyState==="complete"||e.readyState!=="loading"&&e.addEventListener)setTimeout(p.ready,1);else if(e.addEventListener)e.addEventListener("DOMContentLoaded",D,!1),a.addEventListener("load",p.ready,!1);else{e.attachEvent("onreadystatechange",D),a.attachEvent("onload",p.ready);var c=!1;try{c=a.frameElement==null&&e.documentElement}catch(f){}c&&c.doScroll&&function g(){if(!p.isReady){try{c.doScroll("left")}catch(a){return setTimeout(g,50)}p.ready()}}()}}return d.promise(b)},p.each("Boolean Number String Function Array Date RegExp Object".split(" "),function(a,b){E["[object "+b+"]"]=b.toLowerCase()}),c=p(e);var F={};p.Callbacks=function(a){a=typeof a=="string"?F[a]||G(a):p.extend({},a);var c,d,e,f,g,h,i=[],j=!a.once&&[],k=function(b){c=a.memory&&b,d=!0,h=f||0,f=0,g=i.length,e=!0;for(;i&&h<g;h++)if(i[h].apply(b[0],b[1])===!1&&a.stopOnFalse){c=!1;break}e=!1,i&&(j?j.length&&k(j.shift()):c?i=[]:l.disable())},l={add:function(){if(i){var b=i.length;(function d(b){p.each(b,function(b,c){p.isFunction(c)&&(!a.unique||!l.has(c))?i.push(c):c&&c.length&&d(c)})})(arguments),e?g=i.length:c&&(f=b,k(c))}return this},remove:function(){return i&&p.each(arguments,function(a,b){var c;while((c=p.inArray(b,i,c))>-1)i.splice(c,1),e&&(c<=g&&g--,c<=h&&h--)}),this},has:function(a){return p.inArray(a,i)>-1},empty:function(){return i=[],this},disable:function(){return i=j=c=b,this},disabled:function(){return!i},lock:function(){return j=b,c||l.disable(),this},locked:function(){return!j},fireWith:function(a,b){return b=b||[],b=[a,b.slice?b.slice():b],i&&(!d||j)&&(e?j.push(b):k(b)),this},fire:function(){return l.fireWith(this,arguments),this},fired:function(){return!!d}};return l},p.extend({Deferred:function(a){var b=[["resolve","done",p.Callbacks("once memory"),"resolved"],["reject","fail",p.Callbacks("once memory"),"rejected"],["notify","progress",p.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return p.Deferred(function(c){p.each(b,function(b,d){var f=d[0],g=a[b];e[d[1]](p.isFunction(g)?function(){var a=g.apply(this,arguments);a&&p.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f+"With"](this===e?c:this,[a])}:c[f])}),a=null}).promise()},promise:function(a){return typeof a=="object"?p.extend(a,d):d}},e={};return d.pipe=d.then,p.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[a^1][2].disable,b[2][2].lock),e[f[0]]=g.fire,e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=k.call(arguments),d=c.length,e=d!==1||a&&p.isFunction(a.promise)?d:0,f=e===1?a:p.Deferred(),g=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?k.call(arguments):d,c===h?f.notifyWith(b,c):--e||f.resolveWith(b,c)}},h,i,j;if(d>1){h=new Array(d),i=new Array(d),j=new Array(d);for(;b<d;b++)c[b]&&p.isFunction(c[b].promise)?c[b].promise().done(g(b,j,c)).fail(f.reject).progress(g(b,i,h)):--e}return e||f.resolveWith(j,c),f.promise()}}),p.support=function(){var b,c,d,f,g,h,i,j,k,l,m,n=e.createElement("div");n.setAttribute("className","t"),n.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",c=n.getElementsByTagName("*"),d=n.getElementsByTagName("a")[0],d.style.cssText="top:1px;float:left;opacity:.5";if(!c||!c.length||!d)return{};f=e.createElement("select"),g=f.appendChild(e.createElement("option")),h=n.getElementsByTagName("input")[0],b={leadingWhitespace:n.firstChild.nodeType===3,tbody:!n.getElementsByTagName("tbody").length,htmlSerialize:!!n.getElementsByTagName("link").length,style:/top/.test(d.getAttribute("style")),hrefNormalized:d.getAttribute("href")==="/a",opacity:/^0.5/.test(d.style.opacity),cssFloat:!!d.style.cssFloat,checkOn:h.value==="on",optSelected:g.selected,getSetAttribute:n.className!=="t",enctype:!!e.createElement("form").enctype,html5Clone:e.createElement("nav").cloneNode(!0).outerHTML!=="<:nav></:nav>",boxModel:e.compatMode==="CSS1Compat",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},h.checked=!0,b.noCloneChecked=h.cloneNode(!0).checked,f.disabled=!0,b.optDisabled=!g.disabled;try{delete n.test}catch(o){b.deleteExpando=!1}!n.addEventListener&&n.attachEvent&&n.fireEvent&&(n.attachEvent("onclick",m=function(){b.noCloneEvent=!1}),n.cloneNode(!0).fireEvent("onclick"),n.detachEvent("onclick",m)),h=e.createElement("input"),h.value="t",h.setAttribute("type","radio"),b.radioValue=h.value==="t",h.setAttribute("checked","checked"),h.setAttribute("name","t"),n.appendChild(h),i=e.createDocumentFragment(),i.appendChild(n.lastChild),b.checkClone=i.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=h.checked,i.removeChild(h),i.appendChild(n);if(n.attachEvent)for(k in{submit:!0,change:!0,focusin:!0})j="on"+k,l=j in n,l||(n.setAttribute(j,"return;"),l=typeof n[j]=="function"),b[k+"Bubbles"]=l;return p(function(){var c,d,f,g,h="padding:0;margin:0;border:0;display:block;overflow:hidden;",i=e.getElementsByTagName("body")[0];if(!i)return;c=e.createElement("div"),c.style.cssText="visibility:hidden;border:0;width:0;height:0;position:static;top:0;margin-top:1px",i.insertBefore(c,i.firstChild),d=e.createElement("div"),c.appendChild(d),d.innerHTML="<table><tr><td></td><td>t</td></tr></table>",f=d.getElementsByTagName("td"),f[0].style.cssText="padding:0;margin:0;border:0;display:none",l=f[0].offsetHeight===0,f[0].style.display="",f[1].style.display="none",b.reliableHiddenOffsets=l&&f[0].offsetHeight===0,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",b.boxSizing=d.offsetWidth===4,b.doesNotIncludeMarginInBodyOffset=i.offsetTop!==1,a.getComputedStyle&&(b.pixelPosition=(a.getComputedStyle(d,null)||{}).top!=="1%",b.boxSizingReliable=(a.getComputedStyle(d,null)||{width:"4px"}).width==="4px",g=e.createElement("div"),g.style.cssText=d.style.cssText=h,g.style.marginRight=g.style.width="0",d.style.width="1px",d.appendChild(g),b.reliableMarginRight=!parseFloat((a.getComputedStyle(g,null)||{}).marginRight)),typeof d.style.zoom!="undefined"&&(d.innerHTML="",d.style.cssText=h+"width:1px;padding:1px;display:inline;zoom:1",b.inlineBlockNeedsLayout=d.offsetWidth===3,d.style.display="block",d.style.overflow="visible",d.innerHTML="<div></div>",d.firstChild.style.width="5px",b.shrinkWrapBlocks=d.offsetWidth!==3,c.style.zoom=1),i.removeChild(c),c=d=f=g=null}),i.removeChild(n),c=d=f=g=h=i=n=null,b}();var H=/^(?:\{.*\}|\[.*\])$/,I=/([A-Z])/g;p.extend({cache:{},deletedIds:[],uuid:0,expando:"jQuery"+(p.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){return a=a.nodeType?p.cache[a[p.expando]]:a[p.expando],!!a&&!K(a)},data:function(a,c,d,e){if(!p.acceptData(a))return;var f,g,h=p.expando,i=typeof c=="string",j=a.nodeType,k=j?p.cache:a,l=j?a[h]:a[h]&&h;if((!l||!k[l]||!e&&!k[l].data)&&i&&d===b)return;l||(j?a[h]=l=p.deletedIds.pop()||++p.uuid:l=h),k[l]||(k[l]={},j||(k[l].toJSON=p.noop));if(typeof c=="object"||typeof c=="function")e?k[l]=p.extend(k[l],c):k[l].data=p.extend(k[l].data,c);return f=k[l],e||(f.data||(f.data={}),f=f.data),d!==b&&(f[p.camelCase(c)]=d),i?(g=f[c],g==null&&(g=f[p.camelCase(c)])):g=f,g},removeData:function(a,b,c){if(!p.acceptData(a))return;var d,e,f,g=a.nodeType,h=g?p.cache:a,i=g?a[p.expando]:p.expando;if(!h[i])return;if(b){d=c?h[i]:h[i].data;if(d){p.isArray(b)||(b in d?b=[b]:(b=p.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,f=b.length;e<f;e++)delete d[b[e]];if(!(c?K:p.isEmptyObject)(d))return}}if(!c){delete h[i].data;if(!K(h[i]))return}g?p.cleanData([a],!0):p.support.deleteExpando||h!=h.window?delete h[i]:h[i]=null},_data:function(a,b,c){return p.data(a,b,c,!0)},acceptData:function(a){var b=a.nodeName&&p.noData[a.nodeName.toLowerCase()];return!b||b!==!0&&a.getAttribute("classid")===b}}),p.fn.extend({data:function(a,c){var d,e,f,g,h,i=this[0],j=0,k=null;if(a===b){if(this.length){k=p.data(i);if(i.nodeType===1&&!p._data(i,"parsedAttrs")){f=i.attributes;for(h=f.length;j<h;j++)g=f[j].name,g.indexOf("data-")===0&&(g=p.camelCase(g.substring(5)),J(i,g,k[g]));p._data(i,"parsedAttrs",!0)}}return k}return typeof a=="object"?this.each(function(){p.data(this,a)}):(d=a.split(".",2),d[1]=d[1]?"."+d[1]:"",e=d[1]+"!",p.access(this,function(c){if(c===b)return k=this.triggerHandler("getData"+e,[d[0]]),k===b&&i&&(k=p.data(i,a),k=J(i,a,k)),k===b&&d[1]?this.data(d[0]):k;d[1]=c,this.each(function(){var b=p(this);b.triggerHandler("setData"+e,d),p.data(this,a,c),b.triggerHandler("changeData"+e,d)})},null,c,arguments.length>1,null,!1))},removeData:function(a){return this.each(function(){p.removeData(this,a)})}}),p.extend({queue:function(a,b,c){var d;if(a)return b=(b||"fx")+"queue",d=p._data(a,b),c&&(!d||p.isArray(c)?d=p._data(a,b,p.makeArray(c)):d.push(c)),d||[]},dequeue:function(a,b){b=b||"fx";var c=p.queue(a,b),d=c.shift(),e=p._queueHooks(a,b),f=function(){p.dequeue(a,b)};d==="inprogress"&&(d=c.shift()),d&&(b==="fx"&&c.unshift("inprogress"),delete e.stop,d.call(a,f,e)),!c.length&&e&&e.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return p._data(a,c)||p._data(a,c,{empty:p.Callbacks("once memory").add(function(){p.removeData(a,b+"queue",!0),p.removeData(a,c,!0)})})}}),p.fn.extend({queue:function(a,c){var d=2;return typeof a!="string"&&(c=a,a="fx",d--),arguments.length<d?p.queue(this[0],a):c===b?this:this.each(function(){var b=p.queue(this,a,c);p._queueHooks(this,a),a==="fx"&&b[0]!=="inprogress"&&p.dequeue(this,a)})},dequeue:function(a){return this.each(function(){p.dequeue(this,a)})},delay:function(a,b){return a=p.fx?p.fx.speeds[a]||a:a,b=b||"fx",this.queue(b,function(b,c){var d=setTimeout(b,a);c.stop=function(){clearTimeout(d)}})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,c){var d,e=1,f=p.Deferred(),g=this,h=this.length,i=function(){--e||f.resolveWith(g,[g])};typeof a!="string"&&(c=a,a=b),a=a||"fx";while(h--)(d=p._data(g[h],a+"queueHooks"))&&d.empty&&(e++,d.empty.add(i));return i(),f.promise(c)}});var L,M,N,O=/[\t\r\n]/g,P=/\r/g,Q=/^(?:button|input)$/i,R=/^(?:button|input|object|select|textarea)$/i,S=/^a(?:rea|)$/i,T=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,U=p.support.getSetAttribute;p.fn.extend({attr:function(a,b){return p.access(this,p.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){p.removeAttr(this,a)})},prop:function(a,b){return p.access(this,p.prop,a,b,arguments.length>1)},removeProp:function(a){return a=p.propFix[a]||a,this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,f,g,h;if(p.isFunction(a))return this.each(function(b){p(this).addClass(a.call(this,b,this.className))});if(a&&typeof a=="string"){b=a.split(s);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{f=" "+e.className+" ";for(g=0,h=b.length;g<h;g++)~f.indexOf(" "+b[g]+" ")||(f+=b[g]+" ");e.className=p.trim(f)}}}return this},removeClass:function(a){var c,d,e,f,g,h,i;if(p.isFunction(a))return this.each(function(b){p(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a=="string"||a===b){c=(a||"").split(s);for(h=0,i=this.length;h<i;h++){e=this[h];if(e.nodeType===1&&e.className){d=(" "+e.className+" ").replace(O," ");for(f=0,g=c.length;f<g;f++)while(d.indexOf(" "+c[f]+" ")>-1)d=d.replace(" "+c[f]+" "," ");e.className=a?p.trim(d):""}}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b=="boolean";return p.isFunction(a)?this.each(function(c){p(this).toggleClass(a.call(this,c,this.className,b),b)}):this.each(function(){if(c==="string"){var e,f=0,g=p(this),h=b,i=a.split(s);while(e=i[f++])h=d?h:!g.hasClass(e),g[h?"addClass":"removeClass"](e)}else if(c==="undefined"||c==="boolean")this.className&&p._data(this,"__className__",this.className),this.className=this.className||a===!1?"":p._data(this,"__className__")||""})},hasClass:function(a){var b=" "+a+" ",c=0,d=this.length;for(;c<d;c++)if(this[c].nodeType===1&&(" "+this[c].className+" ").replace(O," ").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e,f=this[0];if(!arguments.length){if(f)return c=p.valHooks[f.type]||p.valHooks[f.nodeName.toLowerCase()],c&&"get"in c&&(d=c.get(f,"value"))!==b?d:(d=f.value,typeof d=="string"?d.replace(P,""):d==null?"":d);return}return e=p.isFunction(a),this.each(function(d){var f,g=p(this);if(this.nodeType!==1)return;e?f=a.call(this,d,g.val()):f=a,f==null?f="":typeof f=="number"?f+="":p.isArray(f)&&(f=p.map(f,function(a){return a==null?"":a+""})),c=p.valHooks[this.type]||p.valHooks[this.nodeName.toLowerCase()];if(!c||!("set"in c)||c.set(this,f,"value")===b)this.value=f})}}),p.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,f=a.selectedIndex,g=[],h=a.options,i=a.type==="select-one";if(f<0)return null;c=i?f:0,d=i?f+1:h.length;for(;c<d;c++){e=h[c];if(e.selected&&(p.support.optDisabled?!e.disabled:e.getAttribute("disabled")===null)&&(!e.parentNode.disabled||!p.nodeName(e.parentNode,"optgroup"))){b=p(e).val();if(i)return b;g.push(b)}}return i&&!g.length&&h.length?p(h[f]).val():g},set:function(a,b){var c=p.makeArray(b);return p(a).find("option").each(function(){this.selected=p.inArray(p(this).val(),c)>=0}),c.length||(a.selectedIndex=-1),c}}},attrFn:{},attr:function(a,c,d,e){var f,g,h,i=a.nodeType;if(!a||i===3||i===8||i===2)return;if(e&&p.isFunction(p.fn[c]))return p(a)[c](d);if(typeof a.getAttribute=="undefined")return p.prop(a,c,d);h=i!==1||!p.isXMLDoc(a),h&&(c=c.toLowerCase(),g=p.attrHooks[c]||(T.test(c)?M:L));if(d!==b){if(d===null){p.removeAttr(a,c);return}return g&&"set"in g&&h&&(f=g.set(a,d,c))!==b?f:(a.setAttribute(c,""+d),d)}return g&&"get"in g&&h&&(f=g.get(a,c))!==null?f:(f=a.getAttribute(c),f===null?b:f)},removeAttr:function(a,b){var c,d,e,f,g=0;if(b&&a.nodeType===1){d=b.split(s);for(;g<d.length;g++)e=d[g],e&&(c=p.propFix[e]||e,f=T.test(e),f||p.attr(a,e,""),a.removeAttribute(U?e:c),f&&c in a&&(a[c]=!1))}},attrHooks:{type:{set:function(a,b){if(Q.test(a.nodeName)&&a.parentNode)p.error("type property can't be changed");else if(!p.support.radioValue&&b==="radio"&&p.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}},value:{get:function(a,b){return L&&p.nodeName(a,"button")?L.get(a,b):b in a?a.value:null},set:function(a,b,c){if(L&&p.nodeName(a,"button"))return L.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e,f,g,h=a.nodeType;if(!a||h===3||h===8||h===2)return;return g=h!==1||!p.isXMLDoc(a),g&&(c=p.propFix[c]||c,f=p.propHooks[c]),d!==b?f&&"set"in f&&(e=f.set(a,d,c))!==b?e:a[c]=d:f&&"get"in f&&(e=f.get(a,c))!==null?e:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):R.test(a.nodeName)||S.test(a.nodeName)&&a.href?0:b}}}}),M={get:function(a,c){var d,e=p.prop(a,c);return e===!0||typeof e!="boolean"&&(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;return b===!1?p.removeAttr(a,c):(d=p.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase())),c}},U||(N={name:!0,id:!0,coords:!0},L=p.valHooks.button={get:function(a,c){var d;return d=a.getAttributeNode(c),d&&(N[c]?d.value!=="":d.specified)?d.value:b},set:function(a,b,c){var d=a.getAttributeNode(c);return d||(d=e.createAttribute(c),a.setAttributeNode(d)),d.value=b+""}},p.each(["width","height"],function(a,b){p.attrHooks[b]=p.extend(p.attrHooks[b],{set:function(a,c){if(c==="")return a.setAttribute(b,"auto"),c}})}),p.attrHooks.contenteditable={get:L.get,set:function(a,b,c){b===""&&(b="false"),L.set(a,b,c)}}),p.support.hrefNormalized||p.each(["href","src","width","height"],function(a,c){p.attrHooks[c]=p.extend(p.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),p.support.style||(p.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),p.support.optSelected||(p.propHooks.selected=p.extend(p.propHooks.selected,{get:function(a){var b=a.parentNode;return b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex),null}})),p.support.enctype||(p.propFix.enctype="encoding"),p.support.checkOn||p.each(["radio","checkbox"],function(){p.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),p.each(["radio","checkbox"],function(){p.valHooks[this]=p.extend(p.valHooks[this],{set:function(a,b){if(p.isArray(b))return a.checked=p.inArray(p(a).val(),b)>=0}})});var V=/^(?:textarea|input|select)$/i,W=/^([^\.]*|)(?:\.(.+)|)$/,X=/(?:^|\s)hover(\.\S+|)\b/,Y=/^key/,Z=/^(?:mouse|contextmenu)|click/,$=/^(?:focusinfocus|focusoutblur)$/,_=function(a){return p.event.special.hover?a:a.replace(X,"mouseenter$1 mouseleave$1")};p.event={add:function(a,c,d,e,f){var g,h,i,j,k,l,m,n,o,q,r;if(a.nodeType===3||a.nodeType===8||!c||!d||!(g=p._data(a)))return;d.handler&&(o=d,d=o.handler,f=o.selector),d.guid||(d.guid=p.guid++),i=g.events,i||(g.events=i={}),h=g.handle,h||(g.handle=h=function(a){return typeof p!="undefined"&&(!a||p.event.triggered!==a.type)?p.event.dispatch.apply(h.elem,arguments):b},h.elem=a),c=p.trim(_(c)).split(" ");for(j=0;j<c.length;j++){k=W.exec(c[j])||[],l=k[1],m=(k[2]||"").split(".").sort(),r=p.event.special[l]||{},l=(f?r.delegateType:r.bindType)||l,r=p.event.special[l]||{},n=p.extend({type:l,origType:k[1],data:e,handler:d,guid:d.guid,selector:f,namespace:m.join(".")},o),q=i[l];if(!q){q=i[l]=[],q.delegateCount=0;if(!r.setup||r.setup.call(a,e,m,h)===!1)a.addEventListener?a.addEventListener(l,h,!1):a.attachEvent&&a.attachEvent("on"+l,h)}r.add&&(r.add.call(a,n),n.handler.guid||(n.handler.guid=d.guid)),f?q.splice(q.delegateCount++,0,n):q.push(n),p.event.global[l]=!0}a=null},global:{},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,n,o,q,r=p.hasData(a)&&p._data(a);if(!r||!(m=r.events))return;b=p.trim(_(b||"")).split(" ");for(f=0;f<b.length;f++){g=W.exec(b[f])||[],h=i=g[1],j=g[2];if(!h){for(h in m)p.event.remove(a,h+b[f],c,d,!0);continue}n=p.event.special[h]||{},h=(d?n.delegateType:n.bindType)||h,o=m[h]||[],k=o.length,j=j?new RegExp("(^|\\.)"+j.split(".").sort().join("\\.(?:.*\\.|)")+"(\\.|$)"):null;for(l=0;l<o.length;l++)q=o[l],(e||i===q.origType)&&(!c||c.guid===q.guid)&&(!j||j.test(q.namespace))&&(!d||d===q.selector||d==="**"&&q.selector)&&(o.splice(l--,1),q.selector&&o.delegateCount--,n.remove&&n.remove.call(a,q));o.length===0&&k!==o.length&&((!n.teardown||n.teardown.call(a,j,r.handle)===!1)&&p.removeEvent(a,h,r.handle),delete m[h])}p.isEmptyObject(m)&&(delete r.handle,p.removeData(a,"events",!0))},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,f,g){if(!f||f.nodeType!==3&&f.nodeType!==8){var h,i,j,k,l,m,n,o,q,r,s=c.type||c,t=[];if($.test(s+p.event.triggered))return;s.indexOf("!")>=0&&(s=s.slice(0,-1),i=!0),s.indexOf(".")>=0&&(t=s.split("."),s=t.shift(),t.sort());if((!f||p.event.customEvent[s])&&!p.event.global[s])return;c=typeof c=="object"?c[p.expando]?c:new p.Event(s,c):new p.Event(s),c.type=s,c.isTrigger=!0,c.exclusive=i,c.namespace=t.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+t.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,m=s.indexOf(":")<0?"on"+s:"";if(!f){h=p.cache;for(j in h)h[j].events&&h[j].events[s]&&p.event.trigger(c,d,h[j].handle.elem,!0);return}c.result=b,c.target||(c.target=f),d=d!=null?p.makeArray(d):[],d.unshift(c),n=p.event.special[s]||{};if(n.trigger&&n.trigger.apply(f,d)===!1)return;q=[[f,n.bindType||s]];if(!g&&!n.noBubble&&!p.isWindow(f)){r=n.delegateType||s,k=$.test(r+s)?f:f.parentNode;for(l=f;k;k=k.parentNode)q.push([k,r]),l=k;l===(f.ownerDocument||e)&&q.push([l.defaultView||l.parentWindow||a,r])}for(j=0;j<q.length&&!c.isPropagationStopped();j++)k=q[j][0],c.type=q[j][1],o=(p._data(k,"events")||{})[c.type]&&p._data(k,"handle"),o&&o.apply(k,d),o=m&&k[m],o&&p.acceptData(k)&&o.apply(k,d)===!1&&c.preventDefault();return c.type=s,!g&&!c.isDefaultPrevented()&&(!n._default||n._default.apply(f.ownerDocument,d)===!1)&&(s!=="click"||!p.nodeName(f,"a"))&&p.acceptData(f)&&m&&f[s]&&(s!=="focus"&&s!=="blur"||c.target.offsetWidth!==0)&&!p.isWindow(f)&&(l=f[m],l&&(f[m]=null),p.event.triggered=s,f[s](),p.event.triggered=b,l&&(f[m]=l)),c.result}return},dispatch:function(c){c=p.event.fix(c||a.event);var d,e,f,g,h,i,j,k,l,m,n,o=(p._data(this,"events")||{})[c.type]||[],q=o.delegateCount,r=[].slice.call(arguments),s=!c.exclusive&&!c.namespace,t=p.event.special[c.type]||{},u=[];r[0]=c,c.delegateTarget=this;if(t.preDispatch&&t.preDispatch.call(this,c)===!1)return;if(q&&(!c.button||c.type!=="click")){g=p(this),g.context=this;for(f=c.target;f!=this;f=f.parentNode||this)if(f.disabled!==!0||c.type!=="click"){i={},k=[],g[0]=f;for(d=0;d<q;d++)l=o[d],m=l.selector,i[m]===b&&(i[m]=g.is(m)),i[m]&&k.push(l);k.length&&u.push({elem:f,matches:k})}}o.length>q&&u.push({elem:this,matches:o.slice(q)});for(d=0;d<u.length&&!c.isPropagationStopped();d++){j=u[d],c.currentTarget=j.elem;for(e=0;e<j.matches.length&&!c.isImmediatePropagationStopped();e++){l=j.matches[e];if(s||!c.namespace&&!l.namespace||c.namespace_re&&c.namespace_re.test(l.namespace))c.data=l.data,c.handleObj=l,h=((p.event.special[l.origType]||{}).handle||l.handler).apply(j.elem,r),h!==b&&(c.result=h,h===!1&&(c.preventDefault(),c.stopPropagation()))}}return t.postDispatch&&t.postDispatch.call(this,c),c.result},props:"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return a.which==null&&(a.which=b.charCode!=null?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,c){var d,f,g,h=c.button,i=c.fromElement;return a.pageX==null&&c.clientX!=null&&(d=a.target.ownerDocument||e,f=d.documentElement,g=d.body,a.pageX=c.clientX+(f&&f.scrollLeft||g&&g.scrollLeft||0)-(f&&f.clientLeft||g&&g.clientLeft||0),a.pageY=c.clientY+(f&&f.scrollTop||g&&g.scrollTop||0)-(f&&f.clientTop||g&&g.clientTop||0)),!a.relatedTarget&&i&&(a.relatedTarget=i===a.target?c.toElement:i),!a.which&&h!==b&&(a.which=h&1?1:h&2?3:h&4?2:0),a}},fix:function(a){if(a[p.expando])return a;var b,c,d=a,f=p.event.fixHooks[a.type]||{},g=f.props?this.props.concat(f.props):this.props;a=p.Event(d);for(b=g.length;b;)c=g[--b],a[c]=d[c];return a.target||(a.target=d.srcElement||e),a.target.nodeType===3&&(a.target=a.target.parentNode),a.metaKey=!!a.metaKey,f.filter?f.filter(a,d):a},special:{ready:{setup:p.bindReady},load:{noBubble:!0},focus:{delegateType:"focusin"},blur:{delegateType:"focusout"},beforeunload:{setup:function(a,b,c){p.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}},simulate:function(a,b,c,d){var e=p.extend(new p.Event,c,{type:a,isSimulated:!0,originalEvent:{}});d?p.event.trigger(e,null,b):p.event.dispatch.call(b,e),e.isDefaultPrevented()&&c.preventDefault()}},p.event.handle=p.event.dispatch,p.removeEvent=e.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){var d="on"+b;a.detachEvent&&(typeof a[d]=="undefined"&&(a[d]=null),a.detachEvent(d,c))},p.Event=function(a,b){if(this instanceof p.Event)a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?bb:ba):this.type=a,b&&p.extend(this,b),this.timeStamp=a&&a.timeStamp||p.now(),this[p.expando]=!0;else return new p.Event(a,b)},p.Event.prototype={preventDefault:function(){this.isDefaultPrevented=bb;var a=this.originalEvent;if(!a)return;a.preventDefault?a.preventDefault():a.returnValue=!1},stopPropagation:function(){this.isPropagationStopped=bb;var a=this.originalEvent;if(!a)return;a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=bb,this.stopPropagation()},isDefaultPrevented:ba,isPropagationStopped:ba,isImmediatePropagationStopped:ba},p.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(a,b){p.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj,g=f.selector;if(!e||e!==d&&!p.contains(d,e))a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b;return c}}}),p.support.submitBubbles||(p.event.special.submit={setup:function(){if(p.nodeName(this,"form"))return!1;p.event.add(this,"click._submit keypress._submit",function(a){var c=a.target,d=p.nodeName(c,"input")||p.nodeName(c,"button")?c.form:b;d&&!p._data(d,"_submit_attached")&&(p.event.add(d,"submit._submit",function(a){a._submit_bubble=!0}),p._data(d,"_submit_attached",!0))})},postDispatch:function(a){a._submit_bubble&&(delete a._submit_bubble,this.parentNode&&!a.isTrigger&&p.event.simulate("submit",this.parentNode,a,!0))},teardown:function(){if(p.nodeName(this,"form"))return!1;p.event.remove(this,"._submit")}}),p.support.changeBubbles||(p.event.special.change={setup:function(){if(V.test(this.nodeName)){if(this.type==="checkbox"||this.type==="radio")p.event.add(this,"propertychange._change",function(a){a.originalEvent.propertyName==="checked"&&(this._just_changed=!0)}),p.event.add(this,"click._change",function(a){this._just_changed&&!a.isTrigger&&(this._just_changed=!1),p.event.simulate("change",this,a,!0)});return!1}p.event.add(this,"beforeactivate._change",function(a){var b=a.target;V.test(b.nodeName)&&!p._data(b,"_change_attached")&&(p.event.add(b,"change._change",function(a){this.parentNode&&!a.isSimulated&&!a.isTrigger&&p.event.simulate("change",this.parentNode,a,!0)}),p._data(b,"_change_attached",!0))})},handle:function(a){var b=a.target;if(this!==b||a.isSimulated||a.isTrigger||b.type!=="radio"&&b.type!=="checkbox")return a.handleObj.handler.apply(this,arguments)},teardown:function(){return p.event.remove(this,"._change"),V.test(this.nodeName)}}),p.support.focusinBubbles||p.each({focus:"focusin",blur:"focusout"},function(a,b){var c=0,d=function(a){p.event.simulate(b,a.target,p.event.fix(a),!0)};p.event.special[b]={setup:function(){c++===0&&e.addEventListener(a,d,!0)},teardown:function(){--c===0&&e.removeEventListener(a,d,!0)}}}),p.fn.extend({on:function(a,c,d,e,f){var g,h;if(typeof a=="object"){typeof c!="string"&&(d=d||c,c=b);for(h in a)this.on(h,c,d,a[h],f);return this}d==null&&e==null?(e=c,d=c=b):e==null&&(typeof c=="string"?(e=d,d=b):(e=d,d=c,c=b));if(e===!1)e=ba;else if(!e)return this;return f===1&&(g=e,e=function(a){return p().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=p.guid++)),this.each(function(){p.event.add(this,a,e,d,c)})},one:function(a,b,c,d){return this.on(a,b,c,d,1)},off:function(a,c,d){var e,f;if(a&&a.preventDefault&&a.handleObj)return e=a.handleObj,p(a.delegateTarget).off(e.namespace?e.origType+"."+e.namespace:e.origType,e.selector,e.handler),this;if(typeof a=="object"){for(f in a)this.off(f,c,a[f]);return this}if(c===!1||typeof c=="function")d=c,c=b;return d===!1&&(d=ba),this.each(function(){p.event.remove(this,a,d,c)})},bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},live:function(a,b,c){return p(this.context).on(a,this.selector,b,c),this},die:function(a,b){return p(this.context).off(a,this.selector||"**",b),this},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return arguments.length==1?this.off(a,"**"):this.off(b,a||"**",c)},trigger:function(a,b){return this.each(function(){p.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return p.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||p.guid++,d=0,e=function(c){var e=(p._data(this,"lastToggle"+a.guid)||0)%d;return p._data(this,"lastToggle"+a.guid,e+1),c.preventDefault(),b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}}),p.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){p.fn[b]=function(a,c){return c==null&&(c=a,a=null),arguments.length>0?this.on(b,null,a,c):this.trigger(b)},Y.test(b)&&(p.event.fixHooks[b]=p.event.keyHooks),Z.test(b)&&(p.event.fixHooks[b]=p.event.mouseHooks)}),function(a,b){function bd(a,b,c,d){var e=0,f=b.length;for(;e<f;e++)Z(a,b[e],c,d)}function be(a,b,c,d,e,f){var g,h=$.setFilters[b.toLowerCase()];return h||Z.error(b),(a||!(g=e))&&bd(a||"*",d,g=[],e),g.length>0?h(g,c,f):[]}function bf(a,c,d,e,f){var g,h,i,j,k,l,m,n,p=0,q=f.length,s=L.POS,t=new RegExp("^"+s.source+"(?!"+r+")","i"),u=function(){var a=1,c=arguments.length-2;for(;a<c;a++)arguments[a]===b&&(g[a]=b)};for(;p<q;p++){s.exec(""),a=f[p],j=[],i=0,k=e;while(g=s.exec(a)){n=s.lastIndex=g.index+g[0].length;if(n>i){m=a.slice(i,g.index),i=n,l=[c],B.test(m)&&(k&&(l=k),k=e);if(h=H.test(m))m=m.slice(0,-5).replace(B,"$&*");g.length>1&&g[0].replace(t,u),k=be(m,g[1],g[2],l,k,h)}}k?(j=j.concat(k),(m=a.slice(i))&&m!==")"?B.test(m)?bd(m,j,d,e):Z(m,c,d,e?e.concat(k):k):o.apply(d,j)):Z(a,c,d,e)}return q===1?d:Z.uniqueSort(d)}function bg(a,b,c){var d,e,f,g=[],i=0,j=D.exec(a),k=!j.pop()&&!j.pop(),l=k&&a.match(C)||[""],m=$.preFilter,n=$.filter,o=!c&&b!==h;for(;(e=l[i])!=null&&k;i++){g.push(d=[]),o&&(e=" "+e);while(e){k=!1;if(j=B.exec(e))e=e.slice(j[0].length),k=d.push({part:j.pop().replace(A," "),captures:j});for(f in n)(j=L[f].exec(e))&&(!m[f]||(j=m[f](j,b,c)))&&(e=e.slice(j.shift().length),k=d.push({part:f,captures:j}));if(!k)break}}return k||Z.error(a),g}function bh(a,b,e){var f=b.dir,g=m++;return a||(a=function(a){return a===e}),b.first?function(b,c){while(b=b[f])if(b.nodeType===1)return a(b,c)&&b}:function(b,e){var h,i=g+"."+d,j=i+"."+c;while(b=b[f])if(b.nodeType===1){if((h=b[q])===j)return b.sizset;if(typeof h=="string"&&h.indexOf(i)===0){if(b.sizset)return b}else{b[q]=j;if(a(b,e))return b.sizset=!0,b;b.sizset=!1}}}}function bi(a,b){return a?function(c,d){var e=b(c,d);return e&&a(e===!0?c:e,d)}:b}function bj(a,b,c){var d,e,f=0;for(;d=a[f];f++)$.relative[d.part]?e=bh(e,$.relative[d.part],b):(d.captures.push(b,c),e=bi(e,$.filter[d.part].apply(null,d.captures)));return e}function bk(a){return function(b,c){var d,e=0;for(;d=a[e];e++)if(d(b,c))return!0;return!1}}var c,d,e,f,g,h=a.document,i=h.documentElement,j="undefined",k=!1,l=!0,m=0,n=[].slice,o=[].push,q=("sizcache"+Math.random()).replace(".",""),r="[\\x20\\t\\r\\n\\f]",s="(?:\\\\.|[-\\w]|[^\\x00-\\xa0])+",t=s.replace("w","w#"),u="([*^$|!~]?=)",v="\\["+r+"*("+s+")"+r+"*(?:"+u+r+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+t+")|)|)"+r+"*\\]",w=":("+s+")(?:\\((?:(['\"])((?:\\\\.|[^\\\\])*?)\\2|((?:[^,]|\\\\,|(?:,(?=[^\\[]*\\]))|(?:,(?=[^\\(]*\\))))*))\\)|)",x=":(nth|eq|gt|lt|first|last|even|odd)(?:\\((\\d*)\\)|)(?=[^-]|$)",y=r+"*([\\x20\\t\\r\\n\\f>+~])"+r+"*",z="(?=[^\\x20\\t\\r\\n\\f])(?:\\\\.|"+v+"|"+w.replace(2,7)+"|[^\\\\(),])+",A=new RegExp("^"+r+"+|((?:^|[^\\\\])(?:\\\\.)*)"+r+"+$","g"),B=new RegExp("^"+y),C=new RegExp(z+"?(?="+r+"*,|$)","g"),D=new RegExp("^(?:(?!,)(?:(?:^|,)"+r+"*"+z+")*?|"+r+"*(.*?))(\\)|$)"),E=new RegExp(z.slice(19,-6)+"\\x20\\t\\r\\n\\f>+~])+|"+y,"g"),F=/^(?:#([\w\-]+)|(\w+)|\.([\w\-]+))$/,G=/[\x20\t\r\n\f]*[+~]/,H=/:not\($/,I=/h\d/i,J=/input|select|textarea|button/i,K=/\\(?!\\)/g,L={ID:new RegExp("^#("+s+")"),CLASS:new RegExp("^\\.("+s+")"),NAME:new RegExp("^\\[name=['\"]?("+s+")['\"]?\\]"),TAG:new RegExp("^("+s.replace("[-","[-\\*")+")"),ATTR:new RegExp("^"+v),PSEUDO:new RegExp("^"+w),CHILD:new RegExp("^:(only|nth|last|first)-child(?:\\("+r+"*(even|odd|(([+-]|)(\\d*)n|)"+r+"*(?:([+-]|)"+r+"*(\\d+)|))"+r+"*\\)|)","i"),POS:new RegExp(x,"ig"),needsContext:new RegExp("^"+r+"*[>+~]|"+x,"i")},M={},N=[],O={},P=[],Q=function(a){return a.sizzleFilter=!0,a},R=function(a){return function(b){return b.nodeName.toLowerCase()==="input"&&b.type===a}},S=function(a){return function(b){var c=b.nodeName.toLowerCase();return(c==="input"||c==="button")&&b.type===a}},T=function(a){var b=!1,c=h.createElement("div");try{b=a(c)}catch(d){}return c=null,b},U=T(function(a){a.innerHTML="<select></select>";var b=typeof a.lastChild.getAttribute("multiple");return b!=="boolean"&&b!=="string"}),V=T(function(a){a.id=q+0,a.innerHTML="<a name='"+q+"'></a><div name='"+q+"'></div>",i.insertBefore(a,i.firstChild);var b=h.getElementsByName&&h.getElementsByName(q).length===2+h.getElementsByName(q+0).length;return g=!h.getElementById(q),i.removeChild(a),b}),W=T(function(a){return a.appendChild(h.createComment("")),a.getElementsByTagName("*").length===0}),X=T(function(a){return a.innerHTML="<a href='#'></a>",a.firstChild&&typeof a.firstChild.getAttribute!==j&&a.firstChild.getAttribute("href")==="#"}),Y=T(function(a){return a.innerHTML="<div class='hidden e'></div><div class='hidden'></div>",!a.getElementsByClassName||a.getElementsByClassName("e").length===0?!1:(a.lastChild.className="e",a.getElementsByClassName("e").length!==1)}),Z=function(a,b,c,d){c=c||[],b=b||h;var e,f,g,i,j=b.nodeType;if(j!==1&&j!==9)return[];if(!a||typeof a!="string")return c;g=ba(b);if(!g&&!d)if(e=F.exec(a))if(i=e[1]){if(j===9){f=b.getElementById(i);if(!f||!f.parentNode)return c;if(f.id===i)return c.push(f),c}else if(b.ownerDocument&&(f=b.ownerDocument.getElementById(i))&&bb(b,f)&&f.id===i)return c.push(f),c}else{if(e[2])return o.apply(c,n.call(b.getElementsByTagName(a),0)),c;if((i=e[3])&&Y&&b.getElementsByClassName)return o.apply(c,n.call(b.getElementsByClassName(i),0)),c}return bm(a,b,c,d,g)},$=Z.selectors={cacheLength:50,match:L,order:["ID","TAG"],attrHandle:{},createPseudo:Q,find:{ID:g?function(a,b,c){if(typeof b.getElementById!==j&&!c){var d=b.getElementById(a);return d&&d.parentNode?[d]:[]}}:function(a,c,d){if(typeof c.getElementById!==j&&!d){var e=c.getElementById(a);return e?e.id===a||typeof e.getAttributeNode!==j&&e.getAttributeNode("id").value===a?[e]:b:[]}},TAG:W?function(a,b){if(typeof b.getElementsByTagName!==j)return b.getElementsByTagName(a)}:function(a,b){var c=b.getElementsByTagName(a);if(a==="*"){var d,e=[],f=0;for(;d=c[f];f++)d.nodeType===1&&e.push(d);return e}return c}},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(K,""),a[3]=(a[4]||a[5]||"").replace(K,""),a[2]==="~="&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),a[1]==="nth"?(a[2]||Z.error(a[0]),a[3]=+(a[3]?a[4]+(a[5]||1):2*(a[2]==="even"||a[2]==="odd")),a[4]=+(a[6]+a[7]||a[2]==="odd")):a[2]&&Z.error(a[0]),a},PSEUDO:function(a){var b,c=a[4];return L.CHILD.test(a[0])?null:(c&&(b=D.exec(c))&&b.pop()&&(a[0]=a[0].slice(0,b[0].length-c.length-1),c=b[0].slice(0,-1)),a.splice(2,3,c||a[3]),a)}},filter:{ID:g?function(a){return a=a.replace(K,""),function(b){return b.getAttribute("id")===a}}:function(a){return a=a.replace(K,""),function(b){var c=typeof b.getAttributeNode!==j&&b.getAttributeNode("id");return c&&c.value===a}},TAG:function(a){return a==="*"?function(){return!0}:(a=a.replace(K,"").toLowerCase(),function(b){return b.nodeName&&b.nodeName.toLowerCase()===a})},CLASS:function(a){var b=M[a];return b||(b=M[a]=new RegExp("(^|"+r+")"+a+"("+r+"|$)"),N.push(a),N.length>$.cacheLength&&delete M[N.shift()]),function(a){return b.test(a.className||typeof a.getAttribute!==j&&a.getAttribute("class")||"")}},ATTR:function(a,b,c){return b?function(d){var e=Z.attr(d,a),f=e+"";if(e==null)return b==="!=";switch(b){case"=":return f===c;case"!=":return f!==c;case"^=":return c&&f.indexOf(c)===0;case"*=":return c&&f.indexOf(c)>-1;case"$=":return c&&f.substr(f.length-c.length)===c;case"~=":return(" "+f+" ").indexOf(c)>-1;case"|=":return f===c||f.substr(0,c.length+1)===c+"-"}}:function(b){return Z.attr(b,a)!=null}},CHILD:function(a,b,c,d){if(a==="nth"){var e=m++;return function(a){var b,f,g=0,h=a;if(c===1&&d===0)return!0;b=a.parentNode;if(b&&(b[q]!==e||!a.sizset)){for(h=b.firstChild;h;h=h.nextSibling)if(h.nodeType===1){h.sizset=++g;if(h===a)break}b[q]=e}return f=a.sizset-d,c===0?f===0:f%c===0&&f/c>=0}}return function(b){var c=b;switch(a){case"only":case"first":while(c=c.previousSibling)if(c.nodeType===1)return!1;if(a==="first")return!0;c=b;case"last":while(c=c.nextSibling)if(c.nodeType===1)return!1;return!0}}},PSEUDO:function(a,b,c,d){var e=$.pseudos[a]||$.pseudos[a.toLowerCase()];return e||Z.error("unsupported pseudo: "+a),e.sizzleFilter?e(b,c,d):e}},pseudos:{not:Q(function(a,b,c){var d=bl(a.replace(A,"$1"),b,c);return function(a){return!d(a)}}),enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&!!a.checked||b==="option"&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},parent:function(a){return!$.pseudos.empty(a)},empty:function(a){var b;a=a.firstChild;while(a){if(a.nodeName>"@"||(b=a.nodeType)===3||b===4)return!1;a=a.nextSibling}return!0},contains:Q(function(a){return function(b){return(b.textContent||b.innerText||bc(b)).indexOf(a)>-1}}),has:Q(function(a){return function(b){return Z(a,b).length>0}}),header:function(a){return I.test(a.nodeName)},text:function(a){var b,c;return a.nodeName.toLowerCase()==="input"&&(b=a.type)==="text"&&((c=a.getAttribute("type"))==null||c.toLowerCase()===b)},radio:R("radio"),checkbox:R("checkbox"),file:R("file"),password:R("password"),image:R("image"),submit:S("submit"),reset:S("reset"),button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&a.type==="button"||b==="button"},input:function(a){return J.test(a.nodeName)},focus:function(a){var b=a.ownerDocument;return a===b.activeElement&&(!b.hasFocus||b.hasFocus())&&(!!a.type||!!a.href)},active:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b,c){return c?a.slice(1):[a[0]]},last:function(a,b,c){var d=a.pop();return c?a:[d]},even:function(a,b,c){var d=[],e=c?1:0,f=a.length;for(;e<f;e=e+2)d.push(a[e]);return d},odd:function(a,b,c){var d=[],e=c?0:1,f=a.length;for(;e<f;e=e+2)d.push(a[e]);return d},lt:function(a,b,c){return c?a.slice(+b):a.slice(0,+b)},gt:function(a,b,c){return c?a.slice(0,+b+1):a.slice(+b+1)},eq:function(a,b,c){var d=a.splice(+b,1);return c?a:d}}};$.setFilters.nth=$.setFilters.eq,$.filters=$.pseudos,X||($.attrHandle={href:function(a){return a.getAttribute("href",2)},type:function(a){return a.getAttribute("type")}}),V&&($.order.push("NAME"),$.find.NAME=function(a,b){if(typeof b.getElementsByName!==j)return b.getElementsByName(a)}),Y&&($.order.splice(1,0,"CLASS"),$.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!==j&&!c)return b.getElementsByClassName(a)});try{n.call(i.childNodes,0)[0].nodeType}catch(_){n=function(a){var b,c=[];for(;b=this[a];a++)c.push(b);return c}}var ba=Z.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?b.nodeName!=="HTML":!1},bb=Z.contains=i.compareDocumentPosition?function(a,b){return!!(a.compareDocumentPosition(b)&16)}:i.contains?function(a,b){var c=a.nodeType===9?a.documentElement:a,d=b.parentNode;return a===d||!!(d&&d.nodeType===1&&c.contains&&c.contains(d))}:function(a,b){while(b=b.parentNode)if(b===a)return!0;return!1},bc=Z.getText=function(a){var b,c="",d=0,e=a.nodeType;if(e){if(e===1||e===9||e===11){if(typeof a.textContent=="string")return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=bc(a)}else if(e===3||e===4)return a.nodeValue}else for(;b=a[d];d++)c+=bc(b);return c};Z.attr=function(a,b){var c,d=ba(a);return d||(b=b.toLowerCase()),$.attrHandle[b]?$.attrHandle[b](a):U||d?a.getAttribute(b):(c=a.getAttributeNode(b),c?typeof a[b]=="boolean"?a[b]?b:null:c.specified?c.value:null:null)},Z.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},[0,0].sort(function(){return l=0}),i.compareDocumentPosition?e=function(a,b){return a===b?(k=!0,0):(!a.compareDocumentPosition||!b.compareDocumentPosition?a.compareDocumentPosition:a.compareDocumentPosition(b)&4)?-1:1}:(e=function(a,b){if(a===b)return k=!0,0;if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],g=[],h=a.parentNode,i=b.parentNode,j=h;if(h===i)return f(a,b);if(!h)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)g.unshift(j),j=j.parentNode;c=e.length,d=g.length;for(var l=0;l<c&&l<d;l++)if(e[l]!==g[l])return f(e[l],g[l]);return l===c?f(a,g[l],-1):f(e[l],b,1)},f=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),Z.uniqueSort=function(a){var b,c=1;if(e){k=l,a.sort(e);if(k)for(;b=a[c];c++)b===a[c-1]&&a.splice(c--,1)}return a};var bl=Z.compile=function(a,b,c){var d,e,f,g=O[a];if(g&&g.context===b)return g;e=bg(a,b,c);for(f=0;d=e[f];f++)e[f]=bj(d,b,c);return g=O[a]=bk(e),g.context=b,g.runs=g.dirruns=0,P.push(a),P.length>$.cacheLength&&delete O[P.shift()],g};Z.matches=function(a,b){return Z(a,null,null,b)},Z.matchesSelector=function(a,b){return Z(b,null,null,[a]).length>0};var bm=function(a,b,e,f,g){a=a.replace(A,"$1");var h,i,j,k,l,m,p,q,r,s=a.match(C),t=a.match(E),u=b.nodeType;if(L.POS.test(a))return bf(a,b,e,f,s);if(f)h=n.call(f,0);else if(s&&s.length===1){if(t.length>1&&u===9&&!g&&(s=L.ID.exec(t[0]))){b=$.find.ID(s[1],b,g)[0];if(!b)return e;a=a.slice(t.shift().length)}q=(s=G.exec(t[0]))&&!s.index&&b.parentNode||b,r=t.pop(),m=r.split(":not")[0];for(j=0,k=$.order.length;j<k;j++){p=$.order[j];if(s=L[p].exec(m)){h=$.find[p]((s[1]||"").replace(K,""),q,g);if(h==null)continue;m===r&&(a=a.slice(0,a.length-r.length)+m.replace(L[p],""),a||o.apply(e,n.call(h,0)));break}}}if(a){i=bl(a,b,g),d=i.dirruns++,h==null&&(h=$.find.TAG("*",G.test(a)&&b.parentNode||b));for(j=0;l=h[j];j++)c=i.runs++,i(l,b)&&e.push(l)}return e};h.querySelectorAll&&function(){var a,b=bm,c=/'|\\/g,d=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,e=[],f=[":active"],g=i.matchesSelector||i.mozMatchesSelector||i.webkitMatchesSelector||i.oMatchesSelector||i.msMatchesSelector;T(function(a){a.innerHTML="<select><option selected></option></select>",a.querySelectorAll("[selected]").length||e.push("\\["+r+"*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),a.querySelectorAll(":checked").length||e.push(":checked")}),T(function(a){a.innerHTML="<p test=''></p>",a.querySelectorAll("[test^='']").length&&e.push("[*^$]="+r+"*(?:\"\"|'')"),a.innerHTML="<input type='hidden'>",a.querySelectorAll(":enabled").length||e.push(":enabled",":disabled")}),e=e.length&&new RegExp(e.join("|")),bm=function(a,d,f,g,h){if(!g&&!h&&(!e||!e.test(a)))if(d.nodeType===9)try{return o.apply(f,n.call(d.querySelectorAll(a),0)),f}catch(i){}else if(d.nodeType===1&&d.nodeName.toLowerCase()!=="object"){var j=d.getAttribute("id"),k=j||q,l=G.test(a)&&d.parentNode||d;j?k=k.replace(c,"\\$&"):d.setAttribute("id",k);try{return o.apply(f,n.call(l.querySelectorAll(a.replace(C,"[id='"+k+"'] $&")),0)),f}catch(i){}finally{j||d.removeAttribute("id")}}return b(a,d,f,g,h)},g&&(T(function(b){a=g.call(b,"div");try{g.call(b,"[test!='']:sizzle"),f.push($.match.PSEUDO)}catch(c){}}),f=new RegExp(f.join("|")),Z.matchesSelector=function(b,c){c=c.replace(d,"='$1']");if(!ba(b)&&!f.test(c)&&(!e||!e.test(c)))try{var h=g.call(b,c);if(h||a||b.document&&b.document.nodeType!==11)return h}catch(i){}return Z(c,null,null,[b]).length>0})}(),Z.attr=p.attr,p.find=Z,p.expr=Z.selectors,p.expr[":"]=p.expr.pseudos,p.unique=Z.uniqueSort,p.text=Z.getText,p.isXMLDoc=Z.isXML,p.contains=Z.contains}(a);var bc=/Until$/,bd=/^(?:parents|prev(?:Until|All))/,be=/^.[^:#\[\.,]*$/,bf=p.expr.match.needsContext,bg={children:!0,contents:!0,next:!0,prev:!0};p.fn.extend({find:function(a){var b,c,d,e,f,g,h=this;if(typeof a!="string")return p(a).filter(function(){for(b=0,c=h.length;b<c;b++)if(p.contains(h[b],this))return!0});g=this.pushStack("","find",a);for(b=0,c=this.length;b<c;b++){d=g.length,p.find(a,this[b],g);if(b>0)for(e=d;e<g.length;e++)for(f=0;f<d;f++)if(g[f]===g[e]){g.splice(e--,1);break}}return g},has:function(a){var b,c=p(a,this),d=c.length;return this.filter(function(){for(b=0;b<d;b++)if(p.contains(this,c[b]))return!0})},not:function(a){return this.pushStack(bj(this,a,!1),"not",a)},filter:function(a){return this.pushStack(bj(this,a,!0),"filter",a)},is:function(a){return!!a&&(typeof a=="string"?bf.test(a)?p(a,this.context).index(this[0])>=0:p.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c,d=0,e=this.length,f=[],g=bf.test(a)||typeof a!="string"?p(a,b||this.context):0;for(;d<e;d++){c=this[d];while(c&&c.ownerDocument&&c!==b&&c.nodeType!==11){if(g?g.index(c)>-1:p.find.matchesSelector(c,a)){f.push(c);break}c=c.parentNode}}return f=f.length>1?p.unique(f):f,this.pushStack(f,"closest",a)},index:function(a){return a?typeof a=="string"?p.inArray(this[0],p(a)):p.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.prevAll().length:-1},add:function(a,b){var c=typeof a=="string"?p(a,b):p.makeArray(a&&a.nodeType?[a]:a),d=p.merge(this.get(),c);return this.pushStack(bh(c[0])||bh(d[0])?d:p.unique(d))},addBack:function(a){return this.add(a==null?this.prevObject:this.prevObject.filter(a))}}),p.fn.andSelf=p.fn.addBack,p.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return p.dir(a,"parentNode")},parentsUntil:function(a,b,c){return p.dir(a,"parentNode",c)},next:function(a){return bi(a,"nextSibling")},prev:function(a){return bi(a,"previousSibling")},nextAll:function(a){return p.dir(a,"nextSibling")},prevAll:function(a){return p.dir(a,"previousSibling")},nextUntil:function(a,b,c){return p.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return p.dir(a,"previousSibling",c)},siblings:function(a){return p.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return p.sibling(a.firstChild)},contents:function(a){return p.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:p.merge([],a.childNodes)}},function(a,b){p.fn[a]=function(c,d){var e=p.map(this,b,c);return bc.test(a)||(d=c),d&&typeof d=="string"&&(e=p.filter(d,e)),e=this.length>1&&!bg[a]?p.unique(e):e,this.length>1&&bd.test(a)&&(e=e.reverse()),this.pushStack(e,a,k.call(arguments).join(","))}}),p.extend({filter:function(a,b,c){return c&&(a=":not("+a+")"),b.length===1?p.find.matchesSelector(b[0],a)?[b[0]]:[]:p.find.matches(a,b)},dir:function(a,c,d){var e=[],f=a[c];while(f&&f.nodeType!==9&&(d===b||f.nodeType!==1||!p(f).is(d)))f.nodeType===1&&e.push(f),f=f[c];return e},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var bl="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",bm=/ jQuery\d+="(?:null|\d+)"/g,bn=/^\s+/,bo=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bp=/<([\w:]+)/,bq=/<tbody/i,br=/<|&#?\w+;/,bs=/<(?:script|style|link)/i,bt=/<(?:script|object|embed|option|style)/i,bu=new RegExp("<(?:"+bl+")[\\s/>]","i"),bv=/^(?:checkbox|radio)$/,bw=/checked\s*(?:[^=]|=\s*.checked.)/i,bx=/\/(java|ecma)script/i,by=/^\s*<!(?:\[CDATA\[|\-\-)|[\]\-]{2}>\s*$/g,bz={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],area:[1,"<map>","</map>"],_default:[0,"",""]},bA=bk(e),bB=bA.appendChild(e.createElement("div"));bz.optgroup=bz.option,bz.tbody=bz.tfoot=bz.colgroup=bz.caption=bz.thead,bz.th=bz.td,p.support.htmlSerialize||(bz._default=[1,"X<div>","</div>"]),p.fn.extend({text:function(a){return p.access(this,function(a){return a===b?p.text(this):this.empty().append((this[0]&&this[0].ownerDocument||e).createTextNode(a))},null,a,arguments.length)},wrapAll:function(a){if(p.isFunction(a))return this.each(function(b){p(this).wrapAll(a.call(this,b))});if(this[0]){var b=p(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return p.isFunction(a)?this.each(function(b){p(this).wrapInner(a.call(this,b))}):this.each(function(){var b=p(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=p.isFunction(a);return this.each(function(c){p(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){p.nodeName(this,"body")||p(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){(this.nodeType===1||this.nodeType===11)&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){(this.nodeType===1||this.nodeType===11)&&this.insertBefore(a,this.firstChild)})},before:function(){if(!bh(this[0]))return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=p.clean(arguments);return this.pushStack(p.merge(a,this),"before",this.selector)}},after:function(){if(!bh(this[0]))return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=p.clean(arguments);return this.pushStack(p.merge(this,a),"after",this.selector)}},remove:function(a,b){var c,d=0;for(;(c=this[d])!=null;d++)if(!a||p.filter(a,[c]).length)!b&&c.nodeType===1&&(p.cleanData(c.getElementsByTagName("*")),p.cleanData([c])),c.parentNode&&c.parentNode.removeChild(c);return this},empty:function(){var a,b=0;for(;(a=this[b])!=null;b++){a.nodeType===1&&p.cleanData(a.getElementsByTagName("*"));while(a.firstChild)a.removeChild(a.firstChild)}return this},clone:function(a,b){return a=a==null?!1:a,b=b==null?a:b,this.map(function(){return p.clone(this,a,b)})},html:function(a){return p.access(this,function(a){var c=this[0]||{},d=0,e=this.length;if(a===b)return c.nodeType===1?c.innerHTML.replace(bm,""):b;if(typeof a=="string"&&!bs.test(a)&&(p.support.htmlSerialize||!bu.test(a))&&(p.support.leadingWhitespace||!bn.test(a))&&!bz[(bp.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(bo,"<$1></$2>");try{for(;d<e;d++)c=this[d]||{},c.nodeType===1&&(p.cleanData(c.getElementsByTagName("*")),c.innerHTML=a);c=0}catch(f){}}c&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(a){return bh(this[0])?this.length?this.pushStack(p(p.isFunction(a)?a():a),"replaceWith",a):this:p.isFunction(a)?this.each(function(b){var c=p(this),d=c.html();c.replaceWith(a.call(this,b,d))}):(typeof a!="string"&&(a=p(a).detach()),this.each(function(){var b=this.nextSibling,c=this.parentNode;p(this).remove(),b?p(b).before(a):p(c).append(a)}))},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){a=[].concat.apply([],a);var e,f,g,h,i=0,j=a[0],k=[],l=this.length;if(!p.support.checkClone&&l>1&&typeof j=="string"&&bw.test(j))return this.each(function(){p(this).domManip(a,c,d)});if(p.isFunction(j))return this.each(function(e){var f=p(this);a[0]=j.call(this,e,c?f.html():b),f.domManip(a,c,d)});if(this[0]){e=p.buildFragment(a,this,k),g=e.fragment,f=g.firstChild,g.childNodes.length===1&&(g=f);if(f){c=c&&p.nodeName(f,"tr");for(h=e.cacheable||l-1;i<l;i++)d.call(c&&p.nodeName(this[i],"table")?bC(this[i],"tbody"):this[i],i===h?g:p.clone(g,!0,!0))}g=f=null,k.length&&p.each(k,function(a,b){b.src?p.ajax?p.ajax({url:b.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):p.error("no ajax"):p.globalEval((b.text||b.textContent||b.innerHTML||"").replace(by,"")),b.parentNode&&b.parentNode.removeChild(b)})}return this}}),p.buildFragment=function(a,c,d){var f,g,h,i=a[0];return c=c||e,c=(c[0]||c).ownerDocument||c[0]||c,typeof c.createDocumentFragment=="undefined"&&(c=e),a.length===1&&typeof i=="string"&&i.length<512&&c===e&&i.charAt(0)==="<"&&!bt.test(i)&&(p.support.checkClone||!bw.test(i))&&(p.support.html5Clone||!bu.test(i))&&(g=!0,f=p.fragments[i],h=f!==b),f||(f=c.createDocumentFragment(),p.clean(a,c,f,d),g&&(p.fragments[i]=h&&f)),{fragment:f,cacheable:g}},p.fragments={},p.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){p.fn[a]=function(c){var d,e=0,f=[],g=p(c),h=g.length,i=this.length===1&&this[0].parentNode;if((i==null||i&&i.nodeType===11&&i.childNodes.length===1)&&h===1)return g[b](this[0]),this;for(;e<h;e++)d=(e>0?this.clone(!0):this).get(),p(g[e])[b](d),f=f.concat(d);return this.pushStack(f,a,g.selector)}}),p.extend({clone:function(a,b,c){var d,e,f,g;p.support.html5Clone||p.isXMLDoc(a)||!bu.test("<"+a.nodeName+">")?g=a.cloneNode(!0):(bB.innerHTML=a.outerHTML,bB.removeChild(g=bB.firstChild));if((!p.support.noCloneEvent||!p.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!p.isXMLDoc(a)){bE(a,g),d=bF(a),e=bF(g);for(f=0;d[f];++f)e[f]&&bE(d[f],e[f])}if(b){bD(a,g);if(c){d=bF(a),e=bF(g);for(f=0;d[f];++f)bD(d[f],e[f])}}return d=e=null,g},clean:function(a,b,c,d){var f,g,h,i,j,k,l,m,n,o,q,r,s=0,t=[];if(!b||typeof b.createDocumentFragment=="undefined")b=e;for(g=b===e&&bA;(h=a[s])!=null;s++){typeof h=="number"&&(h+="");if(!h)continue;if(typeof h=="string")if(!br.test(h))h=b.createTextNode(h);else{g=g||bk(b),l=l||g.appendChild(b.createElement("div")),h=h.replace(bo,"<$1></$2>"),i=(bp.exec(h)||["",""])[1].toLowerCase(),j=bz[i]||bz._default,k=j[0],l.innerHTML=j[1]+h+j[2];while(k--)l=l.lastChild;if(!p.support.tbody){m=bq.test(h),n=i==="table"&&!m?l.firstChild&&l.firstChild.childNodes:j[1]==="<table>"&&!m?l.childNodes:[];for(f=n.length-1;f>=0;--f)p.nodeName(n[f],"tbody")&&!n[f].childNodes.length&&n[f].parentNode.removeChild(n[f])}!p.support.leadingWhitespace&&bn.test(h)&&l.insertBefore(b.createTextNode(bn.exec(h)[0]),l.firstChild),h=l.childNodes,l=g.lastChild}h.nodeType?t.push(h):t=p.merge(t,h)}l&&(g.removeChild(l),h=l=g=null);if(!p.support.appendChecked)for(s=0;(h=t[s])!=null;s++)p.nodeName(h,"input")?bG(h):typeof h.getElementsByTagName!="undefined"&&p.grep(h.getElementsByTagName("input"),bG);if(c){q=function(a){if(!a.type||bx.test(a.type))return d?d.push(a.parentNode?a.parentNode.removeChild(a):a):c.appendChild(a)};for(s=0;(h=t[s])!=null;s++)if(!p.nodeName(h,"script")||!q(h))c.appendChild(h),typeof h.getElementsByTagName!="undefined"&&(r=p.grep(p.merge([],h.getElementsByTagName("script")),q),t.splice.apply(t,[s+1,0].concat(r)),s+=r.length)}return t},cleanData:function(a,b){var c,d,e,f,g=0,h=p.expando,i=p.cache,j=p.support.deleteExpando,k=p.event.special;for(;(e=a[g])!=null;g++)if(b||p.acceptData(e)){d=e[h],c=d&&i[d];if(c){if(c.events)for(f in c.events)k[f]?p.event.remove(e,f):p.removeEvent(e,f,c.handle);i[d]&&(delete i[d],j?delete e[h]:e.removeAttribute?e.removeAttribute(h):e[h]=null,p.deletedIds.push(d))}}}}),function(){var a,b;p.uaMatch=function(a){a=a.toLowerCase();var b=/(chrome)[ \/]([\w.]+)/.exec(a)||/(webkit)[ \/]([\w.]+)/.exec(a)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(a)||/(msie) ([\w.]+)/.exec(a)||a.indexOf("compatible")<0&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(a)||[];return{browser:b[1]||"",version:b[2]||"0"}},a=p.uaMatch(g.userAgent),b={},a.browser&&(b[a.browser]=!0,b.version=a.version),b.webkit&&(b.safari=!0),p.browser=b,p.sub=function(){function a(b,c){return new a.fn.init(b,c)}p.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function c(c,d){return d&&d instanceof p&&!(d instanceof a)&&(d=a(d)),p.fn.init.call(this,c,d,b)},a.fn.init.prototype=a.fn;var b=a(e);return a}}();var bH,bI,bJ,bK=/alpha\([^)]*\)/i,bL=/opacity=([^)]*)/,bM=/^(top|right|bottom|left)$/,bN=/^margin/,bO=new RegExp("^("+q+")(.*)$","i"),bP=new RegExp("^("+q+")(?!px)[a-z%]+$","i"),bQ=new RegExp("^([-+])=("+q+")","i"),bR={},bS={position:"absolute",visibility:"hidden",display:"block"},bT={letterSpacing:0,fontWeight:400,lineHeight:1},bU=["Top","Right","Bottom","Left"],bV=["Webkit","O","Moz","ms"],bW=p.fn.toggle;p.fn.extend({css:function(a,c){return p.access(this,function(a,c,d){return d!==b?p.style(a,c,d):p.css(a,c)},a,c,arguments.length>1)},show:function(){return bZ(this,!0)},hide:function(){return bZ(this)},toggle:function(a,b){var c=typeof a=="boolean";return p.isFunction(a)&&p.isFunction(b)?bW.apply(this,arguments):this.each(function(){(c?a:bY(this))?p(this).show():p(this).hide()})}}),p.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bH(a,"opacity");return c===""?"1":c}}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":p.support.cssFloat?"cssFloat":"styleFloat"},style:function(a,c,d,e){if(!a||a.nodeType===3||a.nodeType===8||!a.style)return;var f,g,h,i=p.camelCase(c),j=a.style;c=p.cssProps[i]||(p.cssProps[i]=bX(j,i)),h=p.cssHooks[c]||p.cssHooks[i];if(d===b)return h&&"get"in h&&(f=h.get(a,!1,e))!==b?f:j[c];g=typeof d,g==="string"&&(f=bQ.exec(d))&&(d=(f[1]+1)*f[2]+parseFloat(p.css(a,c)),g="number");if(d==null||g==="number"&&isNaN(d))return;g==="number"&&!p.cssNumber[i]&&(d+="px");if(!h||!("set"in h)||(d=h.set(a,d,e))!==b)try{j[c]=d}catch(k){}},css:function(a,c,d,e){var f,g,h,i=p.camelCase(c);return c=p.cssProps[i]||(p.cssProps[i]=bX(a.style,i)),h=p.cssHooks[c]||p.cssHooks[i],h&&"get"in h&&(f=h.get(a,!0,e)),f===b&&(f=bH(a,c)),f==="normal"&&c in bT&&(f=bT[c]),d||e!==b?(g=parseFloat(f),d||p.isNumeric(g)?g||0:f):f},swap:function(a,b,c){var d,e,f={};for(e in b)f[e]=a.style[e],a.style[e]=b[e];d=c.call(a);for(e in b)a.style[e]=f[e];return d}}),a.getComputedStyle?bH=function(a,b){var c,d,e,f,g=getComputedStyle(a,null),h=a.style;return g&&(c=g[b],c===""&&!p.contains(a.ownerDocument.documentElement,a)&&(c=p.style(a,b)),bP.test(c)&&bN.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=c,c=g.width,h.width=d,h.minWidth=e,h.maxWidth=f)),c}:e.documentElement.currentStyle&&(bH=function(a,b){var c,d,e=a.currentStyle&&a.currentStyle[b],f=a.style;return e==null&&f&&f[b]&&(e=f[b]),bP.test(e)&&!bM.test(b)&&(c=f.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":e,e=f.pixelLeft+"px",f.left=c,d&&(a.runtimeStyle.left=d)),e===""?"auto":e}),p.each(["height","width"],function(a,b){p.cssHooks[b]={get:function(a,c,d){if(c)return a.offsetWidth!==0||bH(a,"display")!=="none"?ca(a,b,d):p.swap(a,bS,function(){return ca(a,b,d)})},set:function(a,c,d){return b$(a,c,d?b_(a,b,d,p.support.boxSizing&&p.css(a,"boxSizing")==="border-box"):0)}}}),p.support.opacity||(p.cssHooks.opacity={get:function(a,b){return bL.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=p.isNumeric(b)?"alpha(opacity="+b*100+")":"",f=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&p.trim(f.replace(bK,""))===""&&c.removeAttribute){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bK.test(f)?f.replace(bK,e):f+" "+e}}),p(function(){p.support.reliableMarginRight||(p.cssHooks.marginRight={get:function(a,b){return p.swap(a,{display:"inline-block"},function(){if(b)return bH(a,"marginRight")})}}),!p.support.pixelPosition&&p.fn.position&&p.each(["top","left"],function(a,b){p.cssHooks[b]={get:function(a,c){if(c){var d=bH(a,b);return bP.test(d)?p(a).position()[b]+"px":d}}}})}),p.expr&&p.expr.filters&&(p.expr.filters.hidden=function(a){return a.offsetWidth===0&&a.offsetHeight===0||!p.support.reliableHiddenOffsets&&(a.style&&a.style.display||bH(a,"display"))==="none"},p.expr.filters.visible=function(a){return!p.expr.filters.hidden(a)}),p.each({margin:"",padding:"",border:"Width"},function(a,b){p.cssHooks[a+b]={expand:function(c){var d,e=typeof c=="string"?c.split(" "):[c],f={};for(d=0;d<4;d++)f[a+bU[d]+b]=e[d]||e[d-2]||e[0];return f}},bN.test(a)||(p.cssHooks[a+b].set=b$)});var cc=/%20/g,cd=/\[\]$/,ce=/\r?\n/g,cf=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,cg=/^(?:select|textarea)/i;p.fn.extend({serialize:function(){return p.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?p.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||cg.test(this.nodeName)||cf.test(this.type))}).map(function(a,b){var c=p(this).val();return c==null?null:p.isArray(c)?p.map(c,function(a,c){return{name:b.name,value:a.replace(ce,"\r\n")}}):{name:b.name,value:c.replace(ce,"\r\n")}}).get()}}),p.param=function(a,c){var d,e=[],f=function(a,b){b=p.isFunction(b)?b():b==null?"":b,e[e.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=p.ajaxSettings&&p.ajaxSettings.traditional);if(p.isArray(a)||a.jquery&&!p.isPlainObject(a))p.each(a,function(){f(this.name,this.value)});else for(d in a)ch(d,a[d],c,f);return e.join("&").replace(cc,"+")};var ci,cj,ck=/#.*$/,cl=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,cm=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,cn=/^(?:GET|HEAD)$/,co=/^\/\//,cp=/\?/,cq=/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi,cr=/([?&])_=[^&]*/,cs=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+)|)|)/,ct=p.fn.load,cu={},cv={},cw=["*/"]+["*"];try{ci=f.href}catch(cx){ci=e.createElement("a"),ci.href="",ci=ci.href}cj=cs.exec(ci.toLowerCase())||[],p.fn.load=function(a,c,d){if(typeof a!="string"&&ct)return ct.apply(this,arguments);if(!this.length)return this;var e,f,g,h=this,i=a.indexOf(" ");return i>=0&&(e=a.slice(i,a.length),a=a.slice(0,i)),p.isFunction(c)?(d=c,c=b):typeof c=="object"&&(f="POST"),p.ajax({url:a,type:f,dataType:"html",data:c,complete:function(a,b){d&&h.each(d,g||[a.responseText,b,a])}}).done(function(a){g=arguments,h.html(e?p("<div>").append(a.replace(cq,"")).find(e):a)}),this},p.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){p.fn[b]=function(a){return this.on(b,a)}}),p.each(["get","post"],function(a,c){p[c]=function(a,d,e,f){return p.isFunction(d)&&(f=f||e,e=d,d=b),p.ajax({type:c,url:a,data:d,success:e,dataType:f})}}),p.extend({getScript:function(a,c){return p.get(a,b,c,"script")},getJSON:function(a,b,c){return p.get(a,b,c,"json")},ajaxSetup:function(a,b){return b?cA(a,p.ajaxSettings):(b=a,a=p.ajaxSettings),cA(a,b),a},ajaxSettings:{url:ci,isLocal:cm.test(cj[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded; charset=UTF-8",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":cw},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":p.parseJSON,"text xml":p.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:cy(cu),ajaxTransport:cy(cv),ajax:function(a,c){function y(a,c,f,i){var k,s,t,u,w,y=c;if(v===2)return;v=2,h&&clearTimeout(h),g=b,e=i||"",x.readyState=a>0?4:0,f&&(u=cB(l,x,f));if(a>=200&&a<300||a===304)l.ifModified&&(w=x.getResponseHeader("Last-Modified"),w&&(p.lastModified[d]=w),w=x.getResponseHeader("Etag"),w&&(p.etag[d]=w)),a===304?(y="notmodified",k=!0):(k=cC(l,u),y=k.state,s=k.data,t=k.error,k=!t);else{t=y;if(!y||a)y="error",a<0&&(a=0)}x.status=a,x.statusText=""+(c||y),k?o.resolveWith(m,[s,y,x]):o.rejectWith(m,[x,y,t]),x.statusCode(r),r=b,j&&n.trigger("ajax"+(k?"Success":"Error"),[x,l,k?s:t]),q.fireWith(m,[x,y]),j&&(n.trigger("ajaxComplete",[x,l]),--p.active||p.event.trigger("ajaxStop"))}typeof a=="object"&&(c=a,a=b),c=c||{};var d,e,f,g,h,i,j,k,l=p.ajaxSetup({},c),m=l.context||l,n=m!==l&&(m.nodeType||m instanceof p)?p(m):p.event,o=p.Deferred(),q=p.Callbacks("once memory"),r=l.statusCode||{},t={},u={},v=0,w="canceled",x={readyState:0,setRequestHeader:function(a,b){if(!v){var c=a.toLowerCase();a=u[c]=u[c]||a,t[a]=b}return this},getAllResponseHeaders:function(){return v===2?e:null},getResponseHeader:function(a){var c;if(v===2){if(!f){f={};while(c=cl.exec(e))f[c[1].toLowerCase()]=c[2]}c=f[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){return v||(l.mimeType=a),this},abort:function(a){return a=a||w,g&&g.abort(a),y(0,a),this}};o.promise(x),x.success=x.done,x.error=x.fail,x.complete=q.add,x.statusCode=function(a){if(a){var b;if(v<2)for(b in a)r[b]=[r[b],a[b]];else b=a[x.status],x.always(b)}return this},l.url=((a||l.url)+"").replace(ck,"").replace(co,cj[1]+"//"),l.dataTypes=p.trim(l.dataType||"*").toLowerCase().split(s),l.crossDomain==null&&(i=cs.exec(l.url.toLowerCase()),l.crossDomain=!(!i||i[1]==cj[1]&&i[2]==cj[2]&&(i[3]||(i[1]==="http:"?80:443))==(cj[3]||(cj[1]==="http:"?80:443)))),l.data&&l.processData&&typeof l.data!="string"&&(l.data=p.param(l.data,l.traditional)),cz(cu,l,c,x);if(v===2)return x;j=l.global,l.type=l.type.toUpperCase(),l.hasContent=!cn.test(l.type),j&&p.active++===0&&p.event.trigger("ajaxStart");if(!l.hasContent){l.data&&(l.url+=(cp.test(l.url)?"&":"?")+l.data,delete l.data),d=l.url;if(l.cache===!1){var z=p.now(),A=l.url.replace(cr,"$1_="+z);l.url=A+(A===l.url?(cp.test(l.url)?"&":"?")+"_="+z:"")}}(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&x.setRequestHeader("Content-Type",l.contentType),l.ifModified&&(d=d||l.url,p.lastModified[d]&&x.setRequestHeader("If-Modified-Since",p.lastModified[d]),p.etag[d]&&x.setRequestHeader("If-None-Match",p.etag[d])),x.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+(l.dataTypes[0]!=="*"?", "+cw+"; q=0.01":""):l.accepts["*"]);for(k in l.headers)x.setRequestHeader(k,l.headers[k]);if(!l.beforeSend||l.beforeSend.call(m,x,l)!==!1&&v!==2){w="abort";for(k in{success:1,error:1,complete:1})x[k](l[k]);g=cz(cv,l,c,x);if(!g)y(-1,"No Transport");else{x.readyState=1,j&&n.trigger("ajaxSend",[x,l]),l.async&&l.timeout>0&&(h=setTimeout(function(){x.abort("timeout")},l.timeout));try{v=1,g.send(t,y)}catch(B){if(v<2)y(-1,B);else throw B}}return x}return x.abort()},active:0,lastModified:{},etag:{}});var cD=[],cE=/\?/,cF=/(=)\?(?=&|$)|\?\?/,cG=p.now();p.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=cD.pop()||p.expando+"_"+cG++;return this[a]=!0,a}}),p.ajaxPrefilter("json jsonp",function(c,d,e){var f,g,h,i=c.data,j=c.url,k=c.jsonp!==!1,l=k&&cF.test(j),m=k&&!l&&typeof i=="string"&&!(c.contentType||"").indexOf("application/x-www-form-urlencoded")&&cF.test(i);if(c.dataTypes[0]==="jsonp"||l||m)return f=c.jsonpCallback=p.isFunction(c.jsonpCallback)?c.jsonpCallback():c.jsonpCallback,g=a[f],l?c.url=j.replace(cF,"$1"+f):m?c.data=i.replace(cF,"$1"+f):k&&(c.url+=(cE.test(j)?"&":"?")+c.jsonp+"="+f),c.converters["script json"]=function(){return h||p.error(f+" was not called"),h[0]},c.dataTypes[0]="json",a[f]=function(){h=arguments},e.always(function(){a[f]=g,c[f]&&(c.jsonpCallback=d.jsonpCallback,cD.push(f)),h&&p.isFunction(g)&&g(h[0]),h=g=b}),"script"}),p.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){return p.globalEval(a),a}}}),p.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),p.ajaxTransport("script",function(a){if(a.crossDomain){var c,d=e.head||e.getElementsByTagName("head")[0]||e.documentElement;return{send:function(f,g){c=e.createElement("script"),c.async="async",a.scriptCharset&&(c.charset=a.scriptCharset),c.src=a.url,c.onload=c.onreadystatechange=function(a,e){if(e||!c.readyState||/loaded|complete/.test(c.readyState))c.onload=c.onreadystatechange=null,d&&c.parentNode&&d.removeChild(c),c=b,e||g(200,"success")},d.insertBefore(c,d.firstChild)},abort:function(){c&&c.onload(0,1)}}}});var cH,cI=a.ActiveXObject?function(){for(var a in cH)cH[a](0,1)}:!1,cJ=0;p.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&cK()||cL()}:cK,function(a){p.extend(p.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(p.ajaxSettings.xhr()),p.support.ajax&&p.ajaxTransport(function(c){if(!c.crossDomain||p.support.cors){var d;return{send:function(e,f){var g,h,i=c.xhr();c.username?i.open(c.type,c.url,c.async,c.username,c.password):i.open(c.type,c.url,c.async);if(c.xhrFields)for(h in c.xhrFields)i[h]=c.xhrFields[h];c.mimeType&&i.overrideMimeType&&i.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(h in e)i.setRequestHeader(h,e[h])}catch(j){}i.send(c.hasContent&&c.data||null),d=function(a,e){var h,j,k,l,m;try{if(d&&(e||i.readyState===4)){d=b,g&&(i.onreadystatechange=p.noop,cI&&delete cH[g]);if(e)i.readyState!==4&&i.abort();else{h=i.status,k=i.getAllResponseHeaders(),l={},m=i.responseXML,m&&m.documentElement&&(l.xml=m);try{l.text=i.responseText}catch(a){}try{j=i.statusText}catch(n){j=""}!h&&c.isLocal&&!c.crossDomain?h=l.text?200:404:h===1223&&(h=204)}}}catch(o){e||f(-1,o)}l&&f(h,j,l,k)},c.async?i.readyState===4?setTimeout(d,0):(g=++cJ,cI&&(cH||(cH={},p(a).unload(cI)),cH[g]=d),i.onreadystatechange=d):d()},abort:function(){d&&d(0,1)}}}});var cM,cN,cO=/^(?:toggle|show|hide)$/,cP=new RegExp("^(?:([-+])=|)("+q+")([a-z%]*)$","i"),cQ=/queueHooks$/,cR=[cX],cS={"*":[function(a,b){var c,d,e,f=this.createTween(a,b),g=cP.exec(b),h=f.cur(),i=+h||0,j=1;if(g){c=+g[2],d=g[3]||(p.cssNumber[a]?"":"px");if(d!=="px"&&i){i=p.css(f.elem,a,!0)||c||1;do e=j=j||".5",i=i/j,p.style(f.elem,a,i+d),j=f.cur()/h;while(j!==1&&j!==e)}f.unit=d,f.start=i,f.end=g[1]?i+(g[1]+1)*c:c}return f}]};p.Animation=p.extend(cV,{tweener:function(a,b){p.isFunction(a)?(b=a,a=["*"]):a=a.split(" ");var c,d=0,e=a.length;for(;d<e;d++)c=a[d],cS[c]=cS[c]||[],cS[c].unshift(b)},prefilter:function(a,b){b?cR.unshift(a):cR.push(a)}}),p.Tween=cY,cY.prototype={constructor:cY,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||"swing",this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(p.cssNumber[c]?"":"px")},cur:function(){var a=cY.propHooks[this.prop];return a&&a.get?a.get(this):cY.propHooks._default.get(this)},run:function(a){var b,c=cY.propHooks[this.prop];return this.pos=b=p.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration),this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):cY.propHooks._default.set(this),this}},cY.prototype.init.prototype=cY.prototype,cY.propHooks={_default:{get:function(a){var b;return a.elem[a.prop]==null||!!a.elem.style&&a.elem.style[a.prop]!=null?(b=p.css(a.elem,a.prop,!1,""),!b||b==="auto"?0:b):a.elem[a.prop]},set:function(a){p.fx.step[a.prop]?p.fx.step[a.prop](a):a.elem.style&&(a.elem.style[p.cssProps[a.prop]]!=null||p.cssHooks[a.prop])?p.style(a.elem,a.prop,a.now+a.unit):a.elem[a.prop]=a.now}}},cY.propHooks.scrollTop=cY.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},p.each(["toggle","show","hide"],function(a,b){var c=p.fn[b];p.fn[b]=function(d,e,f){return d==null||typeof d=="boolean"||!a&&p.isFunction(d)&&p.isFunction(e)?c.apply(this,arguments):this.animate(cZ(b,!0),d,e,f)}}),p.fn.extend({fadeTo:function(a,b,c,d){return this.filter(bY).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=p.isEmptyObject(a),f=p.speed(b,c,d),g=function(){var b=cV(this,p.extend({},a),f);e&&b.stop(!0)};return e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,c,d){var e=function(a){var b=a.stop;delete a.stop,b(d)};return typeof a!="string"&&(d=c,c=a,a=b),c&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,c=a!=null&&a+"queueHooks",f=p.timers,g=p._data(this);if(c)g[c]&&g[c].stop&&e(g[c]);else for(c in g)g[c]&&g[c].stop&&cQ.test(c)&&e(g[c]);for(c=f.length;c--;)f[c].elem===this&&(a==null||f[c].queue===a)&&(f[c].anim.stop(d),b=!1,f.splice(c,1));(b||!d)&&p.dequeue(this,a)})}}),p.each({slideDown:cZ("show"),slideUp:cZ("hide"),slideToggle:cZ("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){p.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),p.speed=function(a,b,c){var d=a&&typeof a=="object"?p.extend({},a):{complete:c||!c&&b||p.isFunction(a)&&a,duration:a,easing:c&&b||b&&!p.isFunction(b)&&b};d.duration=p.fx.off?0:typeof d.duration=="number"?d.duration:d.duration in p.fx.speeds?p.fx.speeds[d.duration]:p.fx.speeds._default;if(d.queue==null||d.queue===!0)d.queue="fx";return d.old=d.complete,d.complete=function(){p.isFunction(d.old)&&d.old.call(this),d.queue&&p.dequeue(this,d.queue)},d},p.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2}},p.timers=[],p.fx=cY.prototype.init,p.fx.tick=function(){var a,b=p.timers,c=0;for(;c<b.length;c++)a=b[c],!a()&&b[c]===a&&b.splice(c--,1);b.length||p.fx.stop()},p.fx.timer=function(a){a()&&p.timers.push(a)&&!cN&&(cN=setInterval(p.fx.tick,p.fx.interval))},p.fx.interval=13,p.fx.stop=function(){clearInterval(cN),cN=null},p.fx.speeds={slow:600,fast:200,_default:400},p.fx.step={},p.expr&&p.expr.filters&&(p.expr.filters.animated=function(a){return p.grep(p.timers,function(b){return a===b.elem}).length});var c$=/^(?:body|html)$/i;p.fn.offset=function(a){if(arguments.length)return a===b?this:this.each(function(b){p.offset.setOffset(this,a,b)});var c,d,e,f,g,h,i,j,k,l,m=this[0],n=m&&m.ownerDocument;if(!n)return;return(e=n.body)===m?p.offset.bodyOffset(m):(d=n.documentElement,p.contains(d,m)?(c=m.getBoundingClientRect(),f=c_(n),g=d.clientTop||e.clientTop||0,h=d.clientLeft||e.clientLeft||0,i=f.pageYOffset||d.scrollTop,j=f.pageXOffset||d.scrollLeft,k=c.top+i-g,l=c.left+j-h,{top:k,left:l}):{top:0,left:0})},p.offset={bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;return p.support.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(p.css(a,"marginTop"))||0,c+=parseFloat(p.css(a,"marginLeft"))||0),{top:b,left:c}},setOffset:function(a,b,c){var d=p.css(a,"position");d==="static"&&(a.style.position="relative");var e=p(a),f=e.offset(),g=p.css(a,"top"),h=p.css(a,"left"),i=(d==="absolute"||d==="fixed")&&p.inArray("auto",[g,h])>-1,j={},k={},l,m;i?(k=e.position(),l=k.top,m=k.left):(l=parseFloat(g)||0,m=parseFloat(h)||0),p.isFunction(b)&&(b=b.call(a,c,f)),b.top!=null&&(j.top=b.top-f.top+l),b.left!=null&&(j.left=b.left-f.left+m),"using"in b?b.using.call(a,j):e.css(j)}},p.fn.extend({position:function(){if(!this[0])return;var a=this[0],b=this.offsetParent(),c=this.offset(),d=c$.test(b[0].nodeName)?{top:0,left:0}:b.offset();return c.top-=parseFloat(p.css(a,"marginTop"))||0,c.left-=parseFloat(p.css(a,"marginLeft"))||0,d.top+=parseFloat(p.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(p.css(b[0],"borderLeftWidth"))||0,{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||e.body;while(a&&!c$.test(a.nodeName)&&p.css(a,"position")==="static")a=a.offsetParent;return a||e.body})}}),p.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,c){var d=/Y/.test(c);p.fn[a]=function(e){return p.access(this,function(a,e,f){var g=c_(a);if(f===b)return g?c in g?g[c]:g.document.documentElement[e]:a[e];g?g.scrollTo(d?p(g).scrollLeft():f,d?f:p(g).scrollTop()):a[e]=f},a,e,arguments.length,null)}}),p.each({Height:"height",Width:"width"},function(a,c){p.each({padding:"inner"+a,content:c,"":"outer"+a},function(d,e){p.fn[e]=function(e,f){var g=arguments.length&&(d||typeof e!="boolean"),h=d||(e===!0||f===!0?"margin":"border");return p.access(this,function(c,d,e){var f;return p.isWindow(c)?c.document.documentElement["client"+a]:c.nodeType===9?(f=c.documentElement,Math.max(c.body["scroll"+a],f["scroll"+a],c.body["offset"+a],f["offset"+a],f["client"+a])):e===b?p.css(c,d,e,h):p.style(c,d,e,h)},c,g?e:b,g)}})}),a.jQuery=a.$=p,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return p})})(window);
\ No newline at end of file
diff --git a/api/files/jquery.ba-bbq.min.js b/api/files/jquery.ba-bbq.min.js
deleted file mode 100644
index bcbf24834ac..00000000000
--- a/api/files/jquery.ba-bbq.min.js
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * jQuery BBQ: Back Button & Query Library - v1.2.1 - 2/17/2010
- * http://benalman.com/projects/jquery-bbq-plugin/
- * 
- * Copyright (c) 2010 "Cowboy" Ben Alman
- * Dual licensed under the MIT and GPL licenses.
- * http://benalman.com/about/license/
- */
-(function($,p){var i,m=Array.prototype.slice,r=decodeURIComponent,a=$.param,c,l,v,b=$.bbq=$.bbq||{},q,u,j,e=$.event.special,d="hashchange",A="querystring",D="fragment",y="elemUrlAttr",g="location",k="href",t="src",x=/^.*\?|#.*$/g,w=/^.*\#/,h,C={};function E(F){return typeof F==="string"}function B(G){var F=m.call(arguments,1);return function(){return G.apply(this,F.concat(m.call(arguments)))}}function n(F){return F.replace(/^[^#]*#?(.*)$/,"$1")}function o(F){return F.replace(/(?:^[^?#]*\?([^#]*).*$)?.*/,"$1")}function f(H,M,F,I,G){var O,L,K,N,J;if(I!==i){K=F.match(H?/^([^#]*)\#?(.*)$/:/^([^#?]*)\??([^#]*)(#?.*)/);J=K[3]||"";if(G===2&&E(I)){L=I.replace(H?w:x,"")}else{N=l(K[2]);I=E(I)?l[H?D:A](I):I;L=G===2?I:G===1?$.extend({},I,N):$.extend({},N,I);L=a(L);if(H){L=L.replace(h,r)}}O=K[1]+(H?"#":L||!K[1]?"?":"")+L+J}else{O=M(F!==i?F:p[g][k])}return O}a[A]=B(f,0,o);a[D]=c=B(f,1,n);c.noEscape=function(G){G=G||"";var F=$.map(G.split(""),encodeURIComponent);h=new RegExp(F.join("|"),"g")};c.noEscape(",/");$.deparam=l=function(I,F){var H={},G={"true":!0,"false":!1,"null":null};$.each(I.replace(/\+/g," ").split("&"),function(L,Q){var K=Q.split("="),P=r(K[0]),J,O=H,M=0,R=P.split("]["),N=R.length-1;if(/\[/.test(R[0])&&/\]$/.test(R[N])){R[N]=R[N].replace(/\]$/,"");R=R.shift().split("[").concat(R);N=R.length-1}else{N=0}if(K.length===2){J=r(K[1]);if(F){J=J&&!isNaN(J)?+J:J==="undefined"?i:G[J]!==i?G[J]:J}if(N){for(;M<=N;M++){P=R[M]===""?O.length:R[M];O=O[P]=M<N?O[P]||(R[M+1]&&isNaN(R[M+1])?{}:[]):J}}else{if($.isArray(H[P])){H[P].push(J)}else{if(H[P]!==i){H[P]=[H[P],J]}else{H[P]=J}}}}else{if(P){H[P]=F?i:""}}});return H};function z(H,F,G){if(F===i||typeof F==="boolean"){G=F;F=a[H?D:A]()}else{F=E(F)?F.replace(H?w:x,""):F}return l(F,G)}l[A]=B(z,0);l[D]=v=B(z,1);$[y]||($[y]=function(F){return $.extend(C,F)})({a:k,base:k,iframe:t,img:t,input:t,form:"action",link:k,script:t});j=$[y];function s(I,G,H,F){if(!E(H)&&typeof H!=="object"){F=H;H=G;G=i}return this.each(function(){var L=$(this),J=G||j()[(this.nodeName||"").toLowerCase()]||"",K=J&&L.attr(J)||"";L.attr(J,a[I](K,H,F))})}$.fn[A]=B(s,A);$.fn[D]=B(s,D);b.pushState=q=function(I,F){if(E(I)&&/^#/.test(I)&&F===i){F=2}var H=I!==i,G=c(p[g][k],H?I:{},H?F:2);p[g][k]=G+(/#/.test(G)?"":"#")};b.getState=u=function(F,G){return F===i||typeof F==="boolean"?v(F):v(G)[F]};b.removeState=function(F){var G={};if(F!==i){G=u();$.each($.isArray(F)?F:arguments,function(I,H){delete G[H]})}q(G,2)};e[d]=$.extend(e[d],{add:function(F){var H;function G(J){var I=J[D]=c();J.getState=function(K,L){return K===i||typeof K==="boolean"?l(I,K):l(I,L)[K]};H.apply(this,arguments)}if($.isFunction(F)){H=F;return G}else{H=F.handler;F.handler=G}}})})(jQuery,this);
-/*
- * jQuery hashchange event - v1.2 - 2/11/2010
- * http://benalman.com/projects/jquery-hashchange-plugin/
- * 
- * Copyright (c) 2010 "Cowboy" Ben Alman
- * Dual licensed under the MIT and GPL licenses.
- * http://benalman.com/about/license/
- */
-(function($,i,b){var j,k=$.event.special,c="location",d="hashchange",l="href",f=$.browser,g=document.documentMode,h=f.msie&&(g===b||g<8),e="on"+d in i&&!h;function a(m){m=m||i[c][l];return m.replace(/^[^#]*#?(.*)$/,"$1")}$[d+"Delay"]=100;k[d]=$.extend(k[d],{setup:function(){if(e){return false}$(j.start)},teardown:function(){if(e){return false}$(j.stop)}});j=(function(){var m={},r,n,o,q;function p(){o=q=function(s){return s};if(h){n=$('<iframe src="javascript:0"/>').hide().insertAfter("body")[0].contentWindow;q=function(){return a(n.document[c][l])};o=function(u,s){if(u!==s){var t=n.document;t.open().close();t[c].hash="#"+u}};o(a())}}m.start=function(){if(r){return}var t=a();o||p();(function s(){var v=a(),u=q(t);if(v!==t){o(t=v,u);$(i).trigger(d)}else{if(u!==t){i[c][l]=i[c][l].replace(/#.*/,"")+"#"+u}}r=setTimeout(s,$[d+"Delay"])})()};m.stop=function(){if(!n){r&&clearTimeout(r);r=0}};return m})()})(jQuery,this);
\ No newline at end of file
diff --git a/api/files/jquery.slideto.min.js b/api/files/jquery.slideto.min.js
deleted file mode 100644
index ba32cff3651..00000000000
--- a/api/files/jquery.slideto.min.js
+++ /dev/null
@@ -1 +0,0 @@
-(function(b){b.fn.slideto=function(a){a=b.extend({slide_duration:"slow",highlight_duration:3E3,highlight:true,highlight_color:"#FFFF99"},a);return this.each(function(){obj=b(this);b("body").animate({scrollTop:obj.offset().top},a.slide_duration,function(){a.highlight&&b.ui.version&&obj.effect("highlight",{color:a.highlight_color},a.highlight_duration)})})}})(jQuery);
diff --git a/api/files/jquery.wiggle.min.js b/api/files/jquery.wiggle.min.js
deleted file mode 100644
index 2adb0d6d54a..00000000000
--- a/api/files/jquery.wiggle.min.js
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-jQuery Wiggle
-Author: WonderGroup, Jordan Thomas
-URL: http://labs.wondergroup.com/demos/mini-ui/index.html
-License: MIT (http://en.wikipedia.org/wiki/MIT_License)
-*/
-jQuery.fn.wiggle=function(o){var d={speed:50,wiggles:3,travel:5,callback:null};var o=jQuery.extend(d,o);return this.each(function(){var cache=this;var wrap=jQuery(this).wrap('<div class="wiggle-wrap"></div>').css("position","relative");var calls=0;for(i=1;i<=o.wiggles;i++){jQuery(this).animate({left:"-="+o.travel},o.speed).animate({left:"+="+o.travel*2},o.speed*2).animate({left:"-="+o.travel},o.speed,function(){calls++;if(jQuery(cache).parent().hasClass('wiggle-wrap')){jQuery(cache).parent().replaceWith(cache);}
-if(calls==o.wiggles&&jQuery.isFunction(o.callback)){o.callback();}});}});};
\ No newline at end of file
diff --git a/api/files/reset.css b/api/files/reset.css
deleted file mode 100644
index b2b078943c4..00000000000
--- a/api/files/reset.css
+++ /dev/null
@@ -1,125 +0,0 @@
-/* http://meyerweb.com/eric/tools/css/reset/ v2.0 | 20110126 */
-html,
-body,
-div,
-span,
-applet,
-object,
-iframe,
-h1,
-h2,
-h3,
-h4,
-h5,
-h6,
-p,
-blockquote,
-pre,
-a,
-abbr,
-acronym,
-address,
-big,
-cite,
-code,
-del,
-dfn,
-em,
-img,
-ins,
-kbd,
-q,
-s,
-samp,
-small,
-strike,
-strong,
-sub,
-sup,
-tt,
-var,
-b,
-u,
-i,
-center,
-dl,
-dt,
-dd,
-ol,
-ul,
-li,
-fieldset,
-form,
-label,
-legend,
-table,
-caption,
-tbody,
-tfoot,
-thead,
-tr,
-th,
-td,
-article,
-aside,
-canvas,
-details,
-embed,
-figure,
-figcaption,
-footer,
-header,
-hgroup,
-menu,
-nav,
-output,
-ruby,
-section,
-summary,
-time,
-mark,
-audio,
-video {
-  margin: 0;
-  padding: 0;
-  border: 0;
-  font-size: 100%;
-  font: inherit;
-  vertical-align: baseline;
-}
-/* HTML5 display-role reset for older browsers */
-article,
-aside,
-details,
-figcaption,
-figure,
-footer,
-header,
-hgroup,
-menu,
-nav,
-section {
-  display: block;
-}
-body {
-  line-height: 1;
-}
-ol,
-ul {
-  list-style: none;
-}
-blockquote,
-q {
-  quotes: none;
-}
-blockquote:before,
-blockquote:after,
-q:before,
-q:after {
-  content: '';
-  content: none;
-}
-table {
-  border-collapse: collapse;
-  border-spacing: 0;
-}
diff --git a/api/files/screen.css b/api/files/screen.css
deleted file mode 100644
index f2148836bd8..00000000000
--- a/api/files/screen.css
+++ /dev/null
@@ -1,1221 +0,0 @@
-/* Original style from softwaremaniacs.org (c) Ivan Sagalaev <Maniac@SoftwareManiacs.Org> */
-.swagger-section pre code {
-  display: block;
-  padding: 0.5em;
-  background: #F0F0F0;
-}
-.swagger-section pre code,
-.swagger-section pre .subst,
-.swagger-section pre .tag .title,
-.swagger-section pre .lisp .title,
-.swagger-section pre .clojure .built_in,
-.swagger-section pre .nginx .title {
-  color: black;
-}
-.swagger-section pre .string,
-.swagger-section pre .title,
-.swagger-section pre .constant,
-.swagger-section pre .parent,
-.swagger-section pre .tag .value,
-.swagger-section pre .rules .value,
-.swagger-section pre .rules .value .number,
-.swagger-section pre .preprocessor,
-.swagger-section pre .ruby .symbol,
-.swagger-section pre .ruby .symbol .string,
-.swagger-section pre .aggregate,
-.swagger-section pre .template_tag,
-.swagger-section pre .django .variable,
-.swagger-section pre .smalltalk .class,
-.swagger-section pre .addition,
-.swagger-section pre .flow,
-.swagger-section pre .stream,
-.swagger-section pre .bash .variable,
-.swagger-section pre .apache .tag,
-.swagger-section pre .apache .cbracket,
-.swagger-section pre .tex .command,
-.swagger-section pre .tex .special,
-.swagger-section pre .erlang_repl .function_or_atom,
-.swagger-section pre .markdown .header {
-  color: #800;
-}
-.swagger-section pre .comment,
-.swagger-section pre .annotation,
-.swagger-section pre .template_comment,
-.swagger-section pre .diff .header,
-.swagger-section pre .chunk,
-.swagger-section pre .markdown .blockquote {
-  color: #888;
-}
-.swagger-section pre .number,
-.swagger-section pre .date,
-.swagger-section pre .regexp,
-.swagger-section pre .literal,
-.swagger-section pre .smalltalk .symbol,
-.swagger-section pre .smalltalk .char,
-.swagger-section pre .go .constant,
-.swagger-section pre .change,
-.swagger-section pre .markdown .bullet,
-.swagger-section pre .markdown .link_url {
-  color: #080;
-}
-.swagger-section pre .label,
-.swagger-section pre .javadoc,
-.swagger-section pre .ruby .string,
-.swagger-section pre .decorator,
-.swagger-section pre .filter .argument,
-.swagger-section pre .localvars,
-.swagger-section pre .array,
-.swagger-section pre .attr_selector,
-.swagger-section pre .important,
-.swagger-section pre .pseudo,
-.swagger-section pre .pi,
-.swagger-section pre .doctype,
-.swagger-section pre .deletion,
-.swagger-section pre .envvar,
-.swagger-section pre .shebang,
-.swagger-section pre .apache .sqbracket,
-.swagger-section pre .nginx .built_in,
-.swagger-section pre .tex .formula,
-.swagger-section pre .erlang_repl .reserved,
-.swagger-section pre .prompt,
-.swagger-section pre .markdown .link_label,
-.swagger-section pre .vhdl .attribute,
-.swagger-section pre .clojure .attribute,
-.swagger-section pre .coffeescript .property {
-  color: #8888ff;
-}
-.swagger-section pre .keyword,
-.swagger-section pre .id,
-.swagger-section pre .phpdoc,
-.swagger-section pre .title,
-.swagger-section pre .built_in,
-.swagger-section pre .aggregate,
-.swagger-section pre .css .tag,
-.swagger-section pre .javadoctag,
-.swagger-section pre .phpdoc,
-.swagger-section pre .yardoctag,
-.swagger-section pre .smalltalk .class,
-.swagger-section pre .winutils,
-.swagger-section pre .bash .variable,
-.swagger-section pre .apache .tag,
-.swagger-section pre .go .typename,
-.swagger-section pre .tex .command,
-.swagger-section pre .markdown .strong,
-.swagger-section pre .request,
-.swagger-section pre .status {
-  font-weight: bold;
-}
-.swagger-section pre .markdown .emphasis {
-  font-style: italic;
-}
-.swagger-section pre .nginx .built_in {
-  font-weight: normal;
-}
-.swagger-section pre .coffeescript .javascript,
-.swagger-section pre .javascript .xml,
-.swagger-section pre .tex .formula,
-.swagger-section pre .xml .javascript,
-.swagger-section pre .xml .vbscript,
-.swagger-section pre .xml .css,
-.swagger-section pre .xml .cdata {
-  opacity: 0.5;
-}
-.swagger-section .swagger-ui-wrap {
-  line-height: 1;
-  font-family: "Droid Sans", sans-serif;
-  max-width: 960px;
-  margin-left: auto;
-  margin-right: auto;
-}
-.swagger-section .swagger-ui-wrap b,
-.swagger-section .swagger-ui-wrap strong {
-  font-family: "Droid Sans", sans-serif;
-  font-weight: bold;
-}
-.swagger-section .swagger-ui-wrap q,
-.swagger-section .swagger-ui-wrap blockquote {
-  quotes: none;
-}
-.swagger-section .swagger-ui-wrap p {
-  line-height: 1.4em;
-  padding: 0 0 10px;
-  color: #333333;
-}
-.swagger-section .swagger-ui-wrap q:before,
-.swagger-section .swagger-ui-wrap q:after,
-.swagger-section .swagger-ui-wrap blockquote:before,
-.swagger-section .swagger-ui-wrap blockquote:after {
-  content: none;
-}
-.swagger-section .swagger-ui-wrap .heading_with_menu h1,
-.swagger-section .swagger-ui-wrap .heading_with_menu h2,
-.swagger-section .swagger-ui-wrap .heading_with_menu h3,
-.swagger-section .swagger-ui-wrap .heading_with_menu h4,
-.swagger-section .swagger-ui-wrap .heading_with_menu h5,
-.swagger-section .swagger-ui-wrap .heading_with_menu h6 {
-  display: block;
-  clear: none;
-  float: left;
-  -moz-box-sizing: border-box;
-  -webkit-box-sizing: border-box;
-  -ms-box-sizing: border-box;
-  box-sizing: border-box;
-  width: 60%;
-}
-.swagger-section .swagger-ui-wrap table {
-  border-collapse: collapse;
-  border-spacing: 0;
-}
-.swagger-section .swagger-ui-wrap table thead tr th {
-  padding: 5px;
-  font-size: 0.9em;
-  color: #666666;
-  border-bottom: 1px solid #999999;
-}
-.swagger-section .swagger-ui-wrap table tbody tr:last-child td {
-  border-bottom: none;
-}
-.swagger-section .swagger-ui-wrap table tbody tr.offset {
-  background-color: #f0f0f0;
-}
-.swagger-section .swagger-ui-wrap table tbody tr td {
-  padding: 6px;
-  font-size: 0.9em;
-  border-bottom: 1px solid #cccccc;
-  vertical-align: top;
-  line-height: 1.3em;
-}
-.swagger-section .swagger-ui-wrap ol {
-  margin: 0px 0 10px;
-  padding: 0 0 0 18px;
-  list-style-type: decimal;
-}
-.swagger-section .swagger-ui-wrap ol li {
-  padding: 5px 0px;
-  font-size: 0.9em;
-  color: #333333;
-}
-.swagger-section .swagger-ui-wrap ol,
-.swagger-section .swagger-ui-wrap ul {
-  list-style: none;
-}
-.swagger-section .swagger-ui-wrap h1 a,
-.swagger-section .swagger-ui-wrap h2 a,
-.swagger-section .swagger-ui-wrap h3 a,
-.swagger-section .swagger-ui-wrap h4 a,
-.swagger-section .swagger-ui-wrap h5 a,
-.swagger-section .swagger-ui-wrap h6 a {
-  text-decoration: none;
-}
-.swagger-section .swagger-ui-wrap h1 a:hover,
-.swagger-section .swagger-ui-wrap h2 a:hover,
-.swagger-section .swagger-ui-wrap h3 a:hover,
-.swagger-section .swagger-ui-wrap h4 a:hover,
-.swagger-section .swagger-ui-wrap h5 a:hover,
-.swagger-section .swagger-ui-wrap h6 a:hover {
-  text-decoration: underline;
-}
-.swagger-section .swagger-ui-wrap h1 span.divider,
-.swagger-section .swagger-ui-wrap h2 span.divider,
-.swagger-section .swagger-ui-wrap h3 span.divider,
-.swagger-section .swagger-ui-wrap h4 span.divider,
-.swagger-section .swagger-ui-wrap h5 span.divider,
-.swagger-section .swagger-ui-wrap h6 span.divider {
-  color: #aaaaaa;
-}
-.swagger-section .swagger-ui-wrap a {
-  color: #547f00;
-}
-.swagger-section .swagger-ui-wrap a img {
-  border: none;
-}
-.swagger-section .swagger-ui-wrap article,
-.swagger-section .swagger-ui-wrap aside,
-.swagger-section .swagger-ui-wrap details,
-.swagger-section .swagger-ui-wrap figcaption,
-.swagger-section .swagger-ui-wrap figure,
-.swagger-section .swagger-ui-wrap footer,
-.swagger-section .swagger-ui-wrap header,
-.swagger-section .swagger-ui-wrap hgroup,
-.swagger-section .swagger-ui-wrap menu,
-.swagger-section .swagger-ui-wrap nav,
-.swagger-section .swagger-ui-wrap section,
-.swagger-section .swagger-ui-wrap summary {
-  display: block;
-}
-.swagger-section .swagger-ui-wrap pre {
-  font-family: "Anonymous Pro", "Menlo", "Consolas", "Bitstream Vera Sans Mono", "Courier New", monospace;
-  background-color: #fcf6db;
-  border: 1px solid #e5e0c6;
-  padding: 10px;
-}
-.swagger-section .swagger-ui-wrap pre code {
-  line-height: 1.6em;
-  background: none;
-}
-.swagger-section .swagger-ui-wrap .content > .content-type > div > label {
-  clear: both;
-  display: block;
-  color: #0F6AB4;
-  font-size: 1.1em;
-  margin: 0;
-  padding: 15px 0 5px;
-}
-.swagger-section .swagger-ui-wrap .content pre {
-  font-size: 12px;
-  margin-top: 5px;
-  padding: 5px;
-}
-.swagger-section .swagger-ui-wrap .icon-btn {
-  cursor: pointer;
-}
-.swagger-section .swagger-ui-wrap .info_title {
-  padding-bottom: 10px;
-  font-weight: bold;
-  font-size: 25px;
-}
-.swagger-section .swagger-ui-wrap p.big,
-.swagger-section .swagger-ui-wrap div.big p {
-  font-size: 1em;
-  margin-bottom: 10px;
-}
-.swagger-section .swagger-ui-wrap form.fullwidth ol li.string input,
-.swagger-section .swagger-ui-wrap form.fullwidth ol li.url input,
-.swagger-section .swagger-ui-wrap form.fullwidth ol li.text textarea,
-.swagger-section .swagger-ui-wrap form.fullwidth ol li.numeric input {
-  width: 500px !important;
-}
-.swagger-section .swagger-ui-wrap .info_license {
-  padding-bottom: 5px;
-}
-.swagger-section .swagger-ui-wrap .info_tos {
-  padding-bottom: 5px;
-}
-.swagger-section .swagger-ui-wrap .message-fail {
-  color: #cc0000;
-}
-.swagger-section .swagger-ui-wrap .info_contact {
-  padding-bottom: 5px;
-}
-.swagger-section .swagger-ui-wrap .info_description {
-  padding-bottom: 10px;
-  font-size: 15px;
-}
-.swagger-section .swagger-ui-wrap .markdown ol li,
-.swagger-section .swagger-ui-wrap .markdown ul li {
-  padding: 3px 0px;
-  line-height: 1.4em;
-  color: #333333;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.string input,
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.url input,
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.numeric input {
-  display: block;
-  padding: 4px;
-  width: auto;
-  clear: both;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.string input.title,
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.url input.title,
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.numeric input.title {
-  font-size: 1.3em;
-}
-.swagger-section .swagger-ui-wrap table.fullwidth {
-  width: 100%;
-}
-.swagger-section .swagger-ui-wrap .model-signature {
-  font-family: "Droid Sans", sans-serif;
-  font-size: 1em;
-  line-height: 1.5em;
-}
-.swagger-section .swagger-ui-wrap .model-signature .signature-nav a {
-  text-decoration: none;
-  color: #AAA;
-}
-.swagger-section .swagger-ui-wrap .model-signature .signature-nav a:hover {
-  text-decoration: underline;
-  color: black;
-}
-.swagger-section .swagger-ui-wrap .model-signature .signature-nav .selected {
-  color: black;
-  text-decoration: none;
-}
-.swagger-section .swagger-ui-wrap .model-signature .propType {
-  color: #5555aa;
-}
-.swagger-section .swagger-ui-wrap .model-signature pre:hover {
-  background-color: #ffffdd;
-}
-.swagger-section .swagger-ui-wrap .model-signature pre {
-  font-size: .85em;
-  line-height: 1.2em;
-  overflow: auto;
-  max-height: 200px;
-  cursor: pointer;
-}
-.swagger-section .swagger-ui-wrap .model-signature ul.signature-nav {
-  display: block;
-  margin: 0;
-  padding: 0;
-}
-.swagger-section .swagger-ui-wrap .model-signature ul.signature-nav li:last-child {
-  padding-right: 0;
-  border-right: none;
-}
-.swagger-section .swagger-ui-wrap .model-signature ul.signature-nav li {
-  float: left;
-  margin: 0 5px 5px 0;
-  padding: 2px 5px 2px 0;
-  border-right: 1px solid #ddd;
-}
-.swagger-section .swagger-ui-wrap .model-signature .propOpt {
-  color: #555;
-}
-.swagger-section .swagger-ui-wrap .model-signature .snippet small {
-  font-size: 0.75em;
-}
-.swagger-section .swagger-ui-wrap .model-signature .propOptKey {
-  font-style: italic;
-}
-.swagger-section .swagger-ui-wrap .model-signature .description .strong {
-  font-weight: bold;
-  color: #000;
-  font-size: .9em;
-}
-.swagger-section .swagger-ui-wrap .model-signature .description div {
-  font-size: 0.9em;
-  line-height: 1.5em;
-  margin-left: 1em;
-}
-.swagger-section .swagger-ui-wrap .model-signature .description .stronger {
-  font-weight: bold;
-  color: #000;
-}
-.swagger-section .swagger-ui-wrap .model-signature .propName {
-  font-weight: bold;
-}
-.swagger-section .swagger-ui-wrap .model-signature .signature-container {
-  clear: both;
-}
-.swagger-section .swagger-ui-wrap .body-textarea {
-  width: 300px;
-  height: 100px;
-  border: 1px solid #aaa;
-}
-.swagger-section .swagger-ui-wrap .markdown p code,
-.swagger-section .swagger-ui-wrap .markdown li code {
-  font-family: "Anonymous Pro", "Menlo", "Consolas", "Bitstream Vera Sans Mono", "Courier New", monospace;
-  background-color: #f0f0f0;
-  color: black;
-  padding: 1px 3px;
-}
-.swagger-section .swagger-ui-wrap .required {
-  font-weight: bold;
-}
-.swagger-section .swagger-ui-wrap input.parameter {
-  width: 300px;
-  border: 1px solid #aaa;
-}
-.swagger-section .swagger-ui-wrap h1 {
-  color: black;
-  font-size: 1.5em;
-  line-height: 1.3em;
-  padding: 10px 0 10px 0;
-  font-family: "Droid Sans", sans-serif;
-  font-weight: bold;
-}
-.swagger-section .swagger-ui-wrap .heading_with_menu {
-  float: none;
-  clear: both;
-  overflow: hidden;
-  display: block;
-}
-.swagger-section .swagger-ui-wrap .heading_with_menu ul {
-  display: block;
-  clear: none;
-  float: right;
-  -moz-box-sizing: border-box;
-  -webkit-box-sizing: border-box;
-  -ms-box-sizing: border-box;
-  box-sizing: border-box;
-  margin-top: 10px;
-}
-.swagger-section .swagger-ui-wrap h2 {
-  color: black;
-  font-size: 1.3em;
-  padding: 10px 0 10px 0;
-}
-.swagger-section .swagger-ui-wrap h2 a {
-  color: black;
-}
-.swagger-section .swagger-ui-wrap h2 span.sub {
-  font-size: 0.7em;
-  color: #999999;
-  font-style: italic;
-}
-.swagger-section .swagger-ui-wrap h2 span.sub a {
-  color: #777777;
-}
-.swagger-section .swagger-ui-wrap span.weak {
-  color: #666666;
-}
-.swagger-section .swagger-ui-wrap .message-success {
-  color: #89BF04;
-}
-.swagger-section .swagger-ui-wrap caption,
-.swagger-section .swagger-ui-wrap th,
-.swagger-section .swagger-ui-wrap td {
-  text-align: left;
-  font-weight: normal;
-  vertical-align: middle;
-}
-.swagger-section .swagger-ui-wrap .code {
-  font-family: "Anonymous Pro", "Menlo", "Consolas", "Bitstream Vera Sans Mono", "Courier New", monospace;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.text textarea {
-  font-family: "Droid Sans", sans-serif;
-  height: 250px;
-  padding: 4px;
-  display: block;
-  clear: both;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.select select {
-  display: block;
-  clear: both;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.boolean {
-  float: none;
-  clear: both;
-  overflow: hidden;
-  display: block;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.boolean label {
-  display: block;
-  float: left;
-  clear: none;
-  margin: 0;
-  padding: 0;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.boolean input {
-  display: block;
-  float: left;
-  clear: none;
-  margin: 0 5px 0 0;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li.required label {
-  color: black;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li label {
-  display: block;
-  clear: both;
-  width: auto;
-  padding: 0 0 3px;
-  color: #666666;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li label abbr {
-  padding-left: 3px;
-  color: #888888;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.inputs ol li p.inline-hints {
-  margin-left: 0;
-  font-style: italic;
-  font-size: 0.9em;
-  margin: 0;
-}
-.swagger-section .swagger-ui-wrap form.formtastic fieldset.buttons {
-  margin: 0;
-  padding: 0;
-}
-.swagger-section .swagger-ui-wrap span.blank,
-.swagger-section .swagger-ui-wrap span.empty {
-  color: #888888;
-  font-style: italic;
-}
-.swagger-section .swagger-ui-wrap .markdown h3 {
-  color: #547f00;
-}
-.swagger-section .swagger-ui-wrap .markdown h4 {
-  color: #666666;
-}
-.swagger-section .swagger-ui-wrap .markdown pre {
-  font-family: "Anonymous Pro", "Menlo", "Consolas", "Bitstream Vera Sans Mono", "Courier New", monospace;
-  background-color: #fcf6db;
-  border: 1px solid #e5e0c6;
-  padding: 10px;
-  margin: 0 0 10px 0;
-}
-.swagger-section .swagger-ui-wrap .markdown pre code {
-  line-height: 1.6em;
-}
-.swagger-section .swagger-ui-wrap div.gist {
-  margin: 20px 0 25px 0 !important;
-}
-.swagger-section .swagger-ui-wrap ul#resources {
-  font-family: "Droid Sans", sans-serif;
-  font-size: 0.9em;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource {
-  border-bottom: 1px solid #dddddd;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource:hover div.heading h2 a,
-.swagger-section .swagger-ui-wrap ul#resources li.resource.active div.heading h2 a {
-  color: black;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource:hover div.heading ul.options li a,
-.swagger-section .swagger-ui-wrap ul#resources li.resource.active div.heading ul.options li a {
-  color: #555555;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource:last-child {
-  border-bottom: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading {
-  border: 1px solid transparent;
-  float: none;
-  clear: both;
-  overflow: hidden;
-  display: block;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options {
-  overflow: hidden;
-  padding: 0;
-  display: block;
-  clear: none;
-  float: right;
-  margin: 14px 10px 0 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li {
-  float: left;
-  clear: none;
-  margin: 0;
-  padding: 2px 10px;
-  border-right: 1px solid #dddddd;
-  color: #666666;
-  font-size: 0.9em;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li a {
-  color: #aaaaaa;
-  text-decoration: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li a:hover {
-  text-decoration: underline;
-  color: black;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li a:hover,
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li a:active,
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li a.active {
-  text-decoration: underline;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li:first-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li.first {
-  padding-left: 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options li.last {
-  padding-right: 0;
-  border-right: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options:first-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading ul.options.first {
-  padding-left: 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading h2 {
-  color: #999999;
-  padding-left: 0;
-  display: block;
-  clear: none;
-  float: left;
-  font-family: "Droid Sans", sans-serif;
-  font-weight: bold;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading h2 a {
-  color: #999999;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource div.heading h2 a:hover {
-  color: black;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation {
-  float: none;
-  clear: both;
-  overflow: hidden;
-  display: block;
-  margin: 0 0 10px;
-  padding: 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading {
-  float: none;
-  clear: both;
-  overflow: hidden;
-  display: block;
-  margin: 0;
-  padding: 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading h3 {
-  display: block;
-  clear: none;
-  float: left;
-  width: auto;
-  margin: 0;
-  padding: 0;
-  line-height: 1.1em;
-  color: black;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading h3 span.path {
-  padding-left: 10px;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading h3 span.path a {
-  color: black;
-  text-decoration: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading h3 span.path a:hover {
-  text-decoration: underline;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading h3 span.http_method a {
-  text-transform: uppercase;
-  text-decoration: none;
-  color: white;
-  display: inline-block;
-  width: 50px;
-  font-size: 0.7em;
-  text-align: center;
-  padding: 7px 0 4px;
-  -moz-border-radius: 2px;
-  -webkit-border-radius: 2px;
-  -o-border-radius: 2px;
-  -ms-border-radius: 2px;
-  -khtml-border-radius: 2px;
-  border-radius: 2px;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading h3 span {
-  margin: 0;
-  padding: 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading ul.options {
-  overflow: hidden;
-  padding: 0;
-  display: block;
-  clear: none;
-  float: right;
-  margin: 6px 10px 0 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading ul.options li {
-  float: left;
-  clear: none;
-  margin: 0;
-  padding: 2px 10px;
-  font-size: 0.9em;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading ul.options li a {
-  text-decoration: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.heading ul.options li.access {
-  color: black;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content {
-  border-top: none;
-  padding: 10px;
-  -moz-border-radius-bottomleft: 6px;
-  -webkit-border-bottom-left-radius: 6px;
-  -o-border-bottom-left-radius: 6px;
-  -ms-border-bottom-left-radius: 6px;
-  -khtml-border-bottom-left-radius: 6px;
-  border-bottom-left-radius: 6px;
-  -moz-border-radius-bottomright: 6px;
-  -webkit-border-bottom-right-radius: 6px;
-  -o-border-bottom-right-radius: 6px;
-  -ms-border-bottom-right-radius: 6px;
-  -khtml-border-bottom-right-radius: 6px;
-  border-bottom-right-radius: 6px;
-  margin: 0 0 20px;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content h4 {
-  font-size: 1.1em;
-  margin: 0;
-  padding: 15px 0 5px;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content div.sandbox_header {
-  float: none;
-  clear: both;
-  overflow: hidden;
-  display: block;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content div.sandbox_header a {
-  padding: 4px 0 0 10px;
-  display: inline-block;
-  font-size: 0.9em;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content div.sandbox_header img {
-  display: block;
-  clear: none;
-  float: right;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content div.sandbox_header input.submit {
-  display: block;
-  clear: none;
-  float: left;
-  padding: 6px 8px;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content form input[type='text'].error {
-  outline: 2px solid black;
-  outline-color: #cc0000;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation div.content div.response div.block pre {
-  font-family: "Anonymous Pro", "Menlo", "Consolas", "Bitstream Vera Sans Mono", "Courier New", monospace;
-  padding: 10px;
-  font-size: 0.9em;
-  max-height: 400px;
-  overflow-y: auto;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.heading {
-  background-color: #f9f2e9;
-  border: 1px solid #f0e0ca;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.heading h3 span.http_method a {
-  background-color: #c5862b;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #f0e0ca;
-  color: #c5862b;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.heading ul.options li a {
-  color: #c5862b;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.content {
-  background-color: #faf5ee;
-  border: 1px solid #f0e0ca;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.content h4 {
-  color: #c5862b;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.content div.sandbox_header a {
-  color: #dcb67f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.heading {
-  background-color: #fcffcd;
-  border: 1px solid black;
-  border-color: #ffd20f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.heading h3 span.http_method a {
-  text-transform: uppercase;
-  background-color: #ffd20f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #ffd20f;
-  color: #ffd20f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.heading ul.options li a {
-  color: #ffd20f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.content {
-  background-color: #fcffcd;
-  border: 1px solid black;
-  border-color: #ffd20f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.content h4 {
-  color: #ffd20f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.content div.sandbox_header a {
-  color: #6fc992;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.heading {
-  background-color: #f5e8e8;
-  border: 1px solid #e8c6c7;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.heading h3 span.http_method a {
-  text-transform: uppercase;
-  background-color: #a41e22;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #e8c6c7;
-  color: #a41e22;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.heading ul.options li a {
-  color: #a41e22;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.content {
-  background-color: #f7eded;
-  border: 1px solid #e8c6c7;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.content h4 {
-  color: #a41e22;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.content div.sandbox_header a {
-  color: #c8787a;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.heading {
-  background-color: #e7f6ec;
-  border: 1px solid #c3e8d1;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.heading h3 span.http_method a {
-  background-color: #10a54a;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #c3e8d1;
-  color: #10a54a;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.heading ul.options li a {
-  color: #10a54a;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.content {
-  background-color: #ebf7f0;
-  border: 1px solid #c3e8d1;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.content h4 {
-  color: #10a54a;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.content div.sandbox_header a {
-  color: #6fc992;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.heading {
-  background-color: #FCE9E3;
-  border: 1px solid #F5D5C3;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.heading h3 span.http_method a {
-  background-color: #D38042;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #f0cecb;
-  color: #D38042;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.heading ul.options li a {
-  color: #D38042;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.content {
-  background-color: #faf0ef;
-  border: 1px solid #f0cecb;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.content h4 {
-  color: #D38042;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.content div.sandbox_header a {
-  color: #dcb67f;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.heading {
-  background-color: #e7f0f7;
-  border: 1px solid #c3d9ec;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.heading h3 span.http_method a {
-  background-color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #c3d9ec;
-  color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.heading ul.options li a {
-  color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.content {
-  background-color: #ebf3f9;
-  border: 1px solid #c3d9ec;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.content h4 {
-  color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.content div.sandbox_header a {
-  color: #6fa5d2;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.heading {
-  background-color: #e7f0f7;
-  border: 1px solid #c3d9ec;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.heading h3 span.http_method a {
-  background-color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.heading ul.options li {
-  border-right: 1px solid #dddddd;
-  border-right-color: #c3d9ec;
-  color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.heading ul.options li a {
-  color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.content {
-  background-color: #ebf3f9;
-  border: 1px solid #c3d9ec;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.content h4 {
-  color: #0f6ab4;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.options div.content div.sandbox_header a {
-  color: #6fa5d2;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.content,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.content,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.content,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.content,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.content,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.content {
-  border-top: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.heading ul.options li:last-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.get div.heading ul.options li.last,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.post div.heading ul.options li.last,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.head div.heading ul.options li.last,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.put div.heading ul.options li.last,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.patch div.heading ul.options li.last,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations li.operation.delete div.heading ul.options li.last {
-  padding-right: 0;
-  border-right: none;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations ul.options li a:hover,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations ul.options li a:active,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations ul.options li a.active {
-  text-decoration: underline;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations ul.options li:first-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations ul.options li.first {
-  padding-left: 0;
-}
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations:first-child,
-.swagger-section .swagger-ui-wrap ul#resources li.resource ul.endpoints li.endpoint ul.operations.first {
-  padding-left: 0;
-}
-.swagger-section .swagger-ui-wrap p#colophon {
-  margin: 0 15px 40px 15px;
-  padding: 10px 0;
-  font-size: 0.8em;
-  border-top: 1px solid #dddddd;
-  font-family: "Droid Sans", sans-serif;
-  color: #999999;
-  font-style: italic;
-}
-.swagger-section .swagger-ui-wrap p#colophon a {
-  text-decoration: none;
-  color: #547f00;
-}
-.swagger-section .swagger-ui-wrap h3 {
-  color: black;
-  font-size: 1.1em;
-  padding: 10px 0 10px 0;
-}
-.swagger-section .swagger-ui-wrap .markdown ol,
-.swagger-section .swagger-ui-wrap .markdown ul {
-  font-family: "Droid Sans", sans-serif;
-  margin: 5px 0 10px;
-  padding: 0 0 0 18px;
-  list-style-type: disc;
-}
-.swagger-section .swagger-ui-wrap form.form_box {
-  background-color: #ebf3f9;
-  border: 1px solid #c3d9ec;
-  padding: 10px;
-}
-.swagger-section .swagger-ui-wrap form.form_box label {
-  color: #0f6ab4 !important;
-}
-.swagger-section .swagger-ui-wrap form.form_box input[type=submit] {
-  display: block;
-  padding: 10px;
-}
-.swagger-section .swagger-ui-wrap form.form_box p.weak {
-  font-size: 0.8em;
-}
-.swagger-section .swagger-ui-wrap form.form_box p {
-  font-size: 0.9em;
-  padding: 0 0 15px;
-  color: #7e7b6d;
-}
-.swagger-section .swagger-ui-wrap form.form_box p a {
-  color: #646257;
-}
-.swagger-section .swagger-ui-wrap form.form_box p strong {
-  color: black;
-}
-.swagger-section .title {
-  font-style: bold;
-}
-.swagger-section .secondary_form {
-  display: none;
-}
-.swagger-section .main_image {
-  display: block;
-  margin-left: auto;
-  margin-right: auto;
-}
-.swagger-section .oauth_body {
-  margin-left: 100px;
-  margin-right: 100px;
-}
-.swagger-section .oauth_submit {
-  text-align: center;
-}
-.swagger-section .api-popup-dialog {
-  z-index: 10000;
-  position: absolute;
-  width: 500px;
-  background: #FFF;
-  padding: 20px;
-  border: 1px solid #ccc;
-  border-radius: 5px;
-  display: none;
-  font-size: 13px;
-  color: #777;
-}
-.swagger-section .api-popup-dialog .api-popup-title {
-  font-size: 24px;
-  padding: 10px 0;
-}
-.swagger-section .api-popup-dialog .api-popup-title {
-  font-size: 24px;
-  padding: 10px 0;
-}
-.swagger-section .api-popup-dialog p.error-msg {
-  padding-left: 5px;
-  padding-bottom: 5px;
-}
-.swagger-section .api-popup-dialog button.api-popup-authbtn {
-  height: 30px;
-}
-.swagger-section .api-popup-dialog button.api-popup-cancel {
-  height: 30px;
-}
-.swagger-section .api-popup-scopes {
-  padding: 10px 20px;
-}
-.swagger-section .api-popup-scopes li {
-  padding: 5px 0;
-  line-height: 20px;
-}
-.swagger-section .api-popup-scopes .api-scope-desc {
-  padding-left: 20px;
-  font-style: italic;
-}
-.swagger-section .api-popup-scopes li input {
-  position: relative;
-  top: 2px;
-}
-.swagger-section .api-popup-actions {
-  padding-top: 10px;
-}
-.swagger-section .access {
-  float: right;
-}
-.swagger-section .auth {
-  float: right;
-}
-.swagger-section #api_information_panel {
-  position: absolute;
-  background: #FFF;
-  border: 1px solid #ccc;
-  border-radius: 5px;
-  display: none;
-  font-size: 13px;
-  max-width: 300px;
-  line-height: 30px;
-  color: black;
-  padding: 5px;
-}
-.swagger-section #api_information_panel p .api-msg-enabled {
-  color: green;
-}
-.swagger-section #api_information_panel p .api-msg-disabled {
-  color: red;
-}
-.swagger-section .api-ic {
-  height: 18px;
-  vertical-align: middle;
-  display: inline-block;
-  background: url(../images/explorer_icons.png) no-repeat;
-}
-.swagger-section .ic-info {
-  background-position: 0 0;
-  width: 18px;
-  margin-top: -7px;
-  margin-left: 4px;
-}
-.swagger-section .ic-warning {
-  background-position: -60px 0;
-  width: 18px;
-  margin-top: -7px;
-  margin-left: 4px;
-}
-.swagger-section .ic-error {
-  background-position: -30px 0;
-  width: 18px;
-  margin-top: -7px;
-  margin-left: 4px;
-}
-.swagger-section .ic-off {
-  background-position: -90px 0;
-  width: 58px;
-  margin-top: -4px;
-  cursor: pointer;
-}
-.swagger-section .ic-on {
-  background-position: -160px 0;
-  width: 58px;
-  margin-top: -4px;
-  cursor: pointer;
-}
-.swagger-section #header {
-  background-color: #89bf04;
-  padding: 14px;
-}
-.swagger-section #header a#logo {
-  font-size: 1.5em;
-  font-weight: bold;
-  text-decoration: none;
-  background: transparent url(../images/logo_small.png) no-repeat left center;
-  padding: 20px 0 20px 40px;
-  color: white;
-}
-.swagger-section #header form#api_selector {
-  display: block;
-  clear: none;
-  float: right;
-}
-.swagger-section #header form#api_selector .input {
-  display: block;
-  clear: none;
-  float: left;
-  margin: 0 10px 0 0;
-}
-.swagger-section #header form#api_selector .input input#input_apiKey {
-  width: 200px;
-}
-.swagger-section #header form#api_selector .input input#input_baseUrl {
-  width: 400px;
-}
-.swagger-section #header form#api_selector .input a#explore {
-  display: block;
-  text-decoration: none;
-  font-weight: bold;
-  padding: 6px 8px;
-  font-size: 0.9em;
-  color: white;
-  background-color: #547f00;
-  -moz-border-radius: 4px;
-  -webkit-border-radius: 4px;
-  -o-border-radius: 4px;
-  -ms-border-radius: 4px;
-  -khtml-border-radius: 4px;
-  border-radius: 4px;
-}
-.swagger-section #header form#api_selector .input a#explore:hover {
-  background-color: #547f00;
-}
-.swagger-section #header form#api_selector .input input {
-  font-size: 0.9em;
-  padding: 3px;
-  margin: 0;
-}
-.swagger-section #content_message {
-  margin: 10px 15px;
-  font-style: italic;
-  color: #999999;
-}
-.swagger-section #message-bar {
-  min-height: 30px;
-  text-align: center;
-  padding-top: 10px;
-}
diff --git a/api/files/shred.bundle.js b/api/files/shred.bundle.js
deleted file mode 100644
index 74d08168922..00000000000
--- a/api/files/shred.bundle.js
+++ /dev/null
@@ -1,2765 +0,0 @@
-var require = function (file, cwd) {
-    var resolved = require.resolve(file, cwd || '/');
-    var mod = require.modules[resolved];
-    if (!mod) throw new Error(
-        'Failed to resolve module ' + file + ', tried ' + resolved
-    );
-    var res = mod._cached ? mod._cached : mod();
-    return res;
-}
-
-require.paths = [];
-require.modules = {};
-require.extensions = [".js",".coffee"];
-
-require._core = {
-    'assert': true,
-    'events': true,
-    'fs': true,
-    'path': true,
-    'vm': true
-};
-
-require.resolve = (function () {
-    return function (x, cwd) {
-        if (!cwd) cwd = '/';
-        
-        if (require._core[x]) return x;
-        var path = require.modules.path();
-        var y = cwd || '.';
-        
-        if (x.match(/^(?:\.\.?\/|\/)/)) {
-            var m = loadAsFileSync(path.resolve(y, x))
-                || loadAsDirectorySync(path.resolve(y, x));
-            if (m) return m;
-        }
-        
-        var n = loadNodeModulesSync(x, y);
-        if (n) return n;
-        
-        throw new Error("Cannot find module '" + x + "'");
-        
-        function loadAsFileSync (x) {
-            if (require.modules[x]) {
-                return x;
-            }
-            
-            for (var i = 0; i < require.extensions.length; i++) {
-                var ext = require.extensions[i];
-                if (require.modules[x + ext]) return x + ext;
-            }
-        }
-        
-        function loadAsDirectorySync (x) {
-            x = x.replace(/\/+$/, '');
-            var pkgfile = x + '/package.json';
-            if (require.modules[pkgfile]) {
-                var pkg = require.modules[pkgfile]();
-                var b = pkg.browserify;
-                if (typeof b === 'object' && b.main) {
-                    var m = loadAsFileSync(path.resolve(x, b.main));
-                    if (m) return m;
-                }
-                else if (typeof b === 'string') {
-                    var m = loadAsFileSync(path.resolve(x, b));
-                    if (m) return m;
-                }
-                else if (pkg.main) {
-                    var m = loadAsFileSync(path.resolve(x, pkg.main));
-                    if (m) return m;
-                }
-            }
-            
-            return loadAsFileSync(x + '/index');
-        }
-        
-        function loadNodeModulesSync (x, start) {
-            var dirs = nodeModulesPathsSync(start);
-            for (var i = 0; i < dirs.length; i++) {
-                var dir = dirs[i];
-                var m = loadAsFileSync(dir + '/' + x);
-                if (m) return m;
-                var n = loadAsDirectorySync(dir + '/' + x);
-                if (n) return n;
-            }
-            
-            var m = loadAsFileSync(x);
-            if (m) return m;
-        }
-        
-        function nodeModulesPathsSync (start) {
-            var parts;
-            if (start === '/') parts = [ '' ];
-            else parts = path.normalize(start).split('/');
-            
-            var dirs = [];
-            for (var i = parts.length - 1; i >= 0; i--) {
-                if (parts[i] === 'node_modules') continue;
-                var dir = parts.slice(0, i + 1).join('/') + '/node_modules';
-                dirs.push(dir);
-            }
-            
-            return dirs;
-        }
-    };
-})();
-
-require.alias = function (from, to) {
-    var path = require.modules.path();
-    var res = null;
-    try {
-        res = require.resolve(from + '/package.json', '/');
-    }
-    catch (err) {
-        res = require.resolve(from, '/');
-    }
-    var basedir = path.dirname(res);
-    
-    var keys = (Object.keys || function (obj) {
-        var res = [];
-        for (var key in obj) res.push(key)
-        return res;
-    })(require.modules);
-    
-    for (var i = 0; i < keys.length; i++) {
-        var key = keys[i];
-        if (key.slice(0, basedir.length + 1) === basedir + '/') {
-            var f = key.slice(basedir.length);
-            require.modules[to + f] = require.modules[basedir + f];
-        }
-        else if (key === basedir) {
-            require.modules[to] = require.modules[basedir];
-        }
-    }
-};
-
-require.define = function (filename, fn) {
-    var dirname = require._core[filename]
-        ? ''
-        : require.modules.path().dirname(filename)
-    ;
-    
-    var require_ = function (file) {
-        return require(file, dirname)
-    };
-    require_.resolve = function (name) {
-        return require.resolve(name, dirname);
-    };
-    require_.modules = require.modules;
-    require_.define = require.define;
-    var module_ = { exports : {} };
-    
-    require.modules[filename] = function () {
-        require.modules[filename]._cached = module_.exports;
-        fn.call(
-            module_.exports,
-            require_,
-            module_,
-            module_.exports,
-            dirname,
-            filename
-        );
-        require.modules[filename]._cached = module_.exports;
-        return module_.exports;
-    };
-};
-
-if (typeof process === 'undefined') process = {};
-
-if (!process.nextTick) process.nextTick = (function () {
-    var queue = [];
-    var canPost = typeof window !== 'undefined'
-        && window.postMessage && window.addEventListener
-    ;
-    
-    if (canPost) {
-        window.addEventListener('message', function (ev) {
-            if (ev.source === window && ev.data === 'browserify-tick') {
-                ev.stopPropagation();
-                if (queue.length > 0) {
-                    var fn = queue.shift();
-                    fn();
-                }
-            }
-        }, true);
-    }
-    
-    return function (fn) {
-        if (canPost) {
-            queue.push(fn);
-            window.postMessage('browserify-tick', '*');
-        }
-        else setTimeout(fn, 0);
-    };
-})();
-
-if (!process.title) process.title = 'browser';
-
-if (!process.binding) process.binding = function (name) {
-    if (name === 'evals') return require('vm')
-    else throw new Error('No such module')
-};
-
-if (!process.cwd) process.cwd = function () { return '.' };
-
-require.define("path", function (require, module, exports, __dirname, __filename) {
-    function filter (xs, fn) {
-    var res = [];
-    for (var i = 0; i < xs.length; i++) {
-        if (fn(xs[i], i, xs)) res.push(xs[i]);
-    }
-    return res;
-}
-
-// resolves . and .. elements in a path array with directory names there
-// must be no slashes, empty elements, or device names (c:\) in the array
-// (so also no leading and trailing slashes - it does not distinguish
-// relative and absolute paths)
-function normalizeArray(parts, allowAboveRoot) {
-  // if the path tries to go above the root, `up` ends up > 0
-  var up = 0;
-  for (var i = parts.length; i >= 0; i--) {
-    var last = parts[i];
-    if (last == '.') {
-      parts.splice(i, 1);
-    } else if (last === '..') {
-      parts.splice(i, 1);
-      up++;
-    } else if (up) {
-      parts.splice(i, 1);
-      up--;
-    }
-  }
-
-  // if the path is allowed to go above the root, restore leading ..s
-  if (allowAboveRoot) {
-    for (; up--; up) {
-      parts.unshift('..');
-    }
-  }
-
-  return parts;
-}
-
-// Regex to split a filename into [*, dir, basename, ext]
-// posix version
-var splitPathRe = /^(.+\/(?!$)|\/)?((?:.+?)?(\.[^.]*)?)$/;
-
-// path.resolve([from ...], to)
-// posix version
-exports.resolve = function() {
-var resolvedPath = '',
-    resolvedAbsolute = false;
-
-for (var i = arguments.length; i >= -1 && !resolvedAbsolute; i--) {
-  var path = (i >= 0)
-      ? arguments[i]
-      : process.cwd();
-
-  // Skip empty and invalid entries
-  if (typeof path !== 'string' || !path) {
-    continue;
-  }
-
-  resolvedPath = path + '/' + resolvedPath;
-  resolvedAbsolute = path.charAt(0) === '/';
-}
-
-// At this point the path should be resolved to a full absolute path, but
-// handle relative paths to be safe (might happen when process.cwd() fails)
-
-// Normalize the path
-resolvedPath = normalizeArray(filter(resolvedPath.split('/'), function(p) {
-    return !!p;
-  }), !resolvedAbsolute).join('/');
-
-  return ((resolvedAbsolute ? '/' : '') + resolvedPath) || '.';
-};
-
-// path.normalize(path)
-// posix version
-exports.normalize = function(path) {
-var isAbsolute = path.charAt(0) === '/',
-    trailingSlash = path.slice(-1) === '/';
-
-// Normalize the path
-path = normalizeArray(filter(path.split('/'), function(p) {
-    return !!p;
-  }), !isAbsolute).join('/');
-
-  if (!path && !isAbsolute) {
-    path = '.';
-  }
-  if (path && trailingSlash) {
-    path += '/';
-  }
-  
-  return (isAbsolute ? '/' : '') + path;
-};
-
-
-// posix version
-exports.join = function() {
-  var paths = Array.prototype.slice.call(arguments, 0);
-  return exports.normalize(filter(paths, function(p, index) {
-    return p && typeof p === 'string';
-  }).join('/'));
-};
-
-
-exports.dirname = function(path) {
-  var dir = splitPathRe.exec(path)[1] || '';
-  var isWindows = false;
-  if (!dir) {
-    // No dirname
-    return '.';
-  } else if (dir.length === 1 ||
-      (isWindows && dir.length <= 3 && dir.charAt(1) === ':')) {
-    // It is just a slash or a drive letter with a slash
-    return dir;
-  } else {
-    // It is a full dirname, strip trailing slash
-    return dir.substring(0, dir.length - 1);
-  }
-};
-
-
-exports.basename = function(path, ext) {
-  var f = splitPathRe.exec(path)[2] || '';
-  // TODO: make this comparison case-insensitive on windows?
-  if (ext && f.substr(-1 * ext.length) === ext) {
-    f = f.substr(0, f.length - ext.length);
-  }
-  return f;
-};
-
-
-exports.extname = function(path) {
-  return splitPathRe.exec(path)[3] || '';
-};
-
-});
-
-require.define("/shred.js", function (require, module, exports, __dirname, __filename) {
-    // Shred is an HTTP client library intended to simplify the use of Node's
-// built-in HTTP library. In particular, we wanted to make it easier to interact
-// with HTTP-based APIs.
-// 
-// See the [examples](./examples.html) for more details.
-
-// Ax is a nice logging library we wrote. You can use any logger, providing it
-// has `info`, `warn`, `debug`, and `error` methods that take a string.
-var Ax = require("ax")
-  , CookieJarLib = require( "cookiejar" )
-  , CookieJar = CookieJarLib.CookieJar
-;
-
-// Shred takes some options, including a logger and request defaults.
-
-var Shred = function(options) {
-  options = (options||{});
-  this.agent = options.agent;
-  this.defaults = options.defaults||{};
-  this.log = options.logger||(new Ax({ level: "info" }));
-  this._sharedCookieJar = new CookieJar();
-  this.logCurl = options.logCurl || false;
-};
-
-// Most of the real work is done in the request and reponse classes.
- 
-Shred.Request = require("./shred/request");
-Shred.Response = require("./shred/response");
-
-// The `request` method kicks off a new request, instantiating a new `Request`
-// object and passing along whatever default options we were given.
-
-Shred.prototype = {
-  request: function(options) {
-    options.logger = this.log;
-    options.logCurl = options.logCurl || this.logCurl;
-    options.cookieJar = ( 'cookieJar' in options ) ? options.cookieJar : this._sharedCookieJar; // let them set cookieJar = null
-    options.agent = options.agent || this.agent;
-    // fill in default options
-    for (var key in this.defaults) {
-      if (this.defaults.hasOwnProperty(key) && !options[key]) {
-        options[key] = this.defaults[key]
-      }
-    }
-    return new Shred.Request(options);
-  }
-};
-
-// Define a bunch of convenience methods so that you don't have to include
-// a `method` property in your request options.
-
-"get put post delete".split(" ").forEach(function(method) {
-  Shred.prototype[method] = function(options) {
-    options.method = method;
-    return this.request(options);
-  };
-});
-
-
-module.exports = Shred;
-
-});
-
-require.define("/node_modules/ax/package.json", function (require, module, exports, __dirname, __filename) {
-    module.exports = {"main":"./lib/ax.js"}
-});
-
-require.define("/node_modules/ax/lib/ax.js", function (require, module, exports, __dirname, __filename) {
-    var inspect = require("util").inspect
-  , fs = require("fs")
-;
-
-
-// this is a quick-and-dirty logger. there are other nicer loggers out there
-// but the ones i found were also somewhat involved. this one has a Ruby
-// logger type interface
-//
-// we can easily replace this, provide the info, debug, etc. methods are the
-// same. or, we can change Haiku to use a more standard node.js interface
-
-var format = function(level,message) {
-  var debug = (level=="debug"||level=="error");
-  if (!message) { return message.toString(); }
-  if (typeof(message) == "object") {
-    if (message instanceof Error && debug) {
-      return message.stack;
-    } else {
-      return inspect(message);
-    }
-  } else {
-    return message.toString();
-  }
-};
-
-var noOp = function(message) { return this; }
-var makeLogger = function(level,fn) {
-  return function(message) { 
-    this.stream.write(this.format(level, message)+"\n");
-    return this;
-  }
-};
-
-var Logger = function(options) {
-  var logger = this;
-  var options = options||{};
-
-  // Default options
-  options.level = options.level || "info";
-  options.timestamp = options.timestamp || true;
-  options.prefix = options.prefix || "";
-  logger.options = options;
-
-  // Allows a prefix to be added to the message.
-  //
-  //    var logger = new Ax({ module: 'Haiku' })
-  //    logger.warn('this is going to be awesome!');
-  //    //=> Haiku: this is going to be awesome!
-  //
-  if (logger.options.module){
-    logger.options.prefix = logger.options.module;
-  }
-
-  // Write to stderr or a file
-  if (logger.options.file){
-    logger.stream = fs.createWriteStream(logger.options.file, {"flags": "a"});
-  } else {
-      if(process.title === "node")
-    logger.stream = process.stderr;
-      else if(process.title === "browser")
-    logger.stream = function () {
-      // Work around weird console context issue: http://code.google.com/p/chromium/issues/detail?id=48662
-      return console[logger.options.level].apply(console, arguments);
-    };
-  }
-
-  switch(logger.options.level){
-    case 'debug':
-      ['debug', 'info', 'warn'].forEach(function (level) {
-        logger[level] = Logger.writer(level);
-      });
-    case 'info':
-      ['info', 'warn'].forEach(function (level) {
-        logger[level] = Logger.writer(level);
-      });
-    case 'warn':
-      logger.warn = Logger.writer('warn');
-  }
-}
-
-// Used to define logger methods
-Logger.writer = function(level){
-  return function(message){
-    var logger = this;
-
-    if(process.title === "node")
-  logger.stream.write(logger.format(level, message) + '\n');
-    else if(process.title === "browser")
-  logger.stream(logger.format(level, message) + '\n');
-
-  };
-}
-
-
-Logger.prototype = {
-  info: function(){},
-  debug: function(){},
-  warn: function(){},
-  error: Logger.writer('error'),
-  format: function(level, message){
-    if (! message) return '';
-
-    var logger = this
-      , prefix = logger.options.prefix
-      , timestamp = logger.options.timestamp ? " " + (new Date().toISOString()) : ""
-    ;
-
-    return (prefix + timestamp + ": " + message);
-  }
-};
-
-module.exports = Logger;
-
-});
-
-require.define("util", function (require, module, exports, __dirname, __filename) {
-    // todo
-
-});
-
-require.define("fs", function (require, module, exports, __dirname, __filename) {
-    // nothing to see here... no file methods for the browser
-
-});
-
-require.define("/node_modules/cookiejar/package.json", function (require, module, exports, __dirname, __filename) {
-    module.exports = {"main":"cookiejar.js"}
-});
-
-require.define("/node_modules/cookiejar/cookiejar.js", function (require, module, exports, __dirname, __filename) {
-    exports.CookieAccessInfo=CookieAccessInfo=function CookieAccessInfo(domain,path,secure,script) {
-    if(this instanceof CookieAccessInfo) {
-      this.domain=domain||undefined;
-      this.path=path||"/";
-      this.secure=!!secure;
-      this.script=!!script;
-      return this;
-    }
-    else {
-        return new CookieAccessInfo(domain,path,secure,script)    
-    }
-}
-
-exports.Cookie=Cookie=function Cookie(cookiestr) {
-  if(cookiestr instanceof Cookie) {
-    return cookiestr;
-  }
-    else {
-        if(this instanceof Cookie) {
-          this.name = null;
-          this.value = null;
-          this.expiration_date = Infinity;
-          this.path = "/";
-          this.domain = null;
-          this.secure = false; //how to define?
-          this.noscript = false; //httponly
-          if(cookiestr) {
-            this.parse(cookiestr)
-          }
-          return this;
-        }
-        return new Cookie(cookiestr)
-    }
-}
-
-Cookie.prototype.toString = function toString() {
-  var str=[this.name+"="+this.value];
-  if(this.expiration_date !== Infinity) {
-    str.push("expires="+(new Date(this.expiration_date)).toGMTString());
-  }
-  if(this.domain) {
-    str.push("domain="+this.domain);
-  }
-  if(this.path) {
-    str.push("path="+this.path);
-  }
-  if(this.secure) {
-    str.push("secure");
-  }
-  if(this.noscript) {
-    str.push("httponly");
-  }
-  return str.join("; ");
-}
-
-Cookie.prototype.toValueString = function toValueString() {
-  return this.name+"="+this.value;
-}
-
-var cookie_str_splitter=/[:](?=\s*[a-zA-Z0-9_\-]+\s*[=])/g
-Cookie.prototype.parse = function parse(str) {
-  if(this instanceof Cookie) {
-      var parts=str.split(";")
-      , pair=parts[0].match(/([^=]+)=((?:.|\n)*)/)
-      , key=pair[1]
-      , value=pair[2];
-      this.name = key;
-      this.value = value;
-    
-      for(var i=1;i<parts.length;i++) {
-        pair=parts[i].match(/([^=]+)(?:=((?:.|\n)*))?/)
-        , key=pair[1].trim().toLowerCase()
-        , value=pair[2];
-        switch(key) {
-          case "httponly":
-            this.noscript = true;
-          break;
-          case "expires":
-            this.expiration_date = value
-              ? Number(Date.parse(value))
-              : Infinity;
-          break;
-          case "path":
-            this.path = value
-              ? value.trim()
-              : "";
-          break;
-          case "domain":
-            this.domain = value
-              ? value.trim()
-              : "";
-          break;
-          case "secure":
-            this.secure = true;
-          break
-        }
-      }
-    
-      return this;
-  }
-    return new Cookie().parse(str)
-}
-
-Cookie.prototype.matches = function matches(access_info) {
-  if(this.noscript && access_info.script
-  || this.secure && !access_info.secure
-  || !this.collidesWith(access_info)) {
-    return false
-  }
-  return true;
-}
-
-Cookie.prototype.collidesWith = function collidesWith(access_info) {
-  if((this.path && !access_info.path) || (this.domain && !access_info.domain)) {
-    return false
-  }
-  if(this.path && access_info.path.indexOf(this.path) !== 0) {
-    return false;
-  }
-  if (this.domain===access_info.domain) {
-    return true;
-  }
-  else if(this.domain && this.domain.charAt(0)===".")
-  {
-    var wildcard=access_info.domain.indexOf(this.domain.slice(1))
-    if(wildcard===-1 || wildcard!==access_info.domain.length-this.domain.length+1) {
-      return false;
-    }
-  }
-  else if(this.domain){
-    return false
-  }
-  return true;
-}
-
-exports.CookieJar=CookieJar=function CookieJar() {
-  if(this instanceof CookieJar) {
-      var cookies = {} //name: [Cookie]
-    
-      this.setCookie = function setCookie(cookie) {
-        cookie = Cookie(cookie);
-        //Delete the cookie if the set is past the current time
-        var remove = cookie.expiration_date <= Date.now();
-        if(cookie.name in cookies) {
-          var cookies_list = cookies[cookie.name];
-          for(var i=0;i<cookies_list.length;i++) {
-            var collidable_cookie = cookies_list[i];
-            if(collidable_cookie.collidesWith(cookie)) {
-              if(remove) {
-                cookies_list.splice(i,1);
-                if(cookies_list.length===0) {
-                  delete cookies[cookie.name]
-                }
-                return false;
-              }
-              else {
-                return cookies_list[i]=cookie;
-              }
-            }
-          }
-          if(remove) {
-            return false;
-          }
-          cookies_list.push(cookie);
-          return cookie;
-        }
-        else if(remove){
-          return false;
-        }
-        else {
-          return cookies[cookie.name]=[cookie];
-        }
-      }
-      //returns a cookie
-      this.getCookie = function getCookie(cookie_name,access_info) {
-        var cookies_list = cookies[cookie_name];
-        for(var i=0;i<cookies_list.length;i++) {
-          var cookie = cookies_list[i];
-          if(cookie.expiration_date <= Date.now()) {
-            if(cookies_list.length===0) {
-              delete cookies[cookie.name]
-            }
-            continue;
-          }
-          if(cookie.matches(access_info)) {
-            return cookie;
-          }
-        }
-      }
-      //returns a list of cookies
-      this.getCookies = function getCookies(access_info) {
-        var matches=[];
-        for(var cookie_name in cookies) {
-          var cookie=this.getCookie(cookie_name,access_info);
-          if (cookie) {
-            matches.push(cookie);
-          }
-        }
-        matches.toString=function toString(){return matches.join(":");}
-            matches.toValueString=function() {return matches.map(function(c){return c.toValueString();}).join(';');}
-        return matches;
-      }
-    
-      return this;
-  }
-    return new CookieJar()
-}
-
-
-//returns list of cookies that were set correctly
-CookieJar.prototype.setCookies = function setCookies(cookies) {
-  cookies=Array.isArray(cookies)
-    ?cookies
-    :cookies.split(cookie_str_splitter);
-  var successful=[]
-  for(var i=0;i<cookies.length;i++) {
-    var cookie = Cookie(cookies[i]);
-    if(this.setCookie(cookie)) {
-      successful.push(cookie);
-    }
-  }
-  return successful;
-}
-
-});
-
-require.define("/shred/request.js", function (require, module, exports, __dirname, __filename) {
-    // The request object encapsulates a request, creating a Node.js HTTP request and
-// then handling the response.
-
-var HTTP = require("http")
-  , HTTPS = require("https")
-  , parseUri = require("./parseUri")
-  , Emitter = require('events').EventEmitter
-  , sprintf = require("sprintf").sprintf
-  , Response = require("./response")
-  , HeaderMixins = require("./mixins/headers")
-  , Content = require("./content")
-;
-
-var STATUS_CODES = HTTP.STATUS_CODES || {
-    100 : 'Continue',
-    101 : 'Switching Protocols',
-    102 : 'Processing', // RFC 2518, obsoleted by RFC 4918
-    200 : 'OK',
-    201 : 'Created',
-    202 : 'Accepted',
-    203 : 'Non-Authoritative Information',
-    204 : 'No Content',
-    205 : 'Reset Content',
-    206 : 'Partial Content',
-    207 : 'Multi-Status', // RFC 4918
-    300 : 'Multiple Choices',
-    301 : 'Moved Permanently',
-    302 : 'Moved Temporarily',
-    303 : 'See Other',
-    304 : 'Not Modified',
-    305 : 'Use Proxy',
-    307 : 'Temporary Redirect',
-    400 : 'Bad Request',
-    401 : 'Unauthorized',
-    402 : 'Payment Required',
-    403 : 'Forbidden',
-    404 : 'Not Found',
-    405 : 'Method Not Allowed',
-    406 : 'Not Acceptable',
-    407 : 'Proxy Authentication Required',
-    408 : 'Request Time-out',
-    409 : 'Conflict',
-    410 : 'Gone',
-    411 : 'Length Required',
-    412 : 'Precondition Failed',
-    413 : 'Request Entity Too Large',
-    414 : 'Request-URI Too Large',
-    415 : 'Unsupported Media Type',
-    416 : 'Requested Range Not Satisfiable',
-    417 : 'Expectation Failed',
-    418 : 'I\'m a teapot', // RFC 2324
-    422 : 'Unprocessable Entity', // RFC 4918
-    423 : 'Locked', // RFC 4918
-    424 : 'Failed Dependency', // RFC 4918
-    425 : 'Unordered Collection', // RFC 4918
-    426 : 'Upgrade Required', // RFC 2817
-    500 : 'Internal Server Error',
-    501 : 'Not Implemented',
-    502 : 'Bad Gateway',
-    503 : 'Service Unavailable',
-    504 : 'Gateway Time-out',
-    505 : 'HTTP Version not supported',
-    506 : 'Variant Also Negotiates', // RFC 2295
-    507 : 'Insufficient Storage', // RFC 4918
-    509 : 'Bandwidth Limit Exceeded',
-    510 : 'Not Extended' // RFC 2774
-};
-
-// The Shred object itself constructs the `Request` object. You should rarely
-// need to do this directly.
-
-var Request = function(options) {
-  this.log = options.logger;
-  this.cookieJar = options.cookieJar;
-  this.encoding = options.encoding;
-  this.logCurl = options.logCurl;
-  processOptions(this,options||{});
-  createRequest(this);
-};
-
-// A `Request` has a number of properties, many of which help with details like
-// URL parsing or defaulting the port for the request.
-
-Object.defineProperties(Request.prototype, {
-
-// - **url**. You can set the `url` property with a valid URL string and all the
-//   URL-related properties (host, port, etc.) will be automatically set on the
-//   request object.
-
-  url: {
-    get: function() {
-      if (!this.scheme) { return null; }
-      return sprintf("%s://%s:%s%s",
-          this.scheme, this.host, this.port,
-          (this.proxy ? "/" : this.path) +
-          (this.query ? ("?" + this.query) : ""));
-    },
-    set: function(_url) {
-      _url = parseUri(_url);
-      this.scheme = _url.protocol;
-      this.host = _url.host;
-      this.port = _url.port;
-      this.path = _url.path;
-      this.query = _url.query;
-      return this;
-    },
-    enumerable: true
-  },
-
-// - **headers**. Returns a hash representing the request headers. You can't set
-//   this directly, only get it. You can add or modify headers by using the
-//   `setHeader` or `setHeaders` method. This ensures that the headers are
-//   normalized - that is, you don't accidentally send `Content-Type` and
-//   `content-type` headers. Keep in mind that if you modify the returned hash,
-//   it will *not* modify the request headers.
-
-  headers: {
-    get: function() {
-      return this.getHeaders();
-    },
-    enumerable: true
-  },
-
-// - **port**. Unless you set the `port` explicitly or include it in the URL, it
-//   will default based on the scheme.
-
-  port: {
-    get: function() {
-      if (!this._port) {
-        switch(this.scheme) {
-          case "https": return this._port = 443;
-          case "http":
-          default: return this._port = 80;
-        }
-      }
-      return this._port;
-    },
-    set: function(value) { this._port = value; return this; },
-    enumerable: true
-  },
-
-// - **method**. The request method - `get`, `put`, `post`, etc. that will be
-//   used to make the request. Defaults to `get`.
-
-  method: {
-    get: function() {
-      return this._method = (this._method||"GET");
-    },
-    set: function(value) {
-      this._method = value; return this;
-    },
-    enumerable: true
-  },
-
-// - **query**. Can be set either with a query string or a hash (object). Get
-//   will always return a properly escaped query string or null if there is no
-//   query component for the request.
-
-  query: {
-    get: function() {return this._query;},
-    set: function(value) {
-      var stringify = function (hash) {
-        var query = "";
-        for (var key in hash) {
-          query += encodeURIComponent(key) + '=' + encodeURIComponent(hash[key]) + '&';
-        }
-        // Remove the last '&'
-        query = query.slice(0, -1);
-        return query;
-      }
-
-      if (value) {
-        if (typeof value === 'object') {
-          value = stringify(value);
-        }
-        this._query = value;
-      } else {
-        this._query = "";
-      }
-      return this;
-    },
-    enumerable: true
-  },
-
-// - **parameters**. This will return the query parameters in the form of a hash
-//   (object).
-
-  parameters: {
-    get: function() { return QueryString.parse(this._query||""); },
-    enumerable: true
-  },
-
-// - **content**. (Aliased as `body`.) Set this to add a content entity to the
-//   request. Attempts to use the `content-type` header to determine what to do
-//   with the content value. Get this to get back a [`Content`
-//   object](./content.html).
-
-  body: {
-    get: function() { return this._body; },
-    set: function(value) {
-      this._body = new Content({
-        data: value,
-        type: this.getHeader("Content-Type")
-      });
-      this.setHeader("Content-Type",this.content.type);
-      this.setHeader("Content-Length",this.content.length);
-      return this;
-    },
-    enumerable: true
-  },
-
-// - **timeout**. Used to determine how long to wait for a response. Does not
-//   distinguish between connect timeouts versus request timeouts. Set either in
-//   milliseconds or with an object with temporal attributes (hours, minutes,
-//   seconds) and convert it into milliseconds. Get will always return
-//   milliseconds.
-
-  timeout: {
-    get: function() { return this._timeout; }, // in milliseconds
-    set: function(timeout) {
-      var request = this
-        , milliseconds = 0;
-      ;
-      if (!timeout) return this;
-      if (typeof timeout==="number") { milliseconds = timeout; }
-      else {
-        milliseconds = (timeout.milliseconds||0) +
-          (1000 * ((timeout.seconds||0) +
-              (60 * ((timeout.minutes||0) +
-                (60 * (timeout.hours||0))))));
-      }
-      this._timeout = milliseconds;
-      return this;
-    },
-    enumerable: true
-  }
-});
-
-// Alias `body` property to `content`. Since the [content object](./content.html)
-// has a `body` attribute, it's preferable to use `content` since you can then
-// access the raw content data using `content.body`.
-
-Object.defineProperty(Request.prototype,"content",
-    Object.getOwnPropertyDescriptor(Request.prototype, "body"));
-
-// The `Request` object can be pretty overwhelming to view using the built-in
-// Node.js inspect method. We want to make it a bit more manageable. This
-// probably goes [too far in the other
-// direction](https://github.com/spire-io/shred/issues/2).
-
-Request.prototype.inspect = function () {
-  var request = this;
-  var headers = this.format_headers();
-  var summary = ["<Shred Request> ", request.method.toUpperCase(),
-      request.url].join(" ")
-  return [ summary, "- Headers:", headers].join("\n");
-};
-
-Request.prototype.format_headers = function () {
-  var array = []
-  var headers = this._headers
-  for (var key in headers) {
-    if (headers.hasOwnProperty(key)) {
-      var value = headers[key]
-      array.push("\t" + key + ": " + value);
-    }
-  }
-  return array.join("\n");
-};
-
-// Allow chainable 'on's:  shred.get({ ... }).on( ... ).  You can pass in a
-// single function, a pair (event, function), or a hash:
-// { event: function, event: function }
-Request.prototype.on = function (eventOrHash, listener) {
-  var emitter = this.emitter;
-  // Pass in a single argument as a function then make it the default response handler
-  if (arguments.length === 1 && typeof(eventOrHash) === 'function') {
-    emitter.on('response', eventOrHash);
-  } else if (arguments.length === 1 && typeof(eventOrHash) === 'object') {
-    for (var key in eventOrHash) {
-      if (eventOrHash.hasOwnProperty(key)) {
-        emitter.on(key, eventOrHash[key]);
-      }
-    }
-  } else {
-    emitter.on(eventOrHash, listener);
-  }
-  return this;
-};
-
-// Add in the header methods. Again, these ensure we don't get the same header
-// multiple times with different case conventions.
-HeaderMixins.gettersAndSetters(Request);
-
-// `processOptions` is called from the constructor to handle all the work
-// associated with making sure we do our best to ensure we have a valid request.
-
-var processOptions = function(request,options) {
-
-  request.log.debug("Processing request options ..");
-
-  // We'll use `request.emitter` to manage the `on` event handlers.
-  request.emitter = (new Emitter);
-
-  request.agent = options.agent;
-
-  // Set up the handlers ...
-  if (options.on) {
-    for (var key in options.on) {
-      if (options.on.hasOwnProperty(key)) {
-        request.emitter.on(key, options.on[key]);
-      }
-    }
-  }
-
-  // Make sure we were give a URL or a host
-  if (!options.url && !options.host) {
-    request.emitter.emit("request_error",
-        new Error("No url or url options (host, port, etc.)"));
-    return;
-  }
-
-  // Allow for the [use of a proxy](http://www.jmarshall.com/easy/http/#proxies).
-
-  if (options.url) {
-    if (options.proxy) {
-      request.url = options.proxy;
-      request.path = options.url;
-    } else {
-      request.url = options.url;
-    }
-  }
-
-  // Set the remaining options.
-  request.query = options.query||options.parameters||request.query ;
-  request.method = options.method;
-  request.setHeader("user-agent",options.agent||"Shred");
-  request.setHeaders(options.headers);
-
-  if (request.cookieJar) {
-    var cookies = request.cookieJar.getCookies( CookieAccessInfo( request.host, request.path ) );
-    if (cookies.length) {
-      var cookieString = request.getHeader('cookie')||'';
-      for (var cookieIndex = 0; cookieIndex < cookies.length; ++cookieIndex) {
-          if ( cookieString.length && cookieString[ cookieString.length - 1 ] != ';' )
-          {
-              cookieString += ';';
-          }
-          cookieString += cookies[ cookieIndex ].name + '=' + cookies[ cookieIndex ].value + ';';
-      }
-      request.setHeader("cookie", cookieString);
-    }
-  }
-  
-  // The content entity can be set either using the `body` or `content` attributes.
-  if (options.body||options.content) {
-    request.content = options.body||options.content;
-  }
-  request.timeout = options.timeout;
-
-};
-
-// `createRequest` is also called by the constructor, after `processOptions`.
-// This actually makes the request and processes the response, so `createRequest`
-// is a bit of a misnomer.
-
-var createRequest = function(request) {
-  var timeout ;
-
-  request.log.debug("Creating request ..");
-  request.log.debug(request);
-
-  var reqParams = {
-    host: request.host,
-    port: request.port,
-    method: request.method,
-    path: request.path + (request.query ? '?'+request.query : ""),
-    headers: request.getHeaders(),
-    // Node's HTTP/S modules will ignore this, but we are using the
-    // browserify-http module in the browser for both HTTP and HTTPS, and this
-    // is how you differentiate the two.
-    scheme: request.scheme,
-    // Use a provided agent.  'Undefined' is the default, which uses a global
-    // agent.
-    agent: request.agent
-  };
-
-  if (request.logCurl) {
-    logCurl(request);
-  }
-
-  var http = request.scheme == "http" ? HTTP : HTTPS;
-
-  // Set up the real request using the selected library. The request won't be
-  // sent until we call `.end()`.
-  request._raw = http.request(reqParams, function(response) {
-    request.log.debug("Received response ..");
-
-    // We haven't timed out and we have a response, so make sure we clear the
-    // timeout so it doesn't fire while we're processing the response.
-    clearTimeout(timeout);
-
-    // Construct a Shred `Response` object from the response. This will stream
-    // the response, thus the need for the callback. We can access the response
-    // entity safely once we're in the callback.
-    response = new Response(response, request, function(response) {
-
-      // Set up some event magic. The precedence is given first to
-      // status-specific handlers, then to responses for a given event, and then
-      // finally to the more general `response` handler. In the last case, we
-      // need to first make sure we're not dealing with a a redirect.
-      var emit = function(event) {
-        var emitter = request.emitter;
-        var textStatus = STATUS_CODES[response.status] ? STATUS_CODES[response.status].toLowerCase() : null;
-        if (emitter.listeners(response.status).length > 0 || emitter.listeners(textStatus).length > 0) {
-          emitter.emit(response.status, response);
-          emitter.emit(textStatus, response);
-        } else {
-          if (emitter.listeners(event).length>0) {
-            emitter.emit(event, response);
-          } else if (!response.isRedirect) {
-            emitter.emit("response", response);
-            //console.warn("Request has no event listener for status code " + response.status);
-          }
-        }
-      };
-
-      // Next, check for a redirect. We simply repeat the request with the URL
-      // given in the `Location` header. We fire a `redirect` event.
-      if (response.isRedirect) {
-        request.log.debug("Redirecting to "
-            + response.getHeader("Location"));
-        request.url = response.getHeader("Location");
-        emit("redirect");
-        createRequest(request);
-
-      // Okay, it's not a redirect. Is it an error of some kind?
-      } else if (response.isError) {
-        emit("error");
-      } else {
-      // It looks like we're good shape. Trigger the `success` event.
-        emit("success");
-      }
-    });
-  });
-
-  // We're still setting up the request. Next, we're going to handle error cases
-  // where we have no response. We don't emit an error event because that event
-  // takes a response. We don't response handlers to have to check for a null
-  // value. However, we [should introduce a different event
-  // type](https://github.com/spire-io/shred/issues/3) for this type of error.
-  request._raw.on("error", function(error) {
-    request.emitter.emit("request_error", error);
-  });
-
-  request._raw.on("socket", function(socket) {
-    request.emitter.emit("socket", socket);
-  });
-
-  // TCP timeouts should also trigger the "response_error" event.
-  request._raw.on('socket', function () {
-    request._raw.socket.on('timeout', function () {
-      // This should trigger the "error" event on the raw request, which will
-      // trigger the "response_error" on the shred request.
-      request._raw.abort();
-    });
-  });
-
-
-  // We're almost there. Next, we need to write the request entity to the
-  // underlying request object.
-  if (request.content) {
-    request.log.debug("Streaming body: '" +
-        request.content.data.slice(0,59) + "' ... ");
-    request._raw.write(request.content.data);
-  }
-
-  // Finally, we need to set up the timeout. We do this last so that we don't
-  // start the clock ticking until the last possible moment.
-  if (request.timeout) {
-    timeout = setTimeout(function() {
-      request.log.debug("Timeout fired, aborting request ...");
-      request._raw.abort();
-      request.emitter.emit("timeout", request);
-    },request.timeout);
-  }
-
-  // The `.end()` method will cause the request to fire. Technically, it might
-  // have already sent the headers and body.
-  request.log.debug("Sending request ...");
-  request._raw.end();
-};
-
-// Logs the curl command for the request.
-var logCurl = function (req) {
-  var headers = req.getHeaders();
-  var headerString = "";
-
-  for (var key in headers) {
-    headerString += '-H "' + key + ": " + headers[key] + '" ';
-  }
-
-  var bodyString = ""
-
-  if (req.content) {
-    bodyString += "-d '" + req.content.body + "' ";
-  }
-
-  var query = req.query ? '?' + req.query : "";
-
-  console.log("curl " +
-    "-X " + req.method.toUpperCase() + " " +
-    req.scheme + "://" + req.host + ":" + req.port + req.path + query + " " +
-    headerString +
-    bodyString
-  );
-};
-
-
-module.exports = Request;
-
-});
-
-require.define("http", function (require, module, exports, __dirname, __filename) {
-    // todo
-
-});
-
-require.define("https", function (require, module, exports, __dirname, __filename) {
-    // todo
-
-});
-
-require.define("/shred/parseUri.js", function (require, module, exports, __dirname, __filename) {
-    // parseUri 1.2.2
-// (c) Steven Levithan <stevenlevithan.com>
-// MIT License
-
-function parseUri (str) {
-  var o   = parseUri.options,
-    m   = o.parser[o.strictMode ? "strict" : "loose"].exec(str),
-    uri = {},
-    i   = 14;
-
-  while (i--) uri[o.key[i]] = m[i] || "";
-
-  uri[o.q.name] = {};
-  uri[o.key[12]].replace(o.q.parser, function ($0, $1, $2) {
-    if ($1) uri[o.q.name][$1] = $2;
-  });
-
-  return uri;
-};
-
-parseUri.options = {
-  strictMode: false,
-  key: ["source","protocol","authority","userInfo","user","password","host","port","relative","path","directory","file","query","anchor"],
-  q:   {
-    name:   "queryKey",
-    parser: /(?:^|&)([^&=]*)=?([^&]*)/g
-  },
-  parser: {
-    strict: /^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
-    loose:  /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/)?((?:(([^:@]*)(?::([^:@]*))?)?@)?([^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/
-  }
-};
-
-module.exports = parseUri;
-
-});
-
-require.define("events", function (require, module, exports, __dirname, __filename) {
-    if (!process.EventEmitter) process.EventEmitter = function () {};
-
-var EventEmitter = exports.EventEmitter = process.EventEmitter;
-var isArray = typeof Array.isArray === 'function'
-    ? Array.isArray
-    : function (xs) {
-        return Object.toString.call(xs) === '[object Array]'
-    }
-;
-
-// By default EventEmitters will print a warning if more than
-// 10 listeners are added to it. This is a useful default which
-// helps finding memory leaks.
-//
-// Obviously not all Emitters should be limited to 10. This function allows
-// that to be increased. Set to zero for unlimited.
-var defaultMaxListeners = 10;
-EventEmitter.prototype.setMaxListeners = function(n) {
-  if (!this._events) this._events = {};
-  this._events.maxListeners = n;
-};
-
-
-EventEmitter.prototype.emit = function(type) {
-  // If there is no 'error' event listener then throw.
-  if (type === 'error') {
-    if (!this._events || !this._events.error ||
-        (isArray(this._events.error) && !this._events.error.length))
-    {
-      if (arguments[1] instanceof Error) {
-        throw arguments[1]; // Unhandled 'error' event
-      } else {
-        throw new Error("Uncaught, unspecified 'error' event.");
-      }
-      return false;
-    }
-  }
-
-  if (!this._events) return false;
-  var handler = this._events[type];
-  if (!handler) return false;
-
-  if (typeof handler == 'function') {
-    switch (arguments.length) {
-      // fast cases
-      case 1:
-        handler.call(this);
-        break;
-      case 2:
-        handler.call(this, arguments[1]);
-        break;
-      case 3:
-        handler.call(this, arguments[1], arguments[2]);
-        break;
-      // slower
-      default:
-        var args = Array.prototype.slice.call(arguments, 1);
-        handler.apply(this, args);
-    }
-    return true;
-
-  } else if (isArray(handler)) {
-    var args = Array.prototype.slice.call(arguments, 1);
-
-    var listeners = handler.slice();
-    for (var i = 0, l = listeners.length; i < l; i++) {
-      listeners[i].apply(this, args);
-    }
-    return true;
-
-  } else {
-    return false;
-  }
-};
-
-// EventEmitter is defined in src/node_events.cc
-// EventEmitter.prototype.emit() is also defined there.
-EventEmitter.prototype.addListener = function(type, listener) {
-  if ('function' !== typeof listener) {
-    throw new Error('addListener only takes instances of Function');
-  }
-
-  if (!this._events) this._events = {};
-
-  // To avoid recursion in the case that type == "newListeners"! Before
-  // adding it to the listeners, first emit "newListeners".
-  this.emit('newListener', type, listener);
-
-  if (!this._events[type]) {
-    // Optimize the case of one listener. Don't need the extra array object.
-    this._events[type] = listener;
-  } else if (isArray(this._events[type])) {
-
-    // Check for listener leak
-    if (!this._events[type].warned) {
-      var m;
-      if (this._events.maxListeners !== undefined) {
-        m = this._events.maxListeners;
-      } else {
-        m = defaultMaxListeners;
-      }
-
-      if (m && m > 0 && this._events[type].length > m) {
-        this._events[type].warned = true;
-        console.error('(node) warning: possible EventEmitter memory ' +
-                      'leak detected. %d listeners added. ' +
-                      'Use emitter.setMaxListeners() to increase limit.',
-                      this._events[type].length);
-        console.trace();
-      }
-    }
-
-    // If we've already got an array, just append.
-    this._events[type].push(listener);
-  } else {
-    // Adding the second element, need to change to array.
-    this._events[type] = [this._events[type], listener];
-  }
-
-  return this;
-};
-
-EventEmitter.prototype.on = EventEmitter.prototype.addListener;
-
-EventEmitter.prototype.once = function(type, listener) {
-  var self = this;
-  self.on(type, function g() {
-    self.removeListener(type, g);
-    listener.apply(this, arguments);
-  });
-
-  return this;
-};
-
-EventEmitter.prototype.removeListener = function(type, listener) {
-  if ('function' !== typeof listener) {
-    throw new Error('removeListener only takes instances of Function');
-  }
-
-  // does not use listeners(), so no side effect of creating _events[type]
-  if (!this._events || !this._events[type]) return this;
-
-  var list = this._events[type];
-
-  if (isArray(list)) {
-    var i = list.indexOf(listener);
-    if (i < 0) return this;
-    list.splice(i, 1);
-    if (list.length == 0)
-      delete this._events[type];
-  } else if (this._events[type] === listener) {
-    delete this._events[type];
-  }
-
-  return this;
-};
-
-EventEmitter.prototype.removeAllListeners = function(type) {
-  // does not use listeners(), so no side effect of creating _events[type]
-  if (type && this._events && this._events[type]) this._events[type] = null;
-  return this;
-};
-
-EventEmitter.prototype.listeners = function(type) {
-  if (!this._events) this._events = {};
-  if (!this._events[type]) this._events[type] = [];
-  if (!isArray(this._events[type])) {
-    this._events[type] = [this._events[type]];
-  }
-  return this._events[type];
-};
-
-});
-
-require.define("/node_modules/sprintf/package.json", function (require, module, exports, __dirname, __filename) {
-    module.exports = {"main":"./lib/sprintf"}
-});
-
-require.define("/node_modules/sprintf/lib/sprintf.js", function (require, module, exports, __dirname, __filename) {
-    /**
-sprintf() for JavaScript 0.7-beta1
-http://www.diveintojavascript.com/projects/javascript-sprintf
-
-Copyright (c) Alexandru Marasteanu <alexaholic [at) gmail (dot] com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-    * Neither the name of sprintf() for JavaScript nor the
-      names of its contributors may be used to endorse or promote products
-      derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL Alexandru Marasteanu BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-Changelog:
-2010.11.07 - 0.7-beta1-node
-  - converted it to a node.js compatible module
-
-2010.09.06 - 0.7-beta1
-  - features: vsprintf, support for named placeholders
-  - enhancements: format cache, reduced global namespace pollution
-
-2010.05.22 - 0.6:
- - reverted to 0.4 and fixed the bug regarding the sign of the number 0
- Note:
- Thanks to Raphael Pigulla <raph (at] n3rd [dot) org> (http://www.n3rd.org/)
- who warned me about a bug in 0.5, I discovered that the last update was
- a regress. I appologize for that.
-
-2010.05.09 - 0.5:
- - bug fix: 0 is now preceeded with a + sign
- - bug fix: the sign was not at the right position on padded results (Kamal Abdali)
- - switched from GPL to BSD license
-
-2007.10.21 - 0.4:
- - unit test and patch (David Baird)
-
-2007.09.17 - 0.3:
- - bug fix: no longer throws exception on empty paramenters (Hans Pufal)
-
-2007.09.11 - 0.2:
- - feature: added argument swapping
-
-2007.04.03 - 0.1:
- - initial release
-**/
-
-var sprintf = (function() {
-  function get_type(variable) {
-    return Object.prototype.toString.call(variable).slice(8, -1).toLowerCase();
-  }
-  function str_repeat(input, multiplier) {
-    for (var output = []; multiplier > 0; output[--multiplier] = input) {/* do nothing */}
-    return output.join('');
-  }
-
-  var str_format = function() {
-    if (!str_format.cache.hasOwnProperty(arguments[0])) {
-      str_format.cache[arguments[0]] = str_format.parse(arguments[0]);
-    }
-    return str_format.format.call(null, str_format.cache[arguments[0]], arguments);
-  };
-
-  str_format.format = function(parse_tree, argv) {
-    var cursor = 1, tree_length = parse_tree.length, node_type = '', arg, output = [], i, k, match, pad, pad_character, pad_length;
-    for (i = 0; i < tree_length; i++) {
-      node_type = get_type(parse_tree[i]);
-      if (node_type === 'string') {
-        output.push(parse_tree[i]);
-      }
-      else if (node_type === 'array') {
-        match = parse_tree[i]; // convenience purposes only
-        if (match[2]) { // keyword argument
-          arg = argv[cursor];
-          for (k = 0; k < match[2].length; k++) {
-            if (!arg.hasOwnProperty(match[2][k])) {
-              throw(sprintf('[sprintf] property "%s" does not exist', match[2][k]));
-            }
-            arg = arg[match[2][k]];
-          }
-        }
-        else if (match[1]) { // positional argument (explicit)
-          arg = argv[match[1]];
-        }
-        else { // positional argument (implicit)
-          arg = argv[cursor++];
-        }
-
-        if (/[^s]/.test(match[8]) && (get_type(arg) != 'number')) {
-          throw(sprintf('[sprintf] expecting number but found %s', get_type(arg)));
-        }
-        switch (match[8]) {
-          case 'b': arg = arg.toString(2); break;
-          case 'c': arg = String.fromCharCode(arg); break;
-          case 'd': arg = parseInt(arg, 10); break;
-          case 'e': arg = match[7] ? arg.toExponential(match[7]) : arg.toExponential(); break;
-          case 'f': arg = match[7] ? parseFloat(arg).toFixed(match[7]) : parseFloat(arg); break;
-          case 'o': arg = arg.toString(8); break;
-          case 's': arg = ((arg = String(arg)) && match[7] ? arg.substring(0, match[7]) : arg); break;
-          case 'u': arg = Math.abs(arg); break;
-          case 'x': arg = arg.toString(16); break;
-          case 'X': arg = arg.toString(16).toUpperCase(); break;
-        }
-        arg = (/[def]/.test(match[8]) && match[3] && arg >= 0 ? '+'+ arg : arg);
-        pad_character = match[4] ? match[4] == '0' ? '0' : match[4].charAt(1) : ' ';
-        pad_length = match[6] - String(arg).length;
-        pad = match[6] ? str_repeat(pad_character, pad_length) : '';
-        output.push(match[5] ? arg + pad : pad + arg);
-      }
-    }
-    return output.join('');
-  };
-
-  str_format.cache = {};
-
-  str_format.parse = function(fmt) {
-    var _fmt = fmt, match = [], parse_tree = [], arg_names = 0;
-    while (_fmt) {
-      if ((match = /^[^\x25]+/.exec(_fmt)) !== null) {
-        parse_tree.push(match[0]);
-      }
-      else if ((match = /^\x25{2}/.exec(_fmt)) !== null) {
-        parse_tree.push('%');
-      }
-      else if ((match = /^\x25(?:([1-9]\d*)\$|\(([^\)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-fosuxX])/.exec(_fmt)) !== null) {
-        if (match[2]) {
-          arg_names |= 1;
-          var field_list = [], replacement_field = match[2], field_match = [];
-          if ((field_match = /^([a-z_][a-z_\d]*)/i.exec(replacement_field)) !== null) {
-            field_list.push(field_match[1]);
-            while ((replacement_field = replacement_field.substring(field_match[0].length)) !== '') {
-              if ((field_match = /^\.([a-z_][a-z_\d]*)/i.exec(replacement_field)) !== null) {
-                field_list.push(field_match[1]);
-              }
-              else if ((field_match = /^\[(\d+)\]/.exec(replacement_field)) !== null) {
-                field_list.push(field_match[1]);
-              }
-              else {
-                throw('[sprintf] huh?');
-              }
-            }
-          }
-          else {
-            throw('[sprintf] huh?');
-          }
-          match[2] = field_list;
-        }
-        else {
-          arg_names |= 2;
-        }
-        if (arg_names === 3) {
-          throw('[sprintf] mixing positional and named placeholders is not (yet) supported');
-        }
-        parse_tree.push(match);
-      }
-      else {
-        throw('[sprintf] huh?');
-      }
-      _fmt = _fmt.substring(match[0].length);
-    }
-    return parse_tree;
-  };
-
-  return str_format;
-})();
-
-var vsprintf = function(fmt, argv) {
-  argv.unshift(fmt);
-  return sprintf.apply(null, argv);
-};
-
-exports.sprintf = sprintf;
-exports.vsprintf = vsprintf;
-});
-
-require.define("/shred/response.js", function (require, module, exports, __dirname, __filename) {
-    // The `Response object` encapsulates a Node.js HTTP response.
-
-var Content = require("./content")
-  , HeaderMixins = require("./mixins/headers")
-  , CookieJarLib = require( "cookiejar" )
-  , Cookie = CookieJarLib.Cookie
-;
-
-// Browser doesn't have zlib.
-var zlib = null;
-try {
-  zlib = require('zlib');
-} catch (e) {
-  console.warn("no zlib library");
-}
-
-// Iconv doesn't work in browser
-var Iconv = null;
-try {
-  Iconv = require('iconv-lite');
-} catch (e) {
-  console.warn("no iconv library");
-}
-
-// Construct a `Response` object. You should never have to do this directly. The
-// `Request` object handles this, getting the raw response object and passing it
-// in here, along with the request. The callback allows us to stream the response
-// and then use the callback to let the request know when it's ready.
-var Response = function(raw, request, callback) { 
-  var response = this;
-  this._raw = raw;
-
-  // The `._setHeaders` method is "private"; you can't otherwise set headers on
-  // the response.
-  this._setHeaders.call(this,raw.headers);
-  
-  // store any cookies
-  if (request.cookieJar && this.getHeader('set-cookie')) {
-    var cookieStrings = this.getHeader('set-cookie');
-    var cookieObjs = []
-      , cookie;
-
-    for (var i = 0; i < cookieStrings.length; i++) {
-      var cookieString = cookieStrings[i];
-      if (!cookieString) {
-        continue;
-      }
-
-      if (!cookieString.match(/domain\=/i)) {
-        cookieString += '; domain=' + request.host;
-      }
-
-      if (!cookieString.match(/path\=/i)) {
-        cookieString += '; path=' + request.path;
-      }
-
-      try {
-        cookie = new Cookie(cookieString);
-        if (cookie) {
-          cookieObjs.push(cookie);
-        }
-      } catch (e) {
-        console.warn("Tried to set bad cookie: " + cookieString);
-      }
-    }
-
-    request.cookieJar.setCookies(cookieObjs);
-  }
-
-  this.request = request;
-  this.client = request.client;
-  this.log = this.request.log;
-
-  // Stream the response content entity and fire the callback when we're done.
-  // Store the incoming data in a array of Buffers which we concatinate into one
-  // buffer at the end.  We need to use buffers instead of strings here in order
-  // to preserve binary data.
-  var chunkBuffers = [];
-  var dataLength = 0;
-  raw.on("data", function(chunk) {
-    chunkBuffers.push(chunk);
-    dataLength += chunk.length;
-  });
-  raw.on("end", function() {
-    var body;
-    if (typeof Buffer === 'undefined') {
-      // Just concatinate into a string
-      body = chunkBuffers.join('');
-    } else {
-      // Initialize new buffer and add the chunks one-at-a-time.
-      body = new Buffer(dataLength);
-      for (var i = 0, pos = 0; i < chunkBuffers.length; i++) {
-        chunkBuffers[i].copy(body, pos);
-        pos += chunkBuffers[i].length;
-      }
-    }
-
-    var setBodyAndFinish = function (body) {
-      response._body = new Content({ 
-        body: body,
-        type: response.getHeader("Content-Type")
-      });
-      callback(response);
-    }
-
-    if (zlib && response.getHeader("Content-Encoding") === 'gzip'){
-      zlib.gunzip(body, function (err, gunzippedBody) {
-        if (Iconv && response.request.encoding){
-          body = Iconv.fromEncoding(gunzippedBody,response.request.encoding);
-        } else {
-          body = gunzippedBody.toString();
-        }
-        setBodyAndFinish(body);
-      })
-    }
-    else{
-       if (response.request.encoding){
-            body = Iconv.fromEncoding(body,response.request.encoding);
-        }        
-      setBodyAndFinish(body);
-    }
-  });
-};
-
-// The `Response` object can be pretty overwhelming to view using the built-in
-// Node.js inspect method. We want to make it a bit more manageable. This
-// probably goes [too far in the other
-// direction](https://github.com/spire-io/shred/issues/2).
-
-Response.prototype = {
-  inspect: function() {
-    var response = this;
-    var headers = this.format_headers();
-    var summary = ["<Shred Response> ", response.status].join(" ")
-    return [ summary, "- Headers:", headers].join("\n");
-  },
-  format_headers: function () {
-    var array = []
-    var headers = this._headers
-    for (var key in headers) {
-      if (headers.hasOwnProperty(key)) {
-        var value = headers[key]
-        array.push("\t" + key + ": " + value);
-      }
-    }
-    return array.join("\n");
-  }
-};
-
-// `Response` object properties, all of which are read-only:
-Object.defineProperties(Response.prototype, {
-  
-// - **status**. The HTTP status code for the response. 
-  status: {
-    get: function() { return this._raw.statusCode; },
-    enumerable: true
-  },
-
-// - **content**. The HTTP content entity, if any. Provided as a [content
-//   object](./content.html), which will attempt to convert the entity based upon
-//   the `content-type` header. The converted value is available as
-//   `content.data`. The original raw content entity is available as
-//   `content.body`.
-  body: {
-    get: function() { return this._body; }
-  },
-  content: {
-    get: function() { return this.body; },
-    enumerable: true
-  },
-
-// - **isRedirect**. Is the response a redirect? These are responses with 3xx
-//   status and a `Location` header.
-  isRedirect: {
-    get: function() {
-      return (this.status>299
-          &&this.status<400
-          &&this.getHeader("Location"));
-    },
-    enumerable: true
-  },
-
-// - **isError**. Is the response an error? These are responses with status of
-//   400 or greater.
-  isError: {
-    get: function() {
-      return (this.status === 0 || this.status > 399)
-    },
-    enumerable: true
-  }
-});
-
-// Add in the [getters for accessing the normalized headers](./headers.js).
-HeaderMixins.getters(Response);
-HeaderMixins.privateSetters(Response);
-
-// Work around Mozilla bug #608735 [https://bugzil.la/608735], which causes
-// getAllResponseHeaders() to return {} if the response is a CORS request.
-// xhr.getHeader still works correctly.
-var getHeader = Response.prototype.getHeader;
-Response.prototype.getHeader = function (name) {
-  return (getHeader.call(this,name) ||
-    (typeof this._raw.getHeader === 'function' && this._raw.getHeader(name)));
-};
-
-module.exports = Response;
-
-});
-
-require.define("/shred/content.js", function (require, module, exports, __dirname, __filename) {
-    
-// The purpose of the `Content` object is to abstract away the data conversions
-// to and from raw content entities as strings. For example, you want to be able
-// to pass in a Javascript object and have it be automatically converted into a
-// JSON string if the `content-type` is set to a JSON-based media type.
-// Conversely, you want to be able to transparently get back a Javascript object
-// in the response if the `content-type` is a JSON-based media-type.
-
-// One limitation of the current implementation is that it [assumes the `charset` is UTF-8](https://github.com/spire-io/shred/issues/5).
-
-// The `Content` constructor takes an options object, which *must* have either a
-// `body` or `data` property and *may* have a `type` property indicating the
-// media type. If there is no `type` attribute, a default will be inferred.
-var Content = function(options) {
-  this.body = options.body;
-  this.data = options.data;
-  this.type = options.type;
-};
-
-Content.prototype = {
-  // Treat `toString()` as asking for the `content.body`. That is, the raw content entity.
-  //
-  //     toString: function() { return this.body; }
-  //
-  // Commented out, but I've forgotten why. :/
-};
-
-
-// `Content` objects have the following attributes:
-Object.defineProperties(Content.prototype,{
-  
-// - **type**. Typically accessed as `content.type`, reflects the `content-type`
-//   header associated with the request or response. If not passed as an options
-//   to the constructor or set explicitly, it will infer the type the `data`
-//   attribute, if possible, and, failing that, will default to `text/plain`.
-  type: {
-    get: function() {
-      if (this._type) {
-        return this._type;
-      } else {
-        if (this._data) {
-          switch(typeof this._data) {
-            case "string": return "text/plain";
-            case "object": return "application/json";
-          }
-        }
-      }
-      return "text/plain";
-    },
-    set: function(value) {
-      this._type = value;
-      return this;
-    },
-    enumerable: true
-  },
-
-// - **data**. Typically accessed as `content.data`, reflects the content entity
-//   converted into Javascript data. This can be a string, if the `type` is, say,
-//   `text/plain`, but can also be a Javascript object. The conversion applied is
-//   based on the `processor` attribute. The `data` attribute can also be set
-//   directly, in which case the conversion will be done the other way, to infer
-//   the `body` attribute.
-  data: {
-    get: function() {
-      if (this._body) {
-        return this.processor.parser(this._body);
-      } else {
-        return this._data;
-      }
-    },
-    set: function(data) {
-      if (this._body&&data) Errors.setDataWithBody(this);
-      this._data = data;
-      return this;
-    },
-    enumerable: true
-  },
-
-// - **body**. Typically accessed as `content.body`, reflects the content entity
-//   as a UTF-8 string. It is the mirror of the `data` attribute. If you set the
-//   `data` attribute, the `body` attribute will be inferred and vice-versa. If
-//   you attempt to set both, an exception is raised.
-  body: {
-    get: function() {
-      if (this._data) {
-        return this.processor.stringify(this._data);
-      } else {
-        return this.processor.stringify(this._body);
-      }
-    },
-    set: function(body) {
-      if (this._data&&body) Errors.setBodyWithData(this);
-      this._body = body;
-      return this;
-    },
-    enumerable: true
-  },
-
-// - **processor**. The functions that will be used to convert to/from `data` and
-//   `body` attributes. You can add processors. The two that are built-in are for
-//   `text/plain`, which is basically an identity transformation and
-//   `application/json` and other JSON-based media types (including custom media
-//   types with `+json`). You can add your own processors. See below.
-  processor: {
-    get: function() {
-      var processor = Content.processors[this.type];
-      if (processor) {
-        return processor;
-      } else {
-        // Return the first processor that matches any part of the
-        // content type. ex: application/vnd.foobar.baz+json will match json.
-        var main = this.type.split(";")[0];
-        var parts = main.split(/\+|\//);
-        for (var i=0, l=parts.length; i < l; i++) {
-          processor = Content.processors[parts[i]]
-        }
-        return processor || {parser:identity,stringify:toString};
-      }
-    },
-    enumerable: true
-  },
-
-// - **length**. Typically accessed as `content.length`, returns the length in
-//   bytes of the raw content entity.
-  length: {
-    get: function() {
-      if (typeof Buffer !== 'undefined') {
-        return Buffer.byteLength(this.body);
-      }
-      return this.body.length;
-    }
-  }
-});
-
-Content.processors = {};
-
-// The `registerProcessor` function allows you to add your own processors to
-// convert content entities. Each processor consists of a Javascript object with
-// two properties:
-// - **parser**. The function used to parse a raw content entity and convert it
-//   into a Javascript data type.
-// - **stringify**. The function used to convert a Javascript data type into a
-//   raw content entity.
-Content.registerProcessor = function(types,processor) {
-  
-// You can pass an array of types that will trigger this processor, or just one.
-// We determine the array via duck-typing here.
-  if (types.forEach) {
-    types.forEach(function(type) {
-      Content.processors[type] = processor;
-    });
-  } else {
-    // If you didn't pass an array, we just use what you pass in.
-    Content.processors[types] = processor;
-  }
-};
-
-// Register the identity processor, which is used for text-based media types.
-var identity = function(x) { return x; }
-  , toString = function(x) { return x.toString(); }
-Content.registerProcessor(
-  ["text/html","text/plain","text"],
-  { parser: identity, stringify: toString });
-
-// Register the JSON processor, which is used for JSON-based media types.
-Content.registerProcessor(
-  ["application/json; charset=utf-8","application/json","json"],
-  {
-    parser: function(string) {
-      return JSON.parse(string);
-    },
-    stringify: function(data) {
-      return JSON.stringify(data); }});
-
-// Error functions are defined separately here in an attempt to make the code
-// easier to read.
-var Errors = {
-  setDataWithBody: function(object) {
-    throw new Error("Attempt to set data attribute of a content object " +
-        "when the body attributes was already set.");
-  },
-  setBodyWithData: function(object) {
-    throw new Error("Attempt to set body attribute of a content object " +
-        "when the data attributes was already set.");
-  }
-}
-module.exports = Content;
-
-});
-
-require.define("/shred/mixins/headers.js", function (require, module, exports, __dirname, __filename) {
-    // The header mixins allow you to add HTTP header support to any object. This
-// might seem pointless: why not simply use a hash? The main reason is that, per
-// the [HTTP spec](http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2),
-// headers are case-insensitive. So, for example, `content-type` is the same as
-// `CONTENT-TYPE` which is the same as `Content-Type`. Since there is no way to
-// overload the index operator in Javascript, using a hash to represent the
-// headers means it's possible to have two conflicting values for a single
-// header.
-// 
-// The solution to this is to provide explicit methods to set or get headers.
-// This also has the benefit of allowing us to introduce additional variations,
-// including snake case, which we automatically convert to what Matthew King has
-// dubbed "corset case" - the hyphen-separated names with initial caps:
-// `Content-Type`. We use corset-case just in case we're dealing with servers
-// that haven't properly implemented the spec.
-
-// Convert headers to corset-case. **Example:** `CONTENT-TYPE` will be converted
-// to `Content-Type`.
-
-var corsetCase = function(string) {
-  return string.toLowerCase()
-      //.replace("_","-")
-      .replace(/(^|-)(\w)/g, 
-          function(s) { return s.toUpperCase(); });
-};
-
-// We suspect that `initializeHeaders` was once more complicated ...
-var initializeHeaders = function(object) {
-  return {};
-};
-
-// Access the `_headers` property using lazy initialization. **Warning:** If you
-// mix this into an object that is using the `_headers` property already, you're
-// going to have trouble.
-var $H = function(object) {
-  return object._headers||(object._headers=initializeHeaders(object));
-};
-
-// Hide the implementations as private functions, separate from how we expose them.
-
-// The "real" `getHeader` function: get the header after normalizing the name.
-var getHeader = function(object,name) {
-  return $H(object)[corsetCase(name)];
-};
-
-// The "real" `getHeader` function: get one or more headers, or all of them
-// if you don't ask for any specifics. 
-var getHeaders = function(object,names) {
-  var keys = (names && names.length>0) ? names : Object.keys($H(object));
-  var hash = keys.reduce(function(hash,key) {
-    hash[key] = getHeader(object,key);
-    return hash;
-  },{});
-  // Freeze the resulting hash so you don't mistakenly think you're modifying
-  // the real headers.
-  Object.freeze(hash);
-  return hash;
-};
-
-// The "real" `setHeader` function: set a header, after normalizing the name.
-var setHeader = function(object,name,value) {
-  $H(object)[corsetCase(name)] = value;
-  return object;
-};
-
-// The "real" `setHeaders` function: set multiple headers based on a hash.
-var setHeaders = function(object,hash) {
-  for( var key in hash ) { setHeader(object,key,hash[key]); };
-  return this;
-};
-
-// Here's where we actually bind the functionality to an object. These mixins work by
-// exposing mixin functions. Each function mixes in a specific batch of features.
-module.exports = {
-  
-  // Add getters.
-  getters: function(constructor) {
-    constructor.prototype.getHeader = function(name) { return getHeader(this,name); };
-    constructor.prototype.getHeaders = function() { return getHeaders(this,arguments); };
-  },
-  // Add setters but as "private" methods.
-  privateSetters: function(constructor) {
-    constructor.prototype._setHeader = function(key,value) { return setHeader(this,key,value); };
-    constructor.prototype._setHeaders = function(hash) { return setHeaders(this,hash); };
-  },
-  // Add setters.
-  setters: function(constructor) {
-    constructor.prototype.setHeader = function(key,value) { return setHeader(this,key,value); };
-    constructor.prototype.setHeaders = function(hash) { return setHeaders(this,hash); };
-  },
-  // Add both getters and setters.
-  gettersAndSetters: function(constructor) {
-    constructor.prototype.getHeader = function(name) { return getHeader(this,name); };
-    constructor.prototype.getHeaders = function() { return getHeaders(this,arguments); };
-    constructor.prototype.setHeader = function(key,value) { return setHeader(this,key,value); };
-    constructor.prototype.setHeaders = function(hash) { return setHeaders(this,hash); };
-  },
-};
-
-});
-
-require.define("/node_modules/iconv-lite/package.json", function (require, module, exports, __dirname, __filename) {
-    module.exports = {}
-});
-
-require.define("/node_modules/iconv-lite/index.js", function (require, module, exports, __dirname, __filename) {
-    // Module exports
-var iconv = module.exports = {
-    toEncoding: function(str, encoding) {
-        return iconv.getCodec(encoding).toEncoding(str);
-    },
-    fromEncoding: function(buf, encoding) {
-        return iconv.getCodec(encoding).fromEncoding(buf);
-    },
-    
-    defaultCharUnicode: '�',
-    defaultCharSingleByte: '?',
-    
-    // Get correct codec for given encoding.
-    getCodec: function(encoding) {
-        var enc = encoding || "utf8";
-        var codecOptions = undefined;
-        while (1) {
-            if (getType(enc) === "String")
-                enc = enc.replace(/[- ]/g, "").toLowerCase();
-            var codec = iconv.encodings[enc];
-            var type = getType(codec);
-            if (type === "String") {
-                // Link to other encoding.
-                codecOptions = {originalEncoding: enc};
-                enc = codec;
-            }
-            else if (type === "Object" && codec.type != undefined) {
-                // Options for other encoding.
-                codecOptions = codec;
-                enc = codec.type;
-            } 
-            else if (type === "Function")
-                // Codec itself.
-                return codec(codecOptions);
-            else
-                throw new Error("Encoding not recognized: '" + encoding + "' (searched as: '"+enc+"')");
-        }
-    },
-    
-    // Define basic encodings
-    encodings: {
-        internal: function(options) {
-            return {
-                toEncoding: function(str) {
-                    return new Buffer(ensureString(str), options.originalEncoding);
-                },
-                fromEncoding: function(buf) {
-                    return ensureBuffer(buf).toString(options.originalEncoding);
-                }
-            };
-        },
-        utf8: "internal",
-        ucs2: "internal",
-        binary: "internal",
-        ascii: "internal",
-        base64: "internal",
-        
-        // Codepage single-byte encodings.
-        singlebyte: function(options) {
-            // Prepare chars if needed
-            if (!options.chars || (options.chars.length !== 128 && options.chars.length !== 256))
-                throw new Error("Encoding '"+options.type+"' has incorrect 'chars' (must be of len 128 or 256)");
-            
-            if (options.chars.length === 128)
-                options.chars = asciiString + options.chars;
-            
-            if (!options.charsBuf) {
-                options.charsBuf = new Buffer(options.chars, 'ucs2');
-            }
-            
-            if (!options.revCharsBuf) {
-                options.revCharsBuf = new Buffer(65536);
-                var defChar = iconv.defaultCharSingleByte.charCodeAt(0);
-                for (var i = 0; i < options.revCharsBuf.length; i++)
-                    options.revCharsBuf[i] = defChar;
-                for (var i = 0; i < options.chars.length; i++)
-                    options.revCharsBuf[options.chars.charCodeAt(i)] = i;
-            }
-            
-            return {
-                toEncoding: function(str) {
-                    str = ensureString(str);
-                    
-                    var buf = new Buffer(str.length);
-                    var revCharsBuf = options.revCharsBuf;
-                    for (var i = 0; i < str.length; i++)
-                        buf[i] = revCharsBuf[str.charCodeAt(i)];
-                    
-                    return buf;
-                },
-                fromEncoding: function(buf) {
-                    buf = ensureBuffer(buf);
-                    
-                    // Strings are immutable in JS -> we use ucs2 buffer to speed up computations.
-                    var charsBuf = options.charsBuf;
-                    var newBuf = new Buffer(buf.length*2);
-                    var idx1 = 0, idx2 = 0;
-                    for (var i = 0, _len = buf.length; i < _len; i++) {
-                        idx1 = buf[i]*2; idx2 = i*2;
-                        newBuf[idx2] = charsBuf[idx1];
-                        newBuf[idx2+1] = charsBuf[idx1+1];
-                    }
-                    return newBuf.toString('ucs2');
-                }
-            };
-        },
-
-        // Codepage double-byte encodings.
-        table: function(options) {
-            var table = options.table, key, revCharsTable = options.revCharsTable;
-            if (!table) {
-                throw new Error("Encoding '" + options.type +"' has incorect 'table' option");
-            }
-            if(!revCharsTable) {
-                revCharsTable = options.revCharsTable = {};
-                for (key in table) {
-                    revCharsTable[table[key]] = parseInt(key);
-                }
-            }
-            
-            return {
-                toEncoding: function(str) {
-                    str = ensureString(str);
-                    var strLen = str.length;
-                    var bufLen = strLen;
-                    for (var i = 0; i < strLen; i++)
-                        if (str.charCodeAt(i) >> 7)
-                            bufLen++;
-
-                    var newBuf = new Buffer(bufLen), gbkcode, unicode, 
-                        defaultChar = revCharsTable[iconv.defaultCharUnicode.charCodeAt(0)];
-
-                    for (var i = 0, j = 0; i < strLen; i++) {
-                        unicode = str.charCodeAt(i);
-                        if (unicode >> 7) {
-                            gbkcode = revCharsTable[unicode] || defaultChar;
-                            newBuf[j++] = gbkcode >> 8; //high byte;
-                            newBuf[j++] = gbkcode & 0xFF; //low byte
-                        } else {//ascii
-                            newBuf[j++] = unicode;
-                        }
-                    }
-                    return newBuf;
-                },
-                fromEncoding: function(buf) {
-                    buf = ensureBuffer(buf);
-                    var bufLen = buf.length, strLen = 0;
-                    for (var i = 0; i < bufLen; i++) {
-                        strLen++;
-                        if (buf[i] & 0x80) //the high bit is 1, so this byte is gbkcode's high byte.skip next byte
-                            i++;
-                    }
-                    var newBuf = new Buffer(strLen*2), unicode, gbkcode,
-                        defaultChar = iconv.defaultCharUnicode.charCodeAt(0);
-                    
-                    for (var i = 0, j = 0; i < bufLen; i++, j+=2) {
-                        gbkcode = buf[i];
-                        if (gbkcode & 0x80) {
-                            gbkcode = (gbkcode << 8) + buf[++i];
-                            unicode = table[gbkcode] || defaultChar;
-                        } else {
-                            unicode = gbkcode;
-                        }
-                        newBuf[j] = unicode & 0xFF; //low byte
-                        newBuf[j+1] = unicode >> 8; //high byte
-                    }
-                    return newBuf.toString('ucs2');
-                }
-            }
-        }
-    }
-};
-
-// Add aliases to convert functions
-iconv.encode = iconv.toEncoding;
-iconv.decode = iconv.fromEncoding;
-
-// Load other encodings from files in /encodings dir.
-var encodingsDir = __dirname+"/encodings/",
-    fs = require('fs');
-fs.readdirSync(encodingsDir).forEach(function(file) {
-    if(fs.statSync(encodingsDir + file).isDirectory()) return;
-    var encodings = require(encodingsDir + file)
-    for (var key in encodings)
-        iconv.encodings[key] = encodings[key]
-});
-
-// Utilities
-var asciiString = '\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f'+
-              ' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f';
-
-var ensureBuffer = function(buf) {
-    buf = buf || new Buffer(0);
-    return (buf instanceof Buffer) ? buf : new Buffer(buf.toString(), "utf8");
-}
-
-var ensureString = function(str) {
-    str = str || "";
-    return (str instanceof String) ? str : str.toString((str instanceof Buffer) ? 'utf8' : undefined);
-}
-
-var getType = function(obj) {
-    return Object.prototype.toString.call(obj).slice(8, -1);
-}
-
-
-});
-
-require.define("/node_modules/http-browserify/package.json", function (require, module, exports, __dirname, __filename) {
-    module.exports = {"main":"index.js","browserify":"browser.js"}
-});
-
-require.define("/node_modules/http-browserify/browser.js", function (require, module, exports, __dirname, __filename) {
-    var http = module.exports;
-var EventEmitter = require('events').EventEmitter;
-var Request = require('./lib/request');
-
-http.request = function (params, cb) {
-    if (!params) params = {};
-    if (!params.host) params.host = window.location.host.split(':')[0];
-    if (!params.port) params.port = window.location.port;
-    
-    var req = new Request(new xhrHttp, params);
-    if (cb) req.on('response', cb);
-    return req;
-};
-
-http.get = function (params, cb) {
-    params.method = 'GET';
-    var req = http.request(params, cb);
-    req.end();
-    return req;
-};
-
-var xhrHttp = (function () {
-    if (typeof window === 'undefined') {
-        throw new Error('no window object present');
-    }
-    else if (window.XMLHttpRequest) {
-        return window.XMLHttpRequest;
-    }
-    else if (window.ActiveXObject) {
-        var axs = [
-            'Msxml2.XMLHTTP.6.0',
-            'Msxml2.XMLHTTP.3.0',
-            'Microsoft.XMLHTTP'
-        ];
-        for (var i = 0; i < axs.length; i++) {
-            try {
-                var ax = new(window.ActiveXObject)(axs[i]);
-                return function () {
-                    if (ax) {
-                        var ax_ = ax;
-                        ax = null;
-                        return ax_;
-                    }
-                    else {
-                        return new(window.ActiveXObject)(axs[i]);
-                    }
-                };
-            }
-            catch (e) {}
-        }
-        throw new Error('ajax not supported in this browser')
-    }
-    else {
-        throw new Error('ajax not supported in this browser');
-    }
-})();
-
-http.STATUS_CODES = {
-    100 : 'Continue',
-    101 : 'Switching Protocols',
-    102 : 'Processing', // RFC 2518, obsoleted by RFC 4918
-    200 : 'OK',
-    201 : 'Created',
-    202 : 'Accepted',
-    203 : 'Non-Authoritative Information',
-    204 : 'No Content',
-    205 : 'Reset Content',
-    206 : 'Partial Content',
-    207 : 'Multi-Status', // RFC 4918
-    300 : 'Multiple Choices',
-    301 : 'Moved Permanently',
-    302 : 'Moved Temporarily',
-    303 : 'See Other',
-    304 : 'Not Modified',
-    305 : 'Use Proxy',
-    307 : 'Temporary Redirect',
-    400 : 'Bad Request',
-    401 : 'Unauthorized',
-    402 : 'Payment Required',
-    403 : 'Forbidden',
-    404 : 'Not Found',
-    405 : 'Method Not Allowed',
-    406 : 'Not Acceptable',
-    407 : 'Proxy Authentication Required',
-    408 : 'Request Time-out',
-    409 : 'Conflict',
-    410 : 'Gone',
-    411 : 'Length Required',
-    412 : 'Precondition Failed',
-    413 : 'Request Entity Too Large',
-    414 : 'Request-URI Too Large',
-    415 : 'Unsupported Media Type',
-    416 : 'Requested Range Not Satisfiable',
-    417 : 'Expectation Failed',
-    418 : 'I\'m a teapot', // RFC 2324
-    422 : 'Unprocessable Entity', // RFC 4918
-    423 : 'Locked', // RFC 4918
-    424 : 'Failed Dependency', // RFC 4918
-    425 : 'Unordered Collection', // RFC 4918
-    426 : 'Upgrade Required', // RFC 2817
-    500 : 'Internal Server Error',
-    501 : 'Not Implemented',
-    502 : 'Bad Gateway',
-    503 : 'Service Unavailable',
-    504 : 'Gateway Time-out',
-    505 : 'HTTP Version not supported',
-    506 : 'Variant Also Negotiates', // RFC 2295
-    507 : 'Insufficient Storage', // RFC 4918
-    509 : 'Bandwidth Limit Exceeded',
-    510 : 'Not Extended' // RFC 2774
-};
-
-});
-
-require.define("/node_modules/http-browserify/lib/request.js", function (require, module, exports, __dirname, __filename) {
-    var EventEmitter = require('events').EventEmitter;
-var Response = require('./response');
-var isSafeHeader = require('./isSafeHeader');
-
-var Request = module.exports = function (xhr, params) {
-    var self = this;
-    self.xhr = xhr;
-    self.body = '';
-    
-    var uri = params.host + ':' + params.port + (params.path || '/');
-    
-    xhr.open(
-        params.method || 'GET',
-        (params.scheme || 'http') + '://' + uri,
-        true
-    );
-    
-    if (params.headers) {
-        Object.keys(params.headers).forEach(function (key) {
-            if (!isSafeHeader(key)) return;
-            var value = params.headers[key];
-            if (Array.isArray(value)) {
-                value.forEach(function (v) {
-                    xhr.setRequestHeader(key, v);
-                });
-            }
-            else xhr.setRequestHeader(key, value)
-        });
-    }
-    
-    var res = new Response(xhr);
-    res.on('ready', function () {
-        self.emit('response', res);
-    });
-    
-    xhr.onreadystatechange = function () {
-        res.handle(xhr);
-    };
-};
-
-Request.prototype = new EventEmitter;
-
-Request.prototype.setHeader = function (key, value) {
-    if ((Array.isArray && Array.isArray(value))
-    || value instanceof Array) {
-        for (var i = 0; i < value.length; i++) {
-            this.xhr.setRequestHeader(key, value[i]);
-        }
-    }
-    else {
-        this.xhr.setRequestHeader(key, value);
-    }
-};
-
-Request.prototype.write = function (s) {
-    this.body += s;
-};
-
-Request.prototype.end = function (s) {
-    if (s !== undefined) this.write(s);
-    this.xhr.send(this.body);
-};
-
-});
-
-require.define("/node_modules/http-browserify/lib/response.js", function (require, module, exports, __dirname, __filename) {
-    var EventEmitter = require('events').EventEmitter;
-var isSafeHeader = require('./isSafeHeader');
-
-var Response = module.exports = function (xhr) {
-    this.xhr = xhr;
-    this.offset = 0;
-};
-
-Response.prototype = new EventEmitter;
-
-var capable = {
-    streaming : true,
-    status2 : true
-};
-
-function parseHeaders (xhr) {
-    var lines = xhr.getAllResponseHeaders().split(/\r?\n/);
-    var headers = {};
-    for (var i = 0; i < lines.length; i++) {
-        var line = lines[i];
-        if (line === '') continue;
-        
-        var m = line.match(/^([^:]+):\s*(.*)/);
-        if (m) {
-            var key = m[1].toLowerCase(), value = m[2];
-            
-            if (headers[key] !== undefined) {
-                if ((Array.isArray && Array.isArray(headers[key]))
-                || headers[key] instanceof Array) {
-                    headers[key].push(value);
-                }
-                else {
-                    headers[key] = [ headers[key], value ];
-                }
-            }
-            else {
-                headers[key] = value;
-            }
-        }
-        else {
-            headers[line] = true;
-        }
-    }
-    return headers;
-}
-
-Response.prototype.getHeader = function (key) {
-    var header = this.headers ? this.headers[key.toLowerCase()] : null;
-    if (header) return header;
-
-    // Work around Mozilla bug #608735 [https://bugzil.la/608735], which causes
-    // getAllResponseHeaders() to return {} if the response is a CORS request.
-    // xhr.getHeader still works correctly.
-    if (isSafeHeader(key)) {
-      return this.xhr.getResponseHeader(key);
-    }
-    return null;
-};
-
-Response.prototype.handle = function () {
-    var xhr = this.xhr;
-    if (xhr.readyState === 2 && capable.status2) {
-        try {
-            this.statusCode = xhr.status;
-            this.headers = parseHeaders(xhr);
-        }
-        catch (err) {
-            capable.status2 = false;
-        }
-        
-        if (capable.status2) {
-            this.emit('ready');
-        }
-    }
-    else if (capable.streaming && xhr.readyState === 3) {
-        try {
-            if (!this.statusCode) {
-                this.statusCode = xhr.status;
-                this.headers = parseHeaders(xhr);
-                this.emit('ready');
-            }
-        }
-        catch (err) {}
-        
-        try {
-            this.write();
-        }
-        catch (err) {
-            capable.streaming = false;
-        }
-    }
-    else if (xhr.readyState === 4) {
-        if (!this.statusCode) {
-            this.statusCode = xhr.status;
-            this.emit('ready');
-        }
-        this.write();
-        
-        if (xhr.error) {
-            this.emit('error', xhr.responseText);
-        }
-        else this.emit('end');
-    }
-};
-
-Response.prototype.write = function () {
-    var xhr = this.xhr;
-    if (xhr.responseText.length > this.offset) {
-        this.emit('data', xhr.responseText.slice(this.offset));
-        this.offset = xhr.responseText.length;
-    }
-};
-
-});
-
-require.define("/node_modules/http-browserify/lib/isSafeHeader.js", function (require, module, exports, __dirname, __filename) {
-    // Taken from http://dxr.mozilla.org/mozilla/mozilla-central/content/base/src/nsXMLHttpRequest.cpp.html
-var unsafeHeaders = [
-    "accept-charset",
-    "accept-encoding",
-    "access-control-request-headers",
-    "access-control-request-method",
-    "connection",
-    "content-length",
-    "cookie",
-    "cookie2",
-    "content-transfer-encoding",
-    "date",
-    "expect",
-    "host",
-    "keep-alive",
-    "origin",
-    "referer",
-    "set-cookie",
-    "te",
-    "trailer",
-    "transfer-encoding",
-    "upgrade",
-    "user-agent",
-    "via"
-];
-
-module.exports = function (headerName) {
-    if (!headerName) return false;
-    return (unsafeHeaders.indexOf(headerName.toLowerCase()) === -1)
-};
-
-});
-
-require.alias("http-browserify", "/node_modules/http");
-
-require.alias("http-browserify", "/node_modules/https");
\ No newline at end of file
diff --git a/api/files/swagger-oauth.js b/api/files/swagger-oauth.js
deleted file mode 100644
index 167c5ce30f4..00000000000
--- a/api/files/swagger-oauth.js
+++ /dev/null
@@ -1,211 +0,0 @@
-var appName;
-var popupMask;
-var popupDialog;
-var clientId;
-var realm;
-
-function handleLogin() {
-  var scopes = [];
-
-  if(window.swaggerUi.api.authSchemes 
-    && window.swaggerUi.api.authSchemes.oauth2
-    && window.swaggerUi.api.authSchemes.oauth2.scopes) {
-    scopes = window.swaggerUi.api.authSchemes.oauth2.scopes;
-  }
-
-  if(window.swaggerUi.api
-    && window.swaggerUi.api.info) {
-    appName = window.swaggerUi.api.info.title;
-  }
-
-  if(popupDialog.length > 0)
-    popupDialog = popupDialog.last();
-  else {
-    popupDialog = $(
-      [
-        '<div class="api-popup-dialog">',
-        '<div class="api-popup-title">Select OAuth2.0 Scopes</div>',
-        '<div class="api-popup-content">',
-          '<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.',
-            '<a href="#">Learn how to use</a>',
-          '</p>',
-          '<p><strong>' + appName + '</strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>',
-          '<ul class="api-popup-scopes">',
-          '</ul>',
-          '<p class="error-msg"></p>',
-          '<div class="api-popup-actions"><button class="api-popup-authbtn api-button green" type="button">Authorize</button><button class="api-popup-cancel api-button gray" type="button">Cancel</button></div>',
-        '</div>',
-        '</div>'].join(''));
-    $(document.body).append(popupDialog);
-
-    popup = popupDialog.find('ul.api-popup-scopes').empty();
-    for (i = 0; i < scopes.length; i ++) {
-      scope = scopes[i];
-      str = '<li><input type="checkbox" id="scope_' + i + '" scope="' + scope.scope + '"/>' + '<label for="scope_' + i + '">' + scope.scope;
-      if (scope.description) {
-        str += '<br/><span class="api-scope-desc">' + scope.description + '</span>';
-      }
-      str += '</label></li>';
-      popup.append(str);
-    }
-  }
-
-  var $win = $(window),
-    dw = $win.width(),
-    dh = $win.height(),
-    st = $win.scrollTop(),
-    dlgWd = popupDialog.outerWidth(),
-    dlgHt = popupDialog.outerHeight(),
-    top = (dh -dlgHt)/2 + st,
-    left = (dw - dlgWd)/2;
-
-  popupDialog.css({
-    top: (top < 0? 0 : top) + 'px',
-    left: (left < 0? 0 : left) + 'px'
-  });
-
-  popupDialog.find('button.api-popup-cancel').click(function() {
-    popupMask.hide();
-    popupDialog.hide();
-  });
-  popupDialog.find('button.api-popup-authbtn').click(function() {
-    popupMask.hide();
-    popupDialog.hide();
-
-    var authSchemes = window.swaggerUi.api.authSchemes;
-    var host = window.location;
-    var redirectUrl = host.protocol + '//' + host.host + "/o2c.html";
-    var url = null;
-
-    var p = window.swaggerUi.api.authSchemes;
-    for (var key in p) {
-      if (p.hasOwnProperty(key)) {
-        var o = p[key].grantTypes;
-        for(var t in o) {
-          if(o.hasOwnProperty(t) && t === 'implicit') {
-            var dets = o[t];
-            url = dets.loginEndpoint.url + "?response_type=token";
-            window.swaggerUi.tokenName = dets.tokenName;
-          }
-        }
-      }
-    }
-    var scopes = []
-    var o = $('.api-popup-scopes').find('input:checked');
-
-    for(k =0; k < o.length; k++) {
-      scopes.push($(o[k]).attr("scope"));
-    }
-
-    window.enabledScopes=scopes;
-
-    url += '&redirect_uri=' + encodeURIComponent(redirectUrl);
-    url += '&realm=' + encodeURIComponent(realm);
-    url += '&client_id=' + encodeURIComponent(clientId);
-    url += '&scope=' + encodeURIComponent(scopes);
-
-    window.open(url);
-  });
-
-  popupMask.show();
-  popupDialog.show();
-  return;
-}
-
-
-function handleLogout() {
-  for(key in window.authorizations.authz){
-    window.authorizations.remove(key)
-  }
-  window.enabledScopes = null;
-  $('.api-ic.ic-on').addClass('ic-off');
-  $('.api-ic.ic-on').removeClass('ic-on');
-
-  // set the info box
-  $('.api-ic.ic-warning').addClass('ic-error');
-  $('.api-ic.ic-warning').removeClass('ic-warning');
-}
-
-function initOAuth(opts) {
-  var o = (opts||{});
-  var errors = [];
-
-  appName = (o.appName||errors.push("missing appName"));
-  popupMask = (o.popupMask||$('#api-common-mask'));
-  popupDialog = (o.popupDialog||$('.api-popup-dialog'));
-  clientId = (o.clientId||errors.push("missing client id"));
-  realm = (o.realm||errors.push("missing realm"));
-
-  if(errors.length > 0){
-    log("auth unable initialize oauth: " + errors);
-    return;
-  }
-
-  $('pre code').each(function(i, e) {hljs.highlightBlock(e)});
-  $('.api-ic').click(function(s) {
-    if($(s.target).hasClass('ic-off'))
-      handleLogin();
-    else {
-      handleLogout();
-    }
-    false;
-  });
-}
-
-function onOAuthComplete(token) {
-  if(token) {
-    if(token.error) {
-      var checkbox = $('input[type=checkbox],.secured')
-      checkbox.each(function(pos){
-        checkbox[pos].checked = false;
-      });
-      alert(token.error);
-    }
-    else {
-      var b = token[window.swaggerUi.tokenName];
-      if(b){
-        // if all roles are satisfied
-        var o = null;
-        $.each($('.auth #api_information_panel'), function(k, v) {
-          var children = v;
-          if(children && children.childNodes) {
-            var requiredScopes = [];
-            $.each((children.childNodes), function (k1, v1){
-              var inner = v1.innerHTML;
-              if(inner)
-                requiredScopes.push(inner);
-            });
-            var diff = [];
-            for(var i=0; i < requiredScopes.length; i++) {
-              var s = requiredScopes[i];
-              if(window.enabledScopes && window.enabledScopes.indexOf(s) == -1) {
-                diff.push(s);
-              }
-            }
-            if(diff.length > 0){
-              o = v.parentNode;
-              $(o.parentNode).find('.api-ic.ic-on').addClass('ic-off');
-              $(o.parentNode).find('.api-ic.ic-on').removeClass('ic-on');
-
-              // sorry, not all scopes are satisfied
-              $(o).find('.api-ic').addClass('ic-warning');
-              $(o).find('.api-ic').removeClass('ic-error');
-            }
-            else {
-              o = v.parentNode;
-              $(o.parentNode).find('.api-ic.ic-off').addClass('ic-on');
-              $(o.parentNode).find('.api-ic.ic-off').removeClass('ic-off');
-
-              // all scopes are satisfied
-              $(o).find('.api-ic').addClass('ic-info');
-              $(o).find('.api-ic').removeClass('ic-warning');
-              $(o).find('.api-ic').removeClass('ic-error');          
-            }
-          }
-        });
-
-        window.authorizations.add("oauth2", new ApiKeyAuthorization("Authorization", "Bearer " + b, "header"));
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/api/files/swagger-ui.js b/api/files/swagger-ui.js
deleted file mode 100644
index f659845225c..00000000000
--- a/api/files/swagger-ui.js
+++ /dev/null
@@ -1,2315 +0,0 @@
-// swagger-ui.js
-// version 2.0.21
-$(function() {
-
-	// Helper function for vertically aligning DOM elements
-	// http://www.seodenver.com/simple-vertical-align-plugin-for-jquery/
-	$.fn.vAlign = function() {
-		return this.each(function(i){
-		var ah = $(this).height();
-		var ph = $(this).parent().height();
-		var mh = (ph - ah) / 2;
-		$(this).css('margin-top', mh);
-		});
-	};
-
-	$.fn.stretchFormtasticInputWidthToParent = function() {
-		return this.each(function(i){
-		var p_width = $(this).closest("form").innerWidth();
-		var p_padding = parseInt($(this).closest("form").css('padding-left') ,10) + parseInt($(this).closest("form").css('padding-right'), 10);
-		var this_padding = parseInt($(this).css('padding-left'), 10) + parseInt($(this).css('padding-right'), 10);
-		$(this).css('width', p_width - p_padding - this_padding);
-		});
-	};
-
-	$('form.formtastic li.string input, form.formtastic textarea').stretchFormtasticInputWidthToParent();
-
-	// Vertically center these paragraphs
-	// Parent may need a min-height for this to work..
-	$('ul.downplayed li div.content p').vAlign();
-
-	// When a sandbox form is submitted..
-	$("form.sandbox").submit(function(){
-
-		var error_free = true;
-
-		// Cycle through the forms required inputs
- 		$(this).find("input.required").each(function() {
-
-			// Remove any existing error styles from the input
-			$(this).removeClass('error');
-
-			// Tack the error style on if the input is empty..
-			if ($(this).val() == '') {
-				$(this).addClass('error');
-				$(this).wiggle();
-				error_free = false;
-			}
-
-		});
-
-		return error_free;
-	});
-
-});
-
-function clippyCopiedCallback(a) {
-  $('#api_key_copied').fadeIn().delay(1000).fadeOut();
-
-  // var b = $("#clippy_tooltip_" + a);
-  // b.length != 0 && (b.attr("title", "copied!").trigger("tipsy.reload"), setTimeout(function() {
-  //   b.attr("title", "copy to clipboard")
-  // },
-  // 500))
-}
-
-// Logging function that accounts for browsers that don't have window.console
-log = function(){
-  log.history = log.history || [];
-  log.history.push(arguments);
-  if(this.console){
-    console.log( Array.prototype.slice.call(arguments)[0] );
-  }
-};
-
-// Handle browsers that do console incorrectly (IE9 and below, see http://stackoverflow.com/a/5539378/7913)
-if (Function.prototype.bind && console && typeof console.log == "object") {
-    [
-      "log","info","warn","error","assert","dir","clear","profile","profileEnd"
-    ].forEach(function (method) {
-        console[method] = this.bind(console[method], console);
-    }, Function.prototype.call);
-}
-
-var Docs = {
-
-	shebang: function() {
-
-		// If shebang has an operation nickname in it..
-		// e.g. /docs/#!/words/get_search
-		var fragments = $.param.fragment().split('/');
-		fragments.shift(); // get rid of the bang
-
-		switch (fragments.length) {
-			case 1:
-				// Expand all operations for the resource and scroll to it
-				log('shebang resource:' + fragments[0]);
-				var dom_id = 'resource_' + fragments[0];
-
-				Docs.expandEndpointListForResource(fragments[0]);
-				$("#"+dom_id).slideto({highlight: false});
-				break;
-			case 2:
-				// Refer to the endpoint DOM element, e.g. #words_get_search
-				log('shebang endpoint: ' + fragments.join('_'));
-
-        // Expand Resource
-        Docs.expandEndpointListForResource(fragments[0]);
-        $("#"+dom_id).slideto({highlight: false});
-
-        // Expand operation
-				var li_dom_id = fragments.join('_');
-				var li_content_dom_id = li_dom_id + "_content";
-
-        log("li_dom_id " + li_dom_id);
-        log("li_content_dom_id " + li_content_dom_id);
-
-				Docs.expandOperation($('#'+li_content_dom_id));
-				$('#'+li_dom_id).slideto({highlight: false});
-				break;
-		}
-
-	},
-
-	toggleEndpointListForResource: function(resource) {
-		var elem = $('li#resource_' + Docs.escapeResourceName(resource) + ' ul.endpoints');
-		if (elem.is(':visible')) {
-			Docs.collapseEndpointListForResource(resource);
-		} else {
-			Docs.expandEndpointListForResource(resource);
-		}
-	},
-
-	// Expand resource
-	expandEndpointListForResource: function(resource) {
-		var resource = Docs.escapeResourceName(resource);
-		if (resource == '') {
-			$('.resource ul.endpoints').slideDown();
-			return;
-		}
-		
-		$('li#resource_' + resource).addClass('active');
-
-		var elem = $('li#resource_' + resource + ' ul.endpoints');
-		elem.slideDown();
-	},
-
-	// Collapse resource and mark as explicitly closed
-	collapseEndpointListForResource: function(resource) {
-		var resource = Docs.escapeResourceName(resource);
-		$('li#resource_' + resource).removeClass('active');
-
-		var elem = $('li#resource_' + resource + ' ul.endpoints');
-		elem.slideUp();
-	},
-
-	expandOperationsForResource: function(resource) {
-		// Make sure the resource container is open..
-		Docs.expandEndpointListForResource(resource);
-		
-		if (resource == '') {
-			$('.resource ul.endpoints li.operation div.content').slideDown();
-			return;
-		}
-
-		$('li#resource_' + Docs.escapeResourceName(resource) + ' li.operation div.content').each(function() {
-			Docs.expandOperation($(this));
-		});
-	},
-
-	collapseOperationsForResource: function(resource) {
-		// Make sure the resource container is open..
-		Docs.expandEndpointListForResource(resource);
-
-		$('li#resource_' + Docs.escapeResourceName(resource) + ' li.operation div.content').each(function() {
-			Docs.collapseOperation($(this));
-		});
-	},
-
-	escapeResourceName: function(resource) {
-		return resource.replace(/[!"#$%&'()*+,.\/:;<=>?@\[\\\]\^`{|}~]/g, "\\$&");
-	},
-
-	expandOperation: function(elem) {
-		elem.slideDown();
-	},
-
-	collapseOperation: function(elem) {
-		elem.slideUp();
-	}
-};(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['content_type'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n  ";
-  stack1 = helpers.each.call(depth0, depth0.produces, {hash:{},inverse:self.noop,fn:self.program(2, program2, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n";
-  return buffer;
-  }
-function program2(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n	<option value=\"";
-  stack1 = (typeof depth0 === functionType ? depth0.apply(depth0) : depth0);
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\">";
-  stack1 = (typeof depth0 === functionType ? depth0.apply(depth0) : depth0);
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</option>\n	";
-  return buffer;
-  }
-
-function program4(depth0,data) {
-  
-  
-  return "\n  <option value=\"application/json\">application/json</option>\n";
-  }
-
-  buffer += "<label for=\"contentType\"></label>\n<select name=\"contentType\">\n";
-  stack1 = helpers['if'].call(depth0, depth0.produces, {hash:{},inverse:self.program(4, program4, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</select>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['main'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression, self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1, stack2;
-  buffer += "\n    <div class=\"info_title\">"
-    + escapeExpression(((stack1 = ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.title)),typeof stack1 === functionType ? stack1.apply(depth0) : stack1))
-    + "</div>\n    <div class=\"info_description\">";
-  stack2 = ((stack1 = ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.description)),typeof stack1 === functionType ? stack1.apply(depth0) : stack1);
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "</div>\n    ";
-  stack2 = helpers['if'].call(depth0, ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.termsOfServiceUrl), {hash:{},inverse:self.noop,fn:self.program(2, program2, data),data:data});
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "\n    ";
-  stack2 = helpers['if'].call(depth0, ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.contact), {hash:{},inverse:self.noop,fn:self.program(4, program4, data),data:data});
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "\n    ";
-  stack2 = helpers['if'].call(depth0, ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.license), {hash:{},inverse:self.noop,fn:self.program(6, program6, data),data:data});
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "\n  ";
-  return buffer;
-  }
-function program2(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "<div class=\"info_tos\"><a href=\""
-    + escapeExpression(((stack1 = ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.termsOfServiceUrl)),typeof stack1 === functionType ? stack1.apply(depth0) : stack1))
-    + "\">Terms of service</a></div>";
-  return buffer;
-  }
-
-function program4(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "<div class='info_contact'><a href=\"mailto:"
-    + escapeExpression(((stack1 = ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.contact)),typeof stack1 === functionType ? stack1.apply(depth0) : stack1))
-    + "\">Contact the developer</a></div>";
-  return buffer;
-  }
-
-function program6(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "<div class='info_license'><a href='"
-    + escapeExpression(((stack1 = ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.licenseUrl)),typeof stack1 === functionType ? stack1.apply(depth0) : stack1))
-    + "'>"
-    + escapeExpression(((stack1 = ((stack1 = depth0.info),stack1 == null || stack1 === false ? stack1 : stack1.license)),typeof stack1 === functionType ? stack1.apply(depth0) : stack1))
-    + "</a></div>";
-  return buffer;
-  }
-
-function program8(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        , <span style=\"font-variant: small-caps\">api version</span>: ";
-  if (stack1 = helpers.apiVersion) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.apiVersion; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "\n        ";
-  return buffer;
-  }
-
-  buffer += "<div class='info' id='api_info'>\n  ";
-  stack1 = helpers['if'].call(depth0, depth0.info, {hash:{},inverse:self.noop,fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</div>\n<div class='container' id='resources_container'>\n    <ul id='resources'>\n    </ul>\n\n    <div class=\"footer\">\n        <br>\n        <br>\n        <h4 style=\"color: #999\">[ <span style=\"font-variant: small-caps\">base url</span>: ";
-  if (stack1 = helpers.basePath) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.basePath; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "\n        ";
-  stack1 = helpers['if'].call(depth0, depth0.apiVersion, {hash:{},inverse:self.noop,fn:self.program(8, program8, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "]</h4>\n    </div>\n</div>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['operation'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, options, functionType="function", escapeExpression=this.escapeExpression, self=this, blockHelperMissing=helpers.blockHelperMissing;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        <h4>Implementation Notes</h4>\n        <p>";
-  if (stack1 = helpers.notes) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.notes; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</p>\n        ";
-  return buffer;
-  }
-
-function program3(depth0,data) {
-  
-  
-  return "\n        <div class=\"auth\">\n        <span class=\"api-ic ic-error\"></span>";
-  }
-
-function program5(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n          <div id=\"api_information_panel\" style=\"top: 526px; left: 776px; display: none;\">\n          ";
-  stack1 = helpers.each.call(depth0, depth0, {hash:{},inverse:self.noop,fn:self.program(6, program6, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n          </div>\n        ";
-  return buffer;
-  }
-function program6(depth0,data) {
-  
-  var buffer = "", stack1, stack2;
-  buffer += "\n            <div title='";
-  stack2 = ((stack1 = depth0.description),typeof stack1 === functionType ? stack1.apply(depth0) : stack1);
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "'>"
-    + escapeExpression(((stack1 = depth0.scope),typeof stack1 === functionType ? stack1.apply(depth0) : stack1))
-    + "</div>\n          ";
-  return buffer;
-  }
-
-function program8(depth0,data) {
-  
-  
-  return "</div>";
-  }
-
-function program10(depth0,data) {
-  
-  
-  return "\n        <div class='access'>\n          <span class=\"api-ic ic-off\" title=\"click to authenticate\"></span>\n        </div>\n        ";
-  }
-
-function program12(depth0,data) {
-  
-  
-  return "\n          <h4>Response Class</h4>\n          <p><span class=\"model-signature\" /></p>\n          <br/>\n          <div class=\"response-content-type\" />\n        ";
-  }
-
-function program14(depth0,data) {
-  
-  
-  return "\n          <h4>Parameters</h4>\n          <table class='fullwidth'>\n          <thead>\n            <tr>\n            <th style=\"width: 100px; max-width: 100px\">Parameter</th>\n            <th style=\"width: 310px; max-width: 310px\">Value</th>\n            <th style=\"width: 200px; max-width: 200px\">Description</th>\n            <th style=\"width: 100px; max-width: 100px\">Parameter Type</th>\n            <th style=\"width: 220px; max-width: 230px\">Data Type</th>\n            </tr>\n          </thead>\n          <tbody class=\"operation-params\">\n\n          </tbody>\n          </table>\n          ";
-  }
-
-function program16(depth0,data) {
-  
-  
-  return "\n          <div style='margin:0;padding:0;display:inline'></div>\n          <h4>Response Messages</h4>\n          <table class='fullwidth'>\n            <thead>\n            <tr>\n              <th>HTTP Status Code</th>\n              <th>Reason</th>\n              <th>Response Model</th>\n            </tr>\n            </thead>\n            <tbody class=\"operation-status\">\n            \n            </tbody>\n          </table>\n          ";
-  }
-
-function program18(depth0,data) {
-  
-  
-  return "\n          ";
-  }
-
-function program20(depth0,data) {
-  
-  
-  return "\n          <div class='sandbox_header'>\n            <input class='submit' name='commit' type='button' value='Try it out!' />\n            <a href='#' class='response_hider' style='display:none'>Hide Response</a>\n            <img alt='Throbber' class='response_throbber' src='images/throbber.gif' style='display:none' />\n          </div>\n          ";
-  }
-
-  buffer += "\n  <ul class='operations' >\n    <li class='";
-  if (stack1 = helpers.method) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.method; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + " operation' id='";
-  if (stack1 = helpers.parentId) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.parentId; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "_";
-  if (stack1 = helpers.nickname) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.nickname; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>\n      <div class='heading'>\n        <h3>\n          <span class='http_method'>\n          <a href='#!/";
-  if (stack1 = helpers.parentId) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.parentId; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "/";
-  if (stack1 = helpers.nickname) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.nickname; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' class=\"toggleOperation\">";
-  if (stack1 = helpers.method) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.method; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</a>\n          </span>\n          <span class='path'>\n          <a href='#!/";
-  if (stack1 = helpers.parentId) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.parentId; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "/";
-  if (stack1 = helpers.nickname) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.nickname; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' class=\"toggleOperation\">";
-  if (stack1 = helpers.path) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.path; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</a>\n          </span>\n        </h3>\n        <ul class='options'>\n          <li>\n          <a href='#!/";
-  if (stack1 = helpers.parentId) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.parentId; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "/";
-  if (stack1 = helpers.nickname) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.nickname; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' class=\"toggleOperation\">";
-  if (stack1 = helpers.summary) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.summary; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</a>\n          </li>\n        </ul>\n      </div>\n      <div class='content' id='";
-  if (stack1 = helpers.parentId) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.parentId; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "_";
-  if (stack1 = helpers.nickname) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.nickname; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "_content' style='display:none'>\n        ";
-  stack1 = helpers['if'].call(depth0, depth0.notes, {hash:{},inverse:self.noop,fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        ";
-  options = {hash:{},inverse:self.noop,fn:self.program(3, program3, data),data:data};
-  if (stack1 = helpers.oauth) { stack1 = stack1.call(depth0, options); }
-  else { stack1 = depth0.oauth; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if (!helpers.oauth) { stack1 = blockHelperMissing.call(depth0, stack1, options); }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        ";
-  stack1 = helpers.each.call(depth0, depth0.oauth, {hash:{},inverse:self.noop,fn:self.program(5, program5, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        ";
-  options = {hash:{},inverse:self.noop,fn:self.program(8, program8, data),data:data};
-  if (stack1 = helpers.oauth) { stack1 = stack1.call(depth0, options); }
-  else { stack1 = depth0.oauth; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if (!helpers.oauth) { stack1 = blockHelperMissing.call(depth0, stack1, options); }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        ";
-  options = {hash:{},inverse:self.noop,fn:self.program(10, program10, data),data:data};
-  if (stack1 = helpers.oauth) { stack1 = stack1.call(depth0, options); }
-  else { stack1 = depth0.oauth; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if (!helpers.oauth) { stack1 = blockHelperMissing.call(depth0, stack1, options); }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        ";
-  stack1 = helpers['if'].call(depth0, depth0.type, {hash:{},inverse:self.noop,fn:self.program(12, program12, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        <form accept-charset='UTF-8' class='sandbox'>\n          <div style='margin:0;padding:0;display:inline'></div>\n          ";
-  stack1 = helpers['if'].call(depth0, depth0.parameters, {hash:{},inverse:self.noop,fn:self.program(14, program14, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n          ";
-  stack1 = helpers['if'].call(depth0, depth0.responseMessages, {hash:{},inverse:self.noop,fn:self.program(16, program16, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n          ";
-  stack1 = helpers['if'].call(depth0, depth0.isReadOnly, {hash:{},inverse:self.program(20, program20, data),fn:self.program(18, program18, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n        </form>\n        <div class='response' style='display:none'>\n          <h4>Request URL</h4>\n          <div class='block request_url'></div>\n          <h4>Response Body</h4>\n          <div class='block response_body'></div>\n          <h4>Response Code</h4>\n          <div class='block response_code'></div>\n          <h4>Response Headers</h4>\n          <div class='block response_headers'></div>\n        </div>\n      </div>\n    </li>\n  </ul>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['param'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression, self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n		";
-  stack1 = helpers['if'].call(depth0, depth0.isFile, {hash:{},inverse:self.program(4, program4, data),fn:self.program(2, program2, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n	";
-  return buffer;
-  }
-function program2(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			<input type=\"file\" name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'/>\n			<div class=\"parameter-content-type\" />\n		";
-  return buffer;
-  }
-
-function program4(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(7, program7, data),fn:self.program(5, program5, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n		";
-  return buffer;
-  }
-function program5(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<textarea class='body-textarea' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</textarea>\n			";
-  return buffer;
-  }
-
-function program7(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<textarea class='body-textarea' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'></textarea>\n				<br />\n				<div class=\"parameter-content-type\" />\n			";
-  return buffer;
-  }
-
-function program9(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n		";
-  stack1 = helpers['if'].call(depth0, depth0.isFile, {hash:{},inverse:self.program(10, program10, data),fn:self.program(2, program2, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n	";
-  return buffer;
-  }
-function program10(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(13, program13, data),fn:self.program(11, program11, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n		";
-  return buffer;
-  }
-function program11(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<input class='parameter' minlength='0' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' placeholder='' type='text' value='";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'/>\n			";
-  return buffer;
-  }
-
-function program13(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<input class='parameter' minlength='0' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' placeholder='' type='text' value=''/>\n			";
-  return buffer;
-  }
-
-  buffer += "<td class='code'>";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</td>\n<td>\n\n	";
-  stack1 = helpers['if'].call(depth0, depth0.isBody, {hash:{},inverse:self.program(9, program9, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n\n</td>\n<td>";
-  if (stack1 = helpers.description) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.description; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td>";
-  if (stack1 = helpers.paramType) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.paramType; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td>\n	<span class=\"model-signature\"></span>\n</td>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['param_list'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, stack2, options, self=this, helperMissing=helpers.helperMissing, functionType="function", escapeExpression=this.escapeExpression;
-
-function program1(depth0,data) {
-  
-  
-  return " multiple='multiple'";
-  }
-
-function program3(depth0,data) {
-  
-  
-  return "\n    ";
-  }
-
-function program5(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n      ";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(8, program8, data),fn:self.program(6, program6, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n    ";
-  return buffer;
-  }
-function program6(depth0,data) {
-  
-  
-  return "\n      ";
-  }
-
-function program8(depth0,data) {
-  
-  var buffer = "", stack1, stack2, options;
-  buffer += "\n        ";
-  options = {hash:{},inverse:self.program(11, program11, data),fn:self.program(9, program9, data),data:data};
-  stack2 = ((stack1 = helpers.isArray || depth0.isArray),stack1 ? stack1.call(depth0, depth0, options) : helperMissing.call(depth0, "isArray", depth0, options));
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "\n      ";
-  return buffer;
-  }
-function program9(depth0,data) {
-  
-  
-  return "\n        ";
-  }
-
-function program11(depth0,data) {
-  
-  
-  return "\n          <option selected=\"\" value=''></option>\n        ";
-  }
-
-function program13(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n      ";
-  stack1 = helpers['if'].call(depth0, depth0.isDefault, {hash:{},inverse:self.program(16, program16, data),fn:self.program(14, program14, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n    ";
-  return buffer;
-  }
-function program14(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        <option selected=\"\" value='";
-  if (stack1 = helpers.value) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.value; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>";
-  if (stack1 = helpers.value) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.value; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + " (default)</option>\n      ";
-  return buffer;
-  }
-
-function program16(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        <option value='";
-  if (stack1 = helpers.value) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.value; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>";
-  if (stack1 = helpers.value) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.value; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</option>\n      ";
-  return buffer;
-  }
-
-  buffer += "<td class='code'>";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</td>\n<td>\n  <select ";
-  options = {hash:{},inverse:self.noop,fn:self.program(1, program1, data),data:data};
-  stack2 = ((stack1 = helpers.isArray || depth0.isArray),stack1 ? stack1.call(depth0, depth0, options) : helperMissing.call(depth0, "isArray", depth0, options));
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += " class='parameter' name='";
-  if (stack2 = helpers.name) { stack2 = stack2.call(depth0, {hash:{},data:data}); }
-  else { stack2 = depth0.name; stack2 = typeof stack2 === functionType ? stack2.apply(depth0) : stack2; }
-  buffer += escapeExpression(stack2)
-    + "'>\n    ";
-  stack2 = helpers['if'].call(depth0, depth0.required, {hash:{},inverse:self.program(5, program5, data),fn:self.program(3, program3, data),data:data});
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "\n    ";
-  stack2 = helpers.each.call(depth0, ((stack1 = depth0.allowableValues),stack1 == null || stack1 === false ? stack1 : stack1.descriptiveValues), {hash:{},inverse:self.noop,fn:self.program(13, program13, data),data:data});
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "\n  </select>\n</td>\n<td>";
-  if (stack2 = helpers.description) { stack2 = stack2.call(depth0, {hash:{},data:data}); }
-  else { stack2 = depth0.description; stack2 = typeof stack2 === functionType ? stack2.apply(depth0) : stack2; }
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "</td>\n<td>";
-  if (stack2 = helpers.paramType) { stack2 = stack2.call(depth0, {hash:{},data:data}); }
-  else { stack2 = depth0.paramType; stack2 = typeof stack2 === functionType ? stack2.apply(depth0) : stack2; }
-  if(stack2 || stack2 === 0) { buffer += stack2; }
-  buffer += "</td>\n<td><span class=\"model-signature\"></span></td>";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['param_readonly'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression, self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        <textarea class='body-textarea' readonly='readonly' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</textarea>\n    ";
-  return buffer;
-  }
-
-function program3(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        ";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(6, program6, data),fn:self.program(4, program4, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n    ";
-  return buffer;
-  }
-function program4(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n            ";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "\n        ";
-  return buffer;
-  }
-
-function program6(depth0,data) {
-  
-  
-  return "\n            (empty)\n        ";
-  }
-
-  buffer += "<td class='code'>";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</td>\n<td>\n    ";
-  stack1 = helpers['if'].call(depth0, depth0.isBody, {hash:{},inverse:self.program(3, program3, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</td>\n<td>";
-  if (stack1 = helpers.description) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.description; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td>";
-  if (stack1 = helpers.paramType) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.paramType; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td><span class=\"model-signature\"></span></td>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['param_readonly_required'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression, self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        <textarea class='body-textarea'  readonly='readonly' placeholder='(required)' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</textarea>\n    ";
-  return buffer;
-  }
-
-function program3(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n        ";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(6, program6, data),fn:self.program(4, program4, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n    ";
-  return buffer;
-  }
-function program4(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n            ";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "\n        ";
-  return buffer;
-  }
-
-function program6(depth0,data) {
-  
-  
-  return "\n            (empty)\n        ";
-  }
-
-  buffer += "<td class='code required'>";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</td>\n<td>\n    ";
-  stack1 = helpers['if'].call(depth0, depth0.isBody, {hash:{},inverse:self.program(3, program3, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</td>\n<td>";
-  if (stack1 = helpers.description) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.description; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td>";
-  if (stack1 = helpers.paramType) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.paramType; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td><span class=\"model-signature\"></span></td>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['param_required'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression, self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n		";
-  stack1 = helpers['if'].call(depth0, depth0.isFile, {hash:{},inverse:self.program(4, program4, data),fn:self.program(2, program2, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n	";
-  return buffer;
-  }
-function program2(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			<input type=\"file\" name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'/>\n		";
-  return buffer;
-  }
-
-function program4(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(7, program7, data),fn:self.program(5, program5, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n		";
-  return buffer;
-  }
-function program5(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<textarea class='body-textarea' placeholder='(required)' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</textarea>\n			";
-  return buffer;
-  }
-
-function program7(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<textarea class='body-textarea' placeholder='(required)' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'></textarea>\n				<br />\n				<div class=\"parameter-content-type\" />\n			";
-  return buffer;
-  }
-
-function program9(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n		";
-  stack1 = helpers['if'].call(depth0, depth0.isFile, {hash:{},inverse:self.program(12, program12, data),fn:self.program(10, program10, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n	";
-  return buffer;
-  }
-function program10(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			<input class='parameter' class='required' type='file' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'/>\n		";
-  return buffer;
-  }
-
-function program12(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n			";
-  stack1 = helpers['if'].call(depth0, depth0.defaultValue, {hash:{},inverse:self.program(15, program15, data),fn:self.program(13, program13, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n		";
-  return buffer;
-  }
-function program13(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<input class='parameter required' minlength='1' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' placeholder='(required)' type='text' value='";
-  if (stack1 = helpers.defaultValue) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.defaultValue; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'/>\n			";
-  return buffer;
-  }
-
-function program15(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n				<input class='parameter required' minlength='1' name='";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' placeholder='(required)' type='text' value=''/>\n			";
-  return buffer;
-  }
-
-  buffer += "<td class='code required'>";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</td>\n<td>\n	";
-  stack1 = helpers['if'].call(depth0, depth0.isBody, {hash:{},inverse:self.program(9, program9, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</td>\n<td>\n	<strong>";
-  if (stack1 = helpers.description) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.description; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</strong>\n</td>\n<td>";
-  if (stack1 = helpers.paramType) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.paramType; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td><span class=\"model-signature\"></span></td>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['parameter_content_type'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n  ";
-  stack1 = helpers.each.call(depth0, depth0.consumes, {hash:{},inverse:self.noop,fn:self.program(2, program2, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n";
-  return buffer;
-  }
-function program2(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n  <option value=\"";
-  stack1 = (typeof depth0 === functionType ? depth0.apply(depth0) : depth0);
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\">";
-  stack1 = (typeof depth0 === functionType ? depth0.apply(depth0) : depth0);
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</option>\n  ";
-  return buffer;
-  }
-
-function program4(depth0,data) {
-  
-  
-  return "\n  <option value=\"application/json\">application/json</option>\n";
-  }
-
-  buffer += "<label for=\"parameterContentType\"></label>\n<select name=\"parameterContentType\">\n";
-  stack1 = helpers['if'].call(depth0, depth0.consumes, {hash:{},inverse:self.program(4, program4, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</select>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['resource'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, options, functionType="function", escapeExpression=this.escapeExpression, self=this, blockHelperMissing=helpers.blockHelperMissing;
-
-function program1(depth0,data) {
-  
-  
-  return " : ";
-  }
-
-  buffer += "<div class='heading'>\n  <h2>\n    <a href='#!/";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' onclick=\"Docs.toggleEndpointListForResource('";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "');\">";
-  if (stack1 = helpers.name) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.name; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</a> ";
-  options = {hash:{},inverse:self.noop,fn:self.program(1, program1, data),data:data};
-  if (stack1 = helpers.description) { stack1 = stack1.call(depth0, options); }
-  else { stack1 = depth0.description; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if (!helpers.description) { stack1 = blockHelperMissing.call(depth0, stack1, options); }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  if (stack1 = helpers.description) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.description; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n  </h2>\n  <ul class='options'>\n    <li>\n      <a href='#!/";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "' id='endpointListTogger_";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'\n         onclick=\"Docs.toggleEndpointListForResource('";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "');\">Show/Hide</a>\n    </li>\n    <li>\n      <a href='#' onclick=\"Docs.collapseOperationsForResource('";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'); return false;\">\n        List Operations\n      </a>\n    </li>\n    <li>\n      <a href='#' onclick=\"Docs.expandOperationsForResource('";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'); return false;\">\n        Expand Operations\n      </a>\n    </li>\n    <li>\n      <a href='";
-  if (stack1 = helpers.url) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.url; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "'>Raw</a>\n    </li>\n  </ul>\n</div>\n<ul class='endpoints' id='";
-  if (stack1 = helpers.id) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.id; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "_endpoint_list' style='display:none'>\n\n</ul>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['response_content_type'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", self=this;
-
-function program1(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n  ";
-  stack1 = helpers.each.call(depth0, depth0.produces, {hash:{},inverse:self.noop,fn:self.program(2, program2, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n";
-  return buffer;
-  }
-function program2(depth0,data) {
-  
-  var buffer = "", stack1;
-  buffer += "\n  <option value=\"";
-  stack1 = (typeof depth0 === functionType ? depth0.apply(depth0) : depth0);
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\">";
-  stack1 = (typeof depth0 === functionType ? depth0.apply(depth0) : depth0);
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</option>\n  ";
-  return buffer;
-  }
-
-function program4(depth0,data) {
-  
-  
-  return "\n  <option value=\"application/json\">application/json</option>\n";
-  }
-
-  buffer += "<label for=\"responseContentType\"></label>\n<select name=\"responseContentType\">\n";
-  stack1 = helpers['if'].call(depth0, depth0.produces, {hash:{},inverse:self.program(4, program4, data),fn:self.program(1, program1, data),data:data});
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n</select>\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['signature'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression;
-
-
-  buffer += "<div>\n<ul class=\"signature-nav\">\n    <li><a class=\"description-link\" href=\"#\">Model</a></li>\n    <li><a class=\"snippet-link\" href=\"#\">Model Schema</a></li>\n</ul>\n<div>\n\n<div class=\"signature-container\">\n    <div class=\"description\">\n        ";
-  if (stack1 = helpers.signature) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.signature; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "\n    </div>\n\n    <div class=\"snippet\">\n        <pre><code>";
-  if (stack1 = helpers.sampleJSON) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.sampleJSON; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</code></pre>\n        <small class=\"notice\"></small>\n    </div>\n</div>\n\n";
-  return buffer;
-  });
-})();
-
-(function() {
-  var template = Handlebars.template, templates = Handlebars.templates = Handlebars.templates || {};
-templates['status_code'] = template(function (Handlebars,depth0,helpers,partials,data) {
-  this.compilerInfo = [4,'>= 1.0.0'];
-helpers = this.merge(helpers, Handlebars.helpers); data = data || {};
-  var buffer = "", stack1, functionType="function", escapeExpression=this.escapeExpression;
-
-
-  buffer += "<td width='15%' class='code'>";
-  if (stack1 = helpers.code) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.code; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  buffer += escapeExpression(stack1)
-    + "</td>\n<td>";
-  if (stack1 = helpers.message) { stack1 = stack1.call(depth0, {hash:{},data:data}); }
-  else { stack1 = depth0.message; stack1 = typeof stack1 === functionType ? stack1.apply(depth0) : stack1; }
-  if(stack1 || stack1 === 0) { buffer += stack1; }
-  buffer += "</td>\n<td width='50%'><span class=\"model-signature\" /></td>";
-  return buffer;
-  });
-})();
-
-
-
-// Generated by CoffeeScript 1.6.3
-(function() {
-  var ContentTypeView, HeaderView, MainView, OperationView, ParameterContentTypeView, ParameterView, ResourceView, ResponseContentTypeView, SignatureView, StatusCodeView, SwaggerUi, _ref, _ref1, _ref10, _ref2, _ref3, _ref4, _ref5, _ref6, _ref7, _ref8, _ref9,
-    __hasProp = {}.hasOwnProperty,
-    __extends = function(child, parent) { for (var key in parent) { if (__hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; };
-
-  SwaggerUi = (function(_super) {
-    __extends(SwaggerUi, _super);
-
-    function SwaggerUi() {
-      _ref = SwaggerUi.__super__.constructor.apply(this, arguments);
-      return _ref;
-    }
-
-    SwaggerUi.prototype.dom_id = "swagger_ui";
-
-    SwaggerUi.prototype.options = null;
-
-    SwaggerUi.prototype.api = null;
-
-    SwaggerUi.prototype.headerView = null;
-
-    SwaggerUi.prototype.mainView = null;
-
-    SwaggerUi.prototype.initialize = function(options) {
-      var _this = this;
-      if (options == null) {
-        options = {};
-      }
-      if (options.dom_id != null) {
-        this.dom_id = options.dom_id;
-        delete options.dom_id;
-      }
-      if ($('#' + this.dom_id) == null) {
-        $('body').append('<div id="' + this.dom_id + '"></div>');
-      }
-      this.options = options;
-      this.options.success = function() {
-        return _this.render();
-      };
-      this.options.progress = function(d) {
-        return _this.showMessage(d);
-      };
-      this.options.failure = function(d) {
-        return _this.onLoadFailure(d);
-      };
-      this.headerView = new HeaderView({
-        el: $('#header')
-      });
-      return this.headerView.on('update-swagger-ui', function(data) {
-        return _this.updateSwaggerUi(data);
-      });
-    };
-
-    SwaggerUi.prototype.updateSwaggerUi = function(data) {
-      this.options.url = data.url;
-      return this.load();
-    };
-
-    SwaggerUi.prototype.load = function() {
-      var url, _ref1;
-      if ((_ref1 = this.mainView) != null) {
-        _ref1.clear();
-      }
-      url = this.options.url;
-      if (url.indexOf("http") !== 0) {
-        url = this.buildUrl(window.location.href.toString(), url);
-      }
-      this.options.url = url;
-      this.headerView.update(url);
-      this.api = new SwaggerApi(this.options);
-      this.api.build();
-      return this.api;
-    };
-
-    SwaggerUi.prototype.render = function() {
-      var _this = this;
-      this.showMessage('Finished Loading Resource Information. Rendering Swagger UI...');
-      this.mainView = new MainView({
-        model: this.api,
-        el: $('#' + this.dom_id),
-        swaggerOptions: this.options
-      }).render();
-      this.showMessage();
-      switch (this.options.docExpansion) {
-        case "full":
-          Docs.expandOperationsForResource('');
-          break;
-        case "list":
-          Docs.collapseOperationsForResource('');
-      }
-      if (this.options.onComplete) {
-        this.options.onComplete(this.api, this);
-      }
-      return setTimeout(function() {
-        return Docs.shebang();
-      }, 400);
-    };
-
-    SwaggerUi.prototype.buildUrl = function(base, url) {
-      var endOfPath, parts;
-      log("base is " + base);
-      if (url.indexOf("/") === 0) {
-        parts = base.split("/");
-        base = parts[0] + "//" + parts[2];
-        return base + url;
-      } else {
-        endOfPath = base.length;
-        if (base.indexOf("?") > -1) {
-          endOfPath = Math.min(endOfPath, base.indexOf("?"));
-        }
-        if (base.indexOf("#") > -1) {
-          endOfPath = Math.min(endOfPath, base.indexOf("#"));
-        }
-        base = base.substring(0, endOfPath);
-        if (base.indexOf("/", base.length - 1) !== -1) {
-          return base + url;
-        }
-        return base + "/" + url;
-      }
-    };
-
-    SwaggerUi.prototype.showMessage = function(data) {
-      if (data == null) {
-        data = '';
-      }
-      $('#message-bar').removeClass('message-fail');
-      $('#message-bar').addClass('message-success');
-      return $('#message-bar').html(data);
-    };
-
-    SwaggerUi.prototype.onLoadFailure = function(data) {
-      var val;
-      if (data == null) {
-        data = '';
-      }
-      $('#message-bar').removeClass('message-success');
-      $('#message-bar').addClass('message-fail');
-      val = $('#message-bar').html(data);
-      if (this.options.onFailure != null) {
-        this.options.onFailure(data);
-      }
-      return val;
-    };
-
-    return SwaggerUi;
-
-  })(Backbone.Router);
-
-  window.SwaggerUi = SwaggerUi;
-
-  HeaderView = (function(_super) {
-    __extends(HeaderView, _super);
-
-    function HeaderView() {
-      _ref1 = HeaderView.__super__.constructor.apply(this, arguments);
-      return _ref1;
-    }
-
-    HeaderView.prototype.events = {
-      'click #show-pet-store-icon': 'showPetStore',
-      'click #show-wordnik-dev-icon': 'showWordnikDev',
-      'click #explore': 'showCustom',
-      'keyup #input_baseUrl': 'showCustomOnKeyup',
-      'keyup #input_apiKey': 'showCustomOnKeyup'
-    };
-
-    HeaderView.prototype.initialize = function() {};
-
-    HeaderView.prototype.showPetStore = function(e) {
-      return this.trigger('update-swagger-ui', {
-        url: "http://petstore.swagger.wordnik.com/api/api-docs"
-      });
-    };
-
-    HeaderView.prototype.showWordnikDev = function(e) {
-      return this.trigger('update-swagger-ui', {
-        url: "http://api.wordnik.com/v4/resources.json"
-      });
-    };
-
-    HeaderView.prototype.showCustomOnKeyup = function(e) {
-      if (e.keyCode === 13) {
-        return this.showCustom();
-      }
-    };
-
-    HeaderView.prototype.showCustom = function(e) {
-      if (e != null) {
-        e.preventDefault();
-      }
-      return this.trigger('update-swagger-ui', {
-        url: $('#input_baseUrl').val(),
-        apiKey: $('#input_apiKey').val()
-      });
-    };
-
-    HeaderView.prototype.update = function(url, apiKey, trigger) {
-      if (trigger == null) {
-        trigger = false;
-      }
-      $('#input_baseUrl').val(url);
-      if (trigger) {
-        return this.trigger('update-swagger-ui', {
-          url: url
-        });
-      }
-    };
-
-    return HeaderView;
-
-  })(Backbone.View);
-
-  MainView = (function(_super) {
-    var sorters;
-
-    __extends(MainView, _super);
-
-    function MainView() {
-      _ref2 = MainView.__super__.constructor.apply(this, arguments);
-      return _ref2;
-    }
-
-    sorters = {
-      'alpha': function(a, b) {
-        return a.path.localeCompare(b.path);
-      },
-      'method': function(a, b) {
-        return a.method.localeCompare(b.method);
-      }
-    };
-
-    MainView.prototype.initialize = function(opts) {
-      var route, sorter, sorterName, _i, _len, _ref3;
-      if (opts == null) {
-        opts = {};
-      }
-      if (opts.swaggerOptions.sorter) {
-        sorterName = opts.swaggerOptions.sorter;
-        sorter = sorters[sorterName];
-        _ref3 = this.model.apisArray;
-        for (_i = 0, _len = _ref3.length; _i < _len; _i++) {
-          route = _ref3[_i];
-          route.operationsArray.sort(sorter);
-        }
-        if (sorterName === "alpha") {
-          return this.model.apisArray.sort(sorter);
-        }
-      }
-    };
-
-    MainView.prototype.render = function() {
-      var counter, id, resource, resources, _i, _len, _ref3;
-      $(this.el).html(Handlebars.templates.main(this.model));
-      resources = {};
-      counter = 0;
-      _ref3 = this.model.apisArray;
-      for (_i = 0, _len = _ref3.length; _i < _len; _i++) {
-        resource = _ref3[_i];
-        id = resource.name;
-        while (typeof resources[id] !== 'undefined') {
-          id = id + "_" + counter;
-          counter += 1;
-        }
-        resource.id = id;
-        resources[id] = resource;
-        this.addResource(resource);
-      }
-      return this;
-    };
-
-    MainView.prototype.addResource = function(resource) {
-      var resourceView;
-      resourceView = new ResourceView({
-        model: resource,
-        tagName: 'li',
-        id: 'resource_' + resource.id,
-        className: 'resource',
-        swaggerOptions: this.options.swaggerOptions
-      });
-      return $('#resources').append(resourceView.render().el);
-    };
-
-    MainView.prototype.clear = function() {
-      return $(this.el).html('');
-    };
-
-    return MainView;
-
-  })(Backbone.View);
-
-  ResourceView = (function(_super) {
-    __extends(ResourceView, _super);
-
-    function ResourceView() {
-      _ref3 = ResourceView.__super__.constructor.apply(this, arguments);
-      return _ref3;
-    }
-
-    ResourceView.prototype.initialize = function() {};
-
-    ResourceView.prototype.render = function() {
-      var counter, id, methods, operation, _i, _len, _ref4;
-      $(this.el).html(Handlebars.templates.resource(this.model));
-      methods = {};
-      _ref4 = this.model.operationsArray;
-      for (_i = 0, _len = _ref4.length; _i < _len; _i++) {
-        operation = _ref4[_i];
-        counter = 0;
-        id = operation.nickname;
-        while (typeof methods[id] !== 'undefined') {
-          id = id + "_" + counter;
-          counter += 1;
-        }
-        methods[id] = operation;
-        operation.nickname = id;
-        operation.parentId = this.model.id;
-        this.addOperation(operation);
-      }
-      return this;
-    };
-
-    ResourceView.prototype.addOperation = function(operation) {
-      var operationView;
-      operation.number = this.number;
-      operationView = new OperationView({
-        model: operation,
-        tagName: 'li',
-        className: 'endpoint',
-        swaggerOptions: this.options.swaggerOptions
-      });
-      $('.endpoints', $(this.el)).append(operationView.render().el);
-      return this.number++;
-    };
-
-    return ResourceView;
-
-  })(Backbone.View);
-
-  OperationView = (function(_super) {
-    __extends(OperationView, _super);
-
-    function OperationView() {
-      _ref4 = OperationView.__super__.constructor.apply(this, arguments);
-      return _ref4;
-    }
-
-    OperationView.prototype.invocationUrl = null;
-
-    OperationView.prototype.events = {
-      'submit .sandbox': 'submitOperation',
-      'click .submit': 'submitOperation',
-      'click .response_hider': 'hideResponse',
-      'click .toggleOperation': 'toggleOperationContent',
-      'mouseenter .api-ic': 'mouseEnter',
-      'mouseout .api-ic': 'mouseExit'
-    };
-
-    OperationView.prototype.initialize = function() {};
-
-    OperationView.prototype.mouseEnter = function(e) {
-      var elem, hgh, pos, scMaxX, scMaxY, scX, scY, wd, x, y;
-      elem = $(e.currentTarget.parentNode).find('#api_information_panel');
-      x = e.pageX;
-      y = e.pageY;
-      scX = $(window).scrollLeft();
-      scY = $(window).scrollTop();
-      scMaxX = scX + $(window).width();
-      scMaxY = scY + $(window).height();
-      wd = elem.width();
-      hgh = elem.height();
-      if (x + wd > scMaxX) {
-        x = scMaxX - wd;
-      }
-      if (x < scX) {
-        x = scX;
-      }
-      if (y + hgh > scMaxY) {
-        y = scMaxY - hgh;
-      }
-      if (y < scY) {
-        y = scY;
-      }
-      pos = {};
-      pos.top = y;
-      pos.left = x;
-      elem.css(pos);
-      return $(e.currentTarget.parentNode).find('#api_information_panel').show();
-    };
-
-    OperationView.prototype.mouseExit = function(e) {
-      return $(e.currentTarget.parentNode).find('#api_information_panel').hide();
-    };
-
-    OperationView.prototype.render = function() {
-      var contentTypeModel, isMethodSubmissionSupported, k, o, param, responseContentTypeView, responseSignatureView, signatureModel, statusCode, type, v, _i, _j, _k, _l, _len, _len1, _len2, _len3, _ref5, _ref6, _ref7, _ref8;
-      isMethodSubmissionSupported = true;
-      if (!isMethodSubmissionSupported) {
-        this.model.isReadOnly = true;
-      }
-      this.model.oauth = null;
-      if (this.model.authorizations) {
-        _ref5 = this.model.authorizations;
-        for (k in _ref5) {
-          v = _ref5[k];
-          if (k === "oauth2") {
-            if (this.model.oauth === null) {
-              this.model.oauth = {};
-            }
-            if (this.model.oauth.scopes === void 0) {
-              this.model.oauth.scopes = [];
-            }
-            for (_i = 0, _len = v.length; _i < _len; _i++) {
-              o = v[_i];
-              this.model.oauth.scopes.push(o);
-            }
-          }
-        }
-      }
-      $(this.el).html(Handlebars.templates.operation(this.model));
-      if (this.model.responseClassSignature && this.model.responseClassSignature !== 'string') {
-        signatureModel = {
-          sampleJSON: this.model.responseSampleJSON,
-          isParam: false,
-          signature: this.model.responseClassSignature
-        };
-        responseSignatureView = new SignatureView({
-          model: signatureModel,
-          tagName: 'div'
-        });
-        $('.model-signature', $(this.el)).append(responseSignatureView.render().el);
-      } else {
-        $('.model-signature', $(this.el)).html(this.model.type);
-      }
-      contentTypeModel = {
-        isParam: false
-      };
-      contentTypeModel.consumes = this.model.consumes;
-      contentTypeModel.produces = this.model.produces;
-      _ref6 = this.model.parameters;
-      for (_j = 0, _len1 = _ref6.length; _j < _len1; _j++) {
-        param = _ref6[_j];
-        type = param.type || param.dataType;
-        if (type.toLowerCase() === 'file') {
-          if (!contentTypeModel.consumes) {
-            log("set content type ");
-            contentTypeModel.consumes = 'multipart/form-data';
-          }
-        }
-      }
-      responseContentTypeView = new ResponseContentTypeView({
-        model: contentTypeModel
-      });
-      $('.response-content-type', $(this.el)).append(responseContentTypeView.render().el);
-      _ref7 = this.model.parameters;
-      for (_k = 0, _len2 = _ref7.length; _k < _len2; _k++) {
-        param = _ref7[_k];
-        this.addParameter(param, contentTypeModel.consumes);
-      }
-      _ref8 = this.model.responseMessages;
-      for (_l = 0, _len3 = _ref8.length; _l < _len3; _l++) {
-        statusCode = _ref8[_l];
-        this.addStatusCode(statusCode);
-      }
-      return this;
-    };
-
-    OperationView.prototype.addParameter = function(param, consumes) {
-      var paramView;
-      param.consumes = consumes;
-      paramView = new ParameterView({
-        model: param,
-        tagName: 'tr',
-        readOnly: this.model.isReadOnly
-      });
-      return $('.operation-params', $(this.el)).append(paramView.render().el);
-    };
-
-    OperationView.prototype.addStatusCode = function(statusCode) {
-      var statusCodeView;
-      statusCodeView = new StatusCodeView({
-        model: statusCode,
-        tagName: 'tr'
-      });
-      return $('.operation-status', $(this.el)).append(statusCodeView.render().el);
-    };
-
-    OperationView.prototype.submitOperation = function(e) {
-      var error_free, form, isFileUpload, map, o, opts, val, _i, _j, _k, _len, _len1, _len2, _ref5, _ref6, _ref7;
-      if (e != null) {
-        e.preventDefault();
-      }
-      form = $('.sandbox', $(this.el));
-      error_free = true;
-      form.find("input.required").each(function() {
-        var _this = this;
-        $(this).removeClass("error");
-        if (jQuery.trim($(this).val()) === "") {
-          $(this).addClass("error");
-          $(this).wiggle({
-            callback: function() {
-              return $(_this).focus();
-            }
-          });
-          return error_free = false;
-        }
-      });
-      if (error_free) {
-        map = {};
-        opts = {
-          parent: this
-        };
-        isFileUpload = false;
-        _ref5 = form.find("input");
-        for (_i = 0, _len = _ref5.length; _i < _len; _i++) {
-          o = _ref5[_i];
-          if ((o.value != null) && jQuery.trim(o.value).length > 0) {
-            map[o.name] = o.value;
-          }
-          if (o.type === "file") {
-            isFileUpload = true;
-          }
-        }
-        _ref6 = form.find("textarea");
-        for (_j = 0, _len1 = _ref6.length; _j < _len1; _j++) {
-          o = _ref6[_j];
-          if ((o.value != null) && jQuery.trim(o.value).length > 0) {
-            map["body"] = o.value;
-          }
-        }
-        _ref7 = form.find("select");
-        for (_k = 0, _len2 = _ref7.length; _k < _len2; _k++) {
-          o = _ref7[_k];
-          val = this.getSelectedValue(o);
-          if ((val != null) && jQuery.trim(val).length > 0) {
-            map[o.name] = val;
-          }
-        }
-        opts.responseContentType = $("div select[name=responseContentType]", $(this.el)).val();
-        opts.requestContentType = $("div select[name=parameterContentType]", $(this.el)).val();
-        $(".response_throbber", $(this.el)).show();
-        if (isFileUpload) {
-          return this.handleFileUpload(map, form);
-        } else {
-          return this.model["do"](map, opts, this.showCompleteStatus, this.showErrorStatus, this);
-        }
-      }
-    };
-
-    OperationView.prototype.success = function(response, parent) {
-      return parent.showCompleteStatus(response);
-    };
-
-    OperationView.prototype.handleFileUpload = function(map, form) {
-      var bodyParam, el, headerParams, o, obj, param, params, _i, _j, _k, _l, _len, _len1, _len2, _len3, _ref5, _ref6, _ref7, _ref8,
-        _this = this;
-      _ref5 = form.serializeArray();
-      for (_i = 0, _len = _ref5.length; _i < _len; _i++) {
-        o = _ref5[_i];
-        if ((o.value != null) && jQuery.trim(o.value).length > 0) {
-          map[o.name] = o.value;
-        }
-      }
-      bodyParam = new FormData();
-      params = 0;
-      _ref6 = this.model.parameters;
-      for (_j = 0, _len1 = _ref6.length; _j < _len1; _j++) {
-        param = _ref6[_j];
-        if (param.paramType === 'form') {
-          if (param.type.toLowerCase() !== 'file' && map[param.name] !== void 0) {
-            bodyParam.append(param.name, map[param.name]);
-          }
-        }
-      }
-      headerParams = {};
-      _ref7 = this.model.parameters;
-      for (_k = 0, _len2 = _ref7.length; _k < _len2; _k++) {
-        param = _ref7[_k];
-        if (param.paramType === 'header') {
-          headerParams[param.name] = map[param.name];
-        }
-      }
-      log(headerParams);
-      _ref8 = form.find('input[type~="file"]');
-      for (_l = 0, _len3 = _ref8.length; _l < _len3; _l++) {
-        el = _ref8[_l];
-        if (typeof el.files[0] !== 'undefined') {
-          bodyParam.append($(el).attr('name'), el.files[0]);
-          params += 1;
-        }
-      }
-      this.invocationUrl = this.model.supportHeaderParams() ? (headerParams = this.model.getHeaderParams(map), this.model.urlify(map, false)) : this.model.urlify(map, true);
-      $(".request_url", $(this.el)).html("<pre>" + this.invocationUrl + "</pre>");
-      obj = {
-        type: this.model.method,
-        url: this.invocationUrl,
-        headers: headerParams,
-        data: bodyParam,
-        dataType: 'json',
-        contentType: false,
-        processData: false,
-        error: function(data, textStatus, error) {
-          return _this.showErrorStatus(_this.wrap(data), _this);
-        },
-        success: function(data) {
-          return _this.showResponse(data, _this);
-        },
-        complete: function(data) {
-          return _this.showCompleteStatus(_this.wrap(data), _this);
-        }
-      };
-      if (window.authorizations) {
-        window.authorizations.apply(obj);
-      }
-      if (params === 0) {
-        obj.data.append("fake", "true");
-      }
-      jQuery.ajax(obj);
-      return false;
-    };
-
-    OperationView.prototype.wrap = function(data) {
-      var h, headerArray, headers, i, o, _i, _len;
-      headers = {};
-      headerArray = data.getAllResponseHeaders().split("\r");
-      for (_i = 0, _len = headerArray.length; _i < _len; _i++) {
-        i = headerArray[_i];
-        h = i.split(':');
-        if (h[0] !== void 0 && h[1] !== void 0) {
-          headers[h[0].trim()] = h[1].trim();
-        }
-      }
-      o = {};
-      o.content = {};
-      o.content.data = data.responseText;
-      o.headers = headers;
-      o.request = {};
-      o.request.url = this.invocationUrl;
-      o.status = data.status;
-      return o;
-    };
-
-    OperationView.prototype.getSelectedValue = function(select) {
-      var opt, options, _i, _len, _ref5;
-      if (!select.multiple) {
-        return select.value;
-      } else {
-        options = [];
-        _ref5 = select.options;
-        for (_i = 0, _len = _ref5.length; _i < _len; _i++) {
-          opt = _ref5[_i];
-          if (opt.selected) {
-            options.push(opt.value);
-          }
-        }
-        if (options.length > 0) {
-          return options.join(",");
-        } else {
-          return null;
-        }
-      }
-    };
-
-    OperationView.prototype.hideResponse = function(e) {
-      if (e != null) {
-        e.preventDefault();
-      }
-      $(".response", $(this.el)).slideUp();
-      return $(".response_hider", $(this.el)).fadeOut();
-    };
-
-    OperationView.prototype.showResponse = function(response) {
-      var prettyJson;
-      prettyJson = JSON.stringify(response, null, "\t").replace(/\n/g, "<br>");
-      return $(".response_body", $(this.el)).html(escape(prettyJson));
-    };
-
-    OperationView.prototype.showErrorStatus = function(data, parent) {
-      return parent.showStatus(data);
-    };
-
-    OperationView.prototype.showCompleteStatus = function(data, parent) {
-      return parent.showStatus(data);
-    };
-
-    OperationView.prototype.formatXml = function(xml) {
-      var contexp, formatted, indent, lastType, lines, ln, pad, reg, transitions, wsexp, _fn, _i, _len;
-      reg = /(>)(<)(\/*)/g;
-      wsexp = /[ ]*(.*)[ ]+\n/g;
-      contexp = /(<.+>)(.+\n)/g;
-      xml = xml.replace(reg, '$1\n$2$3').replace(wsexp, '$1\n').replace(contexp, '$1\n$2');
-      pad = 0;
-      formatted = '';
-      lines = xml.split('\n');
-      indent = 0;
-      lastType = 'other';
-      transitions = {
-        'single->single': 0,
-        'single->closing': -1,
-        'single->opening': 0,
-        'single->other': 0,
-        'closing->single': 0,
-        'closing->closing': -1,
-        'closing->opening': 0,
-        'closing->other': 0,
-        'opening->single': 1,
-        'opening->closing': 0,
-        'opening->opening': 1,
-        'opening->other': 1,
-        'other->single': 0,
-        'other->closing': -1,
-        'other->opening': 0,
-        'other->other': 0
-      };
-      _fn = function(ln) {
-        var fromTo, j, key, padding, type, types, value;
-        types = {
-          single: Boolean(ln.match(/<.+\/>/)),
-          closing: Boolean(ln.match(/<\/.+>/)),
-          opening: Boolean(ln.match(/<[^!?].*>/))
-        };
-        type = ((function() {
-          var _results;
-          _results = [];
-          for (key in types) {
-            value = types[key];
-            if (value) {
-              _results.push(key);
-            }
-          }
-          return _results;
-        })())[0];
-        type = type === void 0 ? 'other' : type;
-        fromTo = lastType + '->' + type;
-        lastType = type;
-        padding = '';
-        indent += transitions[fromTo];
-        padding = ((function() {
-          var _j, _ref5, _results;
-          _results = [];
-          for (j = _j = 0, _ref5 = indent; 0 <= _ref5 ? _j < _ref5 : _j > _ref5; j = 0 <= _ref5 ? ++_j : --_j) {
-            _results.push('  ');
-          }
-          return _results;
-        })()).join('');
-        if (fromTo === 'opening->closing') {
-          return formatted = formatted.substr(0, formatted.length - 1) + ln + '\n';
-        } else {
-          return formatted += padding + ln + '\n';
-        }
-      };
-      for (_i = 0, _len = lines.length; _i < _len; _i++) {
-        ln = lines[_i];
-        _fn(ln);
-      }
-      return formatted;
-    };
-
-    OperationView.prototype.showStatus = function(response) {
-      var code, content, contentType, headers, opts, pre, response_body, response_body_el, url;
-      if (response.content === void 0) {
-        content = response.data;
-        url = response.url;
-      } else {
-        content = response.content.data;
-        url = response.request.url;
-      }
-      headers = response.headers;
-      contentType = headers && headers["Content-Type"] ? headers["Content-Type"].split(";")[0].trim() : null;
-      if (!content) {
-        code = $('<code />').text("no content");
-        pre = $('<pre class="json" />').append(code);
-      } else if (contentType === "application/json" || /\+json$/.test(contentType)) {
-        code = $('<code />').text(JSON.stringify(JSON.parse(content), null, "  "));
-        pre = $('<pre class="json" />').append(code);
-      } else if (contentType === "application/xml" || /\+xml$/.test(contentType)) {
-        code = $('<code />').text(this.formatXml(content));
-        pre = $('<pre class="xml" />').append(code);
-      } else if (contentType === "text/html") {
-        code = $('<code />').html(content);
-        pre = $('<pre class="xml" />').append(code);
-      } else if (/^image\//.test(contentType)) {
-        pre = $('<img>').attr('src', url);
-      } else {
-        code = $('<code />').text(content);
-        pre = $('<pre class="json" />').append(code);
-      }
-      response_body = pre;
-      $(".request_url", $(this.el)).html("<pre>" + url + "</pre>");
-      $(".response_code", $(this.el)).html("<pre>" + response.status + "</pre>");
-      $(".response_body", $(this.el)).html(response_body);
-      $(".response_headers", $(this.el)).html("<pre>" + _.escape(JSON.stringify(response.headers, null, "  ")).replace(/\n/g, "<br>") + "</pre>");
-      $(".response", $(this.el)).slideDown();
-      $(".response_hider", $(this.el)).show();
-      $(".response_throbber", $(this.el)).hide();
-      response_body_el = $('.response_body', $(this.el))[0];
-      opts = this.options.swaggerOptions;
-      if (opts.highlightSizeThreshold && response.data.length > opts.highlightSizeThreshold) {
-        return response_body_el;
-      } else {
-        return hljs.highlightBlock(response_body_el);
-      }
-    };
-
-    OperationView.prototype.toggleOperationContent = function() {
-      var elem;
-      elem = $('#' + Docs.escapeResourceName(this.model.parentId) + "_" + this.model.nickname + "_content");
-      if (elem.is(':visible')) {
-        return Docs.collapseOperation(elem);
-      } else {
-        return Docs.expandOperation(elem);
-      }
-    };
-
-    return OperationView;
-
-  })(Backbone.View);
-
-  StatusCodeView = (function(_super) {
-    __extends(StatusCodeView, _super);
-
-    function StatusCodeView() {
-      _ref5 = StatusCodeView.__super__.constructor.apply(this, arguments);
-      return _ref5;
-    }
-
-    StatusCodeView.prototype.initialize = function() {};
-
-    StatusCodeView.prototype.render = function() {
-      var responseModel, responseModelView, template;
-      template = this.template();
-      $(this.el).html(template(this.model));
-      if (swaggerUi.api.models.hasOwnProperty(this.model.responseModel)) {
-        responseModel = {
-          sampleJSON: JSON.stringify(swaggerUi.api.models[this.model.responseModel].createJSONSample(), null, 2),
-          isParam: false,
-          signature: swaggerUi.api.models[this.model.responseModel].getMockSignature()
-        };
-        responseModelView = new SignatureView({
-          model: responseModel,
-          tagName: 'div'
-        });
-        $('.model-signature', this.$el).append(responseModelView.render().el);
-      } else {
-        $('.model-signature', this.$el).html('');
-      }
-      return this;
-    };
-
-    StatusCodeView.prototype.template = function() {
-      return Handlebars.templates.status_code;
-    };
-
-    return StatusCodeView;
-
-  })(Backbone.View);
-
-  ParameterView = (function(_super) {
-    __extends(ParameterView, _super);
-
-    function ParameterView() {
-      _ref6 = ParameterView.__super__.constructor.apply(this, arguments);
-      return _ref6;
-    }
-
-    ParameterView.prototype.initialize = function() {
-      return Handlebars.registerHelper('isArray', function(param, opts) {
-        if (param.type.toLowerCase() === 'array' || param.allowMultiple) {
-          return opts.fn(this);
-        } else {
-          return opts.inverse(this);
-        }
-      });
-    };
-
-    ParameterView.prototype.render = function() {
-      var contentTypeModel, isParam, parameterContentTypeView, responseContentTypeView, signatureModel, signatureView, template, type;
-      type = this.model.type || this.model.dataType;
-      if (this.model.paramType === 'body') {
-        this.model.isBody = true;
-      }
-      if (type.toLowerCase() === 'file') {
-        this.model.isFile = true;
-      }
-      template = this.template();
-      $(this.el).html(template(this.model));
-      signatureModel = {
-        sampleJSON: this.model.sampleJSON,
-        isParam: true,
-        signature: this.model.signature
-      };
-      if (this.model.sampleJSON) {
-        signatureView = new SignatureView({
-          model: signatureModel,
-          tagName: 'div'
-        });
-        $('.model-signature', $(this.el)).append(signatureView.render().el);
-      } else {
-        $('.model-signature', $(this.el)).html(this.model.signature);
-      }
-      isParam = false;
-      if (this.model.isBody) {
-        isParam = true;
-      }
-      contentTypeModel = {
-        isParam: isParam
-      };
-      contentTypeModel.consumes = this.model.consumes;
-      if (isParam) {
-        parameterContentTypeView = new ParameterContentTypeView({
-          model: contentTypeModel
-        });
-        $('.parameter-content-type', $(this.el)).append(parameterContentTypeView.render().el);
-      } else {
-        responseContentTypeView = new ResponseContentTypeView({
-          model: contentTypeModel
-        });
-        $('.response-content-type', $(this.el)).append(responseContentTypeView.render().el);
-      }
-      return this;
-    };
-
-    ParameterView.prototype.template = function() {
-      if (this.model.isList) {
-        return Handlebars.templates.param_list;
-      } else {
-        if (this.options.readOnly) {
-          if (this.model.required) {
-            return Handlebars.templates.param_readonly_required;
-          } else {
-            return Handlebars.templates.param_readonly;
-          }
-        } else {
-          if (this.model.required) {
-            return Handlebars.templates.param_required;
-          } else {
-            return Handlebars.templates.param;
-          }
-        }
-      }
-    };
-
-    return ParameterView;
-
-  })(Backbone.View);
-
-  SignatureView = (function(_super) {
-    __extends(SignatureView, _super);
-
-    function SignatureView() {
-      _ref7 = SignatureView.__super__.constructor.apply(this, arguments);
-      return _ref7;
-    }
-
-    SignatureView.prototype.events = {
-      'click a.description-link': 'switchToDescription',
-      'click a.snippet-link': 'switchToSnippet',
-      'mousedown .snippet': 'snippetToTextArea'
-    };
-
-    SignatureView.prototype.initialize = function() {};
-
-    SignatureView.prototype.render = function() {
-      var template;
-      template = this.template();
-      $(this.el).html(template(this.model));
-      this.switchToSnippet();
-      this.isParam = this.model.isParam;
-      if (this.isParam) {
-        $('.notice', $(this.el)).text('Click to set as parameter value');
-      }
-      return this;
-    };
-
-    SignatureView.prototype.template = function() {
-      return Handlebars.templates.signature;
-    };
-
-    SignatureView.prototype.switchToDescription = function(e) {
-      if (e != null) {
-        e.preventDefault();
-      }
-      $(".snippet", $(this.el)).hide();
-      $(".description", $(this.el)).show();
-      $('.description-link', $(this.el)).addClass('selected');
-      return $('.snippet-link', $(this.el)).removeClass('selected');
-    };
-
-    SignatureView.prototype.switchToSnippet = function(e) {
-      if (e != null) {
-        e.preventDefault();
-      }
-      $(".description", $(this.el)).hide();
-      $(".snippet", $(this.el)).show();
-      $('.snippet-link', $(this.el)).addClass('selected');
-      return $('.description-link', $(this.el)).removeClass('selected');
-    };
-
-    SignatureView.prototype.snippetToTextArea = function(e) {
-      var textArea;
-      if (this.isParam) {
-        if (e != null) {
-          e.preventDefault();
-        }
-        textArea = $('textarea', $(this.el.parentNode.parentNode.parentNode));
-        if ($.trim(textArea.val()) === '') {
-          return textArea.val(this.model.sampleJSON);
-        }
-      }
-    };
-
-    return SignatureView;
-
-  })(Backbone.View);
-
-  ContentTypeView = (function(_super) {
-    __extends(ContentTypeView, _super);
-
-    function ContentTypeView() {
-      _ref8 = ContentTypeView.__super__.constructor.apply(this, arguments);
-      return _ref8;
-    }
-
-    ContentTypeView.prototype.initialize = function() {};
-
-    ContentTypeView.prototype.render = function() {
-      var template;
-      template = this.template();
-      $(this.el).html(template(this.model));
-      $('label[for=contentType]', $(this.el)).text('Response Content Type');
-      return this;
-    };
-
-    ContentTypeView.prototype.template = function() {
-      return Handlebars.templates.content_type;
-    };
-
-    return ContentTypeView;
-
-  })(Backbone.View);
-
-  ResponseContentTypeView = (function(_super) {
-    __extends(ResponseContentTypeView, _super);
-
-    function ResponseContentTypeView() {
-      _ref9 = ResponseContentTypeView.__super__.constructor.apply(this, arguments);
-      return _ref9;
-    }
-
-    ResponseContentTypeView.prototype.initialize = function() {};
-
-    ResponseContentTypeView.prototype.render = function() {
-      var template;
-      template = this.template();
-      $(this.el).html(template(this.model));
-      $('label[for=responseContentType]', $(this.el)).text('Response Content Type');
-      return this;
-    };
-
-    ResponseContentTypeView.prototype.template = function() {
-      return Handlebars.templates.response_content_type;
-    };
-
-    return ResponseContentTypeView;
-
-  })(Backbone.View);
-
-  ParameterContentTypeView = (function(_super) {
-    __extends(ParameterContentTypeView, _super);
-
-    function ParameterContentTypeView() {
-      _ref10 = ParameterContentTypeView.__super__.constructor.apply(this, arguments);
-      return _ref10;
-    }
-
-    ParameterContentTypeView.prototype.initialize = function() {};
-
-    ParameterContentTypeView.prototype.render = function() {
-      var template;
-      template = this.template();
-      $(this.el).html(template(this.model));
-      $('label[for=parameterContentType]', $(this.el)).text('Parameter content type:');
-      return this;
-    };
-
-    ParameterContentTypeView.prototype.template = function() {
-      return Handlebars.templates.parameter_content_type;
-    };
-
-    return ParameterContentTypeView;
-
-  })(Backbone.View);
-
-}).call(this);
-
diff --git a/api/files/swagger.js b/api/files/swagger.js
deleted file mode 100644
index c126d21bea9..00000000000
--- a/api/files/swagger.js
+++ /dev/null
@@ -1,1604 +0,0 @@
-// swagger.js
-// version 2.0.37
-
-var __bind = function(fn, me){
-  return function(){
-    return fn.apply(me, arguments);
-  };
-};
-
-log = function(){
-  log.history = log.history || [];
-  log.history.push(arguments);
-  if(this.console){
-    console.log( Array.prototype.slice.call(arguments)[0] );
-  }
-};
-
-if (!Array.prototype.indexOf) {
-  Array.prototype.indexOf = function(obj, start) {
-    for (var i = (start || 0), j = this.length; i < j; i++) {
-      if (this[i] === obj) { return i; }
-    }
-    return -1;
-  }
-}
-
-if (!('filter' in Array.prototype)) {
-  Array.prototype.filter= function(filter, that /*opt*/) {
-    var other= [], v;
-    for (var i=0, n= this.length; i<n; i++)
-      if (i in this && filter.call(that, v= this[i], i, this))
-        other.push(v);
-    return other;
-  };
-}
-
-if (!('map' in Array.prototype)) {
-  Array.prototype.map= function(mapper, that /*opt*/) {
-    var other= new Array(this.length);
-    for (var i= 0, n= this.length; i<n; i++)
-      if (i in this)
-        other[i]= mapper.call(that, this[i], i, this);
-    return other;
-  };
-}
-
-Object.keys = Object.keys || (function () {
-  var hasOwnProperty = Object.prototype.hasOwnProperty,
-    hasDontEnumBug = !{toString:null}.propertyIsEnumerable("toString"),
-    DontEnums = [
-      'toString',
-      'toLocaleString',
-      'valueOf',
-      'hasOwnProperty',
-      'isPrototypeOf',
-      'propertyIsEnumerable',
-      'constructor'
-    ],
-  DontEnumsLength = DontEnums.length;
-
-  return function (o) {
-    if (typeof o != "object" && typeof o != "function" || o === null)
-      throw new TypeError("Object.keys called on a non-object");
-
-    var result = [];
-    for (var name in o) {
-      if (hasOwnProperty.call(o, name))
-        result.push(name);
-    }
-
-    if (hasDontEnumBug) {
-      for (var i = 0; i < DontEnumsLength; i++) {
-        if (hasOwnProperty.call(o, DontEnums[i]))
-          result.push(DontEnums[i]);
-      }
-    }
-
-    return result;
-  };
-})();
-
-var SwaggerApi = function(url, options) {
-  this.url = null;
-  this.debug = false;
-  this.basePath = null;
-  this.authorizations = null;
-  this.authorizationScheme = null;
-  this.info = null;
-  this.useJQuery = false;
-
-  options = (options||{});
-  if (url)
-    if (url.url)
-      options = url;
-    else
-      this.url = url;
-  else
-    options = url;
-
-  if (options.url != null)
-    this.url = options.url;
-
-  if (options.success != null)
-    this.success = options.success;
-
-  if (typeof options.useJQuery === 'boolean')
-    this.useJQuery = options.useJQuery;
-
-  this.failure = options.failure != null ? options.failure : function() {};
-  this.progress = options.progress != null ? options.progress : function() {};
-  if (options.success != null)
-    this.build();
-}
-
-SwaggerApi.prototype.build = function() {
-  var _this = this;
-  this.progress('fetching resource list: ' + this.url);
-  var obj = {
-    useJQuery: this.useJQuery,
-    url: this.url,
-    method: "get",
-    headers: {
-      accept: "application/json"
-    },
-    on: {
-      error: function(response) {
-        if (_this.url.substring(0, 4) !== 'http') {
-          return _this.fail('Please specify the protocol for ' + _this.url);
-        } else if (response.status === 0) {
-          return _this.fail('Can\'t read from server.  It may not have the appropriate access-control-origin settings.');
-        } else if (response.status === 404) {
-          return _this.fail('Can\'t read swagger JSON from ' + _this.url);
-        } else {
-          return _this.fail(response.status + ' : ' + response.statusText + ' ' + _this.url);
-        }
-      },
-      response: function(resp) {
-        var responseObj = resp.obj || JSON.parse(resp.data);
-        _this.swaggerVersion = responseObj.swaggerVersion;
-        if (_this.swaggerVersion === "1.2") {
-          return _this.buildFromSpec(responseObj);
-        } else {
-          return _this.buildFrom1_1Spec(responseObj);
-        }
-      }
-    }
-  };
-  var e = (typeof window !== 'undefined' ? window : exports);
-  e.authorizations.apply(obj);
-  new SwaggerHttp().execute(obj);
-  return this;
-};
-
-SwaggerApi.prototype.buildFromSpec = function(response) {
-  if (response.apiVersion != null) {
-    this.apiVersion = response.apiVersion;
-  }
-  this.apis = {};
-  this.apisArray = [];
-  this.consumes = response.consumes;
-  this.produces = response.produces;
-  this.authSchemes = response.authorizations;
-  if (response.info != null) {
-    this.info = response.info;
-  }
-  var isApi = false;
-  var i;
-  for (i = 0; i < response.apis.length; i++) {
-    var api = response.apis[i];
-    if (api.operations) {
-      var j;
-      for (j = 0; j < api.operations.length; j++) {
-        operation = api.operations[j];
-        isApi = true;
-      }
-    }
-  }
-  if (response.basePath)
-    this.basePath = response.basePath;
-  else if (this.url.indexOf('?') > 0)
-    this.basePath = this.url.substring(0, this.url.lastIndexOf('?'));
-  else
-    this.basePath = this.url;
-
-  if (isApi) {
-    var newName = response.resourcePath.replace(/\//g, '');
-    this.resourcePath = response.resourcePath;
-    res = new SwaggerResource(response, this);
-    this.apis[newName] = res;
-    this.apisArray.push(res);
-  } else {
-    var k;
-    for (k = 0; k < response.apis.length; k++) {
-      var resource = response.apis[k];
-      res = new SwaggerResource(resource, this);
-      this.apis[res.name] = res;
-      this.apisArray.push(res);
-    }
-  }
-  if (this.success) {
-    this.success();
-  }
-  return this;
-};
-
-SwaggerApi.prototype.buildFrom1_1Spec = function(response) {
-  log("This API is using a deprecated version of Swagger!  Please see http://github.com/wordnik/swagger-core/wiki for more info");
-  if (response.apiVersion != null)
-    this.apiVersion = response.apiVersion;
-  this.apis = {};
-  this.apisArray = [];
-  this.produces = response.produces;
-  if (response.info != null) {
-    this.info = response.info;
-  }
-  var isApi = false;
-  for (var i = 0; i < response.apis.length; i++) {
-    var api = response.apis[i];
-    if (api.operations) {
-      for (var j = 0; j < api.operations.length; j++) {
-        operation = api.operations[j];
-        isApi = true;
-      }
-    }
-  }
-  if (response.basePath) {
-    this.basePath = response.basePath;
-  } else if (this.url.indexOf('?') > 0) {
-    this.basePath = this.url.substring(0, this.url.lastIndexOf('?'));
-  } else {
-    this.basePath = this.url;
-  }
-  if (isApi) {
-    var newName = response.resourcePath.replace(/\//g, '');
-    this.resourcePath = response.resourcePath;
-    var res = new SwaggerResource(response, this);
-    this.apis[newName] = res;
-    this.apisArray.push(res);
-  } else {
-    for (k = 0; k < response.apis.length; k++) {
-      resource = response.apis[k];
-      res = new SwaggerResource(resource, this);
-      this.apis[res.name] = res;
-      this.apisArray.push(res);
-    }
-  }
-  if (this.success) {
-    this.success();
-  }
-  return this;
-};
-
-SwaggerApi.prototype.selfReflect = function() {
-  var resource, resource_name, _ref;
-  if (this.apis == null) {
-    return false;
-  }
-  _ref = this.apis;
-  for (resource_name in _ref) {
-    resource = _ref[resource_name];
-    if (resource.ready == null) {
-      return false;
-    }
-  }
-  this.setConsolidatedModels();
-  this.ready = true;
-  if (this.success != null) {
-    return this.success();
-  }
-};
-
-SwaggerApi.prototype.fail = function(message) {
-  this.failure(message);
-  throw message;
-};
-
-SwaggerApi.prototype.setConsolidatedModels = function() {
-  var model, modelName, resource, resource_name, _i, _len, _ref, _ref1, _results;
-  this.modelsArray = [];
-  this.models = {};
-  _ref = this.apis;
-  for (resource_name in _ref) {
-    resource = _ref[resource_name];
-    for (modelName in resource.models) {
-      if (this.models[modelName] == null) {
-        this.models[modelName] = resource.models[modelName];
-        this.modelsArray.push(resource.models[modelName]);
-      }
-    }
-  }
-  _ref1 = this.modelsArray;
-  _results = [];
-  for (_i = 0, _len = _ref1.length; _i < _len; _i++) {
-    model = _ref1[_i];
-    _results.push(model.setReferencedModels(this.models));
-  }
-  return _results;
-};
-
-SwaggerApi.prototype.help = function() {
-  var operation, operation_name, parameter, resource, resource_name, _i, _len, _ref, _ref1, _ref2;
-  _ref = this.apis;
-  for (resource_name in _ref) {
-    resource = _ref[resource_name];
-    log(resource_name);
-    _ref1 = resource.operations;
-    for (operation_name in _ref1) {
-      operation = _ref1[operation_name];
-      log("  " + operation.nickname);
-      _ref2 = operation.parameters;
-      for (_i = 0, _len = _ref2.length; _i < _len; _i++) {
-        parameter = _ref2[_i];
-        log("    " + parameter.name + (parameter.required ? ' (required)' : '') + " - " + parameter.description);
-      }
-    }
-  }
-  return this;
-};
-
-var SwaggerResource = function(resourceObj, api) {
-  var _this = this;
-  this.api = api;
-  this.api = this.api;
-  consumes = (this.consumes | []);
-  produces = (this.produces | []);
-  this.path = this.api.resourcePath != null ? this.api.resourcePath : resourceObj.path;
-  this.description = resourceObj.description;
-
-  var parts = this.path.split("/");
-  this.name = parts[parts.length - 1].replace('.{format}', '');
-  this.basePath = this.api.basePath;
-  this.operations = {};
-  this.operationsArray = [];
-  this.modelsArray = [];
-  this.models = {};
-  this.rawModels = {};
-  this.useJQuery = (typeof api.useJQuery !== 'undefined' ? api.useJQuery : null);
-
-  if ((resourceObj.apis != null) && (this.api.resourcePath != null)) {
-    this.addApiDeclaration(resourceObj);
-  } else {
-    if (this.path == null) {
-      this.api.fail("SwaggerResources must have a path.");
-    }
-    if (this.path.substring(0, 4) === 'http') {
-      this.url = this.path.replace('{format}', 'json');
-    } else {
-      this.url = this.api.basePath + this.path.replace('{format}', 'json');
-    }
-    this.api.progress('fetching resource ' + this.name + ': ' + this.url);
-    obj = {
-      url: this.url,
-      method: "get",
-      useJQuery: this.useJQuery,
-      headers: {
-        accept: "application/json"
-      },
-      on: {
-        response: function(resp) {
-          var responseObj = resp.obj || JSON.parse(resp.data);
-          return _this.addApiDeclaration(responseObj);
-        },
-        error: function(response) {
-          return _this.api.fail("Unable to read api '" +
-            _this.name + "' from path " + _this.url + " (server returned " + response.statusText + ")");
-        }
-      }
-    };
-    var e = typeof window !== 'undefined' ? window : exports;
-    e.authorizations.apply(obj);
-    new SwaggerHttp().execute(obj);
-  }
-}
-
-SwaggerResource.prototype.getAbsoluteBasePath = function (relativeBasePath) {
-  var pos, url;
-  url = this.api.basePath;
-  pos = url.lastIndexOf(relativeBasePath);
-  var parts = url.split("/");
-  var rootUrl = parts[0] + "//" + parts[2];
-
-  if(relativeBasePath.indexOf("http") === 0)
-    return relativeBasePath;
-  if(relativeBasePath === "/")
-    return rootUrl;
-  if(relativeBasePath.substring(0, 1) == "/") {
-    // use root + relative
-    return rootUrl + relativeBasePath;
-  }
-  else {
-    var pos = this.basePath.lastIndexOf("/");
-    var base = this.basePath.substring(0, pos);
-    if(base.substring(base.length - 1) == "/")
-      return base + relativeBasePath;
-    else
-      return base + "/" + relativeBasePath;
-  }
-};
-
-SwaggerResource.prototype.addApiDeclaration = function(response) {
-  if (response.produces != null)
-    this.produces = response.produces;
-  if (response.consumes != null)
-    this.consumes = response.consumes;
-  if ((response.basePath != null) && response.basePath.replace(/\s/g, '').length > 0)
-    this.basePath = response.basePath.indexOf("http") === -1 ? this.getAbsoluteBasePath(response.basePath) : response.basePath;
-
-  this.addModels(response.models);
-  if (response.apis) {
-    for (var i = 0 ; i < response.apis.length; i++) {
-      var endpoint = response.apis[i];
-      this.addOperations(endpoint.path, endpoint.operations, response.consumes, response.produces);
-    }
-  }
-  this.api[this.name] = this;
-  this.ready = true;
-  return this.api.selfReflect();
-};
-
-SwaggerResource.prototype.addModels = function(models) {
-  if (models != null) {
-    var modelName;
-    for (modelName in models) {
-      if (this.models[modelName] == null) {
-        var swaggerModel = new SwaggerModel(modelName, models[modelName]);
-        this.modelsArray.push(swaggerModel);
-        this.models[modelName] = swaggerModel;
-        this.rawModels[modelName] = models[modelName];
-      }
-    }
-    var output = [];
-    for (var i = 0; i < this.modelsArray.length; i++) {
-      model = this.modelsArray[i];
-      output.push(model.setReferencedModels(this.models));
-    }
-    return output;
-  }
-};
-
-SwaggerResource.prototype.addOperations = function(resource_path, ops, consumes, produces) {
-  if (ops) {
-    output = [];
-    for (var i = 0; i < ops.length; i++) {
-      o = ops[i];
-      consumes = this.consumes;
-      produces = this.produces;
-      if (o.consumes != null)
-        consumes = o.consumes;
-      else
-        consumes = this.consumes;
-
-      if (o.produces != null)
-        produces = o.produces;
-      else
-        produces = this.produces;
-      type = (o.type||o.responseClass);
-
-      if (type === "array") {
-        ref = null;
-        if (o.items)
-          ref = o.items["type"] || o.items["$ref"];
-        type = "array[" + ref + "]";
-      }
-      responseMessages = o.responseMessages;
-      method = o.method;
-      if (o.httpMethod) {
-        method = o.httpMethod;
-      }
-      if (o.supportedContentTypes) {
-        consumes = o.supportedContentTypes;
-      }
-      if (o.errorResponses) {
-        responseMessages = o.errorResponses;
-        for (var j = 0; j < responseMessages.length; j++) {
-          r = responseMessages[j];
-          r.message = r.reason;
-          r.reason = null;
-        }
-      }
-      o.nickname = this.sanitize(o.nickname);
-      op = new SwaggerOperation(o.nickname, resource_path, method, o.parameters, o.summary, o.notes, type, responseMessages, this, consumes, produces, o.authorizations);
-      this.operations[op.nickname] = op;
-      output.push(this.operationsArray.push(op));
-    }
-    return output;
-  }
-};
-
-SwaggerResource.prototype.sanitize = function(nickname) {
-  var op;
-  op = nickname.replace(/[\s!@#$%^&*()_+=\[{\]};:<>|.\/?,\\'""-]/g, '_');
-  op = op.replace(/((_){2,})/g, '_');
-  op = op.replace(/^(_)*/g, '');
-  op = op.replace(/([_])*$/g, '');
-  return op;
-};
-
-SwaggerResource.prototype.help = function() {
-  var op = this.operations;
-  var output = [];
-  var operation_name;
-  for (operation_name in op) {
-    operation = op[operation_name];
-    var msg = "  " + operation.nickname;
-    for (var i = 0; i < operation.parameters; i++) {
-      parameter = operation.parameters[i];
-      msg.concat("    " + parameter.name + (parameter.required ? ' (required)' : '') + " - " + parameter.description);
-    }
-    output.push(msg);
-  }
-  return output;
-};
-
-var SwaggerModel = function(modelName, obj) {
-  this.name = obj.id != null ? obj.id : modelName;
-  this.properties = [];
-  var propertyName;
-  for (propertyName in obj.properties) {
-    if (obj.required != null) {
-      var value;
-      for (value in obj.required) {
-        if (propertyName === obj.required[value]) {
-          obj.properties[propertyName].required = true;
-        }
-      }
-    }
-    prop = new SwaggerModelProperty(propertyName, obj.properties[propertyName]);
-    this.properties.push(prop);
-  }
-}
-
-SwaggerModel.prototype.setReferencedModels = function(allModels) {
-  var results = [];
-  for (var i = 0; i < this.properties.length; i++) {
-    var property = this.properties[i];
-    var type = property.type || property.dataType;
-    if (allModels[type] != null)
-      results.push(property.refModel = allModels[type]);
-    else if ((property.refDataType != null) && (allModels[property.refDataType] != null))
-      results.push(property.refModel = allModels[property.refDataType]);
-    else
-      results.push(void 0);
-  }
-  return results;
-};
-
-SwaggerModel.prototype.getMockSignature = function(modelsToIgnore) {
-  var propertiesStr = [];
-  for (var i = 0; i < this.properties.length; i++) {
-    prop = this.properties[i];
-    propertiesStr.push(prop.toString());
-  }
-
-  var strong = '<span class="strong">';
-  var stronger = '<span class="stronger">';
-  var strongClose = '</span>';
-  var classOpen = strong + this.name + ' {' + strongClose;
-  var classClose = strong + '}' + strongClose;
-  var returnVal = classOpen + '<div>' + propertiesStr.join(',</div><div>') + '</div>' + classClose;
-  if (!modelsToIgnore)
-    modelsToIgnore = [];
-  modelsToIgnore.push(this.name);
-
-  for (var i = 0; i < this.properties.length; i++) {
-    prop = this.properties[i];
-    if ((prop.refModel != null) && modelsToIgnore.indexOf(prop.refModel.name) === -1) {
-      returnVal = returnVal + ('<br>' + prop.refModel.getMockSignature(modelsToIgnore));
-    }
-  }
-  return returnVal;
-};
-
-SwaggerModel.prototype.createJSONSample = function(modelsToIgnore) {
-  if(sampleModels[this.name]) {
-    return sampleModels[this.name];
-  }
-  else {
-    var result = {};
-    var modelsToIgnore = (modelsToIgnore||[])
-    modelsToIgnore.push(this.name);
-    for (var i = 0; i < this.properties.length; i++) {
-      prop = this.properties[i];
-      result[prop.name] = prop.getSampleValue(modelsToIgnore);
-    }
-    modelsToIgnore.pop(this.name);
-    return result;
-  }
-};
-
-var SwaggerModelProperty = function(name, obj) {
-  this.name = name;
-  this.dataType = obj.type || obj.dataType || obj["$ref"];
-  this.isCollection = this.dataType && (this.dataType.toLowerCase() === 'array' || this.dataType.toLowerCase() === 'list' || this.dataType.toLowerCase() === 'set');
-  this.descr = obj.description;
-  this.required = obj.required;
-  if (obj.items != null) {
-    if (obj.items.type != null) {
-      this.refDataType = obj.items.type;
-    }
-    if (obj.items.$ref != null) {
-      this.refDataType = obj.items.$ref;
-    }
-  }
-  this.dataTypeWithRef = this.refDataType != null ? (this.dataType + '[' + this.refDataType + ']') : this.dataType;
-  if (obj.allowableValues != null) {
-    this.valueType = obj.allowableValues.valueType;
-    this.values = obj.allowableValues.values;
-    if (this.values != null) {
-      this.valuesString = "'" + this.values.join("' or '") + "'";
-    }
-  }
-  if (obj["enum"] != null) {
-    this.valueType = "string";
-    this.values = obj["enum"];
-    if (this.values != null) {
-      this.valueString = "'" + this.values.join("' or '") + "'";
-    }
-  }
-}
-
-SwaggerModelProperty.prototype.getSampleValue = function(modelsToIgnore) {
-  var result;
-  if ((this.refModel != null) && (modelsToIgnore.indexOf(prop.refModel.name) === -1)) {
-    result = this.refModel.createJSONSample(modelsToIgnore);
-  } else {
-    if (this.isCollection) {
-      result = this.toSampleValue(this.refDataType);
-    } else {
-      result = this.toSampleValue(this.dataType);
-    }
-  }
-  if (this.isCollection) {
-    return [result];
-  } else {
-    return result;
-  }
-};
-
-SwaggerModelProperty.prototype.toSampleValue = function(value) {
-  var result;
-  if (value === "integer") {
-    result = 0;
-  } else if (value === "boolean") {
-    result = false;
-  } else if (value === "double" || value === "number") {
-    result = 0.0;
-  } else if (value === "string") {
-    result = "";
-  } else {
-    result = value;
-  }
-  return result;
-};
-
-SwaggerModelProperty.prototype.toString = function() {
-  var req = this.required ? 'propReq' : 'propOpt';
-  var str = '<span class="propName ' + req + '">' + this.name + '</span> (<span class="propType">' + this.dataTypeWithRef + '</span>';
-  if (!this.required) {
-    str += ', <span class="propOptKey">optional</span>';
-  }
-  str += ')';
-  if (this.values != null) {
-    str += " = <span class='propVals'>['" + this.values.join("' or '") + "']</span>";
-  }
-  if (this.descr != null) {
-    str += ': <span class="propDesc">' + this.descr + '</span>';
-  }
-  return str;
-};
-
-var SwaggerOperation = function(nickname, path, method, parameters, summary, notes, type, responseMessages, resource, consumes, produces, authorizations) {
-  var _this = this;
-
-  var errors = [];
-  this.nickname = (nickname||errors.push("SwaggerOperations must have a nickname."));
-  this.path = (path||errors.push("SwaggerOperation " + nickname + " is missing path."));
-  this.method = (method||errors.push("SwaggerOperation " + nickname + " is missing method."));
-  this.parameters = parameters != null ? parameters : [];
-  this.summary = summary;
-  this.notes = notes;
-  this.type = type;
-  this.responseMessages = (responseMessages||[]);
-  this.resource = (resource||errors.push("Resource is required"));
-  this.consumes = consumes;
-  this.produces = produces;
-  this.authorizations = authorizations;
-  this["do"] = __bind(this["do"], this);
-
-  if (errors.length > 0)
-    this.resource.api.fail(errors);
-
-  this.path = this.path.replace('{format}', 'json');
-  this.method = this.method.toLowerCase();
-  this.isGetMethod = this.method === "get";
-
-  this.resourceName = this.resource.name;
-  if(typeof this.type !== 'undefined' && this.type === 'void')
-    this.type = null;
-  else {
-    this.responseClassSignature = this.getSignature(this.type, this.resource.models);
-    this.responseSampleJSON = this.getSampleJSON(this.type, this.resource.models);
-  }
-
-  for(var i = 0; i < this.parameters.length; i ++) {
-    var param = this.parameters[i];
-    // might take this away
-    param.name = param.name || param.type || param.dataType;
-
-    // for 1.1 compatibility
-    var type = param.type || param.dataType;
-    if(type === 'array') {
-      type = 'array[' + (param.items.$ref ? param.items.$ref : param.items.type) + ']';
-    }
-    param.type = type;
-
-    if(type.toLowerCase() === 'boolean') {
-      param.allowableValues = {};
-      param.allowableValues.values = ["true", "false"];
-    }
-    param.signature = this.getSignature(type, this.resource.models);
-    param.sampleJSON = this.getSampleJSON(type, this.resource.models);
-
-    var enumValue = param["enum"];
-    if(enumValue != null) {
-      param.isList = true;
-      param.allowableValues = {};
-      param.allowableValues.descriptiveValues = [];
-
-      for(var j = 0; j < enumValue.length; j++) {
-        var v = enumValue[j];
-        if(param.defaultValue != null) {
-          param.allowableValues.descriptiveValues.push ({
-            value: String(v),
-            isDefault: (v === param.defaultValue)
-          });
-        }
-        else {
-          param.allowableValues.descriptiveValues.push ({
-            value: String(v),
-            isDefault: false
-          });
-        }
-      }
-    }
-    else if(param.allowableValues != null) {
-      if(param.allowableValues.valueType === "RANGE")
-        param.isRange = true;
-      else
-        param.isList = true;
-      if(param.allowableValues != null) {
-        param.allowableValues.descriptiveValues = [];
-        if(param.allowableValues.values) {
-          for(var j = 0; j < param.allowableValues.values.length; j++){
-            var v = param.allowableValues.values[j];
-            if(param.defaultValue != null) {
-              param.allowableValues.descriptiveValues.push ({
-                value: String(v),
-                isDefault: (v === param.defaultValue)
-              });
-            }
-            else {
-              param.allowableValues.descriptiveValues.push ({
-                value: String(v),
-                isDefault: false
-              });
-            }
-          }
-        }
-      }
-    }
-  }
-  this.resource[this.nickname] = function(args, callback, error) {
-    return _this["do"](args, callback, error);
-  };
-  this.resource[this.nickname].help = function() {
-    return _this.help();
-  };
-}
-
-SwaggerOperation.prototype.isListType = function(type) {
-  if (type && type.indexOf('[') >= 0) {
-    return type.substring(type.indexOf('[') + 1, type.indexOf(']'));
-  } else {
-    return void 0;
-  }
-};
-
-SwaggerOperation.prototype.getSignature = function(type, models) {
-  var isPrimitive, listType;
-  listType = this.isListType(type);
-  isPrimitive = ((listType != null) && models[listType]) || (models[type] != null) ? false : true;
-  if (isPrimitive) {
-    return type;
-  } else {
-    if (listType != null) {
-      return models[listType].getMockSignature();
-    } else {
-      return models[type].getMockSignature();
-    }
-  }
-};
-
-SwaggerOperation.prototype.getSampleJSON = function(type, models) {
-  var isPrimitive, listType, val;
-  listType = this.isListType(type);
-  isPrimitive = ((listType != null) && models[listType]) || (models[type] != null) ? false : true;
-  val = isPrimitive ? void 0 : (listType != null ? models[listType].createJSONSample() : models[type].createJSONSample());
-  if (val) {
-    val = listType ? [val] : val;
-    if(typeof val == "string")
-      return val;
-    else if(typeof val === "object") {
-      var t = val;
-      if(val instanceof Array && val.length > 0) {
-        t = val[0];
-      }
-      if(t.nodeName) {
-        var xmlString = new XMLSerializer().serializeToString(t);
-        return this.formatXml(xmlString);
-      }
-      else
-        return JSON.stringify(val, null, 2);
-    }
-    else
-      return val;
-  }
-};
-
-SwaggerOperation.prototype["do"] = function(args, opts, callback, error) {
-  var key, param, params, possibleParams, req, requestContentType, responseContentType, value, _i, _len, _ref;
-  if (args == null) {
-    args = {};
-  }
-  if (opts == null) {
-    opts = {};
-  }
-  requestContentType = null;
-  responseContentType = null;
-  if ((typeof args) === "function") {
-    error = opts;
-    callback = args;
-    args = {};
-  }
-  if ((typeof opts) === "function") {
-    error = callback;
-    callback = opts;
-  }
-  if (error == null) {
-    error = function(xhr, textStatus, error) {
-      return log(xhr, textStatus, error);
-    };
-  }
-  if (callback == null) {
-    callback = function(response) {
-      var content;
-      content = null;
-      if (response != null) {
-        content = response.data;
-      } else {
-        content = "no data";
-      }
-      return log("default callback: " + content);
-    };
-  }
-  params = {};
-  params.headers = [];
-  if (args.headers != null) {
-    params.headers = args.headers;
-    delete args.headers;
-  }
-
-  var possibleParams = [];
-  for(var i = 0; i < this.parameters.length; i++) {
-    var param = this.parameters[i];
-    if(param.paramType === 'header') {
-      if(args[param.name])
-        params.headers[param.name] = args[param.name];
-    }
-    else if(param.paramType === 'form' || param.paramType.toLowerCase() === 'file')
-      possibleParams.push(param);
-  }
-
-  if (args.body != null) {
-    params.body = args.body;
-    delete args.body;
-  }
-
-  if (possibleParams) {
-    var key;
-    for (key in possibleParams) {
-      value = possibleParams[key];
-      if (args[value.name]) {
-        params[value.name] = args[value.name];
-      }
-    }
-  }
-
-  req = new SwaggerRequest(this.method, this.urlify(args), params, opts, callback, error, this);
-  if (opts.mock != null) {
-    return req;
-  } else {
-    return true;
-  }
-};
-
-SwaggerOperation.prototype.pathJson = function() {
-  return this.path.replace("{format}", "json");
-};
-
-SwaggerOperation.prototype.pathXml = function() {
-  return this.path.replace("{format}", "xml");
-};
-
-SwaggerOperation.prototype.encodePathParam = function(pathParam) {
-  var encParts, part, parts, _i, _len;
-  pathParam = pathParam.toString();
-  if (pathParam.indexOf("/") === -1) {
-    return encodeURIComponent(pathParam);
-  } else {
-    parts = pathParam.split("/");
-    encParts = [];
-    for (_i = 0, _len = parts.length; _i < _len; _i++) {
-      part = parts[_i];
-      encParts.push(encodeURIComponent(part));
-    }
-    return encParts.join("/");
-  }
-};
-
-SwaggerOperation.prototype.urlify = function(args) {
-  var url = this.resource.basePath + this.pathJson();
-  var params = this.parameters;
-  for(var i = 0; i < params.length; i ++){
-    var param = params[i];
-    if (param.paramType === 'path') {
-      if(args[param.name]) {
-        // apply path params and remove from args
-        var reg = new RegExp('\{' + param.name + '[^\}]*\}', 'gi');
-        url = url.replace(reg, this.encodePathParam(args[param.name]));
-        delete args[param.name];
-      }
-      else
-        throw "" + param.name + " is a required path param.";
-    }
-  }
-
-  var queryParams = "";
-  for(var i = 0; i < params.length; i ++){
-    var param = params[i];
-    if(param.paramType === 'query') {
-      if (args[param.name] !== undefined) {
-        if (queryParams !== '')
-          queryParams += "&";
-        queryParams += encodeURIComponent(param.name) + '=' + encodeURIComponent(args[param.name]);
-      }
-    }
-  }
-  if ((queryParams != null) && queryParams.length > 0)
-    url += '?' + queryParams;
-  return url;
-};
-
-SwaggerOperation.prototype.supportHeaderParams = function() {
-  return this.resource.api.supportHeaderParams;
-};
-
-SwaggerOperation.prototype.supportedSubmitMethods = function() {
-  return this.resource.api.supportedSubmitMethods;
-};
-
-SwaggerOperation.prototype.getQueryParams = function(args) {
-  return this.getMatchingParams(['query'], args);
-};
-
-SwaggerOperation.prototype.getHeaderParams = function(args) {
-  return this.getMatchingParams(['header'], args);
-};
-
-SwaggerOperation.prototype.getMatchingParams = function(paramTypes, args) {
-  var matchingParams = {};
-  var params = this.parameters;
-  for (var i = 0; i < params.length; i++) {
-    param = params[i];
-    if (args && args[param.name])
-      matchingParams[param.name] = args[param.name];
-  }
-  var headers = this.resource.api.headers;
-  var name;
-  for (name in headers) {
-    var value = headers[name];
-    matchingParams[name] = value;
-  }
-  return matchingParams;
-};
-
-SwaggerOperation.prototype.help = function() {
-  var msg = "";
-  var params = this.parameters;
-  for (var i = 0; i < params.length; i++) {
-    var param = params[i];
-    if (msg !== "")
-      msg += "\n";
-    msg += "* " + param.name + (param.required ? ' (required)' : '') + " - " + param.description;
-  }
-  return msg;
-};
-
-
-SwaggerOperation.prototype.formatXml = function(xml) {
-  var contexp, formatted, indent, lastType, lines, ln, pad, reg, transitions, wsexp, _fn, _i, _len;
-  reg = /(>)(<)(\/*)/g;
-  wsexp = /[ ]*(.*)[ ]+\n/g;
-  contexp = /(<.+>)(.+\n)/g;
-  xml = xml.replace(reg, '$1\n$2$3').replace(wsexp, '$1\n').replace(contexp, '$1\n$2');
-  pad = 0;
-  formatted = '';
-  lines = xml.split('\n');
-  indent = 0;
-  lastType = 'other';
-  transitions = {
-    'single->single': 0,
-    'single->closing': -1,
-    'single->opening': 0,
-    'single->other': 0,
-    'closing->single': 0,
-    'closing->closing': -1,
-    'closing->opening': 0,
-    'closing->other': 0,
-    'opening->single': 1,
-    'opening->closing': 0,
-    'opening->opening': 1,
-    'opening->other': 1,
-    'other->single': 0,
-    'other->closing': -1,
-    'other->opening': 0,
-    'other->other': 0
-  };
-  _fn = function(ln) {
-    var fromTo, j, key, padding, type, types, value;
-    types = {
-      single: Boolean(ln.match(/<.+\/>/)),
-      closing: Boolean(ln.match(/<\/.+>/)),
-      opening: Boolean(ln.match(/<[^!?].*>/))
-    };
-    type = ((function() {
-      var _results;
-      _results = [];
-      for (key in types) {
-        value = types[key];
-        if (value) {
-          _results.push(key);
-        }
-      }
-      return _results;
-    })())[0];
-    type = type === void 0 ? 'other' : type;
-    fromTo = lastType + '->' + type;
-    lastType = type;
-    padding = '';
-    indent += transitions[fromTo];
-    padding = ((function() {
-      var _j, _ref5, _results;
-      _results = [];
-      for (j = _j = 0, _ref5 = indent; 0 <= _ref5 ? _j < _ref5 : _j > _ref5; j = 0 <= _ref5 ? ++_j : --_j) {
-        _results.push('  ');
-      }
-      return _results;
-    })()).join('');
-    if (fromTo === 'opening->closing') {
-      return formatted = formatted.substr(0, formatted.length - 1) + ln + '\n';
-    } else {
-      return formatted += padding + ln + '\n';
-    }
-  };
-  for (_i = 0, _len = lines.length; _i < _len; _i++) {
-    ln = lines[_i];
-    _fn(ln);
-  }
-  return formatted;
-};
-
-var SwaggerRequest = function(type, url, params, opts, successCallback, errorCallback, operation, execution) {
-  var _this = this;
-  var errors = [];
-  this.useJQuery = (typeof operation.resource.useJQuery !== 'undefined' ? operation.resource.useJQuery : null);
-  this.type = (type||errors.push("SwaggerRequest type is required (get/post/put/delete/patch/options)."));
-  this.url = (url||errors.push("SwaggerRequest url is required."));
-  this.params = params;
-  this.opts = opts;
-  this.successCallback = (successCallback||errors.push("SwaggerRequest successCallback is required."));
-  this.errorCallback = (errorCallback||errors.push("SwaggerRequest error callback is required."));
-  this.operation = (operation||errors.push("SwaggerRequest operation is required."));
-  this.execution = execution;
-  this.headers = (params.headers||{});
-
-  if(errors.length > 0) {
-    throw errors;
-  }
-
-  this.type = this.type.toUpperCase();
-
-  // set request, response content type headers
-  var headers = this.setHeaders(params, this.operation);
-  var body = params.body;
-
-  // encode the body for form submits
-  if (headers["Content-Type"]) {
-    var values = {};
-    var i;
-    var operationParams = this.operation.parameters;
-    for(i = 0; i < operationParams.length; i++) {
-      var param = operationParams[i];
-      if(param.paramType === "form")
-        values[param.name] = param;
-    }
-
-    if(headers["Content-Type"].indexOf("application/x-www-form-urlencoded") === 0) {
-      var encoded = "";
-      var key;
-      for(key in values) {
-        value = this.params[key];
-        if(typeof value !== 'undefined'){
-          if(encoded !== "")
-            encoded += "&";
-          encoded += encodeURIComponent(key) + '=' + encodeURIComponent(value);
-        }
-      }
-      body = encoded;
-    }
-    else if (headers["Content-Type"].indexOf("multipart/form-data") === 0) {
-      // encode the body for form submits
-      var data = "";
-      var boundary = "----SwaggerFormBoundary" + Date.now();
-      var key;
-      for(key in values) {
-        value = this.params[key];
-        if(typeof value !== 'undefined') {
-          data += '--' + boundary + '\n';
-          data += 'Content-Disposition: form-data; name="' + key + '"';
-          data += '\n\n';
-          data += value + "\n";
-        }
-      }
-      data += "--" + boundary + "--\n";
-      headers["Content-Type"] = "multipart/form-data; boundary=" + boundary;
-      body = data;
-    }
-  }
-
-  if (!((this.headers != null) && (this.headers.mock != null))) {
-    obj = {
-      url: this.url,
-      method: this.type,
-      headers: headers,
-      body: body,
-      useJQuery: this.useJQuery,
-      on: {
-        error: function(response) {
-          return _this.errorCallback(response, _this.opts.parent);
-        },
-        redirect: function(response) {
-          return _this.successCallback(response, _this.opts.parent);
-        },
-        307: function(response) {
-          return _this.successCallback(response, _this.opts.parent);
-        },
-        response: function(response) {
-          return _this.successCallback(response, _this.opts.parent);
-        }
-      }
-    };
-    var e;
-    if (typeof window !== 'undefined') {
-      e = window;
-    } else {
-      e = exports;
-    }
-    status = e.authorizations.apply(obj, this.operation.authorizations);
-    if (opts.mock == null) {
-      if (status !== false) {
-        new SwaggerHttp().execute(obj);
-      } else {
-        obj.canceled = true;
-      }
-    } else {
-      return obj;
-    }
-  }
-};
-
-SwaggerRequest.prototype.setHeaders = function(params, operation) {
-  // default type
-  var accepts = "application/json";
-  var consumes = "application/json";
-
-  var allDefinedParams = this.operation.parameters;
-  var definedFormParams = [];
-  var definedFileParams = [];
-  var body = params.body;
-  var headers = {};
-
-  // get params from the operation and set them in definedFileParams, definedFormParams, headers
-  var i;
-  for(i = 0; i < allDefinedParams.length; i++) {
-    var param = allDefinedParams[i];
-    if(param.paramType === "form")
-      definedFormParams.push(param);
-    else if(param.paramType === "file")
-      definedFileParams.push(param);
-    else if(param.paramType === "header" && this.params.headers) {
-      var key = param.name;
-      var headerValue = this.params.headers[param.name];
-      if(typeof this.params.headers[param.name] !== 'undefined')
-        headers[key] = headerValue;
-    }
-  }
-
-  // if there's a body, need to set the accepts header via requestContentType
-  if (body && (this.type === "POST" || this.type === "PUT" || this.type === "PATCH" || this.type === "DELETE")) {
-    if (this.opts.requestContentType)
-      accepts = this.opts.requestContentType;
-  } else {
-    // if any form params, content type must be set
-    if(definedFormParams.length > 0) {
-      if(definedFileParams.length > 0)
-        consumes = "multipart/form-data";
-      else
-        consumes = "application/x-www-form-urlencoded";
-    }
-    else if (this.type == "DELETE")
-      body = "{}";
-    else if (this.type != "DELETE")
-      accepts = null;
-  }
-
-  if (consumes && this.operation.consumes) {
-    if (this.operation.consumes.indexOf(consumes) === -1) {
-      log("server doesn't consume " + consumes + ", try " + JSON.stringify(this.operation.consumes));
-      consumes = this.operation.consumes[0];
-    }
-  }
-
-  if (this.opts.responseContentType) {
-    accepts = this.opts.responseContentType;
-  } else {
-    accepts = "application/json";
-  }
-  if (accepts && this.operation.produces) {
-    if (this.operation.produces.indexOf(accepts) === -1) {
-      log("server can't produce " + accepts);
-      accepts = this.operation.produces[0];
-    }
-  }
-
-  if ((consumes && body !== "") || (consumes === "application/x-www-form-urlencoded"))
-    headers["Content-Type"] = consumes;
-  if (accepts)
-    headers["Accept"] = accepts;
-  return headers;
-}
-
-SwaggerRequest.prototype.asCurl = function() {
-  var results = [];
-  if(this.headers) {
-    var key;
-    for(key in this.headers) {
-      results.push("--header \"" + key + ": " + this.headers[v] + "\"");
-    }
-  }
-  return "curl " + (results.join(" ")) + " " + this.url;
-};
-
-/**
- * SwaggerHttp is a wrapper for executing requests
- */
-var SwaggerHttp = function() {};
-
-SwaggerHttp.prototype.execute = function(obj) {
-  if(obj && (typeof obj.useJQuery === 'boolean'))
-    this.useJQuery = obj.useJQuery;
-  else
-    this.useJQuery = this.isIE8();
-
-  if(this.useJQuery)
-    return new JQueryHttpClient().execute(obj);
-  else
-    return new ShredHttpClient().execute(obj);
-}
-
-SwaggerHttp.prototype.isIE8 = function() {
-  var detectedIE = false;
-  if (typeof navigator !== 'undefined' && navigator.userAgent) {
-    nav = navigator.userAgent.toLowerCase();
-    if (nav.indexOf('msie') !== -1) {
-      var version = parseInt(nav.split('msie')[1]);
-      if (version <= 8) {
-        detectedIE = true;
-      }
-    }
-  }
-  return detectedIE;
-};
-
-/*
- * JQueryHttpClient lets a browser take advantage of JQuery's cross-browser magic.
- * NOTE: when jQuery is available it will export both '$' and 'jQuery' to the global space.
- *       Since we are using closures here we need to alias it for internal use.
- */
-var JQueryHttpClient = function(options) {
-  "use strict";
-  if(!jQuery){
-    var jQuery = window.jQuery;
-  }
-}
-
-JQueryHttpClient.prototype.execute = function(obj) {
-  var cb = obj.on;
-  var request = obj;
-
-  obj.type = obj.method;
-  obj.cache = false;
-
-  obj.beforeSend = function(xhr) {
-    var key, results;
-    if (obj.headers) {
-      results = [];
-      var key;
-      for (key in obj.headers) {
-        if (key.toLowerCase() === "content-type") {
-          results.push(obj.contentType = obj.headers[key]);
-        } else if (key.toLowerCase() === "accept") {
-          results.push(obj.accepts = obj.headers[key]);
-        } else {
-          results.push(xhr.setRequestHeader(key, obj.headers[key]));
-        }
-      }
-      return results;
-    }
-  };
-
-  obj.data = obj.body;
-  obj.complete = function(response, textStatus, opts) {
-    var headers = {},
-        headerArray = response.getAllResponseHeaders().split("\n");
-
-    for(var i = 0; i < headerArray.length; i++) {
-      var toSplit = headerArray[i].trim();
-      if(toSplit.length === 0)
-        continue;
-      var separator = toSplit.indexOf(":");
-      if(separator === -1) {
-        // Name but no value in the header
-        headers[toSplit] = null;
-        continue;
-      }
-      var name = toSplit.substring(0, separator).trim(),
-          value = toSplit.substring(separator + 1).trim();
-      headers[name] = value;
-    }
-
-    var out = {
-      url: request.url,
-      method: request.method,
-      status: response.status,
-      data: response.responseText,
-      headers: headers
-    };
-
-    var contentType = (headers["content-type"]||headers["Content-Type"]||null)
-
-    if(contentType != null) {
-      if(contentType.indexOf("application/json") == 0 || contentType.indexOf("+json") > 0) {
-        if(response.responseText && response.responseText !== "")
-          out.obj = JSON.parse(response.responseText);
-        else
-          out.obj = {}
-      }
-    }
-
-    if(response.status >= 200 && response.status < 300)
-      cb.response(out);
-    else if(response.status === 0 || (response.status >= 400 && response.status < 599))
-      cb.error(out);
-    else
-      return cb.response(out);
-  };
-
-  jQuery.support.cors = true;
-  return jQuery.ajax(obj);
-}
-
-/*
- * ShredHttpClient is a light-weight, node or browser HTTP client
- */
-var ShredHttpClient = function(options) {
-  this.options = (options||{});
-  this.isInitialized = false;
-
-  var identity, toString;
-
-  if (typeof window !== 'undefined') {
-    this.Shred = require("./shred");
-    this.content = require("./shred/content");
-  }
-  else
-    this.Shred = require("shred");
-  this.shred = new this.Shred();
-}
-
-ShredHttpClient.prototype.initShred = function () {
-  this.isInitialized = true;
-  this.registerProcessors(this.shred);
-}
-
-ShredHttpClient.prototype.registerProcessors = function(shred) {
-  var identity = function(x) {
-    return x;
-  };
-  var toString = function(x) {
-    return x.toString();
-  };
-
-  if (typeof window !== 'undefined') {
-    this.content.registerProcessor(["application/json; charset=utf-8", "application/json", "json"], {
-      parser: identity,
-      stringify: toString
-    });
-  } else {
-    this.Shred.registerProcessor(["application/json; charset=utf-8", "application/json", "json"], {
-      parser: identity,
-      stringify: toString
-    });
-  }
-}
-
-ShredHttpClient.prototype.execute = function(obj) {
-  if(!this.isInitialized)
-    this.initShred();
-
-  var cb = obj.on, res;
-
-  var transform = function(response) {
-    var out = {
-      headers: response._headers,
-      url: response.request.url,
-      method: response.request.method,
-      status: response.status,
-      data: response.content.data
-    };
-
-    var contentType = (response._headers["content-type"]||response._headers["Content-Type"]||null)
-
-    if(contentType != null) {
-      if(contentType.indexOf("application/json") == 0 || contentType.indexOf("+json") > 0) {
-        if(response.content.data && response.content.data !== "")
-          out.obj = JSON.parse(response.content.data);
-        else
-          out.obj = {}
-      }
-    }
-    return out;
-  };
-
-  res = {
-    error: function(response) {
-      if (obj)
-        return cb.error(transform(response));
-    },
-    redirect: function(response) {
-      if (obj)
-        return cb.redirect(transform(response));
-    },
-    307: function(response) {
-      if (obj)
-        return cb.redirect(transform(response));
-    },
-    response: function(response) {
-      if (obj)
-        return cb.response(transform(response));
-    }
-  };
-  if (obj) {
-    obj.on = res;
-  }
-  return this.shred.request(obj);
-};
-
-/**
- * SwaggerAuthorizations applys the correct authorization to an operation being executed
- */
-var SwaggerAuthorizations = function() {
-  this.authz = {};
-};
-
-SwaggerAuthorizations.prototype.add = function(name, auth) {
-  this.authz[name] = auth;
-  return auth;
-};
-
-SwaggerAuthorizations.prototype.remove = function(name) {
-  return delete this.authz[name];
-};
-
-SwaggerAuthorizations.prototype.apply = function(obj, authorizations) {
-  var status = null;
-  var key;
-
-  // if the "authorizations" key is undefined, or has an empty array, add all keys
-  if(typeof authorizations === 'undefined' || Object.keys(authorizations).length == 0) {
-    for (key in this.authz) {
-      value = this.authz[key];
-      result = value.apply(obj, authorizations);
-      if (result === true)
-        status = true;
-    }
-  }
-  else {
-    for(name in authorizations) {
-      for (key in this.authz) {
-        if(key == name) {
-          value = this.authz[key];
-          result = value.apply(obj, authorizations);
-          if (result === true)
-            status = true;
-        }
-      }      
-    }
-  }
-
-  return status;
-};
-
-/**
- * ApiKeyAuthorization allows a query param or header to be injected
- */
-var ApiKeyAuthorization = function(name, value, type) {
-  this.name = name;
-  this.value = value;
-  this.type = type;
-};
-
-ApiKeyAuthorization.prototype.apply = function(obj, authorizations) {
-  if (this.type === "query") {
-    if (obj.url.indexOf('?') > 0)
-      obj.url = obj.url + "&" + this.name + "=" + this.value;
-    else
-      obj.url = obj.url + "?" + this.name + "=" + this.value;
-    return true;
-  } else if (this.type === "header") {
-    obj.headers[this.name] = this.value;
-    return true;
-  }
-};
-
-var CookieAuthorization = function(cookie) {
-  this.cookie = cookie;
-}
-
-CookieAuthorization.prototype.apply = function(obj, authorizations) {
-  obj.cookieJar = obj.cookieJar || CookieJar();
-  obj.cookieJar.setCookie(this.cookie);
-  return true;
-}
-
-/**
- * Password Authorization is a basic auth implementation
- */
-var PasswordAuthorization = function(name, username, password) {
-  this.name = name;
-  this.username = username;
-  this.password = password;
-  this._btoa = null;
-  if (typeof window !== 'undefined')
-    this._btoa = btoa;
-  else
-    this._btoa = require("btoa");
-};
-
-PasswordAuthorization.prototype.apply = function(obj, authorizations) {
-  var base64encoder = this._btoa;
-  obj.headers["Authorization"] = "Basic " + base64encoder(this.username + ":" + this.password);
-  return true;
-};
-
-var e = (typeof window !== 'undefined' ? window : exports);
-
-var sampleModels = {};
-var cookies = {};
-
-e.SampleModels = sampleModels;
-e.SwaggerHttp = SwaggerHttp;
-e.SwaggerRequest = SwaggerRequest;
-e.authorizations = new SwaggerAuthorizations();
-e.ApiKeyAuthorization = ApiKeyAuthorization;
-e.PasswordAuthorization = PasswordAuthorization;
-e.CookieAuthorization = CookieAuthorization;
-e.JQueryHttpClient = JQueryHttpClient;
-e.ShredHttpClient = ShredHttpClient;
-e.SwaggerOperation = SwaggerOperation;
-e.SwaggerModel = SwaggerModel;
-e.SwaggerModelProperty = SwaggerModelProperty;
-e.SwaggerResource = SwaggerResource;
-e.SwaggerApi = SwaggerApi;
-
diff --git a/api/files/underscore-min.js b/api/files/underscore-min.js
deleted file mode 100644
index 5a0cb3b008d..00000000000
--- a/api/files/underscore-min.js
+++ /dev/null
@@ -1,32 +0,0 @@
-// Underscore.js 1.3.3
-// (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
-// Underscore is freely distributable under the MIT license.
-// Portions of Underscore are inspired or borrowed from Prototype,
-// Oliver Steele's Functional, and John Resig's Micro-Templating.
-// For all details and documentation:
-// http://documentcloud.github.com/underscore
-(function(){function r(a,c,d){if(a===c)return 0!==a||1/a==1/c;if(null==a||null==c)return a===c;a._chain&&(a=a._wrapped);c._chain&&(c=c._wrapped);if(a.isEqual&&b.isFunction(a.isEqual))return a.isEqual(c);if(c.isEqual&&b.isFunction(c.isEqual))return c.isEqual(a);var e=l.call(a);if(e!=l.call(c))return!1;switch(e){case "[object String]":return a==""+c;case "[object Number]":return a!=+a?c!=+c:0==a?1/a==1/c:a==+c;case "[object Date]":case "[object Boolean]":return+a==+c;case "[object RegExp]":return a.source==
-c.source&&a.global==c.global&&a.multiline==c.multiline&&a.ignoreCase==c.ignoreCase}if("object"!=typeof a||"object"!=typeof c)return!1;for(var f=d.length;f--;)if(d[f]==a)return!0;d.push(a);var f=0,g=!0;if("[object Array]"==e){if(f=a.length,g=f==c.length)for(;f--&&(g=f in a==f in c&&r(a[f],c[f],d)););}else{if("constructor"in a!="constructor"in c||a.constructor!=c.constructor)return!1;for(var h in a)if(b.has(a,h)&&(f++,!(g=b.has(c,h)&&r(a[h],c[h],d))))break;if(g){for(h in c)if(b.has(c,h)&&!f--)break;
-g=!f}}d.pop();return g}var s=this,I=s._,o={},k=Array.prototype,p=Object.prototype,i=k.slice,J=k.unshift,l=p.toString,K=p.hasOwnProperty,y=k.forEach,z=k.map,A=k.reduce,B=k.reduceRight,C=k.filter,D=k.every,E=k.some,q=k.indexOf,F=k.lastIndexOf,p=Array.isArray,L=Object.keys,t=Function.prototype.bind,b=function(a){return new m(a)};"undefined"!==typeof exports?("undefined"!==typeof module&&module.exports&&(exports=module.exports=b),exports._=b):s._=b;b.VERSION="1.3.3";var j=b.each=b.forEach=function(a,
-c,d){if(a!=null)if(y&&a.forEach===y)a.forEach(c,d);else if(a.length===+a.length)for(var e=0,f=a.length;e<f;e++){if(e in a&&c.call(d,a[e],e,a)===o)break}else for(e in a)if(b.has(a,e)&&c.call(d,a[e],e,a)===o)break};b.map=b.collect=function(a,c,b){var e=[];if(a==null)return e;if(z&&a.map===z)return a.map(c,b);j(a,function(a,g,h){e[e.length]=c.call(b,a,g,h)});if(a.length===+a.length)e.length=a.length;return e};b.reduce=b.foldl=b.inject=function(a,c,d,e){var f=arguments.length>2;a==null&&(a=[]);if(A&&
-a.reduce===A){e&&(c=b.bind(c,e));return f?a.reduce(c,d):a.reduce(c)}j(a,function(a,b,i){if(f)d=c.call(e,d,a,b,i);else{d=a;f=true}});if(!f)throw new TypeError("Reduce of empty array with no initial value");return d};b.reduceRight=b.foldr=function(a,c,d,e){var f=arguments.length>2;a==null&&(a=[]);if(B&&a.reduceRight===B){e&&(c=b.bind(c,e));return f?a.reduceRight(c,d):a.reduceRight(c)}var g=b.toArray(a).reverse();e&&!f&&(c=b.bind(c,e));return f?b.reduce(g,c,d,e):b.reduce(g,c)};b.find=b.detect=function(a,
-c,b){var e;G(a,function(a,g,h){if(c.call(b,a,g,h)){e=a;return true}});return e};b.filter=b.select=function(a,c,b){var e=[];if(a==null)return e;if(C&&a.filter===C)return a.filter(c,b);j(a,function(a,g,h){c.call(b,a,g,h)&&(e[e.length]=a)});return e};b.reject=function(a,c,b){var e=[];if(a==null)return e;j(a,function(a,g,h){c.call(b,a,g,h)||(e[e.length]=a)});return e};b.every=b.all=function(a,c,b){var e=true;if(a==null)return e;if(D&&a.every===D)return a.every(c,b);j(a,function(a,g,h){if(!(e=e&&c.call(b,
-a,g,h)))return o});return!!e};var G=b.some=b.any=function(a,c,d){c||(c=b.identity);var e=false;if(a==null)return e;if(E&&a.some===E)return a.some(c,d);j(a,function(a,b,h){if(e||(e=c.call(d,a,b,h)))return o});return!!e};b.include=b.contains=function(a,c){var b=false;if(a==null)return b;if(q&&a.indexOf===q)return a.indexOf(c)!=-1;return b=G(a,function(a){return a===c})};b.invoke=function(a,c){var d=i.call(arguments,2);return b.map(a,function(a){return(b.isFunction(c)?c||a:a[c]).apply(a,d)})};b.pluck=
-function(a,c){return b.map(a,function(a){return a[c]})};b.max=function(a,c,d){if(!c&&b.isArray(a)&&a[0]===+a[0])return Math.max.apply(Math,a);if(!c&&b.isEmpty(a))return-Infinity;var e={computed:-Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b>=e.computed&&(e={value:a,computed:b})});return e.value};b.min=function(a,c,d){if(!c&&b.isArray(a)&&a[0]===+a[0])return Math.min.apply(Math,a);if(!c&&b.isEmpty(a))return Infinity;var e={computed:Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b<e.computed&&
-(e={value:a,computed:b})});return e.value};b.shuffle=function(a){var b=[],d;j(a,function(a,f){d=Math.floor(Math.random()*(f+1));b[f]=b[d];b[d]=a});return b};b.sortBy=function(a,c,d){var e=b.isFunction(c)?c:function(a){return a[c]};return b.pluck(b.map(a,function(a,b,c){return{value:a,criteria:e.call(d,a,b,c)}}).sort(function(a,b){var c=a.criteria,d=b.criteria;return c===void 0?1:d===void 0?-1:c<d?-1:c>d?1:0}),"value")};b.groupBy=function(a,c){var d={},e=b.isFunction(c)?c:function(a){return a[c]};
-j(a,function(a,b){var c=e(a,b);(d[c]||(d[c]=[])).push(a)});return d};b.sortedIndex=function(a,c,d){d||(d=b.identity);for(var e=0,f=a.length;e<f;){var g=e+f>>1;d(a[g])<d(c)?e=g+1:f=g}return e};b.toArray=function(a){return!a?[]:b.isArray(a)||b.isArguments(a)?i.call(a):a.toArray&&b.isFunction(a.toArray)?a.toArray():b.values(a)};b.size=function(a){return b.isArray(a)?a.length:b.keys(a).length};b.first=b.head=b.take=function(a,b,d){return b!=null&&!d?i.call(a,0,b):a[0]};b.initial=function(a,b,d){return i.call(a,
-0,a.length-(b==null||d?1:b))};b.last=function(a,b,d){return b!=null&&!d?i.call(a,Math.max(a.length-b,0)):a[a.length-1]};b.rest=b.tail=function(a,b,d){return i.call(a,b==null||d?1:b)};b.compact=function(a){return b.filter(a,function(a){return!!a})};b.flatten=function(a,c){return b.reduce(a,function(a,e){if(b.isArray(e))return a.concat(c?e:b.flatten(e));a[a.length]=e;return a},[])};b.without=function(a){return b.difference(a,i.call(arguments,1))};b.uniq=b.unique=function(a,c,d){var d=d?b.map(a,d):a,
-e=[];a.length<3&&(c=true);b.reduce(d,function(d,g,h){if(c?b.last(d)!==g||!d.length:!b.include(d,g)){d.push(g);e.push(a[h])}return d},[]);return e};b.union=function(){return b.uniq(b.flatten(arguments,true))};b.intersection=b.intersect=function(a){var c=i.call(arguments,1);return b.filter(b.uniq(a),function(a){return b.every(c,function(c){return b.indexOf(c,a)>=0})})};b.difference=function(a){var c=b.flatten(i.call(arguments,1),true);return b.filter(a,function(a){return!b.include(c,a)})};b.zip=function(){for(var a=
-i.call(arguments),c=b.max(b.pluck(a,"length")),d=Array(c),e=0;e<c;e++)d[e]=b.pluck(a,""+e);return d};b.indexOf=function(a,c,d){if(a==null)return-1;var e;if(d){d=b.sortedIndex(a,c);return a[d]===c?d:-1}if(q&&a.indexOf===q)return a.indexOf(c);d=0;for(e=a.length;d<e;d++)if(d in a&&a[d]===c)return d;return-1};b.lastIndexOf=function(a,b){if(a==null)return-1;if(F&&a.lastIndexOf===F)return a.lastIndexOf(b);for(var d=a.length;d--;)if(d in a&&a[d]===b)return d;return-1};b.range=function(a,b,d){if(arguments.length<=
-1){b=a||0;a=0}for(var d=arguments[2]||1,e=Math.max(Math.ceil((b-a)/d),0),f=0,g=Array(e);f<e;){g[f++]=a;a=a+d}return g};var H=function(){};b.bind=function(a,c){var d,e;if(a.bind===t&&t)return t.apply(a,i.call(arguments,1));if(!b.isFunction(a))throw new TypeError;e=i.call(arguments,2);return d=function(){if(!(this instanceof d))return a.apply(c,e.concat(i.call(arguments)));H.prototype=a.prototype;var b=new H,g=a.apply(b,e.concat(i.call(arguments)));return Object(g)===g?g:b}};b.bindAll=function(a){var c=
-i.call(arguments,1);c.length==0&&(c=b.functions(a));j(c,function(c){a[c]=b.bind(a[c],a)});return a};b.memoize=function(a,c){var d={};c||(c=b.identity);return function(){var e=c.apply(this,arguments);return b.has(d,e)?d[e]:d[e]=a.apply(this,arguments)}};b.delay=function(a,b){var d=i.call(arguments,2);return setTimeout(function(){return a.apply(null,d)},b)};b.defer=function(a){return b.delay.apply(b,[a,1].concat(i.call(arguments,1)))};b.throttle=function(a,c){var d,e,f,g,h,i,j=b.debounce(function(){h=
-g=false},c);return function(){d=this;e=arguments;f||(f=setTimeout(function(){f=null;h&&a.apply(d,e);j()},c));g?h=true:i=a.apply(d,e);j();g=true;return i}};b.debounce=function(a,b,d){var e;return function(){var f=this,g=arguments;d&&!e&&a.apply(f,g);clearTimeout(e);e=setTimeout(function(){e=null;d||a.apply(f,g)},b)}};b.once=function(a){var b=false,d;return function(){if(b)return d;b=true;return d=a.apply(this,arguments)}};b.wrap=function(a,b){return function(){var d=[a].concat(i.call(arguments,0));
-return b.apply(this,d)}};b.compose=function(){var a=arguments;return function(){for(var b=arguments,d=a.length-1;d>=0;d--)b=[a[d].apply(this,b)];return b[0]}};b.after=function(a,b){return a<=0?b():function(){if(--a<1)return b.apply(this,arguments)}};b.keys=L||function(a){if(a!==Object(a))throw new TypeError("Invalid object");var c=[],d;for(d in a)b.has(a,d)&&(c[c.length]=d);return c};b.values=function(a){return b.map(a,b.identity)};b.functions=b.methods=function(a){var c=[],d;for(d in a)b.isFunction(a[d])&&
-c.push(d);return c.sort()};b.extend=function(a){j(i.call(arguments,1),function(b){for(var d in b)a[d]=b[d]});return a};b.pick=function(a){var c={};j(b.flatten(i.call(arguments,1)),function(b){b in a&&(c[b]=a[b])});return c};b.defaults=function(a){j(i.call(arguments,1),function(b){for(var d in b)a[d]==null&&(a[d]=b[d])});return a};b.clone=function(a){return!b.isObject(a)?a:b.isArray(a)?a.slice():b.extend({},a)};b.tap=function(a,b){b(a);return a};b.isEqual=function(a,b){return r(a,b,[])};b.isEmpty=
-function(a){if(a==null)return true;if(b.isArray(a)||b.isString(a))return a.length===0;for(var c in a)if(b.has(a,c))return false;return true};b.isElement=function(a){return!!(a&&a.nodeType==1)};b.isArray=p||function(a){return l.call(a)=="[object Array]"};b.isObject=function(a){return a===Object(a)};b.isArguments=function(a){return l.call(a)=="[object Arguments]"};b.isArguments(arguments)||(b.isArguments=function(a){return!(!a||!b.has(a,"callee"))});b.isFunction=function(a){return l.call(a)=="[object Function]"};
-b.isString=function(a){return l.call(a)=="[object String]"};b.isNumber=function(a){return l.call(a)=="[object Number]"};b.isFinite=function(a){return b.isNumber(a)&&isFinite(a)};b.isNaN=function(a){return a!==a};b.isBoolean=function(a){return a===true||a===false||l.call(a)=="[object Boolean]"};b.isDate=function(a){return l.call(a)=="[object Date]"};b.isRegExp=function(a){return l.call(a)=="[object RegExp]"};b.isNull=function(a){return a===null};b.isUndefined=function(a){return a===void 0};b.has=function(a,
-b){return K.call(a,b)};b.noConflict=function(){s._=I;return this};b.identity=function(a){return a};b.times=function(a,b,d){for(var e=0;e<a;e++)b.call(d,e)};b.escape=function(a){return(""+a).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#x27;").replace(/\//g,"&#x2F;")};b.result=function(a,c){if(a==null)return null;var d=a[c];return b.isFunction(d)?d.call(a):d};b.mixin=function(a){j(b.functions(a),function(c){M(c,b[c]=a[c])})};var N=0;b.uniqueId=
-function(a){var b=N++;return a?a+b:b};b.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g,escape:/<%-([\s\S]+?)%>/g};var u=/.^/,n={"\\":"\\","'":"'",r:"\r",n:"\n",t:"\t",u2028:"\u2028",u2029:"\u2029"},v;for(v in n)n[n[v]]=v;var O=/\\|'|\r|\n|\t|\u2028|\u2029/g,P=/\\(\\|'|r|n|t|u2028|u2029)/g,w=function(a){return a.replace(P,function(a,b){return n[b]})};b.template=function(a,c,d){d=b.defaults(d||{},b.templateSettings);a="__p+='"+a.replace(O,function(a){return"\\"+n[a]}).replace(d.escape||
-u,function(a,b){return"'+\n_.escape("+w(b)+")+\n'"}).replace(d.interpolate||u,function(a,b){return"'+\n("+w(b)+")+\n'"}).replace(d.evaluate||u,function(a,b){return"';\n"+w(b)+"\n;__p+='"})+"';\n";d.variable||(a="with(obj||{}){\n"+a+"}\n");var a="var __p='';var print=function(){__p+=Array.prototype.join.call(arguments, '')};\n"+a+"return __p;\n",e=new Function(d.variable||"obj","_",a);if(c)return e(c,b);c=function(a){return e.call(this,a,b)};c.source="function("+(d.variable||"obj")+"){\n"+a+"}";return c};
-b.chain=function(a){return b(a).chain()};var m=function(a){this._wrapped=a};b.prototype=m.prototype;var x=function(a,c){return c?b(a).chain():a},M=function(a,c){m.prototype[a]=function(){var a=i.call(arguments);J.call(a,this._wrapped);return x(c.apply(b,a),this._chain)}};b.mixin(b);j("pop,push,reverse,shift,sort,splice,unshift".split(","),function(a){var b=k[a];m.prototype[a]=function(){var d=this._wrapped;b.apply(d,arguments);var e=d.length;(a=="shift"||a=="splice")&&e===0&&delete d[0];return x(d,
-this._chain)}});j(["concat","join","slice"],function(a){var b=k[a];m.prototype[a]=function(){return x(b.apply(this._wrapped,arguments),this._chain)}});m.prototype.chain=function(){this._chain=true;return this};m.prototype.value=function(){return this._wrapped}}).call(this);
diff --git a/api/identity/associations.yaml b/api/identity/associations.yaml
deleted file mode 100644
index 82c70fb8216..00000000000
--- a/api/identity/associations.yaml
+++ /dev/null
@@ -1,302 +0,0 @@
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Establishing Associations API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/3pid/getValidated3pid":
-    get:
-      summary: Check whether ownership of a 3pid was validated.
-      description: |-
-        Determines if a given 3pid has been validated by a user.
-      operationId: getValidated3pid
-      deprecated: true
-      parameters:
-        - in: query
-          type: string
-          name: sid
-          description: The Session ID generated by the ``requestToken`` call.
-          required: true
-          x-example: 1234
-        - in: query
-          type: string
-          name: client_secret
-          description: The client secret passed to the ``requestToken`` call.
-          required: true
-          x-example: monkeys_are_GREAT
-      responses:
-        200:
-          description: Validation information for the session.
-          examples:
-            application/json: {
-              "medium": "email",
-              "validated_at": 1457622739026,
-              "address": "louise@bobs.burgers"
-            }
-          schema:
-            type: object
-            properties:
-              medium:
-                type: string
-                description: The medium type of the 3pid.
-              address:
-                type: string
-                description: The address of the 3pid being looked up.
-              validated_at:
-                type: integer
-                description: |-
-                  Timestamp, in milliseconds, indicating the time that the 3pid
-                  was validated.
-            required: ['medium', 'address', 'validated_at']
-        400:
-          description: |-
-            The session has not been validated.
-
-            If the session has not been validated, then ``errcode`` will be
-            ``M_SESSION_NOT_VALIDATED``.  If the session has timed out, then
-            ``errcode`` will be ``M_SESSION_EXPIRED``.
-          examples:
-            application/json: {
-              "errcode": "M_SESSION_NOT_VALIDATED",
-              "error": "This validation session has not yet been completed"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-        404:
-          description: The Session ID or client secret were not found.
-          examples:
-            application/json: {
-              "errcode": "M_NO_VALID_SESSION",
-              "error": "No valid session was found matching that sid and client secret"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-  "/3pid/bind":
-    post:
-      summary: Publish an association between a session and a Matrix user ID.
-      description: |-
-        Publish an association between a session and a Matrix user ID.
-
-        Future calls to ``/lookup`` for any of the session\'s 3pids will return
-        this association.
-
-        Note: for backwards compatibility with previous drafts of this
-        specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data.  However, this usage is
-        deprecated.
-      operationId: bind
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            example: {
-              "sid": "1234",
-              "client_secret": "monkeys_are_GREAT",
-              "mxid": "@ears:matrix.org"
-            }
-            properties:
-              sid:
-                type: string
-                description: The Session ID generated by the ``requestToken`` call.
-              client_secret:
-                type: string
-                description: The client secret passed to the ``requestToken`` call.
-              mxid:
-                type: string
-                description: The Matrix user ID to associate with the 3pids.
-            required: ["sid", "client_secret", "mxid"]
-      responses:
-        200:
-          description: The association was published.
-          examples:
-            application/json: {
-              "address": "louise@bobs.burgers",
-              "medium": "email",
-              "mxid": "@ears:matrix.org",
-              "not_before": 1428825849161,
-              "not_after": 4582425849161,
-              "ts": 1428825849161,
-              "signatures": {
-                "matrix.org": {
-                  "ed25519:0": "ENiU2YORYUJgE6WBMitU0mppbQjidDLanAusj8XS2nVRHPu+0t42OKA/r6zV6i2MzUbNQ3c3MiLScJuSsOiVDQ"
-                }
-              }
-            }
-          schema:
-            type: object
-            properties:
-              address:
-                type: string
-                description: The 3pid address of the user being looked up.
-              medium:
-                type: string
-                description: The medium type of the 3pid.
-              mxid:
-                type: string
-                description: The Matrix user ID associated with the 3pid.
-              not_before:
-                type: integer
-                description: A unix timestamp before which the association is not known to be valid.
-              not_after:
-                type: integer
-                description: A unix timestamp after which the association is not known to be valid.
-              ts:
-                type: integer
-                description: The unix timestamp at which the association was verified.
-              signatures:
-                type: object
-                description: |-
-                  The signatures of the verifying identity servers which show that the
-                  association should be trusted, if you trust the verifying identity
-                  services.
-                $ref: "../../schemas/server-signatures.yaml"
-            required:
-              - address
-              - medium
-              - mxid
-              - not_before
-              - not_after
-              - ts
-              - signatures
-        400:
-          description: |-
-            The association was not published.
-
-            If the session has not been validated, then ``errcode`` will be
-            ``M_SESSION_NOT_VALIDATED``.  If the session has timed out, then
-            ``errcode`` will be ``M_SESSION_EXPIRED``.
-          examples:
-            application/json: {
-              "errcode": "M_SESSION_NOT_VALIDATED",
-              "error": "This validation session has not yet been completed"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-        404:
-          description: The Session ID or client secret were not found
-          examples:
-            application/json: {
-              "errcode": "M_NO_VALID_SESSION",
-              "error": "No valid session was found matching that sid and client secret"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-  "/3pid/unbind":
-    post:
-      summary: Remove an association between a session and a Matrix user ID.
-      description: |-
-        Remove an association between a session and a Matrix user ID.
-
-        Future calls to ``/lookup`` for any of the session's 3pids will not
-        return the removed association.
-
-        The identity server should authenticate the request in one of two
-        ways:
-
-        1. The request is signed by the homeserver which controls the ``user_id``.
-        2. The request includes the ``sid`` and ``client_secret`` parameters,
-           as per ``/3pid/bind``, which proves ownership of the 3PID.
-
-        If this endpoint returns a JSON Matrix error, that error should be passed
-        through to the client requesting an unbind through a homeserver, if the
-        homeserver is acting on behalf of a client.
-      operationId: unbind
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            example: {
-              "sid": "1234",
-              "client_secret": "monkeys_are_GREAT",
-              "mxid": "@ears:example.org",
-              "threepid": {
-                "medium": "email",
-                "address": "monkeys_have_ears@example.org"
-              }
-            }
-            properties:
-              sid:
-                type: string
-                description: The Session ID generated by the ``requestToken`` call.
-              client_secret:
-                type: string
-                description: The client secret passed to the ``requestToken`` call.
-              mxid:
-                type: string
-                description: The Matrix user ID to remove from the 3pids.
-              threepid:
-                type: object
-                title: 3PID
-                description: |-
-                  The 3PID to remove. Must match the 3PID used to generate the session
-                  if using ``sid`` and ``client_secret`` to authenticate this request.
-                properties:
-                  medium:
-                    type: string
-                    description: |-
-                      A medium from the `3PID Types`_ Appendix, matching the medium
-                      of the identifier to unbind.
-                  address:
-                    type: string
-                    description: The 3PID address to remove.
-                required: ['medium', 'address']
-            required: ["threepid", "mxid"]
-      responses:
-        200:
-          description: The association was successfully removed.
-          examples:
-            application/json: {}
-          schema:
-            type: object
-        400:
-          description: |-
-            If the response body is not a JSON Matrix error, the identity server
-            does not support unbinds. If a JSON Matrix error is in the response
-            body, the requesting party should respect the error.
-        404:
-          description: |-
-            If the response body is not a JSON Matrix error, the identity server
-            does not support unbinds. If a JSON Matrix error is in the response
-            body, the requesting party should respect the error.
-        403:
-          description: |-
-            The credentials supplied to authenticate the request were invalid.
-            This may also be returned if the identity server does not support
-            the chosen authentication method (such as blocking homeservers from
-            unbinding identifiers).
-          examples:
-            application/json: {
-              "errcode": "M_FORBIDDEN",
-              "error": "Invalid homeserver signature"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-        501:
-          description: |-
-            If the response body is not a JSON Matrix error, the identity server
-            does not support unbinds. If a JSON Matrix error is in the response
-            body, the requesting party should respect the error.
diff --git a/api/identity/email_associations.yaml b/api/identity/email_associations.yaml
deleted file mode 100644
index 69ec7c58fbf..00000000000
--- a/api/identity/email_associations.yaml
+++ /dev/null
@@ -1,177 +0,0 @@
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Email Associations API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/validate/email/requestToken":
-    post:
-      summary: Request a token for validating an email address.
-      description: |-
-        Create a session for validating an email address.
-
-        The identity server will send an email containing a token. If that
-        token is presented to the identity server in the future, it indicates
-        that that user was able to read the email for that email address, and
-        so we validate ownership of the email address.
-
-        Note that homeservers offer APIs that proxy this API, adding
-        additional behaviour on top, for example,
-        ``/register/email/requestToken`` is designed specifically for use when
-        registering an account and therefore will inform the user if the email
-        address given is already registered on the server.
-
-        Note: for backwards compatibility with previous drafts of this
-        specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data.  However, this usage is
-        deprecated.
-      operationId: emailRequestToken
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            $ref: "definitions/request_email_validation.yaml"
-      responses:
-        200:
-          description: Session created.
-          schema:
-            $ref: "definitions/sid.yaml"
-        400:
-          description: |
-            An error ocurred.  Some possible errors are:
-
-            - ``M_INVALID_EMAIL``: The email address provided was invalid.
-            - ``M_EMAIL_SEND_ERROR``: The validation email could not be sent.
-          examples:
-            application/json: {
-              "errcode": "M_INVALID_EMAIL",
-              "error": "The email address is not valid"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-  "/validate/email/submitToken":
-    post:
-      summary: Validate ownership of an email address.
-      description: |-
-        Validate ownership of an email address.
-
-        If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the email address is considered to
-        have been validated. This does not publish any information publicly, or
-        associate the email address with any Matrix user ID. Specifically,
-        calls to ``/lookup`` will not show a binding.
-
-        The identity server is free to match the token case-insensitively, or
-        carry out other mapping operations such as unicode
-        normalisation. Whether to do so is an implementation detail for the
-        identity server. Clients must always pass on the token without
-        modification.
-
-        Note: for backwards compatibility with previous drafts of this
-        specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data.  However, this usage is
-        deprecated.
-      operationId: emailSubmitTokenPost
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            example: {
-              "sid": "1234",
-              "client_secret": "monkeys_are_GREAT",
-              "token": "atoken"
-            }
-            properties:
-              sid:
-                type: string
-                description: The session ID, generated by the ``requestToken`` call.
-              client_secret:
-                type: string
-                description: The client secret that was supplied to the ``requestToken`` call.
-              token:
-                type: string
-                description: The token generated by the ``requestToken`` call and emailed to the user.
-            required: ["sid", "client_secret", "token"]
-      responses:
-        200:
-          description:
-            The success of the validation.
-          examples:
-            application/json: {
-              "success": true
-            }
-          schema:
-            type: object
-            properties:
-              success:
-                type: boolean
-                description: Whether the validation was successful or not.
-            required: ['success']
-    get:
-      summary: Validate ownership of an email address.
-      description: |-
-        Validate ownership of an email address.
-
-        If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the email address is considered to
-        have been validated. This does not publish any information publicly, or
-        associate the email address with any Matrix user ID. Specifically,
-        calls to ``/lookup`` will not show a binding.
-
-        Note that, in contrast with the POST version, this endpoint will be
-        used by end-users, and so the response should be human-readable.
-      operationId: emailSubmitTokenGet
-      deprecated: true
-      parameters:
-        - in: query
-          type: string
-          name: sid
-          required: true
-          description: The session ID, generated by the ``requestToken`` call.
-          x-example: 1234
-        - in: query
-          type: string
-          name: client_secret
-          required: true
-          description: The client secret that was supplied to the ``requestToken`` call.
-          x-example: monkeys_are_GREAT
-        - in: query
-          type: string
-          name: token
-          required: true
-          description: The token generated by the ``requestToken`` call and emailed to the user.
-          x-example: atoken
-      responses:
-        200:
-          description: Email address is validated.
-        "3xx":
-          description: |-
-            Email address is validated, and the ``next_link`` parameter was
-            provided to the ``requestToken`` call.  The user must be redirected
-            to the URL provided by the ``next_link`` parameter.
-        "4xx":
-          description:
-            Validation failed.
diff --git a/api/identity/invitation_signing.yaml b/api/identity/invitation_signing.yaml
deleted file mode 100644
index e2ac28b0cac..00000000000
--- a/api/identity/invitation_signing.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Ephemeral Invitation Signing API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/sign-ed25519":
-    post:
-      summary: Sign invitation details
-      description: |-
-        Sign invitation details.
-
-        The identity server will look up ``token`` which was stored in a call
-        to ``store-invite``, and fetch the sender of the invite.
-      operationId: blindlySignStuff
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            example: {
-              "mxid": "@foo:bar.com",
-              "token": "sometoken",
-              "private_key": "base64encodedkey"
-            }
-            properties:
-              mxid:
-                type: string
-                description: The Matrix user ID of the user accepting the invitation.
-              token:
-                type: string
-                description: The token from the call to ``store-invite``.
-              private_key:
-                type: string
-                description: The private key, encoded as `Unpadded base64`_.
-            required: ["mxid", "token", "private_key"]
-      responses:
-        200:
-          description: The signed JSON of the mxid, sender, and token.
-          schema:
-            type: object
-            properties:
-              mxid:
-                type: string
-                description: The Matrix user ID of the user accepting the invitation.
-              sender:
-                type: string
-                description: The Matrix user ID of the user who sent the invitation.
-              signatures:
-                type: object
-                description: The signature of the mxid, sender, and token.
-                $ref: "../../schemas/server-signatures.yaml"
-              token:
-                type: string
-                description: The token for the invitation.
-            required: ['mxid', 'sender', 'signatures', 'token']
-          examples:
-            application/json: {
-              "mxid": "@foo:bar.com",
-              "sender": "@baz:bar.com",
-              "signatures": {
-                "my.id.server": {
-                  "ed25519:0": "def987"
-                }
-              },
-              "token": "abc123"
-            }
-        404:
-          description: The token was not found.
-          examples:
-            application/json: {
-              "errcode": "M_UNRECOGNIZED",
-              "error": "Didn't recognize token"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
diff --git a/api/identity/lookup.yaml b/api/identity/lookup.yaml
deleted file mode 100644
index 78fa3e3e7a2..00000000000
--- a/api/identity/lookup.yaml
+++ /dev/null
@@ -1,171 +0,0 @@
-# Copyright 2016 OpenMarket Ltd
-# Copyright 2017 Kamax.io
-# Copyright 2017 New Vector Ltd
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Lookup API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/lookup":
-    get:
-      summary: Look up the Matrix user ID for a 3pid.
-      description: Look up the Matrix user ID for a 3pid.
-      operationId: lookupUser
-      deprecated: true
-      parameters:
-        - in: query
-          type: string
-          name: medium
-          required: true
-          description: The medium type of the 3pid. See the `3PID Types`_ Appendix.
-          x-example: "email"
-        - in: query
-          type: string
-          name: address
-          required: true
-          description: The address of the 3pid being looked up. See the `3PID Types`_ Appendix.
-          x-example: "louise@bobs.burgers"
-      responses:
-        200:
-          description:
-            The association for that 3pid, or an empty object if no association is known.
-          examples:
-            application/json: {
-              "address": "louise@bobs.burgers",
-              "medium": "email",
-              "mxid": "@ears:matrix.org",
-              "not_before": 1428825849161,
-              "not_after": 4582425849161,
-              "ts": 1428825849161,
-              "signatures": {
-                "matrix.org": {
-                  "ed25519:0": "ENiU2YORYUJgE6WBMitU0mppbQjidDLanAusj8XS2nVRHPu+0t42OKA/r6zV6i2MzUbNQ3c3MiLScJuSsOiVDQ"
-                }
-              }
-            }
-          schema:
-            type: object
-            properties:
-              address:
-                type: string
-                description: The 3pid address of the user being looked up, matching the address requested.
-              medium:
-                type: string
-                description: A medium from the `3PID Types`_ Appendix, matching the medium requested.
-              mxid:
-                type: string
-                description: The Matrix user ID associated with the 3pid.
-              not_before:
-                type: integer
-                description: A unix timestamp before which the association is not known to be valid.
-              not_after:
-                type: integer
-                description: A unix timestamp after which the association is not known to be valid.
-              ts:
-                type: integer
-                description: The unix timestamp at which the association was verified.
-              signatures:
-                type: object
-                description: The signatures of the verifying identity servers which show that the association should be trusted, if you trust the verifying identity servers.
-                $ref: "../../schemas/server-signatures.yaml"
-            required:
-              - address
-              - medium
-              - mxid
-              - not_before
-              - not_after
-              - ts
-              - signatures
-  "/bulk_lookup":
-    post:
-      summary: Lookup Matrix user IDs for a list of 3pids.
-      description: Lookup Matrix user IDs for a list of 3pids.
-      operationId: lookupUsers
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            example: {
-              "threepids":
-              [
-                ["email","user@example.org"],
-                ["msisdn", "123456789"],
-                ["email","user2@example.org"]
-              ]
-            }
-            properties:
-              threepids:
-                type: array
-                items:
-                  type: array
-                  title: 3PID mappings
-                  minItems: 2
-                  maxItems: 2
-                  items:
-                    # TODO: Give real names to these values. Adding a `title` does not work.
-                    #- type: 3PID Medium
-                    #- type: 3PID Address
-                    - type: string
-                    - type: string
-                description: |-
-                  An array of arrays containing the `3PID Types`_ with the ``medium``
-                  in first position and the ``address`` in second position.
-            required:
-              - "threepids"
-      responses:
-        200:
-          description: A list of known 3PID mappings for the supplied 3PIDs.
-          examples:
-            application/json: {
-              "threepids": [
-                ["email","user@example.org", "@bla:example.org"],
-                ["msisdn", "123456789", "@blah2:example.com"]
-              ]
-            }
-          schema:
-            type: object
-            properties:
-              threepids:
-                type: array
-                items:
-                  type: array
-                  title: 3PID mappings
-                  minItems: 3
-                  maxItems: 3
-                  items:
-                    # TODO: Give real names to these values. Adding a `title` does not work.
-                    #- type: 3PID Medium
-                    #- type: 3PID Address
-                    #- type: Matrix User ID
-                    - type: string
-                    - type: string
-                    - type: string
-                description: |-
-                  An array of array containing the `3PID Types`_ with the ``medium``
-                  in first position, the ``address`` in second position and Matrix user
-                  ID in third position.
-            required:
-              - "threepids"
diff --git a/api/identity/phone_associations.yaml b/api/identity/phone_associations.yaml
deleted file mode 100644
index 65bbff0c7dc..00000000000
--- a/api/identity/phone_associations.yaml
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Phone Number Associations API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/validate/msisdn/requestToken":
-    post:
-      summary: Request a token for validating a phone number.
-      description: |-
-        Create a session for validating a phone number.
-
-        The identity server will send an SMS message containing a token. If
-        that token is presented to the identity server in the future, it
-        indicates that that user was able to read the SMS for that phone
-        number, and so we validate ownership of the phone number.
-
-        Note that homeservers offer APIs that proxy this API, adding
-        additional behaviour on top, for example,
-        ``/register/msisdn/requestToken`` is designed specifically for use when
-        registering an account and therefore will inform the user if the phone
-        number given is already registered on the server.
-
-        Note: for backwards compatibility with previous drafts of this
-        specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data. However, this usage is
-        deprecated.
-      operationId: msisdnRequestToken
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            $ref: "definitions/request_msisdn_validation.yaml"
-      responses:
-        200:
-          description: Session created.
-          schema:
-            $ref: "definitions/sid.yaml"
-        400:
-          description: |
-            An error ocurred. Some possible errors are:
-
-            - ``M_INVALID_ADDRESS``: The phone number provided was invalid.
-            - ``M_SEND_ERROR``: The validation SMS could not be sent.
-            - ``M_DESTINATION_REJECTED``: The identity server cannot deliver an
-              SMS to the provided country or region.
-          examples:
-            application/json: {
-              "errcode": "M_INVALID_ADDRESS",
-              "error": "The phone number is not valid"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-  "/validate/msisdn/submitToken":
-    post:
-      summary: Validate ownership of a phone number.
-      description: |-
-        Validate ownership of a phone number.
-
-        If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the phone number is considered to
-        have been validated. This does not publish any information publicly, or
-        associate the phone number address with any Matrix user
-        ID. Specifically, calls to ``/lookup`` will not show a binding.
-
-        The identity server is free to match the token case-insensitively, or
-        carry out other mapping operations such as unicode
-        normalisation. Whether to do so is an implementation detail for the
-        identity server. Clients must always pass on the token without
-        modification.
-
-        Note: for backwards compatibility with previous drafts of this
-        specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data. However, this usage is
-        deprecated.
-      operationId: msisdnSubmitTokenPost
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            example: {
-              "sid": "1234",
-              "client_secret": "monkeys_are_GREAT",
-              "token": "atoken"
-            }
-            properties:
-              sid:
-                type: string
-                description: The session ID, generated by the ``requestToken`` call.
-              client_secret:
-                type: string
-                description: The client secret that was supplied to the ``requestToken`` call.
-              token:
-                type: string
-                description: The token generated by the ``requestToken`` call and sent to the user.
-            required: ["sid", "client_secret", "token"]
-      responses:
-        200:
-          description:
-            The success of the validation.
-          examples:
-            application/json: {
-              "success": true
-            }
-          schema:
-            type: object
-            properties:
-              success:
-                type: boolean
-                description: Whether the validation was successful or not.
-            required: ['success']
-    get:
-      summary: Validate ownership of a phone number.
-      description: |-
-        Validate ownership of a phone number.
-
-        If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the phone number address is
-        considered to have been validated. This does not publish any
-        information publicly, or associate the phone number with any Matrix
-        user ID. Specifically, calls to ``/lookup`` will not show a binding.
-
-        Note that, in contrast with the POST version, this endpoint will be
-        used by end-users, and so the response should be human-readable.
-      operationId: msisdnSubmitTokenGet
-      deprecated: true
-      parameters:
-        - in: query
-          type: string
-          name: sid
-          required: true
-          description: The session ID, generated by the ``requestToken`` call.
-          x-example: 1234
-        - in: query
-          type: string
-          name: client_secret
-          required: true
-          description: The client secret that was supplied to the ``requestToken`` call.
-          x-example: monkeys_are_GREAT
-        - in: query
-          type: string
-          name: token
-          required: true
-          description: The token generated by the ``requestToken`` call and sent to the user.
-          x-example: atoken
-      responses:
-        200:
-          description: Phone number is validated.
-        "3xx":
-          description: |-
-            Phone number address is validated, and the ``next_link`` parameter
-            was provided to the ``requestToken`` call. The user must be
-            redirected to the URL provided by the ``next_link`` parameter.
-        "4xx":
-          description:
-            Validation failed.
diff --git a/api/identity/ping.yaml b/api/identity/ping.yaml
deleted file mode 100644
index d7249a77291..00000000000
--- a/api/identity/ping.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 2018 Kamax Sàrl
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-swagger: "2.0"
-info:
-  title: "Matrix Identity Service Ping API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity
-produces:
-  - application/json
-paths:
-  "/api/v1":
-    get:
-      summary: Checks that an identity server is available at this API endpoint.
-      description: |-
-        Checks that an identity server is available at this API endpoint.
-
-        To discover that an identity server is available at a specific URL,
-        this endpoint can be queried and will return an empty object.
-
-        This is primarly used for auto-discovery and health check purposes
-        by entities acting as a client for the identity server.
-      operationId: ping
-      deprecated: true
-      responses:
-        200:
-          description: An identity server is ready to serve requests.
-          examples:
-            application/json: {}
-          schema:
-            type: object
diff --git a/api/identity/pubkey.yaml b/api/identity/pubkey.yaml
deleted file mode 100644
index a585e7ecbf4..00000000000
--- a/api/identity/pubkey.yaml
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 2016 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Public Key API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/pubkey/{keyId}":
-    get:
-      summary: Get a public key.
-      description: |-
-        Get the public key for the passed key ID.
-      operationId: getPubKey
-      deprecated: true
-      parameters:
-        - in: path
-          type: string
-          name: keyId
-          required: true
-          description: |-
-            The ID of the key. This should take the form algorithm:identifier
-            where algorithm identifies the signing algorithm, and the identifier
-            is an opaque string.
-          x-example: "ed25519:0"
-      responses:
-        200:
-          description:
-            The public key exists.
-          examples:
-            application/json: {
-              "public_key": "VXuGitF39UH5iRfvbIknlvlAVKgD1BsLDMvBf0pmp7c"
-            }
-          schema:
-            type: object
-            properties:
-              public_key:
-                type: string
-                description: Unpadded Base64 encoded public key.
-            required: ['public_key']
-        404:
-          description:
-            The public key was not found.
-          examples:
-            application/json: {
-              "errcode": "M_NOT_FOUND",
-              "error": "The public key was not found"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
-  "/pubkey/isvalid":
-    get:
-      summary: Check whether a long-term public key is valid.
-      description: |-
-        Check whether a long-term public key is valid. The response should always
-        be the same, provided the key exists.
-      operationId: isPubKeyValid
-      deprecated: true
-      parameters:
-        - in: query
-          type: string
-          name: public_key
-          required: true
-          description: |-
-            The unpadded base64-encoded public key to check.
-          x-example: "VXuGitF39UH5iRfvbIknlvlAVKgD1BsLDMvBf0pmp7c"
-      responses:
-        200:
-          description:
-            The validity of the public key.
-          examples:
-            application/json: {
-              "valid": true
-            }
-          schema:
-            type: object
-            properties:
-              valid:
-                type: boolean
-                description: Whether the public key is recognised and is currently valid.
-            required: ['valid']
-  "/pubkey/ephemeral/isvalid":
-    get:
-      summary: Check whether a short-term public key is valid.
-      description: |-
-        Check whether a short-term public key is valid.
-      operationId: isEphemeralPubKeyValid
-      deprecated: true
-      parameters:
-        - in: query
-          type: string
-          name: public_key
-          required: true
-          description: |-
-            The unpadded base64-encoded public key to check.
-          x-example: "VXuGitF39UH5iRfvbIknlvlAVKgD1BsLDMvBf0pmp7c"
-      responses:
-        200:
-          description:
-            The validity of the public key.
-          examples:
-            application/json: {
-              "valid": true
-            }
-          schema:
-            type: object
-            properties:
-              valid:
-                type: boolean
-                description: Whether the public key is recognised and is currently valid.
-            required: ['valid']
diff --git a/api/identity/store_invite.yaml b/api/identity/store_invite.yaml
deleted file mode 100644
index 4a5d525d564..00000000000
--- a/api/identity/store_invite.yaml
+++ /dev/null
@@ -1,161 +0,0 @@
-# Copyright 2018 New Vector Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-swagger: '2.0'
-info:
-  title: "Matrix Identity Service Store Invitations API"
-  version: "1.0.0"
-host: localhost:8090
-schemes:
-  - https
-basePath: /_matrix/identity/api/v1
-consumes:
-  - application/json
-produces:
-  - application/json
-paths:
-  "/store-invite":
-    post:
-      summary: Store pending invitations to a user's 3pid.
-      description: |-
-        Store pending invitations to a user's 3pid.
-
-        In addition to the request parameters specified below, an arbitrary
-        number of other parameters may also be specified. These may be used in
-        the invite message generation described below.
-
-        The service will generate a random token and an ephemeral key used for
-        accepting the invite.
-
-        The service also generates a ``display_name`` for the inviter, which is
-        a redacted version of ``address`` which does not leak the full contents
-        of the ``address``.
-
-        The service records persistently all of the above information.
-
-        It also generates an email containing all of this data, sent to the
-        ``address`` parameter, notifying them of the invitation.
-
-        Also, the generated ephemeral public key will be listed as valid on
-        requests to ``/_matrix/identity/api/v1/pubkey/ephemeral/isvalid``.
-
-        Currently, invites may only be issued for 3pids of the ``email`` medium.
-
-        Optional fields in the request should be populated to the best of the
-        server's ability. Identity servers may use these variables when notifying
-        the ``address`` of the pending invite for display purposes.
-      operationId: storeInvite
-      deprecated: true
-      parameters:
-        - in: body
-          name: body
-          schema:
-            type: object
-            properties:
-              medium:
-                type: string
-                description: The literal string ``email``.
-                example: "email"
-              address:
-                type: string
-                description: The email address of the invited user.
-                example: "foo@example.com"
-              room_id:
-                type: string
-                description: The Matrix room ID to which the user is invited
-                example: "!something:example.org"
-              sender:
-                type: string
-                description: The Matrix user ID of the inviting user
-                example: "@bob:example.com"
-              room_alias:
-                type: string
-                description: |-
-                  The Matrix room alias for the room to which the user is
-                  invited. This should be retrieved from the ``m.room.canonical_alias``
-                  state event.
-                example: "#somewhere:exmaple.org"
-              room_avatar_url:
-                type: string
-                description: |-
-                  The Content URI for the room to which the user is invited. This should
-                  be retrieved from the ``m.room.avatar`` state event.
-                example: "mxc://example.org/s0meM3dia"
-              room_join_rules:
-                type: string
-                description: |-
-                  The ``join_rule`` for the room to which the user is invited. This should
-                  be retrieved from the ``m.room.join_rules`` state event.
-                example: "public"
-              room_name:
-                type: string
-                description: |-
-                  The name of the room to which the user is invited. This should be retrieved
-                  from the ``m.room.name`` state event.
-                example: "Bob's Emporium of Messages"
-              sender_display_name:
-                type: string
-                description: The display name of the user ID initiating the invite.
-                example: "Bob Smith"
-              sender_avatar_url:
-                type: string
-                description: The Content URI for the avatar of the user ID initiating the invite.
-                example: "mxc://example.org/an0th3rM3dia"
-            required: ["medium", "address", "room_id", "sender"]
-      responses:
-        200:
-          description: The invitation was stored.
-          schema:
-            type: object
-            properties:
-              token:
-                type: string
-                description: |
-                  The generated token. Must be a string consisting of the
-                  characters ``[0-9a-zA-Z.=_-]``. Its length must not exceed
-                  255 characters and it must not be empty.
-              public_keys:
-                type: array
-                description: |
-                  A list of [server's long-term public key, generated ephemeral
-                  public key].
-                items:
-                  type: string
-              display_name:
-                type: string
-                description: The generated (redacted) display_name.
-            required: ['token', 'public_keys', 'display_name']
-            example:
-              application/json: {
-                "token": "sometoken",
-                "public_keys": [
-                  "serverpublickey",
-                  "ephemeralpublickey"
-                ],
-                "display_name": "f...@b..."
-              }
-        400:
-          description: |
-            An error has occured.
-
-            If the 3pid is already bound to a Matrix user ID, the error code
-            will be ``M_THREEPID_IN_USE``.  If the medium is unsupported, the
-            error code will be ``M_UNRECOGNIZED``.
-          examples:
-            application/json: {
-              "errcode": "M_THREEPID_IN_USE",
-              "error": "Binding already known",
-              "mxid": "@alice:example.com"
-            }
-          schema:
-            $ref: "../client-server/definitions/errors/error.yaml"
diff --git a/assets/icons/logo.svg b/assets/icons/logo.svg
new file mode 100644
index 00000000000..ec067c8eb21
--- /dev/null
+++ b/assets/icons/logo.svg
@@ -0,0 +1,5 @@
+<svg width="75" height="32" xmlns="http://www.w3.org/2000/svg">
+  <g fill="#000" fill-rule="nonzero">
+    <path d="M.936.732V31.25H3.13v.732H.095V0h3.034v.732zM9.386 10.407v1.544h.044a4.461 4.461 0 0 1 1.487-1.368c.58-.323 1.245-.485 1.993-.485.72 0 1.377.14 1.972.42.595.279 1.047.771 1.355 1.477.338-.5.796-.941 1.377-1.323.58-.383 1.266-.574 2.06-.574.602 0 1.16.074 1.674.22.514.148.954.383 1.322.707.366.323.653.746.859 1.268.205.522.308 1.15.308 1.887v7.633H20.71v-6.464c0-.383-.015-.743-.044-1.082a2.305 2.305 0 0 0-.242-.882 1.473 1.473 0 0 0-.584-.596c-.257-.146-.606-.22-1.047-.22-.44 0-.796.085-1.068.253-.272.17-.485.39-.639.662a2.654 2.654 0 0 0-.308.927 7.074 7.074 0 0 0-.078 1.048v6.354h-3.128v-6.398c0-.338-.007-.673-.021-1.004a2.825 2.825 0 0 0-.188-.916 1.411 1.411 0 0 0-.55-.673c-.258-.168-.636-.253-1.135-.253a2.33 2.33 0 0 0-.584.1 1.94 1.94 0 0 0-.705.374c-.228.184-.422.449-.584.794-.161.346-.242.798-.242 1.357v6.619H6.434V10.407h2.952zM25.842 12.084a3.751 3.751 0 0 1 1.233-1.17 5.37 5.37 0 0 1 1.685-.629 9.579 9.579 0 0 1 1.884-.187c.573 0 1.153.04 1.74.121.588.081 1.124.24 1.609.475.484.235.88.562 1.19.981.308.42.462.975.462 1.666v5.934c0 .516.03 1.008.088 1.478.058.471.161.824.308 1.06H32.87a4.435 4.435 0 0 1-.22-1.104c-.5.515-1.087.876-1.762 1.081a7.084 7.084 0 0 1-2.071.31c-.544 0-1.05-.067-1.52-.2a3.472 3.472 0 0 1-1.234-.617 2.87 2.87 0 0 1-.826-1.059c-.199-.426-.298-.934-.298-1.522 0-.647.114-1.18.342-1.6.227-.419.52-.753.881-1.004.36-.25.771-.437 1.234-.562.462-.125.929-.224 1.399-.298.47-.073.932-.132 1.387-.176.456-.044.86-.11 1.212-.199.353-.088.631-.217.837-.386.206-.169.301-.415.287-.74 0-.337-.055-.606-.166-.804a1.217 1.217 0 0 0-.44-.464 1.737 1.737 0 0 0-.639-.22 5.292 5.292 0 0 0-.782-.055c-.617 0-1.101.132-1.454.397-.352.264-.558.706-.617 1.323h-3.128c.044-.735.227-1.345.55-1.83zm6.179 4.423a5.095 5.095 0 0 1-.639.165 9.68 9.68 0 0 1-.716.11c-.25.03-.5.067-.749.11a5.616 5.616 0 0 0-.694.177 2.057 2.057 0 0 0-.594.298c-.17.125-.305.284-.408.474-.103.192-.154.434-.154.728 0 .28.051.515.154.706.103.192.242.342.419.453.176.11.381.187.617.231.234.044.477.066.726.066.617 0 1.094-.102 1.432-.309.338-.205.587-.452.75-.739.16-.286.26-.576.297-.87.036-.295.055-.53.055-.707v-1.17a1.4 1.4 0 0 1-.496.277zM43.884 10.407v2.096h-2.291v5.647c0 .53.088.883.264 1.059.176.177.529.265 1.057.265.177 0 .345-.007.507-.022.161-.015.316-.037.463-.066v2.426a7.49 7.49 0 0 1-.882.089 21.67 21.67 0 0 1-.947.022c-.484 0-.944-.034-1.377-.1a3.233 3.233 0 0 1-1.145-.386 2.04 2.04 0 0 1-.782-.816c-.191-.353-.287-.816-.287-1.39v-6.728H36.57v-2.096h1.894v-3.42h3.129v3.42h2.29zM48.355 10.407v2.118h.044a3.907 3.907 0 0 1 1.454-1.754 4.213 4.213 0 0 1 1.036-.497 3.734 3.734 0 0 1 1.145-.176c.206 0 .433.037.683.11v2.912a5.862 5.862 0 0 0-.528-.077 5.566 5.566 0 0 0-.595-.033c-.573 0-1.058.096-1.454.287a2.52 2.52 0 0 0-.958.783 3.143 3.143 0 0 0-.518 1.158 6.32 6.32 0 0 0-.154 1.434v5.14h-3.128V10.407h2.973zM54.039 8.642V6.06h3.128v2.582H54.04zm3.128 1.765v11.405H54.04V10.407h3.128zM58.797 10.407h3.569l2.005 2.978 1.982-2.978h3.459l-3.745 5.339 4.208 6.067h-3.57l-2.378-3.596-2.38 3.596h-3.502l4.097-6.001zM74.094 31.25V.732H71.9V0h3.035v31.982H71.9v-.732z"/>
+  </g>
+</svg>
diff --git a/assets/scss/_variables_project.scss b/assets/scss/_variables_project.scss
new file mode 100644
index 00000000000..1e7e39500f2
--- /dev/null
+++ b/assets/scss/_variables_project.scss
@@ -0,0 +1,41 @@
+/*
+Copyright 2020, 2021 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+$primary: #FFF;
+$secondary: #0098D4;
+$dark: #333;
+$gray-100: #FBFBFB;
+
+$secondary-background: #E5F5FB;
+$secondary-lighter-background: #F4FaFC;
+$secondary-lightest-background: #FBFDFD;
+
+
+$warning: #FF6666;
+$note: $secondary;
+
+$note-background: $secondary-background;
+$warning-background: #FFE0E0;
+
+$table-row-alternate: $secondary-lightest-background;
+$table-row-default: $secondary-lighter-background;
+
+/*
+ Opt to serve fonts locally by overriding web-font-path to be a non-google fonts URL.
+ This is only possible with our modified docsy theme: https://github.com/matrix-org/docsy
+ */
+$web-font-path: "../css/fonts/Inter.css";
+$google_font_name: "Inter";
diff --git a/assets/scss/custom.scss b/assets/scss/custom.scss
new file mode 100644
index 00000000000..62ae4532f00
--- /dev/null
+++ b/assets/scss/custom.scss
@@ -0,0 +1,428 @@
+/*
+Copyright 2020, 2021 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+Custom SCSS for the Matrix spec
+*/
+
+@import "variables_project";
+@import "variables";
+
+/* Overrides for the navbar */
+.td-navbar {
+  box-shadow: 0px 0px 8px rgba(179, 179, 179, 0.25);
+  min-height: 5rem;
+
+  .navbar-brand {
+    font-size: 1.1rem;
+
+    .navbar-version {
+      color: $secondary;
+    }
+
+  }
+
+  a {
+    color: $black;
+  }
+}
+
+/* Styles for the sidebar nav */
+.td-sidebar-nav {
+  scroll-behavior: smooth;
+  overscroll-behavior: contain;
+
+  &>.td-sidebar-nav__section {
+    margin-top: 1rem;
+  }
+
+  &>.td-sidebar-nav__section > li > a.td-sidebar-link {
+      font-weight: $font-weight-bold;
+      font-size: 1.3rem;
+  }
+
+  /* This is to make the width of the items that have sub-items (like room versions)
+  the same as the width of items that don't (like changelog) */
+  .pr-md-3, .px-md-3 {
+    padding-right: 0 !important;
+  }
+
+  a.indent-1 {
+    padding-left: 1rem !important;
+  }
+
+  a.indent-2 {
+    padding-left: 2rem;
+  }
+
+  a, a.td-sidebar-link {
+    color: $gray-800;
+    font-weight: $font-weight-normal;
+    padding-top: .2rem;
+    padding-bottom: .2rem;
+
+    display: block;
+    transition: all 100ms ease-in-out;
+
+    &:hover {
+      background-color: $secondary-lighter-background;
+      color: $gray-800;
+    }
+
+    &.active, &active:hover {
+      background-color: $secondary-background;
+      font-weight: $font-weight-normal;
+    }
+  }
+}
+
+@media (min-width: 768px) {
+  @supports (position: sticky) {
+    .td-sidebar-nav {
+      /* This overrides calc(100vh - 10rem);, which gives us a blank space at the bottom of the sidebar */
+      max-height: calc(100vh - 6rem);
+    }
+  }
+}
+
+/* Customise footer */
+footer {
+  box-shadow: 0px 0px 8px rgba(179, 179, 179, 0.25);
+}
+
+/* Auto numbering for headings */
+.td-content {
+
+  counter-reset: h2;
+
+  &> h2 {
+    counter-reset: h3
+  }
+
+  &> h3 {
+    counter-reset: h4
+  }
+
+  &> h4 {
+    counter-reset: h5
+  }
+
+  &> h5 {
+    counter-reset: h6
+  }
+
+  &> h2:not(.no-numbers):before {
+    display: inline; visibility: visible; counter-increment: h2; content: counter(h2) ". "
+  }
+
+  &> h3:not(.no-numbers):before {
+    display: inline; visibility: visible; counter-increment: h3; content: counter(h2) "." counter(h3) ". "
+  }
+
+  &> h4:not(.no-numbers):before {
+    display: inline; visibility: visible; counter-increment: h4; content: counter(h2) "." counter(h3) "." counter(h4) ". "
+  }
+
+  &> h5:not(.no-numbers):before {
+    display: inline; visibility: visible; counter-increment: h5; content: counter(h2) "." counter(h3) "." counter(h4) "." counter(h5) ". "
+  }
+
+  &> h6:not(.no-numbers):before {
+    display: inline; visibility: visible; counter-increment: h6; content: counter(h2) "." counter(h3) "." counter(h4) "." counter(h5) "." counter(h6) ". "
+  }
+
+}
+
+/* Adjust heading anchors for site header */
+.td-content {
+  &> h2,
+  &> h3,
+  &> h4,
+  &> h5,
+  &> h6,
+  .rendered-data h1 {
+    scroll-margin-top: 5rem;
+  }
+}
+
+/* Styles for the table of contents */
+#toc {
+  padding-top: .5rem;
+  padding-left: 1.5rem;
+
+  ol {
+    padding-left: 1rem;
+    counter-reset: section;
+    list-style-type: none;
+  }
+
+  #TableOfContents {
+    &>ol>li {
+      margin-bottom: .5rem;
+
+      &>a {
+        font-weight: $font-weight-bold;
+      }
+    }
+
+    ol {
+      padding-left: 0;
+    }
+
+    &>ol>li>a {
+      padding-left: 1rem;
+    }
+
+    &>ol>li>ol>li>a {
+      padding-left: 2rem;
+    }
+
+    &>ol>li>ol>li>ol>li>a {
+      padding-left: 3rem;
+    }
+
+    &>ol>li>ol>li>ol>li>ol>li>a {
+      padding-left: 4rem;
+    }
+
+    &>ol>li>ol>li>ol>li>ol>li>ol>li>a {
+      padding-left: 5rem;
+    }
+
+  }
+
+  li a:before {
+    counter-increment: section;
+    content: counters(section, ".") " ";
+  }
+
+  #toc-title {
+    font-weight: $font-weight-bold;
+    font-size: 1.3rem;
+  }
+
+}
+
+/* Styles for alert boxes */
+.alert {
+  &.note {
+    &:not(.omit-title):before {
+      content: "INFO: ";
+      font-weight: $font-weight-bold;
+    }
+    border: 2px solid $note;
+    border-left-width: 5px;
+    background: $note-background;
+  }
+
+  &.rationale {
+    &:not(.omit-title):before {
+      content: "RATIONALE: ";
+      font-weight: $font-weight-bold;
+    }
+    border: 2px solid $note;
+    border-left-width: 5px;
+    background: $note-background;
+  }
+
+  &.warning {
+    &:not(.omit-title):before {
+      content: "WARNING: ";
+      font-weight: $font-weight-bold;
+    }
+    border: 2px solid $warning;
+    border-left-width: 5px;
+    background: $warning-background;
+  }
+}
+
+/* Styles for sections that are rendered from data, such as HTTP APIs and event schemas */
+.rendered-data {
+  margin: 1rem 0 3rem 0;
+
+  details {
+
+    summary {
+      padding: .5rem 0;
+      list-style-position: outside;
+    }
+  }
+
+  .deprecated-inline {
+
+    &:after {
+      content: " — DEPRECATED";
+      color: $warning;
+      font-weight: $font-weight-bold;
+    }
+  }
+
+  h1 {
+    display: inline-block;
+    font-size: 1.3rem;
+
+    .endpoint {
+      color: $secondary;
+    }
+  }
+
+  h2 {
+    font-weight: $font-weight-bold;
+    font-size: 1.3rem;
+    margin: 3rem 0 .5rem 0;
+  }
+
+  h3 {
+    font-weight: $font-weight-bold;
+    font-size: 1.1rem;
+    margin: 1.5rem 0 .75rem 0;
+  }
+
+  h2 + table, h3 + table, h3 + div.highlight {
+    margin-top: 0;
+  }
+
+  hr {
+    border-bottom: 2px solid $dark;
+    margin-bottom: 1.5rem;
+  }
+
+  p {
+    max-width: 80%;
+  }
+
+  p code, table code {
+    background-color: $white;
+  }
+
+  table {
+    table-layout: fixed;
+    width: 100%;
+    margin: 4rem 0;
+
+    caption {
+      caption-side: top;
+      color: $dark;
+      font-size: 1rem;
+      font-weight: $font-weight-bold;
+    }
+
+    th, td, caption {
+      padding: 1rem;
+    }
+
+    th {
+      background-color: $white;
+    }
+
+    caption, tr {
+      background-color: $table-row-default;
+    }
+
+    tr:nth-child(even) {
+      background-color: $table-row-alternate;
+    }
+
+    &.basic-info, &.basic-info th, &.basic-info td {
+      table-layout: fixed;
+      margin: 1rem 0 .5rem 0;
+      background-color: $white;
+    }
+
+    &.basic-info th {
+      width: 15rem;
+    }
+
+    .col-name, .col-type, .col-status {
+      width: 25%;
+    }
+
+    .col-description {
+      width: 50%;
+    }
+
+    .col-status-description {
+      width: 75%;
+    }
+
+  }
+
+  pre {
+    border: 0;
+    border-left: solid 5px $secondary;
+  }
+
+  .http-api-method {
+    font-weight: $font-weight-bold;
+  }
+
+}
+
+/* Miscellaneous custom bits */
+
+/* Update link colours for MAtrix style */
+a, a:hover {
+  color: $secondary;
+}
+
+/* This is needed to stop the bottom of the Matrix icon from getting snipped off. */
+.td-navbar .navbar-brand svg {
+  height: 32px;
+}
+
+/* Give code samples and pre elements full-width */
+.td-content > .highlight, .td-content > pre {
+  max-width: 100%;
+}
+
+/* The default CSS applies a style for blockquotes but only to immediate children
+of .td-content. This applies the same style to any blockquotes that descend from
+.td-content. */
+.td-content blockquote {
+  padding: 0 0 0 1rem;
+  margin-bottom: $spacer;
+  color: $gray-600;
+  border-left: 6px solid $secondary;
+}
+
+/*
+Make padding symmetrical (this selector is used in the default styles to apply padding-left: 3rem)
+*/
+.pl-md-5, .px-md-5 {
+  padding-right: 3rem;
+}
+
+/* Adjust default styles for info banner */
+.pageinfo-primary {
+  max-width: 80%;
+  margin-left: 0;
+  border: 0;
+  border-left: solid 5px $secondary;
+  background-color: $gray-100;
+}
+
+.pageinfo-unstable {
+  background-image: url('../icons/unstable.png');
+  background-position: left 1rem center;
+  background-repeat: no-repeat;
+  padding-left: 100px;
+}
+
+/* Full-width tables */
+.td-content > table {
+  width: 100%;
+  display: table;
+}
diff --git a/drafts/ancient_federated_versioning_design_notes.rst b/attic/drafts/ancient_federated_versioning_design_notes.rst
similarity index 100%
rename from drafts/ancient_federated_versioning_design_notes.rst
rename to attic/drafts/ancient_federated_versioning_design_notes.rst
diff --git a/drafts/application_services.rst b/attic/drafts/application_services.rst
similarity index 100%
rename from drafts/application_services.rst
rename to attic/drafts/application_services.rst
diff --git a/drafts/data_flows.rst b/attic/drafts/data_flows.rst
similarity index 100%
rename from drafts/data_flows.rst
rename to attic/drafts/data_flows.rst
diff --git a/drafts/erik-model.rst b/attic/drafts/erik-model.rst
similarity index 100%
rename from drafts/erik-model.rst
rename to attic/drafts/erik-model.rst
diff --git a/drafts/erikj_federation.rst b/attic/drafts/erikj_federation.rst
similarity index 100%
rename from drafts/erikj_federation.rst
rename to attic/drafts/erikj_federation.rst
diff --git a/drafts/flows_and_auth.rst b/attic/drafts/flows_and_auth.rst
similarity index 100%
rename from drafts/flows_and_auth.rst
rename to attic/drafts/flows_and_auth.rst
diff --git a/drafts/general_api.rst b/attic/drafts/general_api.rst
similarity index 100%
rename from drafts/general_api.rst
rename to attic/drafts/general_api.rst
diff --git a/drafts/human-id-rules.rst b/attic/drafts/human-id-rules.rst
similarity index 100%
rename from drafts/human-id-rules.rst
rename to attic/drafts/human-id-rules.rst
diff --git a/drafts/model/presence.rst b/attic/drafts/model/presence.rst
similarity index 100%
rename from drafts/model/presence.rst
rename to attic/drafts/model/presence.rst
diff --git a/drafts/model/profiles.rst b/attic/drafts/model/profiles.rst
similarity index 100%
rename from drafts/model/profiles.rst
rename to attic/drafts/model/profiles.rst
diff --git a/drafts/model/protocol_examples.rst b/attic/drafts/model/protocol_examples.rst
similarity index 100%
rename from drafts/model/protocol_examples.rst
rename to attic/drafts/model/protocol_examples.rst
diff --git a/drafts/model/room-join-workflow.rst b/attic/drafts/model/room-join-workflow.rst
similarity index 100%
rename from drafts/model/room-join-workflow.rst
rename to attic/drafts/model/room-join-workflow.rst
diff --git a/drafts/model/rooms.rst b/attic/drafts/model/rooms.rst
similarity index 100%
rename from drafts/model/rooms.rst
rename to attic/drafts/model/rooms.rst
diff --git a/drafts/model/third-party-id.rst b/attic/drafts/model/third-party-id.rst
similarity index 100%
rename from drafts/model/third-party-id.rst
rename to attic/drafts/model/third-party-id.rst
diff --git a/drafts/object_model.rst b/attic/drafts/object_model.rst
similarity index 100%
rename from drafts/object_model.rst
rename to attic/drafts/object_model.rst
diff --git a/drafts/pstn_gatewaying.txt b/attic/drafts/pstn_gatewaying.txt
similarity index 100%
rename from drafts/pstn_gatewaying.txt
rename to attic/drafts/pstn_gatewaying.txt
diff --git a/drafts/reputation_thoughts.rst b/attic/drafts/reputation_thoughts.rst
similarity index 100%
rename from drafts/reputation_thoughts.rst
rename to attic/drafts/reputation_thoughts.rst
diff --git a/drafts/use_cases.rst b/attic/drafts/use_cases.rst
similarity index 100%
rename from drafts/use_cases.rst
rename to attic/drafts/use_cases.rst
diff --git a/drafts/websockets.rst b/attic/drafts/websockets.rst
similarity index 100%
rename from drafts/websockets.rst
rename to attic/drafts/websockets.rst
diff --git a/changelogs/application_service/newsfragments/2888.clarification b/changelogs/application_service/newsfragments/2888.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/application_service/newsfragments/2888.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/2387.new b/changelogs/client_server/newsfragments/2387.new
index a709a5faa88..cfb5af1c672 100644
--- a/changelogs/client_server/newsfragments/2387.new
+++ b/changelogs/client_server/newsfragments/2387.new
@@ -1 +1 @@
-Add key backup (``/room_keys/*``) endpoints.
+Add key backup (`/room_keys/*`) endpoints.
diff --git a/changelogs/client_server/newsfragments/2399.feature b/changelogs/client_server/newsfragments/2399.feature
new file mode 100644
index 00000000000..3b0380b2658
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2399.feature
@@ -0,0 +1 @@
+Document how clients can advise recipients that it is withholding decryption keys as per [MSC2399](https://github.com/matrix-org/matrix-doc/pull/2399).
diff --git a/changelogs/client_server/newsfragments/2536.feature b/changelogs/client_server/newsfragments/2536.feature
new file mode 100644
index 00000000000..56e4e79ba32
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2536.feature
@@ -0,0 +1 @@
+Add cross-signing properties to the response of `POST /keys/query` per [MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756).
diff --git a/changelogs/client_server/newsfragments/2536.new b/changelogs/client_server/newsfragments/2536.new
new file mode 100644
index 00000000000..8572e33ae8d
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2536.new
@@ -0,0 +1 @@
+Add `POST /keys/device_signing/upload` and `POST /keys/signatures/upload` per [MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756).
diff --git a/changelogs/client_server/newsfragments/2591.clarification b/changelogs/client_server/newsfragments/2591.clarification
index 7473f45340a..dadf44ab19f 100644
--- a/changelogs/client_server/newsfragments/2591.clarification
+++ b/changelogs/client_server/newsfragments/2591.clarification
@@ -1 +1 @@
-Fix issues with ``age`` and ``unsigned`` being shown in the wrong places.
+Fix issues with `age` and `unsigned` being shown in the wrong places.
diff --git a/changelogs/client_server/newsfragments/2609.removal b/changelogs/client_server/newsfragments/2609.removal
index deafc77d067..24b523e9579 100644
--- a/changelogs/client_server/newsfragments/2609.removal
+++ b/changelogs/client_server/newsfragments/2609.removal
@@ -1 +1 @@
-Remove unimplemented ``m.login.oauth2`` and ``m.login.token`` user-interactive authentication mechanisms.
+Remove unimplemented `m.login.oauth2` and `m.login.token` user-interactive authentication mechanisms.
diff --git a/changelogs/client_server/newsfragments/2629.clarification b/changelogs/client_server/newsfragments/2629.clarification
index 07fc430e53a..0813de4491a 100644
--- a/changelogs/client_server/newsfragments/2629.clarification
+++ b/changelogs/client_server/newsfragments/2629.clarification
@@ -1 +1 @@
-Remove ``room_id`` from ``/sync`` examples.
+Remove `room_id` from `/sync` examples.
diff --git a/changelogs/client_server/newsfragments/2647.clarification b/changelogs/client_server/newsfragments/2647.clarification
index a0c5e7cc39d..e902980e9d3 100644
--- a/changelogs/client_server/newsfragments/2647.clarification
+++ b/changelogs/client_server/newsfragments/2647.clarification
@@ -1 +1 @@
-Improve consistency and clarity of event schema ``title``\ s.
+Improve consistency and clarity of event schema `title` s.
diff --git a/changelogs/client_server/newsfragments/2709.feature b/changelogs/client_server/newsfragments/2709.feature
index a6b3e2a237b..309b1c0d5ba 100644
--- a/changelogs/client_server/newsfragments/2709.feature
+++ b/changelogs/client_server/newsfragments/2709.feature
@@ -1 +1 @@
-Add a ``device_id`` parameter to login fallback per `MSC2604 <https://github.com/matrix-org/matrix-doc/pull/2604>`_.
+Add a `device_id` parameter to login fallback per [MSC2604](https://github.com/matrix-org/matrix-doc/pull/2604).
diff --git a/changelogs/client_server/newsfragments/2754.clarification b/changelogs/client_server/newsfragments/2754.clarification
index d3f96b8451a..ddbafc8758b 100644
--- a/changelogs/client_server/newsfragments/2754.clarification
+++ b/changelogs/client_server/newsfragments/2754.clarification
@@ -1 +1 @@
-Clarify the behaviour of ``state`` for ``/sync`` with lazy-loading.
+Clarify the behaviour of `state` for `/sync` with lazy-loading.
diff --git a/changelogs/client_server/newsfragments/2795.feature b/changelogs/client_server/newsfragments/2795.feature
new file mode 100644
index 00000000000..85637012fcd
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2795.feature
@@ -0,0 +1 @@
+Added support for `reason` on all membership events and related endpoints as per [MSC2367](https://github.com/matrix-org/matrix-doc/pull/2367).
diff --git a/changelogs/client_server/newsfragments/2796.feature b/changelogs/client_server/newsfragments/2796.feature
new file mode 100644
index 00000000000..067d98d8372
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2796.feature
@@ -0,0 +1 @@
+Add a 404 `M_NOT_FOUND` error to push rule endpoints as per [MSC2663](https://github.com/matrix-org/matrix-doc/pull/2663).
diff --git a/changelogs/client_server/newsfragments/2807.feature b/changelogs/client_server/newsfragments/2807.feature
new file mode 100644
index 00000000000..6a34b60f026
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2807.feature
@@ -0,0 +1 @@
+Make `reason` and `score` parameters optional in the content reporting API (MSC2414).
diff --git a/changelogs/client_server/newsfragments/2808.feature b/changelogs/client_server/newsfragments/2808.feature
new file mode 100644
index 00000000000..3c97b84f49f
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2808.feature
@@ -0,0 +1 @@
+Allow guests to get the list of members for a room (MSC2689).
diff --git a/changelogs/client_server/newsfragments/2809.clarification b/changelogs/client_server/newsfragments/2809.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2809.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/2814.clarification b/changelogs/client_server/newsfragments/2814.clarification
new file mode 100644
index 00000000000..840300fe3a7
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2814.clarification
@@ -0,0 +1 @@
+Clarify description of m.room.redaction event.
diff --git a/changelogs/client_server/newsfragments/2878.clarification b/changelogs/client_server/newsfragments/2878.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2878.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/2885.clarification b/changelogs/client_server/newsfragments/2885.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2885.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/2888.clarification b/changelogs/client_server/newsfragments/2888.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2888.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/2928.clarification b/changelogs/client_server/newsfragments/2928.clarification
new file mode 100644
index 00000000000..60653eae2ef
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2928.clarification
@@ -0,0 +1 @@
+Mark `messages` as a required JSON body field in `PUT /_matrix/client/r0/sendToDevice/{eventType}/{txnId}` calls.
diff --git a/changelogs/client_server/newsfragments/2985.clarification b/changelogs/client_server/newsfragments/2985.clarification
new file mode 100644
index 00000000000..d3c768e3b3a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/2985.clarification
@@ -0,0 +1 @@
+Correct examples of `client_secret` request body parameters so that they do not include invalid characters.
diff --git a/changelogs/client_server/newsfragments/3091.clarification b/changelogs/client_server/newsfragments/3091.clarification
new file mode 100644
index 00000000000..88868b3e360
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3091.clarification
@@ -0,0 +1 @@
+Fix example MXC URI for m.presence.
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3098.feature b/changelogs/client_server/newsfragments/3098.feature
new file mode 100644
index 00000000000..0f3c3ab88e4
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3098.feature
@@ -0,0 +1 @@
+Add support for spoilers ([MSC2010](https://github.com/matrix-org/matrix-doc/pull/2010) and [MSC2557](https://github.com/matrix-org/matrix-doc/pull/2557)), and `color` attribute ([MSC2422](https://github.com/matrix-org/matrix-doc/pull/2422)).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3099.clarification b/changelogs/client_server/newsfragments/3099.clarification
new file mode 100644
index 00000000000..0e104a803e9
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3099.clarification
@@ -0,0 +1 @@
+Clarify that event bodies are untrusted, as per [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3100.feature b/changelogs/client_server/newsfragments/3100.feature
new file mode 100644
index 00000000000..259f19583c1
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3100.feature
@@ -0,0 +1 @@
+Add `<details>` and `<summary>` to the suggested HTML subset as per [MSC2184](https://github.com/matrix-org/matrix-doc/pull/2184).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3116.clarification b/changelogs/client_server/newsfragments/3116.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3116.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/3127.clarification b/changelogs/client_server/newsfragments/3127.clarification
new file mode 100644
index 00000000000..d858e2b796b
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3127.clarification
@@ -0,0 +1 @@
+Fix the maximum event size restriction (65535 bytes -> 65536).
diff --git a/changelogs/client_server/newsfragments/3139.breaking b/changelogs/client_server/newsfragments/3139.breaking
new file mode 100644
index 00000000000..755afc35eef
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3139.breaking
@@ -0,0 +1 @@
+Add `m.key.verification.ready` and `m.key.verification.done` to key verification framework as per [MSC2366](https://github.com/matrix-org/matrix-doc/pull/2366).
diff --git a/changelogs/client_server/newsfragments/3139.feature b/changelogs/client_server/newsfragments/3139.feature
new file mode 100644
index 00000000000..3733106597a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3139.feature
@@ -0,0 +1 @@
+Add key verification using in-room messages as per [MSC2241](https://github.com/matrix-org/matrix-doc/pull/2241).
diff --git a/changelogs/client_server/newsfragments/3147.feature b/changelogs/client_server/newsfragments/3147.feature
new file mode 100644
index 00000000000..21017aaff04
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3147.feature
@@ -0,0 +1 @@
+Add information about using SSSS for cross-signing and key backup.
diff --git a/changelogs/client_server/newsfragments/3149.feature b/changelogs/client_server/newsfragments/3149.feature
new file mode 100644
index 00000000000..2a85b47fd3e
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3149.feature
@@ -0,0 +1 @@
+Add key verification method using QR codes ([MSC1544](https://github.com/matrix-org/matrix-doc/pull/1544)).
diff --git a/changelogs/client_server/newsfragments/3150.feature b/changelogs/client_server/newsfragments/3150.feature
new file mode 100644
index 00000000000..3733106597a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3150.feature
@@ -0,0 +1 @@
+Add key verification using in-room messages as per [MSC2241](https://github.com/matrix-org/matrix-doc/pull/2241).
diff --git a/changelogs/client_server/newsfragments/3151.feature b/changelogs/client_server/newsfragments/3151.feature
new file mode 100644
index 00000000000..a6aa98e9fd1
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3151.feature
@@ -0,0 +1 @@
+Document how clients can simplify usage of Secure Secret Storage ([MSC2874](https://github.com/uhoreg/matrix-doc/pull/new/single_ssss_spec)).
diff --git a/changelogs/client_server/newsfragments/3154.feature b/changelogs/client_server/newsfragments/3154.feature
new file mode 100644
index 00000000000..c73c27ec64a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3154.feature
@@ -0,0 +1 @@
+Add support for knocking, as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3154.new b/changelogs/client_server/newsfragments/3154.new
new file mode 100644
index 00000000000..aa89f639c9e
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3154.new
@@ -0,0 +1 @@
+Add `/knock` endpoint as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3163.feature b/changelogs/client_server/newsfragments/3163.feature
new file mode 100644
index 00000000000..8595394fa63
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3163.feature
@@ -0,0 +1 @@
+Multiple SSO providers are possible through `m.login.sso` as per [MSC2858](https://github.com/matrix-org/matrix-doc/pull/2858).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3163.new b/changelogs/client_server/newsfragments/3163.new
new file mode 100644
index 00000000000..ba41fd8d6d9
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3163.new
@@ -0,0 +1 @@
+`/login/sso/redirect/{idpId}` has been added as per [MSC2858](https://github.com/matrix-org/matrix-doc/pull/2858).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3166.feature b/changelogs/client_server/newsfragments/3166.feature
new file mode 100644
index 00000000000..ef8b462820f
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3166.feature
@@ -0,0 +1 @@
+Add `device_id` to `/account/whoami` response as per [MSC2033](https://github.com/matrix-org/matrix-doc/pull/2033).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3169.feature b/changelogs/client_server/newsfragments/3169.feature
new file mode 100644
index 00000000000..de83a7ccc1f
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3169.feature
@@ -0,0 +1 @@
+Downgrade identity server discovery failures to `FAIL_PROMPT` as per [MSC2284](https://github.com/matrix-org/matrix-doc/pull/2284).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3199.deprecaation b/changelogs/client_server/newsfragments/3199.deprecaation
new file mode 100644
index 00000000000..6b51df6e326
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3199.deprecaation
@@ -0,0 +1 @@
+Deprecate starting verifications that don't start with `m.key.verification.request` as per [MSC3122](https://github.com/matrix-org/matrix-doc/pull/3122).
diff --git a/changelogs/client_server/newsfragments/3225.clarification b/changelogs/client_server/newsfragments/3225.clarification
new file mode 100644
index 00000000000..046b25cf121
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3225.clarification
@@ -0,0 +1 @@
+Update `Access-Control-Allow-Headers` recommendation to fit CORS specification.
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3233.clarification b/changelogs/client_server/newsfragments/3233.clarification
new file mode 100644
index 00000000000..72a58f1b6ae
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3233.clarification
@@ -0,0 +1 @@
+Explicitly state that `replacment_room` is a room ID in `m.room.tombstone` events.
diff --git a/changelogs/client_server/newsfragments/3238.clarification b/changelogs/client_server/newsfragments/3238.clarification
new file mode 100644
index 00000000000..63e54ba6caf
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3238.clarification
@@ -0,0 +1 @@
+Clarify that all request bodies are required.
diff --git a/changelogs/client_server/newsfragments/3254.feature b/changelogs/client_server/newsfragments/3254.feature
new file mode 100644
index 00000000000..c73c27ec64a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3254.feature
@@ -0,0 +1 @@
+Add support for knocking, as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3324.feature b/changelogs/client_server/newsfragments/3324.feature
new file mode 100644
index 00000000000..346de35dfd7
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3324.feature
@@ -0,0 +1 @@
+Extend `/_matrix/client/r0/login` to accept a `m.login.appservice`, as per [MSC2778](https://github.com/matrix-org/matrix-doc/pull/2778).
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3327.breaking b/changelogs/client_server/newsfragments/3327.breaking
new file mode 100644
index 00000000000..85c0da8babf
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3327.breaking
@@ -0,0 +1 @@
+Fix key_backup operation IDs in OpenAPI spec.
diff --git a/changelogs/client_server/newsfragments/3330.clarification b/changelogs/client_server/newsfragments/3330.clarification
new file mode 100644
index 00000000000..5df676a14e3
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3330.clarification
@@ -0,0 +1 @@
+Add titles for OpenAPI objects.
diff --git a/changelogs/client_server/newsfragments/3331.clarification b/changelogs/client_server/newsfragments/3331.clarification
new file mode 100644
index 00000000000..4e0836b8832
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3331.clarification
@@ -0,0 +1 @@
+Add auth property to UIA endpoint uploadCrossSigningKeys.
diff --git a/changelogs/client_server/newsfragments/3332.clarification b/changelogs/client_server/newsfragments/3332.clarification
new file mode 100644
index 00000000000..63e54ba6caf
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3332.clarification
@@ -0,0 +1 @@
+Clarify that all request bodies are required.
diff --git a/changelogs/client_server/newsfragments/3336.clarification b/changelogs/client_server/newsfragments/3336.clarification
new file mode 100644
index 00000000000..bb06ffec99c
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3336.clarification
@@ -0,0 +1 @@
+Disambiguate getEvents and peekEvents, and include both in swagger.
diff --git a/changelogs/client_server/newsfragments/3337.clarification b/changelogs/client_server/newsfragments/3337.clarification
new file mode 100644
index 00000000000..9f8eb2f251a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3337.clarification
@@ -0,0 +1 @@
+Mention that a canonical alias event should be added when a room is created with an alias.
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3339.clarification b/changelogs/client_server/newsfragments/3339.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3339.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/client_server/newsfragments/3350.clarification b/changelogs/client_server/newsfragments/3350.clarification
new file mode 100644
index 00000000000..c5524f19b74
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3350.clarification
@@ -0,0 +1 @@
+Add an 'API conventions' section to the Appendices.
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3353.clarification b/changelogs/client_server/newsfragments/3353.clarification
new file mode 100644
index 00000000000..79f15dc716a
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3353.clarification
@@ -0,0 +1 @@
+Clarify the documentation around the pagination tokens used by `/sync`, `/rooms/{room_id}/messages`, `/initialSync`, `/rooms/{room_id}/initialSync`, and `/notifications`.
\ No newline at end of file
diff --git a/changelogs/client_server/newsfragments/3366.clarification b/changelogs/client_server/newsfragments/3366.clarification
new file mode 100644
index 00000000000..459c5075be5
--- /dev/null
+++ b/changelogs/client_server/newsfragments/3366.clarification
@@ -0,0 +1 @@
+Remove the inaccurate 'Pagination' section.
diff --git a/changelogs/identity_service/newsfragments/2888.clarification b/changelogs/identity_service/newsfragments/2888.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/identity_service/newsfragments/2888.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/identity_service/newsfragments/3101.new b/changelogs/identity_service/newsfragments/3101.new
new file mode 100644
index 00000000000..e6e98b92af7
--- /dev/null
+++ b/changelogs/identity_service/newsfragments/3101.new
@@ -0,0 +1 @@
+Add `GET /_matrix/identity/versions` API as per [MSC2320](https://github.com/matrix-org/matrix-doc/pull/2320).
\ No newline at end of file
diff --git a/changelogs/identity_service/newsfragments/3167.clarification b/changelogs/identity_service/newsfragments/3167.clarification
new file mode 100644
index 00000000000..16ed8dcddfd
--- /dev/null
+++ b/changelogs/identity_service/newsfragments/3167.clarification
@@ -0,0 +1 @@
+Clarify that some identifiers must be case folded prior to processing, as per [MSC2265](https://github.com/matrix-org/matrix-doc/pull/2265).
diff --git a/changelogs/identity_service/newsfragments/3170.removal b/changelogs/identity_service/newsfragments/3170.removal
new file mode 100644
index 00000000000..c43ca64d709
--- /dev/null
+++ b/changelogs/identity_service/newsfragments/3170.removal
@@ -0,0 +1 @@
+The v1 identity service API has been removed in favour of the v2 API, as per [MSC2713](https://github.com/matrix-org/matrix-doc/pull/2713).
\ No newline at end of file
diff --git a/changelogs/identity_service/newsfragments/3176.clarification b/changelogs/identity_service/newsfragments/3176.clarification
new file mode 100644
index 00000000000..50fb7cd1234
--- /dev/null
+++ b/changelogs/identity_service/newsfragments/3176.clarification
@@ -0,0 +1 @@
+Clarify that some identifiers must be case folded prior to processing, as per [MSC2265](https://github.com/matrix-org/matrix-doc/pull/2265).
\ No newline at end of file
diff --git a/changelogs/server_server/newsfragments/2536.feature b/changelogs/server_server/newsfragments/2536.feature
new file mode 100644
index 00000000000..c2ea2d32b07
--- /dev/null
+++ b/changelogs/server_server/newsfragments/2536.feature
@@ -0,0 +1,9 @@
+Add cross-signing:
+
+- Add properties to the response of `GET /user/keys` and `GET
+  /user/devices/{userId}`.
+- The `m.device_list_update` EDU is sent when a device gets a new signature.
+- A new `m.signing_key_update` EDU is sent when a user's cross-signing keys
+  are changed.
+
+per [MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756).
diff --git a/changelogs/server_server/newsfragments/2688.clarification b/changelogs/server_server/newsfragments/2688.clarification
index 87e7792c703..dfecfb5967b 100644
--- a/changelogs/server_server/newsfragments/2688.clarification
+++ b/changelogs/server_server/newsfragments/2688.clarification
@@ -1 +1 @@
-Specify that ``GET /_matrix/federation/v1/make_join/{roomId}/{userId}`` can return a 404 if the room is unknown.
\ No newline at end of file
+Specify that `GET /_matrix/federation/v1/make_join/{roomId}/{userId}` can return a 404 if the room is unknown.
diff --git a/changelogs/server_server/newsfragments/2888.clarification b/changelogs/server_server/newsfragments/2888.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/server_server/newsfragments/2888.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/server_server/newsfragments/3116.clarification b/changelogs/server_server/newsfragments/3116.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3116.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/server_server/newsfragments/3128.clarification b/changelogs/server_server/newsfragments/3128.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3128.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/server_server/newsfragments/3154.feature b/changelogs/server_server/newsfragments/3154.feature
new file mode 100644
index 00000000000..c73c27ec64a
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3154.feature
@@ -0,0 +1 @@
+Add support for knocking, as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403).
\ No newline at end of file
diff --git a/changelogs/server_server/newsfragments/3154.new b/changelogs/server_server/newsfragments/3154.new
new file mode 100644
index 00000000000..7791516f79f
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3154.new
@@ -0,0 +1 @@
+Add `/make_knock` and `/send_knock` endpoints as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403).
\ No newline at end of file
diff --git a/changelogs/server_server/newsfragments/3207.clarification b/changelogs/server_server/newsfragments/3207.clarification
new file mode 100644
index 00000000000..3ccb2333956
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3207.clarification
@@ -0,0 +1 @@
+Fix various typos throughout the specification.
diff --git a/changelogs/server_server/newsfragments/3312.clarification b/changelogs/server_server/newsfragments/3312.clarification
new file mode 100644
index 00000000000..a9e1fe8df26
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3312.clarification
@@ -0,0 +1 @@
+Correct the `/_matrix/federation/v1/user/devices/{userId}` response which actually returns `"self_signing_key"` instead of `"self_signing_keys"`.
diff --git a/changelogs/server_server/newsfragments/3322.clarification b/changelogs/server_server/newsfragments/3322.clarification
new file mode 100644
index 00000000000..fdcd7db9b46
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3322.clarification
@@ -0,0 +1 @@
+Explain the reasons why `<hostname>` TLS certificate is needed rather than `<delegated_hostname>` for SRV delegation.
\ No newline at end of file
diff --git a/changelogs/server_server/newsfragments/3340.clarification b/changelogs/server_server/newsfragments/3340.clarification
new file mode 100644
index 00000000000..8128a2234b9
--- /dev/null
+++ b/changelogs/server_server/newsfragments/3340.clarification
@@ -0,0 +1 @@
+Tweak the example PDU diagram to better demonstrate situations with multiple `prev_events`.
diff --git a/config-circleci.toml b/config-circleci.toml
new file mode 100644
index 00000000000..6b448a7f8b0
--- /dev/null
+++ b/config-circleci.toml
@@ -0,0 +1,5 @@
+# When serving the documentation via CircleCI, we need to use '/path/index.html' URLs instead
+# of hugo's default of prettier '/path/' URLs. This is because CircleCI's artifacts webserver
+# does not resolve '/path/' to '/path/index.html' like webservers often do.
+# CircleCI discussion: https://discuss.circleci.com/t/circle-artifacts-com-not-using-index-html/320/3
+uglyURLs = true
diff --git a/config.toml b/config.toml
new file mode 100644
index 00000000000..21108fb840d
--- /dev/null
+++ b/config.toml
@@ -0,0 +1,84 @@
+baseURL = "/"
+title = "Matrix Specification"
+
+# Prepends absolute URLs with the baseURL. Useful when hosting on non-root
+# paths, such as /unstable.
+canonifyURLs = true
+
+enableRobotsTXT = true
+
+# Hugo allows theme composition (and inheritance). The precedence is from left to right.
+theme = ["docsy"]
+
+disableKinds = ["taxonomy", "taxonomyTerm"]
+
+[languages]
+[languages.en]
+title = "Matrix Specification"
+description = "Home of the Matrix specification for decentralised communication"
+languageName ="English"
+# Weight used for sorting.
+weight = 1
+
+[markup]
+  [markup.goldmark]
+    [markup.goldmark.renderer]
+      # Enables us to render raw HTML
+      unsafe = true
+  [markup.highlight]
+      # See a complete list of available styles at https://xyproto.github.io/splash/docs/all.html
+      style = "tango"
+
+# Everything below this are Site Params
+
+[params]
+copyright = "The Matrix.org Foundation CIC"
+privacy_policy = "https://matrix.org/legal/privacy-notice"
+
+[params.version]
+# must be one of "unstable", "current", "historical"
+# this is used to decide whether to show a banner pointing to the current release
+status = "unstable"
+# A URL pointing to the latest, stable release of the spec. To be shown in the unstable version warning banner.
+current_version_url = "https://matrix.org/docs/spec/"
+# The following is used when status = "stable", and is displayed in various UI elements on a released version
+# of the spec. CI will set these values here automatically when a release git tag (i.e `v1.5`) is created.
+#major = "1"
+#minor = "0"
+#release_date = "April 01, 2021"
+
+# User interface configuration
+[params.ui]
+# Set to true to disable the About link in the site footer
+footer_about_disable = false
+# Collapse HTTP API and event <details> elements
+rendered_data_collapsed = false
+
+[params.links]
+# End user relevant links. These will show up on left side of footer and in the community page if you have one.
+# [[params.links.user]]
+# 	name = "User mailing list"
+# 	url = "https://example.org/mail"
+# 	icon = "fa fa-envelope"
+#         desc = "Discussion and help from your fellow users"
+# Developer relevant links. These will show up on right side of footer and in the community page if you have one.
+[[params.links.developer]]
+	name = "GitHub"
+	url = "https://github.com/matrix-org"
+	icon = "fab fa-github"
+  desc = "Matrix on GitHub"
+[[params.links.developer]]
+	name = "GitLab"
+	url = "https://gitlab.matrix.org/matrix-org"
+	icon = "fab fa-gitlab"
+  desc = "Matrix on GitLab"
+[[params.links.developer]]
+	name = "YouTube"
+	url = "https://www.youtube.com/channel/UCVFkW-chclhuyYRbmmfwt6w"
+	icon = "fab fa-youtube"
+  desc = "Matrix YouTube channel"
+[[params.links.developer]]
+	name = "Twitter"
+	url = "https://twitter.com/matrixdotorg"
+	icon = "fab fa-twitter"
+  desc = "Matrix on Twitter"
diff --git a/content/_index.md b/content/_index.md
new file mode 100644
index 00000000000..7d978fd41c3
--- /dev/null
+++ b/content/_index.md
@@ -0,0 +1,545 @@
+---
+title: "Matrix Specification"
+type: docs
+weight: 10
+---
+
+Matrix defines a set of open APIs for decentralised communication,
+suitable for securely publishing, persisting and subscribing to data
+over a global open federation of servers with no single point of
+control. Uses include Instant Messaging (IM), Voice over IP (VoIP)
+signalling, Internet of Things (IoT) communication, and bridging
+together existing communication silos - providing the basis of a new
+open real-time communication ecosystem.
+
+To propose a change to the Matrix Spec, see the explanations at
+[Proposals for Spec Changes to Matrix](/proposals).
+
+## Matrix APIs
+
+The specification consists of the following parts:
+
+* [Client-Server API](client-server-api)
+* [Server-Server API](server-server-api)
+* [Application Service API](application-service-api)
+* [Identity Service API](identity-service-api)
+* [Push Gateway API](push-gateway-api)
+
+Additionally, this introduction page contains the key baseline
+information required to understand the specific APIs, including the
+sections on [room versions](#room-versions) and [overall
+architecture](#architecture).
+
+The [Appendices](/appendices) contain supplemental information not
+specific to one of the above APIs.
+
+The [Matrix Client-Server API Swagger
+Viewer](https://matrix.org/docs/api/client-server/) is useful for
+browsing the Client-Server API.
+
+### Matrix versions
+
+{{% boxes/note %}}
+As of June 10th 2019, the Matrix specification is considered out of beta
+- indicating that all currently released APIs are considered stable and
+secure to the best of our knowledge, and the spec should contain the
+complete information necessary to develop production-grade
+implementations of Matrix without the need for external reference.
+{{% /boxes/note %}}
+
+Matrix 1.0 (released June 10th, 2019) consists of the following minimum
+API versions:
+
+| API/Specification       | Version |
+|-------------------------|---------|
+| Client-Server API       | r0.5.0  |
+| Server-Server API       | r0.1.2  |
+| Application Service API | r0.1.1  |
+| Identity Service API    | r0.1.1  |
+| Push Gateway API        | r0.1.0  |
+| Room Version            | v5      |
+
+## Introduction to the Matrix APIs
+
+Matrix is a set of open APIs for open-federated Instant Messaging (IM),
+Voice over IP (VoIP) and Internet of Things (IoT) communication,
+designed to create and support a new global real-time communication
+ecosystem. The intention is to provide an open decentralised pubsub
+layer for the internet for securely persisting and
+publishing/subscribing JSON objects. This specification is the ongoing
+result of standardising the APIs used by the various components of the
+Matrix ecosystem to communicate with one another.
+
+The principles that Matrix attempts to follow are:
+
+-   Pragmatic Web-friendly APIs (i.e. JSON over REST)
+-   Keep It Simple & Stupid
+    -   provide a simple architecture with minimal third-party
+        dependencies.
+-   Fully open:
+    -   Fully open federation - anyone should be able to participate in
+        the global Matrix network
+    -   Fully open standard - publicly documented standard with no IP or
+        patent licensing encumbrances
+    -   Fully open source reference implementation - liberally-licensed
+        example implementations with no IP or patent licensing
+        encumbrances
+-   Empowering the end-user
+    -   The user should be able to choose the server and clients they
+        use
+    -   The user should be able to control how private their
+        communication is
+    -   The user should know precisely where their data is stored
+-   Fully decentralised - no single points of control over conversations
+    or the network as a whole
+-   Learning from history to avoid repeating it
+    -   Trying to take the best aspects of XMPP, SIP, IRC, SMTP, IMAP
+        and NNTP whilst trying to avoid their failings
+
+The functionality that Matrix provides includes:
+
+-   Creation and management of fully distributed chat rooms with no
+    single points of control or failure
+-   Eventually-consistent cryptographically secure synchronisation of
+    room state across a global open network of federated servers and
+    services
+-   Sending and receiving extensible messages in a room with (optional)
+    end-to-end encryption
+-   Extensible user management (inviting, joining, leaving, kicking,
+    banning) mediated by a power-level based user privilege system.
+-   Extensible room state management (room naming, aliasing, topics,
+    bans)
+-   Extensible user profile management (avatars, display names, etc)
+-   Managing user accounts (registration, login, logout)
+-   Use of 3rd Party IDs (3PIDs) such as email addresses, phone numbers,
+    Facebook accounts to authenticate, identify and discover users on
+    Matrix.
+-   Trusted federation of identity servers for:
+    -   Publishing user public keys for PKI
+    -   Mapping of 3PIDs to Matrix IDs
+
+The end goal of Matrix is to be a ubiquitous messaging layer for
+synchronising arbitrary data between sets of people, devices and
+services - be that for instant messages, VoIP call setups, or any other
+objects that need to be reliably and persistently pushed from A to B in
+an interoperable and federated manner.
+
+### Spec Change Proposals
+
+To propose a change to the Matrix Spec, see the explanations at
+[Proposals for Spec Changes to Matrix](/proposals).
+
+## Architecture
+
+Matrix defines APIs for synchronising extensible JSON objects known as
+"events" between compatible clients, servers and services. Clients are
+typically messaging/VoIP applications or IoT devices/hubs and
+communicate by synchronising communication history with their
+"homeserver" using the "Client-Server API". Each homeserver stores the
+communication history and account information for all of its clients,
+and shares data with the wider Matrix ecosystem by synchronising
+communication history with other homeservers and their clients.
+
+Clients typically communicate with each other by emitting events in the
+context of a virtual "room". Room data is replicated across *all of the
+homeservers* whose users are participating in a given room. As such, *no
+single homeserver has control or ownership over a given room*.
+Homeservers model communication history as a partially ordered graph of
+events known as the room's "event graph", which is synchronised with
+eventual consistency between the participating servers using the
+"Server-Server API". This process of synchronising shared conversation
+history between homeservers run by different parties is called
+"Federation". Matrix optimises for the Availability and Partitioned
+properties of CAP theorem at the expense of Consistency.
+
+For example, for client A to send a message to client B, client A
+performs an HTTP PUT of the required JSON event on its homeserver (HS)
+using the client-server API. A's HS appends this event to its copy of
+the room's event graph, signing the message in the context of the graph
+for integrity. A's HS then replicates the message to B's HS by
+performing an HTTP PUT using the server-server API. B's HS authenticates
+the request, validates the event's signature, authorises the event's
+contents and then adds it to its copy of the room's event graph. Client
+B then receives the message from his homeserver via a long-lived GET
+request.
+
+How data flows between clients:
+
+```
+    { Matrix client A }                             { Matrix client B }
+        ^          |                                    ^          |
+        |  events  |  Client-Server API                 |  events  |
+        |          V                                    |          V
+    +------------------+                            +------------------+
+    |                  |---------( HTTPS )--------->|                  |
+    |   homeserver     |                            |   homeserver     |
+    |                  |<--------( HTTPS )----------|                  |
+    +------------------+      Server-Server API     +------------------+
+                          History Synchronisation
+                              (Federation)
+```
+
+### Users
+
+Each client is associated with a user account, which is identified in
+Matrix using a unique "user ID". This ID is namespaced to the homeserver
+which allocated the account and has the form:
+
+    @localpart:domain
+
+See ['Identifier Grammar' in the
+appendices](/appendices#identifier-grammar) for full details of the
+structure of user IDs.
+
+### Devices
+
+The Matrix specification has a particular meaning for the term "device".
+As a user, I might have several devices: a desktop client, some web
+browsers, an Android device, an iPhone, etc. They broadly relate to a
+real device in the physical world, but you might have several browsers
+on a physical device, or several Matrix client applications on a mobile
+device, each of which would be its own device.
+
+Devices are used primarily to manage the keys used for end-to-end
+encryption (each device gets its own copy of the decryption keys), but
+they also help users manage their access - for instance, by revoking
+access to particular devices.
+
+When a user first uses a client, it registers itself as a new device.
+The longevity of devices might depend on the type of client. A web
+client will probably drop all of its state on logout, and create a new
+device every time you log in, to ensure that cryptography keys are not
+leaked to a new user. In a mobile client, it might be acceptable to
+reuse the device if a login session expires, provided the user is the
+same.
+
+Devices are identified by a `device_id`, which is unique within the
+scope of a given user.
+
+A user may assign a human-readable display name to a device, to help
+them manage their devices.
+
+### Events
+
+All data exchanged over Matrix is expressed as an "event". Typically
+each client action (e.g. sending a message) correlates with exactly one
+event. Each event has a `type` which is used to differentiate different
+kinds of data. `type` values MUST be uniquely globally namespaced
+following Java's [package naming
+conventions](https://en.wikipedia.org/wiki/Java_package#Package_naming_conventions),
+e.g. `com.example.myapp.event`. The special top-level namespace `m.` is
+reserved for events defined in the Matrix specification - for instance
+`m.room.message` is the event type for instant messages. Events are
+usually sent in the context of a "Room".
+
+{{% boxes/warning %}}
+Event bodies are considered untrusted data. This means that any application using
+Matrix must validate that the event body is of the expected shape/schema
+before using the contents verbatim.
+
+**It is not safe to assume that an event body will have all the expected
+fields of the expected types.**
+
+See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more
+detail on why this assumption is unsafe.
+{{% /boxes/warning %}}
+
+### Event Graphs
+
+Events exchanged in the context of a room are stored in a directed
+acyclic graph (DAG) called an "event graph". The partial ordering of
+this graph gives the chronological ordering of events within the room.
+Each event in the graph has a list of zero or more "parent" events,
+which refer to any preceding events which have no chronological
+successor from the perspective of the homeserver which created the
+event.
+
+Typically an event has a single parent: the most recent message in the
+room at the point it was sent. However, homeservers may legitimately
+race with each other when sending messages, resulting in a single event
+having multiple successors. The next event added to the graph thus will
+have multiple parents. Every event graph has a single root event with no
+parent.
+
+To order and ease chronological comparison between the events within the
+graph, homeservers maintain a `depth` metadata field on each event. An
+event's `depth` is a positive integer that is strictly greater than the
+depths of any of its parents. The root event should have a depth of 1.
+Thus if one event is before another, then it must have a strictly
+smaller depth.
+
+### Room structure
+
+A room is a conceptual place where users can send and receive events.
+Events are sent to a room, and all participants in that room with
+sufficient access will receive the event. Rooms are uniquely identified
+internally via "Room IDs", which have the form:
+
+    !opaque_id:domain
+
+There is exactly one room ID for each room. Whilst the room ID does
+contain a domain, it is simply for globally namespacing room IDs. The
+room does NOT reside on the domain specified.
+
+See ['Identifier Grammar' in the
+appendices](/appendices#identifier-grammar) for full details of the
+structure of a room ID.
+
+The following conceptual diagram shows an `m.room.message` event being
+sent to the room `!qporfwt:matrix.org`:
+
+    { @alice:matrix.org }                             { @bob:example.org }
+            |                                                 ^
+            |                                                 |
+    [HTTP POST]                                  [HTTP GET]
+    Room ID: !qporfwt:matrix.org                 Room ID: !qporfwt:matrix.org
+    Event type: m.room.message                   Event type: m.room.message
+    Content: { JSON object }                     Content: { JSON object }
+            |                                                 |
+            V                                                 |
+    +------------------+                          +------------------+
+    |   homeserver     |                          |   homeserver     |
+    |   matrix.org     |                          |   example.org    |
+    +------------------+                          +------------------+
+            |                                                 ^
+            |         [HTTP PUT]                              |
+            |         Room ID: !qporfwt:matrix.org            |
+            |         Event type: m.room.message              |
+            |         Content: { JSON object }                |
+            `-------> Pointer to the preceding message  ------`
+                      PKI signature from matrix.org
+                      Transaction-layer metadata
+                      PKI Authorization header
+
+                  ....................................
+                 |           Shared Data              |
+                 | State:                             |
+                 |   Room ID: !qporfwt:matrix.org     |
+                 |   Servers: matrix.org, example.org |
+                 |   Members:                         |
+                 |    - @alice:matrix.org             |
+                 |    - @bob:example.org              |
+                 | Messages:                          |
+                 |   - @alice:matrix.org              |
+                 |     Content: { JSON object }       |
+                 |....................................|
+
+Federation maintains *shared data structures* per-room between multiple
+homeservers. The data is split into `message events` and `state events`.
+
+Message events:
+These describe transient 'one-off' activity in a room such as an
+instant messages, VoIP call setups, file transfers, etc. They generally
+describe communication activity.
+
+State events:
+These describe updates to a given piece of persistent information
+('state') related to a room, such as the room's name, topic, membership,
+participating servers, etc. State is modelled as a lookup table of
+key/value pairs per room, with each key being a tuple of `state_key` and
+`event type`. Each state event updates the value of a given key.
+
+The state of the room at a given point is calculated by considering all
+events preceding and including a given event in the graph. Where events
+describe the same state, a merge conflict algorithm is applied. The
+state resolution algorithm is transitive and does not depend on server
+state, as it must consistently select the same event irrespective of the
+server or the order the events were received in. Events are signed by
+the originating server (the signature includes the parent relations,
+type, depth and payload hash) and are pushed over federation to the
+participating servers in a room, currently using full mesh topology.
+Servers may also request backfill of events over federation from the
+other servers participating in a room.
+
+{{% boxes/note %}}
+Events are not limited to the types defined in this specification. New
+or custom event types can be created on a whim using the Java package
+naming convention. For example, a `com.example.game.score` event can be
+sent by clients and other clients would receive it through Matrix,
+assuming the client has access to the `com.example` namespace.
+{{% /boxes/note %}}
+
+#### Room Aliases
+
+Each room can also have multiple "Room Aliases", which look like:
+
+    #room_alias:domain
+
+See ['Identifier Grammar' in the
+appendices](/appendices#identifier-grammar) for full details of the
+structure of a room alias.
+
+A room alias "points" to a room ID and is the human-readable label by
+which rooms are publicised and discovered. The room ID the alias is
+pointing to can be obtained by visiting the domain specified. Note that
+the mapping from a room alias to a room ID is not fixed, and may change
+over time to point to a different room ID. For this reason, Clients
+SHOULD resolve the room alias to a room ID once and then use that ID on
+subsequent requests.
+
+When resolving a room alias the server will also respond with a list of
+servers that are in the room that can be used to join via.
+
+    HTTP GET
+    #matrix:example.org      !aaabaa:matrix.org
+       |                    ^
+       |                    |
+    _______V____________________|____
+    |          example.org           |
+    | Mappings:                      |
+    | #matrix >> !aaabaa:matrix.org  |
+    | #golf   >> !wfeiofh:sport.com  |
+    | #bike   >> !4rguxf:matrix.org  |
+    |________________________________|
+
+### Identity
+
+Users in Matrix are identified via their Matrix user ID. However,
+existing 3rd party ID namespaces can also be used in order to identify
+Matrix users. A Matrix "Identity" describes both the user ID and any
+other existing IDs from third party namespaces *linked* to their
+account. Matrix users can *link* third-party IDs (3PIDs) such as email
+addresses, social network accounts and phone numbers to their user ID.
+Linking 3PIDs creates a mapping from a 3PID to a user ID. This mapping
+can then be used by Matrix users in order to discover the user IDs of
+their contacts. In order to ensure that the mapping from 3PID to user ID
+is genuine, a globally federated cluster of trusted "identity servers"
+(IS) are used to verify the 3PID and persist and replicate the mappings.
+
+Usage of an IS is not required in order for a client application to be
+part of the Matrix ecosystem. However, without one clients will not be
+able to look up user IDs using 3PIDs.
+
+### Profiles
+
+Users may publish arbitrary key/value data associated with their account
+- such as a human-readable display name, a profile photo URL, contact
+information (email address, phone numbers, website URLs etc).
+
+### Private User Data
+
+Users may also store arbitrary private key/value data in their account -
+such as client preferences, or server configuration settings which lack
+any other dedicated API. The API is symmetrical to managing Profile
+data.
+
+## Common concepts
+
+Various things are common throughout all of the Matrix APIs. They are
+documented here.
+
+### Namespacing
+
+Namespacing helps prevent conflicts between multiple applications and
+the specification itself. Where namespacing is used, `m.` prefixes are
+used by the specification to indicate that the field is controlled by
+the specification. Custom or non-specified namespaces used in the wild
+MUST use the Java package naming convention to prevent conflicts.
+
+As an example, event types defined in the specification are namespaced
+under the special `m.` prefix, however any client can send a custom
+event type, such as `com.example.game.score` (assuming the client has
+rights to the `com.example` namespace) without needing to put the event
+into the `m.` namespace.
+
+### Timestamps
+
+Unless otherwise stated, timestamps are measured as milliseconds since
+the Unix epoch. Throughout the specification this may be referred to as
+POSIX, Unix, or just "time in milliseconds".
+
+## Room Versions
+
+Rooms are central to how Matrix operates, and have strict rules for what
+is allowed to be contained within them. Rooms can also have various
+algorithms that handle different tasks, such as what to do when two or
+more events collide in the underlying DAG. To allow rooms to be improved
+upon through new algorithms or rules, "room versions" are employed to
+manage a set of expectations for each room. New room versions are
+assigned as needed.
+
+There is no implicit ordering or hierarchy to room versions, and their
+principles are immutable once placed in the specification. Although
+there is a recommended set of versions, some rooms may benefit from
+features introduced by other versions. Rooms move between different
+versions by "upgrading" to the desired version. Due to versions not
+being ordered or hierarchical, this means a room can "upgrade" from
+version 2 to version 1, if it is so desired.
+
+### Room version grammar
+
+Room versions are used to change properties of rooms that may not be
+compatible with other servers. For example, changing the rules for event
+authorization would cause older servers to potentially end up in a
+split-brain situation due to not understanding the new rules.
+
+A room version is defined as a string of characters which MUST NOT
+exceed 32 codepoints in length. Room versions MUST NOT be empty and
+SHOULD contain only the characters `a-z`, `0-9`, `.`, and `-`.
+
+Room versions are not intended to be parsed and should be treated as
+opaque identifiers. Room versions consisting only of the characters
+`0-9` and `.` are reserved for future versions of the Matrix protocol.
+
+The complete grammar for a legal room version is:
+
+    room_version = 1*room_version_char
+    room_version_char = DIGIT
+                      / %x61-7A         ; a-z
+                      / "-" / "."
+
+Examples of valid room versions are:
+
+-   `1` (would be reserved by the Matrix protocol)
+-   `1.2` (would be reserved by the Matrix protocol)
+-   `1.2-beta`
+-   `com.example.version`
+
+### Complete list of room versions
+
+Room versions are divided into two distinct groups: stable and unstable.
+Stable room versions may be used by rooms safely. Unstable room versions
+are everything else which is either not listed in the specification or
+flagged as unstable for some other reason. Versions can switch between
+stable and unstable periodically for a variety of reasons, including
+discovered security vulnerabilities and age.
+
+Clients should not ask room administrators to upgrade their rooms if the
+room is running a stable version. Servers SHOULD use **room version 6** as
+the default room version when creating new rooms.
+
+The available room versions are:
+
+-   [Version 1](/rooms/v1) - **Stable**. The current version of most
+    rooms.
+-   [Version 2](/rooms/v2) - **Stable**. Implements State Resolution
+    Version 2.
+-   [Version 3](/rooms/v3) - **Stable**. Introduces events whose IDs
+    are the event's hash.
+-   [Version 4](/rooms/v4) - **Stable**. Builds on v3 by using
+    URL-safe base64 for event IDs.
+-   [Version 5](/rooms/v5) - **Stable**. Introduces enforcement of
+    signing key validity periods.
+-   [Version 6](/rooms/v6) - **Stable**. Alters several
+    authorization rules for events.
+-   [Version 7](/rooms/v7) - **Stable**. Introduces knocking.
+
+## Specification Versions
+
+The specification for each API is versioned in the form `rX.Y.Z`.
+-   A change to `X` reflects a breaking change: a client implemented
+    against `r1.0.0` may need changes to work with a server which
+    supports (only) `r2.0.0`.
+-   A change to `Y` represents a change which is backwards-compatible
+    for existing clients, but not necessarily existing servers: a client
+    implemented against `r1.1.0` will work without changes against a
+    server which supports `r1.2.0`; but a client which requires `r1.2.0`
+    may not work correctly with a server which implements only `r1.1.0`.
+-   A change to `Z` represents a change which is backwards-compatible on
+    both sides. Typically this implies a clarification to the
+    specification, rather than a change which must be implemented.
+
+## License
+
+The Matrix specification is licensed under the [Apache License, Version
+2.0](http://www.apache.org/licenses/LICENSE-2.0).
diff --git a/content/appendices.md b/content/appendices.md
new file mode 100644
index 00000000000..31c5fbb86df
--- /dev/null
+++ b/content/appendices.md
@@ -0,0 +1,1107 @@
+---
+title: "Appendices"
+weight: 70
+type: docs
+---
+
+## Unpadded Base64
+
+*Unpadded* Base64 refers to 'standard' Base64 encoding as defined in
+[RFC 4648](https://tools.ietf.org/html/rfc4648), without "=" padding.
+Specifically, where RFC 4648 requires that encoded data be padded to a
+multiple of four characters using `=` characters, unpadded Base64 omits
+this padding.
+
+For reference, RFC 4648 uses the following alphabet for Base 64:
+
+    Value Encoding  Value Encoding  Value Encoding  Value Encoding
+        0 A            17 R            34 i            51 z
+        1 B            18 S            35 j            52 0
+        2 C            19 T            36 k            53 1
+        3 D            20 U            37 l            54 2
+        4 E            21 V            38 m            55 3
+        5 F            22 W            39 n            56 4
+        6 G            23 X            40 o            57 5
+        7 H            24 Y            41 p            58 6
+        8 I            25 Z            42 q            59 7
+        9 J            26 a            43 r            60 8
+       10 K            27 b            44 s            61 9
+       11 L            28 c            45 t            62 +
+       12 M            29 d            46 u            63 /
+       13 N            30 e            47 v
+       14 O            31 f            48 w
+       15 P            32 g            49 x
+       16 Q            33 h            50 y
+
+Examples of strings encoded using unpadded Base64:
+
+    UNPADDED_BASE64("") = ""
+    UNPADDED_BASE64("f") = "Zg"
+    UNPADDED_BASE64("fo") = "Zm8"
+    UNPADDED_BASE64("foo") = "Zm9v"
+    UNPADDED_BASE64("foob") = "Zm9vYg"
+    UNPADDED_BASE64("fooba") = "Zm9vYmE"
+    UNPADDED_BASE64("foobar") = "Zm9vYmFy"
+
+When decoding Base64, implementations SHOULD accept input with or
+without padding characters wherever possible, to ensure maximum
+interoperability.
+
+## Binary data
+
+In some cases it is necessary to encapsulate binary data, for example,
+public keys or signatures. Given that JSON cannot safely represent raw
+binary data, all binary values should be encoded and represented in
+JSON as unpadded Base64 strings as described above.
+
+In cases where the Matrix specification refers to either opaque byte
+or opaque Base64 values, the value is considered to be opaque AFTER
+Base64 decoding, rather than the encoded representation itself.
+
+It is safe for a client or homeserver implementation to check for
+correctness of a Base64-encoded value at any point, and to altogether
+reject a value which is not encoded properly. However, this is optional
+and is considered to be an implementation detail.
+
+Special consideration is given for future protocol transformations,
+such as those which do not use JSON, where Base64 encoding may not be
+necessary in order to represent a binary value safely. In these cases,
+Base64 encoding of binary values may be skipped altogether.
+
+## Signing JSON
+
+Various points in the Matrix specification require JSON objects to be
+cryptographically signed. This requires us to encode the JSON as a
+binary string. Unfortunately the same JSON can be encoded in different
+ways by changing how much white space is used or by changing the order
+of keys within objects.
+
+Signing an object therefore requires it to be encoded as a sequence of
+bytes using [Canonical JSON](#canonical-json), computing the signature
+for that sequence and then adding the signature to the original JSON
+object.
+
+### Canonical JSON
+
+We define the canonical JSON encoding for a value to be the shortest
+UTF-8 JSON encoding with dictionary keys lexicographically sorted by
+Unicode codepoint. Numbers in the JSON must be integers in the range
+`[-(2**53)+1, (2**53)-1]`.
+
+We pick UTF-8 as the encoding as it should be available to all platforms
+and JSON received from the network is likely to be already encoded using
+UTF-8. We sort the keys to give a consistent ordering. We force integers
+to be in the range where they can be accurately represented using IEEE
+double precision floating point numbers since a number of JSON libraries
+represent all numbers using this representation.
+
+{{% boxes/warning %}}
+Events in room versions 1, 2, 3, 4, and 5 might not be fully compliant
+with these restrictions. Servers SHOULD be capable of handling JSON
+which is considered invalid by these restrictions where possible.
+
+The most notable consideration is that integers might not be in the
+range specified above.
+{{% /boxes/warning %}}
+
+{{% boxes/note %}}
+Float values are not permitted by this encoding.
+{{% /boxes/note %}}
+
+```py
+import json
+
+def canonical_json(value):
+    return json.dumps(
+        value,
+        # Encode code-points outside of ASCII as UTF-8 rather than \u escapes
+        ensure_ascii=False,
+        # Remove unnecessary white space.
+        separators=(',',':'),
+        # Sort the keys of dictionaries.
+        sort_keys=True,
+        # Encode the resulting Unicode as UTF-8 bytes.
+    ).encode("UTF-8")
+```
+
+#### Grammar
+
+Adapted from the grammar in <http://tools.ietf.org/html/rfc7159>
+removing insignificant whitespace, fractions, exponents and redundant
+character escapes.
+
+    value     = false / null / true / object / array / number / string
+    false     = %x66.61.6c.73.65
+    null      = %x6e.75.6c.6c
+    true      = %x74.72.75.65
+    object    = %x7B [ member *( %x2C member ) ] %7D
+    member    = string %x3A value
+    array     = %x5B [ value *( %x2C value ) ] %5B
+    number    = [ %x2D ] int
+    int       = %x30 / ( %x31-39 *digit )
+    digit     = %x30-39
+    string    = %x22 *char %x22
+    char      = unescaped / %x5C escaped
+    unescaped = %x20-21 / %x23-5B / %x5D-10FFFF
+    escaped   = %x22 ; "    quotation mark  U+0022
+              / %x5C ; \    reverse solidus U+005C
+              / %x62 ; b    backspace       U+0008
+              / %x66 ; f    form feed       U+000C
+              / %x6E ; n    line feed       U+000A
+              / %x72 ; r    carriage return U+000D
+              / %x74 ; t    tab             U+0009
+              / %x75.30.30.30 (%x30-37 / %x62 / %x65-66) ; u000X
+              / %x75.30.30.31 (%x30-39 / %x61-66)        ; u001X
+
+#### Examples
+
+To assist in the development of compatible implementations, the
+following test values may be useful for verifying the canonical
+transformation code.
+
+Given the following JSON object:
+
+```json
+{}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "one": 1,
+    "two": "Two"
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"one":1,"two":"Two"}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "b": "2",
+    "a": "1"
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"a":"1","b":"2"}
+```
+
+Given the following JSON object:
+
+```json
+{"b":"2","a":"1"}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"a":"1","b":"2"}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "auth": {
+        "success": true,
+        "mxid": "@john.doe:example.com",
+        "profile": {
+            "display_name": "John Doe",
+            "three_pids": [
+                {
+                    "medium": "email",
+                    "address": "john.doe@example.org"
+                },
+                {
+                    "medium": "msisdn",
+                    "address": "123456789"
+                }
+            ]
+        }
+    }
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"auth":{"mxid":"@john.doe:example.com","profile":{"display_name":"John Doe","three_pids":[{"address":"john.doe@example.org","medium":"email"},{"address":"123456789","medium":"msisdn"}]},"success":true}}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "a": "日本語"
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"a":"日本語"}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "本": 2,
+    "日": 1
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"日":1,"本":2}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "a": "\u65E5"
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"a":"日"}
+```
+
+Given the following JSON object:
+
+```json
+{
+    "a": null
+}
+```
+
+The following canonical JSON should be produced:
+
+```json
+{"a":null}
+```
+
+### Signing Details
+
+JSON is signed by encoding the JSON object without `signatures` or keys
+grouped as `unsigned`, using the canonical encoding described above. The
+JSON bytes are then signed using the signature algorithm and the
+signature is encoded using [unpadded Base64](#unpadded-base64). The resulting base64
+signature is added to an object under the *signing key identifier* which
+is added to the `signatures` object under the name of the entity signing
+it which is added back to the original JSON object along with the
+`unsigned` object.
+
+The *signing key identifier* is the concatenation of the *signing
+algorithm* and a *key identifier*. The *signing algorithm* identifies
+the algorithm used to sign the JSON. The currently supported value for
+*signing algorithm* is `ed25519` as implemented by NACL
+(<http://nacl.cr.yp.to/>). The *key identifier* is used to distinguish
+between different signing keys used by the same entity.
+
+The `unsigned` object and the `signatures` object are not covered by the
+signature. Therefore intermediate entities can add unsigned data such as
+timestamps and additional signatures.
+
+```json
+{
+   "name": "example.org",
+   "signing_keys": {
+     "ed25519:1": "XSl0kuyvrXNj6A+7/tkrB9sxSbRi08Of5uRhxOqZtEQ"
+   },
+   "unsigned": {
+      "age_ts": 922834800000
+   },
+   "signatures": {
+      "example.org": {
+         "ed25519:1": "s76RUgajp8w172am0zQb/iPTHsRnb4SkrzGoeCOSFfcBY2V/1c8QfrmdXHpvnc2jK5BD1WiJIxiMW95fMjK7Bw"
+      }
+   }
+}
+```
+
+```py
+def sign_json(json_object, signing_key, signing_name):
+    signatures = json_object.pop("signatures", {})
+    unsigned = json_object.pop("unsigned", None)
+
+    signed = signing_key.sign(encode_canonical_json(json_object))
+    signature_base64 = encode_base64(signed.signature)
+
+    key_id = "%s:%s" % (signing_key.alg, signing_key.version)
+    signatures.setdefault(signing_name, {})[key_id] = signature_base64
+
+    json_object["signatures"] = signatures
+    if unsigned is not None:
+        json_object["unsigned"] = unsigned
+
+    return json_object
+```
+
+### Checking for a Signature
+
+To check if an entity has signed a JSON object an implementation does
+the following:
+
+1.  Checks if the `signatures` member of the object contains an entry
+    with the name of the entity. If the entry is missing then the check
+    fails.
+2.  Removes any *signing key identifiers* from the entry with algorithms
+    it doesn't understand. If there are no *signing key identifiers*
+    left then the check fails.
+3.  Looks up *verification keys* for the remaining *signing key
+    identifiers* either from a local cache or by consulting a trusted
+    key server. If it cannot find a *verification key* then the check
+    fails.
+4.  Decodes the base64 encoded signature bytes. If base64 decoding fails
+    then the check fails.
+5.  Removes the `signatures` and `unsigned` members of the object.
+6.  Encodes the remainder of the JSON object using the [Canonical
+    JSON](#canonical-json) encoding.
+7.  Checks the signature bytes against the encoded object using the
+    *verification key*. If this fails then the check fails. Otherwise
+    the check succeeds.
+
+## Identifier Grammar
+
+Some identifiers are specific to given room versions, please refer to
+the [room versions specification](/#room-versions) for more
+information.
+
+### Server Name
+
+A homeserver is uniquely identified by its server name. This value is
+used in a number of identifiers, as described below.
+
+The server name represents the address at which the homeserver in
+question can be reached by other homeservers. All valid server names are
+included by the following grammar:
+
+    server_name = hostname [ ":" port ]
+
+    port        = 1*5DIGIT
+
+    hostname    = IPv4address / "[" IPv6address "]" / dns-name
+
+    IPv4address = 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT
+
+    IPv6address = 2*45IPv6char
+
+    IPv6char    = DIGIT / %x41-46 / %x61-66 / ":" / "."
+                      ; 0-9, A-F, a-f, :, .
+
+    dns-name    = 1*255dns-char
+
+    dns-char    = DIGIT / ALPHA / "-" / "."
+
+— in other words, the server name is the hostname, followed by an
+optional numeric port specifier. The hostname may be a dotted-quad IPv4
+address literal, an IPv6 address literal surrounded with square
+brackets, or a DNS name.
+
+IPv4 literals must be a sequence of four decimal numbers in the range 0
+to 255, separated by `.`. IPv6 literals must be as specified by
+[RFC3513, section 2.2](https://tools.ietf.org/html/rfc3513#section-2.2).
+
+DNS names for use with Matrix should follow the conventional
+restrictions for internet hostnames: they should consist of a series of
+labels separated by `.`, where each label consists of the alphanumeric
+characters or hyphens.
+
+Examples of valid server names are:
+
+-   `matrix.org`
+-   `matrix.org:8888`
+-   `1.2.3.4` (IPv4 literal)
+-   `1.2.3.4:1234` (IPv4 literal with explicit port)
+-   `[1234:5678::abcd]` (IPv6 literal)
+-   `[1234:5678::abcd]:5678` (IPv6 literal with explicit port)
+
+{{% boxes/note %}}
+This grammar is based on the standard for internet host names, as
+specified by [RFC1123, section
+2.1](https://tools.ietf.org/html/rfc1123#page-13), with an extension for
+IPv6 literals.
+{{% /boxes/note %}}
+
+Server names must be treated case-sensitively: in other words,
+`@user:matrix.org` is a different person from `@user:MATRIX.ORG`.
+
+Some recommendations for a choice of server name follow:
+
+-   The length of the complete server name should not exceed 230
+    characters.
+-   Server names should not use upper-case characters.
+
+### Common Identifier Format
+
+The Matrix protocol uses a common format to assign unique identifiers to
+a number of entities, including users, events and rooms. Each identifier
+takes the form:
+
+    &string
+
+where `&` represents a 'sigil' character; `string` is the string which
+makes up the identifier.
+
+The sigil characters are as follows:
+
+-   `@`: User ID
+-   `!`: Room ID
+-   `$`: Event ID
+-   `+`: Group ID
+-   `#`: Room alias
+
+User IDs, group IDs, room IDs, room aliases, and sometimes event IDs
+take the form:
+
+    &localpart:domain
+
+where `domain` is the [server name](#server-name) of the homeserver
+which allocated the identifier, and `localpart` is an identifier
+allocated by that homeserver.
+
+The precise grammar defining the allowable format of an identifier
+depends on the type of identifier. For example, event IDs can sometimes
+be represented with a `domain` component under some conditions - see the
+[Event IDs](#room-ids-and-event-ids) section below for more information.
+
+#### User Identifiers
+
+Users within Matrix are uniquely identified by their Matrix user ID. The
+user ID is namespaced to the homeserver which allocated the account and
+has the form:
+
+    @localpart:domain
+
+The `localpart` of a user ID is an opaque identifier for that user. It
+MUST NOT be empty, and MUST contain only the characters `a-z`, `0-9`,
+`.`, `_`, `=`, `-`, and `/`.
+
+The `domain` of a user ID is the [server name](#server-name) of the
+homeserver which allocated the account.
+
+The length of a user ID, including the `@` sigil and the domain, MUST
+NOT exceed 255 characters.
+
+The complete grammar for a legal user ID is:
+
+    user_id = "@" user_id_localpart ":" server_name
+    user_id_localpart = 1*user_id_char
+    user_id_char = DIGIT
+                 / %x61-7A                   ; a-z
+                 / "-" / "." / "=" / "_" / "/"
+
+{{% boxes/rationale %}}
+A number of factors were considered when defining the allowable
+characters for a user ID.
+
+Firstly, we chose to exclude characters outside the basic US-ASCII
+character set. User IDs are primarily intended for use as an identifier
+at the protocol level, and their use as a human-readable handle is of
+secondary benefit. Furthermore, they are useful as a last-resort
+differentiator between users with similar display names. Allowing the
+full Unicode character set would make very difficult for a human to
+distinguish two similar user IDs. The limited character set used has the
+advantage that even a user unfamiliar with the Latin alphabet should be
+able to distinguish similar user IDs manually, if somewhat laboriously.
+
+We chose to disallow upper-case characters because we do not consider it
+valid to have two user IDs which differ only in case: indeed it should
+be possible to reach `@user:matrix.org` as `@USER:matrix.org`. However,
+user IDs are necessarily used in a number of situations which are
+inherently case-sensitive (notably in the `state_key` of `m.room.member`
+events). Forbidding upper-case characters (and requiring homeservers to
+downcase usernames when creating user IDs for new users) is a relatively
+simple way to ensure that `@USER:matrix.org` cannot refer to a different
+user to `@user:matrix.org`.
+
+Finally, we decided to restrict the allowable punctuation to a very
+basic set to reduce the possibility of conflicts with special characters
+in various situations. For example, "\*" is used as a wildcard in some
+APIs (notably the filter API), so it cannot be a legal user ID
+character.
+
+The length restriction is derived from the limit on the length of the
+`sender` key on events; since the user ID appears in every event sent by
+the user, it is limited to ensure that the user ID does not dominate
+over the actual content of the events.
+{{% /boxes/rationale %}}
+
+Matrix user IDs are sometimes informally referred to as MXIDs.
+
+##### Historical User IDs
+
+Older versions of this specification were more tolerant of the
+characters permitted in user ID localparts. There are currently active
+users whose user IDs do not conform to the permitted character set, and
+a number of rooms whose history includes events with a `sender` which
+does not conform. In order to handle these rooms successfully, clients
+and servers MUST accept user IDs with localparts from the expanded
+character set:
+
+    extended_user_id_char = %x21-39 / %x3B-7E  ; all ASCII printing chars except :
+
+##### Mapping from other character sets
+
+In certain circumstances it will be desirable to map from a wider
+character set onto the limited character set allowed in a user ID
+localpart. Examples include a homeserver creating a user ID for a new
+user based on the username passed to `/register`, or a bridge mapping
+user ids from another protocol.
+
+Implementations are free to do this mapping however they choose. Since
+the user ID is opaque except to the implementation which created it, the
+only requirement is that the implementation can perform the mapping
+consistently. However, we suggest the following algorithm:
+
+1.  Encode character strings as UTF-8.
+2.  Convert the bytes `A-Z` to lower-case.
+    -   In the case where a bridge must be able to distinguish two
+        different users with ids which differ only by case, escape
+        upper-case characters by prefixing with `_` before downcasing.
+        For example, `A` becomes `_a`. Escape a real `_` with a second
+        `_`.
+3.  Encode any remaining bytes outside the allowed character set, as
+    well as `=`, as their hexadecimal value, prefixed with `=`. For
+    example, `#` becomes `=23`; `á` becomes `=c3=a1`.
+
+{{% boxes/rationale %}}
+The suggested mapping is an attempt to preserve human-readability of
+simple ASCII identifiers (unlike, for example, base-32), whilst still
+allowing representation of *any* character (unlike punycode, which
+provides no way to encode ASCII punctuation).
+{{% /boxes/rationale %}}
+
+#### Room IDs and Event IDs
+
+A room has exactly one room ID. A room ID has the format:
+
+    !opaque_id:domain
+
+An event has exactly one event ID. The format of an event ID depends
+upon the [room version specification](/#room-versions).
+
+The `domain` of a room ID is the [server name](#server-name) of the
+homeserver which created the room/event. The domain is used only for
+namespacing to avoid the risk of clashes of identifiers between
+different homeservers. There is no implication that the room or event in
+question is still available at the corresponding homeserver.
+
+Event IDs and Room IDs are case-sensitive. They are not meant to be
+human-readable. They are intended to be treated as fully opaque strings
+by clients.
+
+#### Room Aliases
+
+A room may have zero or more aliases. A room alias has the format:
+
+    #room_alias:domain
+
+The `domain` of a room alias is the [server name](#server-name) of the
+homeserver which created the alias. Other servers may contact this
+homeserver to look up the alias.
+
+Room aliases MUST NOT exceed 255 bytes (including the `#` sigil and the
+domain).
+
+#### matrix.to navigation
+
+{{% boxes/note %}}
+This namespacing is in place pending a `matrix://` (or similar) URI
+scheme. This is **not** meant to be interpreted as an available web
+service - see below for more details.
+{{% /boxes/note %}}
+
+Rooms, users, aliases, and groups may be represented as a "matrix.to"
+URI. This URI can be used to reference particular objects in a given
+context, such as mentioning a user in a message or linking someone to a
+particular point in the room's history (a permalink).
+
+A matrix.to URI has the following format, based upon the specification
+defined in RFC 3986:
+
+> <https://matrix.to/#/>&lt;identifier&gt;/&lt;extra
+> parameter&gt;?&lt;additional arguments&gt;
+
+The identifier may be a room ID, room alias, user ID, or group ID. The
+extra parameter is only used in the case of permalinks where an event ID
+is referenced. The matrix.to URI, when referenced, must always start
+with `https://matrix.to/#/` followed by the identifier.
+
+The `<additional arguments>` and the preceding question mark are
+optional and only apply in certain circumstances, documented below.
+
+Clients should not rely on matrix.to URIs falling back to a web server
+if accessed and instead should perform some sort of action within the
+client. For example, if the user were to click on a matrix.to URI for a
+room alias, the client may open a view for the user to participate in
+the room.
+
+The components of the matrix.to URI (`<identifier>` and
+`<extra parameter>`) are to be percent-encoded as per RFC 3986.
+
+Examples of matrix.to URIs are:
+
+-   Room alias: `https://matrix.to/#/%23somewhere%3Aexample.org`
+-   Room: `https://matrix.to/#/!somewhere%3Aexample.org`
+-   Permalink by room:
+    `https://matrix.to/#/!somewhere%3Aexample.org/%24event%3Aexample.org`
+-   Permalink by room alias:
+    `https://matrix.to/#/%23somewhere:example.org/%24event%3Aexample.org`
+-   User: `https://matrix.to/#/%40alice%3Aexample.org`
+
+{{% boxes/note %}}
+Historically, clients have not produced URIs which are fully encoded.
+Clients should try to interpret these cases to the best of their
+ability. For example, an unencoded room alias should still work within
+the client if possible.
+{{% /boxes/note %}}
+
+{{% boxes/note %}}
+Clients should be aware that decoding a matrix.to URI may result in
+extra slashes appearing due to some [room
+versions](/#room-versions). These slashes should normally be
+encoded when producing matrix.to URIs, however.
+{{% /boxes/note %}}
+
+{{% boxes/note %}}
+<!-- TODO: @@TravisR: Make "Spaces" a link when that specification exists -->
+In prior versions of this specification, a concept of "groups" were mentioned
+to organize rooms. This functionality did not properly get introduced into
+the specification and is subsequently replaced with "Spaces". Historical
+matrix.to URIs pointing to groups might still exist: they take the form
+`https://matrix.to/#/%2Bexample%3Aexample.org` (where the `+` sigil may or
+may not be encoded).
+{{% /boxes/note %}}
+
+##### Routing
+
+Room IDs are not routable on their own as there is no reliable domain to
+send requests to. This is partially mitigated with the addition of a
+`via` argument on a matrix.to URI, however the problem of routability is
+still present. Clients should do their best to route Room IDs to where
+they need to go, however they should also be aware of [issue
+\#1579](https://github.com/matrix-org/matrix-doc/issues/1579).
+
+A room (or room permalink) which isn't using a room alias should supply
+at least one server using `via` in the `<additional arguments>`, like
+so:
+`https://matrix.to/!somewhere%3Aexample.org?via=example.org&via=alt.example.org`.
+The parameter can be supplied multiple times to specify multiple servers
+to try.
+
+The values of `via` are intended to be passed along as the `server_name`
+parameters on the Client Server `/join` API.
+
+When generating room links and permalinks, the application should pick
+servers which have a high probability of being in the room in the
+distant future. How these servers are picked is left as an
+implementation detail, however the current recommendation is to pick 3
+unique servers based on the following criteria:
+
+-   The first server should be the server of the highest power level
+    user in the room, provided they are at least power level 50. If no
+    user meets this criterion, pick the most popular server in the room
+    (most joined users). The rationale for not picking users with power
+    levels under 50 is that they are unlikely to be around into the
+    distant future while higher ranking users (and therefore servers)
+    are less likely to give up their power and move somewhere else. Most
+    rooms in the public federation have a power level 100 user and have
+    not deviated from the default structure where power level 50 users
+    have moderator-style privileges.
+-   The second server should be the next highest server by population,
+    or the first highest by population if the first server was based on
+    a user's power level. The rationale for picking popular servers is
+    that the server is unlikely to be removed as the room naturally
+    grows in membership due to that server joining users. The server
+    could be refused participation in the future due to server ACLs or
+    similar, however the chance of that happening to a server which is
+    organically joining the room is unlikely.
+-   The third server should be the next highest server by population.
+-   Servers which are blocked due to server ACLs should never be chosen.
+-   Servers which are IP addresses should never be chosen. Servers which
+    use a domain name are less likely to be unroutable in the future
+    whereas IP addresses cannot be pointed to a different location and
+    therefore higher risk options.
+-   All 3 servers should be unique from each other. If the room does not
+    have enough users to supply 3 servers, the application should only
+    specify the servers it can. For example, a room with only 2 users in
+    it would result in maximum 2 `via` parameters.
+
+## 3PID Types
+
+Third Party Identifiers (3PIDs) represent identifiers on other
+namespaces that might be associated with a particular person. They
+comprise a tuple of `medium` which is a string that identifies the
+namespace in which the identifier exists, and an `address`: a string
+representing the identifier in that namespace. This must be a canonical
+form of the identifier, *i.e.* if multiple strings could represent the
+same identifier, only one of these strings must be used in a 3PID
+address, in a well-defined manner.
+
+For example, for e-mail, the `medium` is 'email' and the `address` would
+be the email address, *e.g.* the string `bob@example.com`. Since domain
+resolution is case-insensitive, the email address `bob@Example.com` is
+also has the 3PID address of `bob@example.com` (without the capital 'e')
+rather than `bob@Example.com`.
+
+The namespaces defined by this specification are listed below. More
+namespaces may be defined in future versions of this specification.
+
+### E-Mail
+
+Medium: `email`
+
+Represents E-Mail addresses. The `address` is the raw email address in
+`user@domain` form with the domain in lowercase. It must not contain
+other text such as real name, angle brackets or a mailto: prefix.
+
+In addition to lowercasing the domain component of an email address,
+implementations are expected to apply the unicode case-folding algorithm
+as described under "Caseless Matching" in
+[chapter 5 of the unicode standard](https://www.unicode.org/versions/Unicode13.0.0/ch05.pdf#G21790).
+For example, `Strauß@Example.com` must be considered to be `strauss@example.com`
+while processing the email address.
+
+### PSTN Phone numbers
+
+Medium: `msisdn`
+
+Represents telephone numbers on the public switched telephone network.
+The `address` is the telephone number represented as a MSISDN (Mobile
+Station International Subscriber Directory Number) as defined by the
+E.164 numbering plan. Note that MSISDNs do not include a leading '+'.
+
+## Security Threat Model
+
+### Denial of Service
+
+The attacker could attempt to prevent delivery of messages to or from
+the victim in order to:
+
+-   Disrupt service or marketing campaign of a commercial competitor.
+-   Censor a discussion or censor a participant in a discussion.
+-   Perform general vandalism.
+
+#### Threat: Resource Exhaustion
+
+An attacker could cause the victim's server to exhaust a particular
+resource (e.g. open TCP connections, CPU, memory, disk storage)
+
+#### Threat: Unrecoverable Consistency Violations
+
+An attacker could send messages which created an unrecoverable
+"split-brain" state in the cluster such that the victim's servers could
+no longer derive a consistent view of the chatroom state.
+
+#### Threat: Bad History
+
+An attacker could convince the victim to accept invalid messages which
+the victim would then include in their view of the chatroom history.
+Other servers in the chatroom would reject the invalid messages and
+potentially reject the victims messages as well since they depended on
+the invalid messages.
+
+#### Threat: Block Network Traffic
+
+An attacker could try to firewall traffic between the victim's server
+and some or all of the other servers in the chatroom.
+
+#### Threat: High Volume of Messages
+
+An attacker could send large volumes of messages to a chatroom with the
+victim making the chatroom unusable.
+
+#### Threat: Banning users without necessary authorisation
+
+An attacker could attempt to ban a user from a chatroom without the
+necessary authorisation.
+
+### Spoofing
+
+An attacker could try to send a message claiming to be from the victim
+without the victim having sent the message in order to:
+
+-   Impersonate the victim while performing illicit activity.
+-   Obtain privileges of the victim.
+
+#### Threat: Altering Message Contents
+
+An attacker could try to alter the contents of an existing message from
+the victim.
+
+#### Threat: Fake Message "origin" Field
+
+An attacker could try to send a new message purporting to be from the
+victim with a phony "origin" field.
+
+### Spamming
+
+The attacker could try to send a high volume of solicited or unsolicited
+messages to the victim in order to:
+
+-   Find victims for scams.
+-   Market unwanted products.
+
+#### Threat: Unsolicited Messages
+
+An attacker could try to send messages to victims who do not wish to
+receive them.
+
+#### Threat: Abusive Messages
+
+An attacker could send abusive or threatening messages to the victim
+
+### Spying
+
+The attacker could try to access message contents or metadata for
+messages sent by the victim or to the victim that were not intended to
+reach the attacker in order to:
+
+-   Gain sensitive personal or commercial information.
+-   Impersonate the victim using credentials contained in the messages.
+    (e.g. password reset messages)
+-   Discover who the victim was talking to and when.
+
+#### Threat: Disclosure during Transmission
+
+An attacker could try to expose the message contents or metadata during
+transmission between the servers.
+
+#### Threat: Disclosure to Servers Outside Chatroom
+
+An attacker could try to convince servers within a chatroom to send
+messages to a server it controls that was not authorised to be within
+the chatroom.
+
+#### Threat: Disclosure to Servers Within Chatroom
+
+An attacker could take control of a server within a chatroom to expose
+message contents or metadata for messages in that room.
+
+## Cryptographic Test Vectors
+
+To assist in the development of compatible implementations, the
+following test values may be useful for verifying the cryptographic
+event signing code.
+
+### Signing Key
+
+The following test vectors all use the 32-byte value given by the
+following Base64-encoded string as the seed for generating the `ed25519`
+signing key:
+
+    SIGNING_KEY_SEED = decode_base64(
+        "YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1"
+    )
+
+In each case, the server name and key ID are as follows:
+
+    SERVER_NAME = "domain"
+
+    KEY_ID = "ed25519:1"
+
+### JSON Signing
+
+Given an empty JSON object:
+
+```json
+{}
+```
+
+The JSON signing algorithm should emit the following signed data:
+
+```json
+{
+    "signatures": {
+        "domain": {
+            "ed25519:1": "K8280/U9SSy9IVtjBuVeLr+HpOB4BQFWbg+UZaADMtTdGYI7Geitb76LTrr5QV/7Xg4ahLwYGYZzuHGZKM5ZAQ"
+        }
+    }
+}
+```
+
+Given the following JSON object with data values in it:
+
+```json
+{
+    "one": 1,
+    "two": "Two"
+}
+```
+
+The JSON signing algorithm should emit the following signed JSON:
+
+```json
+{
+    "one": 1,
+    "signatures": {
+        "domain": {
+            "ed25519:1": "KqmLSbO39/Bzb0QIYE82zqLwsA+PDzYIpIRA2sRQ4sL53+sN6/fpNSoqE7BP7vBZhG6kYdD13EIMJpvhJI+6Bw"
+        }
+    },
+    "two": "Two"
+}
+```
+
+### Event Signing
+
+Given the following minimally-sized event:
+
+```json
+{
+    "room_id": "!x:domain",
+    "sender": "@a:domain",
+    "origin": "domain",
+    "origin_server_ts": 1000000,
+    "signatures": {},
+    "hashes": {},
+    "type": "X",
+    "content": {},
+    "prev_events": [],
+    "auth_events": [],
+    "depth": 3,
+    "unsigned": {
+        "age_ts": 1000000
+    }
+}
+```
+
+The event signing algorithm should emit the following signed event:
+
+```json
+{
+    "auth_events": [],
+    "content": {},
+    "depth": 3,
+    "hashes": {
+        "sha256": "5jM4wQpv6lnBo7CLIghJuHdW+s2CMBJPUOGOC89ncos"
+    },
+    "origin": "domain",
+    "origin_server_ts": 1000000,
+    "prev_events": [],
+    "room_id": "!x:domain",
+    "sender": "@a:domain",
+    "signatures": {
+        "domain": {
+            "ed25519:1": "KxwGjPSDEtvnFgU00fwFz+l6d2pJM6XBIaMEn81SXPTRl16AqLAYqfIReFGZlHi5KLjAWbOoMszkwsQma+lYAg"
+        }
+    },
+    "type": "X",
+    "unsigned": {
+        "age_ts": 1000000
+    }
+}
+```
+
+Given the following event containing redactable content:
+
+```json
+{
+    "content": {
+        "body": "Here is the message content"
+    },
+    "event_id": "$0:domain",
+    "origin": "domain",
+    "origin_server_ts": 1000000,
+    "type": "m.room.message",
+    "room_id": "!r:domain",
+    "sender": "@u:domain",
+    "signatures": {},
+    "unsigned": {
+        "age_ts": 1000000
+    }
+}
+```
+
+The event signing algorithm should emit the following signed event:
+
+```json
+{
+    "content": {
+        "body": "Here is the message content"
+    },
+    "event_id": "$0:domain",
+    "hashes": {
+        "sha256": "onLKD1bGljeBWQhWZ1kaP9SorVmRQNdN5aM2JYU2n/g"
+    },
+    "origin": "domain",
+    "origin_server_ts": 1000000,
+    "type": "m.room.message",
+    "room_id": "!r:domain",
+    "sender": "@u:domain",
+    "signatures": {
+        "domain": {
+            "ed25519:1": "Wm+VzmOUOz08Ds+0NTWb1d4CZrVsJSikkeRxh6aCcUwu6pNC78FunoD7KNWzqFn241eYHYMGCA5McEiVPdhzBA"
+        }
+    },
+    "unsigned": {
+        "age_ts": 1000000
+    }
+}
+```
+
+## Conventions for Matrix APIs
+
+This section is intended primarily to guide API designers when adding to Matrix,
+setting guidelines to follow for how those APIs should work. This is important to
+maintain consistency with the Matrix protocol, and thus improve developer
+experience.
+
+### HTTP endpoint and JSON property naming
+
+The names of the API endpoints for the HTTP transport follow a convention of
+using underscores to separate words (for example `/delete_devices`).
+
+The key names in JSON objects passed over the API also follow this convention.
+
+{{% boxes/note %}}
+There are a few historical exceptions to this rule, such as `/createRoom`.
+These inconsistencies may be addressed in future versions of this specification.
+{{% /boxes/note %}}
+
+### Pagination
+
+REST API endpoints which can return multiple "pages" of results should adopt the
+following conventions.
+
+ * If more results are available, the endpoint should return a property named
+   `next_batch`. The value should be a string token which can be passed into
+   a subsequent call to the endpoint to retrieve the next page of results.
+
+   If no more results are available, this is indicated by *omitting* the
+   `next_batch` property from the results.
+
+ * The endpoint should accept a query-parameter named `from` which the client
+   is expected to set to the value of a previous `next_batch`.
+
+ * Some endpoints might support pagination in two directions (example:
+   `/messages`, which can be used to move forward or backwards in the timeline
+   from a known point). In this case, the endpoint should return a `prev_batch`
+   property which can be passed into `from` to receive the previous page of
+   results.
+
+   Avoid having a separate "direction" parameter, which is generally redundant:
+   the tokens returned by `next_batch` and `prev_batch` should contain enough
+   information for subsequent calls to the API to know which page of results
+   they should return.
diff --git a/content/application-service-api.md b/content/application-service-api.md
new file mode 100644
index 00000000000..02d7ed6faee
--- /dev/null
+++ b/content/application-service-api.md
@@ -0,0 +1,395 @@
+---
+title: "Application Service API"
+weight: 30
+type: docs
+---
+
+The Matrix client-server API and server-server APIs provide the means to
+implement a consistent self-contained federated messaging fabric.
+However, they provide limited means of implementing custom server-side
+behaviour in Matrix (e.g. gateways, filters, extensible hooks etc). The
+Application Service API (AS API) defines a standard API to allow such
+extensible functionality to be implemented irrespective of the
+underlying homeserver implementation.
+
+## Application Services
+
+Application services are passive and can only observe events from
+homeserver. They can inject events into rooms they are participating in.
+They cannot prevent events from being sent, nor can they modify the
+content of the event being sent. In order to observe events from a
+homeserver, the homeserver needs to be configured to pass certain types
+of traffic to the application service. This is achieved by manually
+configuring the homeserver with information about the application
+service.
+
+### Registration
+
+{{% boxes/note %}}
+Previously, application services could register with a homeserver via
+HTTP APIs. This was removed as it was seen as a security risk. A
+compromised application service could re-register for a global `*` regex
+and sniff *all* traffic on the homeserver. To protect against this,
+application services now have to register via configuration files which
+are linked to the homeserver configuration file. The addition of
+configuration files allows homeserver admins to sanity check the
+registration for suspicious regex strings.
+{{% /boxes/note %}}
+
+Application services register "namespaces" of user IDs, room aliases and
+room IDs. These namespaces are represented as regular expressions. An
+application service is said to be "interested" in a given event if one
+of the IDs in the event match the regular expression provided by the
+application service, such as the room having an alias or ID in the
+relevant namespaces. Similarly, the application service is said to be
+interested in a given event if one of the application service's
+namespaced users is the target of the event, or is a joined member of
+the room where the event occurred.
+
+An application service can also state whether they should be the only
+ones who can manage a specified namespace. This is referred to as an
+"exclusive" namespace. An exclusive namespace prevents humans and other
+application services from creating/deleting entities in that namespace.
+Typically, exclusive namespaces are used when the rooms represent real
+rooms on another service (e.g. IRC). Non-exclusive namespaces are used
+when the application service is merely augmenting the room itself (e.g.
+providing logging or searching facilities). Namespaces are represented
+by POSIX extended regular expressions and look like:
+
+    users:
+      - exclusive: true
+        regex: "@_irc_bridge_.*"
+
+Application services may define the following namespaces (with none
+being explicitly required):
+
+| Name     | Description                                                |
+|----------|------------------------------------------------------------|
+| users    | Events which are sent from certain users.                  |
+| aliases  | Events which are sent in rooms with certain room aliases.  |
+| rooms    | Events which are sent in rooms with certain room IDs.      |
+
+Each individual namespace MUST declare the following fields:
+
+| Name       | Description                                                                                                                        |
+|------------|------------------------------------------------------------------------------------------------------------------------------------|
+| exclusive  | **Required** A true or false value stating whether this application service has exclusive access to events within this namespace.  |
+| regex      | **Required** A regular expression defining which values this namespace includes.                                                   |
+
+Exclusive user and alias namespaces should begin with an underscore
+after the sigil to avoid collisions with other users on the homeserver.
+Application services should additionally attempt to identify the service
+they represent in the reserved namespace. For example, `@_irc_.*` would
+be a good namespace to register for an application service which deals
+with IRC.
+
+The registration is represented by a series of key-value pairs, which
+this specification will present as YAML. See below for the possible
+options along with their explanation:
+
+
+| Name              | Description                                                                                                                                   |
+|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|
+| id                | **Required** A unique, user-defined ID of the application service which will never change.                                                    |
+| url               | **Required** The URL for the application service. May include a path after the domain name. Optionally set to null if no traffic is required. |
+| as_token          | **Required** A unique token for application services to use to authenticate requests to Homeservers.                                          |
+| hs_token          | **Required** A unique token for Homeservers to use to authenticate requests to application services.                                          |
+| sender_localpart  | **Required** The localpart of the user associated with the application service.                                                               |
+| namespaces        | **Required** A list of `users`, `aliases` and `rooms` namespaces that the application service controls.                                       |
+| rate_limited      | Whether requests from masqueraded users are rate-limited. The sender is excluded.                                                             |
+| protocols         | The external protocols which the application service provides (e.g. IRC).                                                                     |
+
+An example registration file for an IRC-bridging application service is
+below:
+
+    id: "IRC Bridge"
+    url: "http://127.0.0.1:1234"
+    as_token: "30c05ae90a248a4188e620216fa72e349803310ec83e2a77b34fe90be6081f46"
+    hs_token: "312df522183efd404ec1cd22d2ffa4bbc76a8c1ccf541dd692eef281356bb74e"
+    sender_localpart: "_irc_bot" # Will result in @_irc_bot:example.org
+    namespaces:
+      users:
+        - exclusive: true
+          regex: "@_irc_bridge_.*"
+      aliases:
+        - exclusive: false
+          regex: "#_irc_bridge_.*"
+      rooms: []
+
+{{% boxes/warning %}}
+If the homeserver in question has multiple application services, each
+`as_token` and `id` MUST be unique per application service as these are
+used to identify the application service. The homeserver MUST enforce
+this.
+{{% /boxes/warning %}}
+
+### Homeserver -&gt; Application Service API
+
+#### Authorization
+
+Homeservers MUST include a query parameter named `access_token`
+containing the `hs_token` from the application service's registration
+when making requests to the application service. Application services
+MUST verify the provided `access_token` matches their known `hs_token`,
+failing the request with an `M_FORBIDDEN` error if it does not match.
+
+#### Legacy routes
+
+Previous drafts of the application service specification had a mix of
+endpoints that have been used in the wild for a significant amount of
+time. The application service specification now defines a version on all
+endpoints to be more compatible with the rest of the Matrix
+specification and the future.
+
+Homeservers should attempt to use the specified endpoints first when
+communicating with application services. However, if the application
+service receives an HTTP status code that does not indicate success
+(i.e.: 404, 500, 501, etc) then the homeserver should fall back to the
+older endpoints for the application service.
+
+The older endpoints have the exact same request body and response
+format, they just belong at a different path. The equivalent path for
+each is as follows:
+
+-   `/_matrix/app/v1/transactions/{txnId}` should fall back to
+    `/transactions/{txnId}`
+-   `/_matrix/app/v1/users/{userId}` should fall back to
+    `/users/{userId}`
+-   `/_matrix/app/v1/rooms/{roomAlias}` should fall back to
+    `/rooms/{roomAlias}`
+-   `/_matrix/app/v1/thirdparty/protocol/{protocol}` should fall back to
+    `/_matrix/app/unstable/thirdparty/protocol/{protocol}`
+-   `/_matrix/app/v1/thirdparty/user/{user}` should fall back to
+    `/_matrix/app/unstable/thirdparty/user/{user}`
+-   `/_matrix/app/v1/thirdparty/location/{location}` should fall back to
+    `/_matrix/app/unstable/thirdparty/location/{location}`
+-   `/_matrix/app/v1/thirdparty/user` should fall back to
+    `/_matrix/app/unstable/thirdparty/user`
+-   `/_matrix/app/v1/thirdparty/location` should fall back to
+    `/_matrix/app/unstable/thirdparty/location`
+
+Homeservers should periodically try again for the newer endpoints
+because the application service may have been updated.
+
+#### Pushing events
+
+The application service API provides a transaction API for sending a
+list of events. Each list of events includes a transaction ID, which
+works as follows:
+
+```
+    Typical
+    HS ---> AS : Homeserver sends events with transaction ID T.
+       <---    : Application Service sends back 200 OK.
+```
+
+```
+    AS ACK Lost
+    HS ---> AS : Homeserver sends events with transaction ID T.
+       <-/-    : AS 200 OK is lost.
+    HS ---> AS : Homeserver retries with the same transaction ID of T.
+       <---    : Application Service sends back 200 OK. If the AS had processed these
+                 events already, it can NO-OP this request (and it knows if it is the
+                 same events based on the transaction ID).
+```
+
+The events sent to the application service should be linearised, as if
+they were from the event stream. The homeserver MUST maintain a queue of
+transactions to send to the application service. If the application
+service cannot be reached, the homeserver SHOULD backoff exponentially
+until the application service is reachable again. As application
+services cannot *modify* the events in any way, these requests can be
+made without blocking other aspects of the homeserver. Homeservers MUST
+NOT alter (e.g. add more) events they were going to send within that
+transaction ID on retries, as the application service may have already
+processed the events.
+
+{{% http-api spec="application-service" api="transactions" %}}
+
+#### Querying
+
+The application service API includes two querying APIs: for room aliases
+and for user IDs. The application service SHOULD create the queried
+entity if it desires. During this process, the application service is
+blocking the homeserver until the entity is created and configured. If
+the homeserver does not receive a response to this request, the
+homeserver should retry several times before timing out. This should
+result in an HTTP status 408 "Request Timeout" on the client which
+initiated this request (e.g. to join a room alias).
+
+{{% boxes/rationale %}}
+Blocking the homeserver and expecting the application service to create
+the entity using the client-server API is simpler and more flexible than
+alternative methods such as returning an initial sync style JSON blob
+and get the HS to provision the room/user. This also meant that there
+didn't need to be a "backchannel" to inform the application service
+about information about the entity such as room ID to room alias
+mappings.
+{{% /boxes/rationale %}}
+
+{{% http-api spec="application-service" api="query_user" %}}
+
+{{% http-api spec="application-service" api="query_room" %}}
+
+#### Third party networks
+
+Application services may declare which protocols they support via their
+registration configuration for the homeserver. These networks are
+generally for third party services such as IRC that the application
+service is managing. Application services may populate a Matrix room
+directory for their registered protocols, as defined in the
+Client-Server API Extensions.
+
+Each protocol may have several "locations" (also known as "third party
+locations" or "3PLs"). A location within a protocol is a place in the
+third party network, such as an IRC channel. Users of the third party
+network may also be represented by the application service.
+
+Locations and users can be searched by fields defined by the application
+service, such as by display name or other attribute. When clients
+request the homeserver to search in a particular "network" (protocol),
+the search fields will be passed along to the application service for
+filtering.
+
+{{% http-api spec="application-service" api="protocols" %}}
+
+### Client-Server API Extensions
+
+Application services can use a more powerful version of the
+client-server API by identifying itself as an application service to the
+homeserver.
+
+Endpoints defined in this section MUST be supported by homeservers in
+the client-server API as accessible only by application services.
+
+#### Identity assertion
+
+The client-server API infers the user ID from the `access_token`
+provided in every request. To avoid the application service from having
+to keep track of each user's access token, the application service
+should identify itself to the Client-Server API by providing its
+`as_token` for the `access_token` alongside the user the application
+service would like to masquerade as.
+
+Inputs:  
+-   Application service token (`as_token`)
+-   User ID in the AS namespace to act as.
+
+Notes:  
+-   This applies to all aspects of the Client-Server API, except for
+    Account Management.
+-   The `as_token` is inserted into `access_token` which is usually
+    where the client token is, such as via the query string or
+    `Authorization` header. This is done on purpose to allow application
+    services to reuse client SDKs.
+-   The `access_token` should be supplied through the `Authorization`
+    header where possible to prevent the token appearing in HTTP request
+    logs by accident.
+
+The application service may specify the virtual user to act as through
+use of a `user_id` query string parameter on the request. The user
+specified in the query string must be covered by one of the application
+service's `user` namespaces. If the parameter is missing, the homeserver
+is to assume the application service intends to act as the user implied
+by the `sender_localpart` property of the registration.
+
+An example request would be:
+
+    GET /_matrix/client/%CLIENT_MAJOR_VERSION%/account/whoami?user_id=@_irc_user:example.org
+    Authorization: Bearer YourApplicationServiceTokenHere
+
+#### Timestamp massaging
+
+Previous drafts of the Application Service API permitted application
+services to alter the timestamp of their sent events by providing a `ts`
+query parameter when sending an event. This API has been excluded from
+the first release due to design concerns, however some servers may still
+support the feature. Please visit [issue
+\#1585](https://github.com/matrix-org/matrix-doc/issues/1585) for more
+information.
+
+#### Server admin style permissions
+
+The homeserver needs to give the application service *full control* over
+its namespace, both for users and for room aliases. This means that the
+AS should be able to manage any users and room alias in its namespace. No additional API
+changes need to be made in order for control of room aliases to be
+granted to the AS.
+
+Creation of users needs API changes in order to:
+
+-   Work around captchas.
+-   Have a 'passwordless' user.
+
+This involves bypassing the registration flows entirely. This is
+achieved by including the `as_token` on a `/register` request, along
+with a login type of `m.login.application_service` to set the desired
+user ID without a password.
+
+    POST /_matrix/client/%CLIENT_MAJOR_VERSION%/register
+    Authorization: Bearer YourApplicationServiceTokenHere
+
+    Content:
+    {
+      type: "m.login.application_service",
+      username: "_irc_example"
+    }
+
+Similarly, logging in as users needs API changes in order to allow the AS to
+log in without needing the user's password. This is achieved by including the
+`as_token` on a `/login` request, along with a login type of
+`m.login.application_service`.
+
+    POST /_matrix/client/%CLIENT_MAJOR_VERSION%/login
+    Authorization: Bearer YourApplicationServiceTokenHere
+
+    Content:
+    {
+      type: "m.login.application_service",
+      "identifier": {
+        "type": "m.id.user",
+        "user": "_irc_example"
+      }
+    }
+
+Application services which attempt to create users or aliases *outside*
+of their defined namespaces, or log in as users outside of their defined
+namespaces will receive an error code `M_EXCLUSIVE`.
+Similarly, normal users who attempt to create users or aliases *inside*
+an application service-defined namespace will receive the same
+`M_EXCLUSIVE` error code, but only if the application service has
+defined the namespace as `exclusive`.
+
+#### Using `/sync` and `/events`
+
+Application services wishing to use `/sync` or `/events` from the
+Client-Server API MUST do so with a virtual user (provide a `user_id`
+via the query string). It is expected that the application service use
+the transactions pushed to it to handle events rather than syncing with
+the user implied by `sender_localpart`.
+
+#### Application service room directories
+
+Application services can maintain their own room directories for their
+defined third party protocols. These room directories may be accessed by
+clients through additional parameters on the `/publicRooms`
+client-server endpoint.
+
+{{% http-api spec="client-server" api="appservice_room_directory" %}}
+
+### Referencing messages from a third party network
+
+Application services should include an `external_url` in the `content`
+of events it emits to indicate where the message came from. This
+typically applies to application services that bridge other networks
+into Matrix, such as IRC, where an HTTP URL may be available to
+reference.
+
+Clients should provide users with a way to access the `external_url` if
+it is present. Clients should additionally ensure the URL has a scheme
+of `https` or `http` before making use of it.
+
+The presence of an `external_url` on an event does not necessarily mean
+the event was sent from an application service. Clients should be wary
+of the URL contained within, as it may not be a legitimate reference to
+the event's source.
diff --git a/content/changelog.md b/content/changelog.md
new file mode 100644
index 00000000000..41b0987e2f8
--- /dev/null
+++ b/content/changelog.md
@@ -0,0 +1,47 @@
+---
+title: Changelog
+type: docs
+weight: 1000
+---
+
+{{% changelog/changelog-description %}}
+
+{{% changelog/changelog-changes %}}
+
+<h2 id="historical-versions" class="no-numbers">Historical versions</h2>
+
+Before version 1.1, versioning was applied at the level of individual API specifications. This section includes links to these versions of the APIs.
+
+* **Client-Server API**
+  -   [r0.6.1](https://matrix.org/docs/spec/client_server/r0.6.1.html)
+  -   [r0.6.0](https://matrix.org/docs/spec/client_server/r0.6.0.html)
+  -   [r0.5.0](https://matrix.org/docs/spec/client_server/r0.5.0.html)
+  -   [r0.4.0](https://matrix.org/docs/spec/client_server/r0.4.0.html)
+  -   [r0.3.0](https://matrix.org/docs/spec/client_server/r0.3.0.html)
+  -   [r0.2.0](https://matrix.org/docs/spec/client_server/r0.2.0.html)
+  -   [r0.1.0](https://matrix.org/docs/spec/client_server/r0.1.0.html)
+  -   [r0.0.1](https://matrix.org/docs/spec/r0.0.1/client_server.html)
+  -   [r0.0.0](https://matrix.org/docs/spec/r0.0.0/client_server.html)
+  -   [Legacy](https://matrix.org/docs/spec/legacy/#client-server-api):
+      The last draft before the spec was formally released in version
+      r0.0.0.
+
+* **Server-Server API**
+  -   [r0.1.4](https://matrix.org/docs/spec/server_server/r0.1.4.html)
+  -   [r0.1.3](https://matrix.org/docs/spec/server_server/r0.1.3.html)
+  -   [r0.1.2](https://matrix.org/docs/spec/server_server/r0.1.2.html)
+  -   [r0.1.1](https://matrix.org/docs/spec/server_server/r0.1.1.html)
+  -   [r0.1.0](https://matrix.org/docs/spec/server_server/r0.1.0.html)
+
+* **Application Service API**
+  -   [r0.1.1](https://matrix.org/docs/spec/application_service/r0.1.1.html)
+  -   [r0.1.0](https://matrix.org/docs/spec/application_service/r0.1.0.html)
+
+* **Identity Service API**
+  -   [r0.3.0](https://matrix.org/docs/spec/identity_service/r0.3.0.html)
+  -   [r0.2.1](https://matrix.org/docs/spec/identity_service/r0.2.1.html)
+  -   [r0.2.0](https://matrix.org/docs/spec/identity_service/r0.2.0.html)
+  -   [r0.1.0](https://matrix.org/docs/spec/identity_service/r0.1.0.html)
+
+* **Push Gateway API**
+  -   [r0.1.0](https://matrix.org/docs/spec/push_gateway/r0.1.0.html)
diff --git a/content/client-server-api/_index.md b/content/client-server-api/_index.md
new file mode 100644
index 00000000000..f9ef606327e
--- /dev/null
+++ b/content/client-server-api/_index.md
@@ -0,0 +1,2045 @@
+---
+title: "Client-Server API"
+weight: 10
+type: docs
+---
+
+The client-server API allows clients to
+send messages, control rooms and synchronise conversation history. It is
+designed to support both lightweight clients which store no state and
+lazy-load data from the server as required - as well as heavyweight
+clients which maintain a full local persistent copy of server state.
+
+## API Standards
+
+The mandatory baseline for client-server communication in Matrix is
+exchanging JSON objects over HTTP APIs. HTTPS is recommended for
+communication, although HTTP may be supported as a fallback to support
+basic HTTP clients. More efficient optional transports will in future be
+supported as optional extensions - e.g. a packed binary encoding over
+stream-cipher encrypted TCP socket for low-bandwidth/low-roundtrip
+mobile usage. For the default HTTP transport, all API calls use a
+Content-Type of `application/json`. In addition, all strings MUST be
+encoded as UTF-8.
+
+Clients are authenticated using opaque `access_token` strings (see [Client
+Authentication](#client-authentication) for details).
+
+See also [Conventions for Matrix APIs](/appendices#conventions-for-matrix-apis)
+in the Appendices for conventions which all Matrix APIs are expected to follow.
+
+### Standard error response
+
+Any errors which occur at the Matrix API level MUST return a "standard
+error response". This is a JSON object which looks like:
+
+```json
+{
+  "errcode": "<error code>",
+  "error": "<error message>"
+}
+```
+
+The `error` string will be a human-readable error message, usually a
+sentence explaining what went wrong.
+
+The `errcode` string will be a unique string which can be used to handle an
+error message e.g.  `M_FORBIDDEN`. Error codes should have their namespace
+first in ALL CAPS, followed by a single `_`. For example, if there was a custom
+namespace `com.mydomain.here`, and a `FORBIDDEN` code, the error code should
+look like `COM.MYDOMAIN.HERE_FORBIDDEN`. Error codes defined by this
+specification should start `M_`.
+
+Some `errcode`s define additional keys which should be present in the error
+response object, but the keys `error` and `errcode` MUST always be present.
+
+Errors are generally best expressed by their error code rather than the
+HTTP status code returned. When encountering the error code `M_UNKNOWN`,
+clients should prefer the HTTP status code as a more reliable reference
+for what the issue was. For example, if the client receives an error
+code of `M_NOT_FOUND` but the request gave a 400 Bad Request status
+code, the client should treat the error as if the resource was not
+found. However, if the client were to receive an error code of
+`M_UNKNOWN` with a 400 Bad Request, the client should assume that the
+request being made was invalid.
+
+#### Common error codes
+
+These error codes can be returned by any API endpoint:
+
+`M_FORBIDDEN`
+Forbidden access, e.g. joining a room without permission, failed login.
+
+`M_UNKNOWN_TOKEN`
+The access token specified was not recognised.
+
+An additional response parameter, `soft_logout`, might be present on the
+response for 401 HTTP status codes. See [the soft logout
+section](#soft-logout) for more information.
+
+`M_MISSING_TOKEN`
+No access token was specified for the request.
+
+`M_BAD_JSON`
+Request contained valid JSON, but it was malformed in some way, e.g.
+missing required keys, invalid values for keys.
+
+`M_NOT_JSON`
+Request did not contain valid JSON.
+
+`M_NOT_FOUND`
+No resource was found for this request.
+
+`M_LIMIT_EXCEEDED`
+Too many requests have been sent in a short period of time. Wait a while
+then try again.
+
+`M_UNKNOWN`
+An unknown error has occurred.
+
+#### Other error codes
+
+The following error codes are specific to certain endpoints.
+
+<!-- TODO: move them to the endpoints that return them -->.
+
+`M_UNRECOGNIZED`
+The server did not understand the request.
+
+`M_UNAUTHORIZED`
+The request was not correctly authorized. Usually due to login failures.
+
+`M_USER_DEACTIVATED`
+The user ID associated with the request has been deactivated. Typically
+for endpoints that prove authentication, such as `/login`.
+
+`M_USER_IN_USE`
+Encountered when trying to register a user ID which has been taken.
+
+`M_INVALID_USERNAME`
+Encountered when trying to register a user ID which is not valid.
+
+`M_ROOM_IN_USE`
+Sent when the room alias given to the `createRoom` API is already in
+use.
+
+`M_INVALID_ROOM_STATE`
+Sent when the initial state given to the `createRoom` API is invalid.
+
+`M_THREEPID_IN_USE`
+Sent when a threepid given to an API cannot be used because the same
+threepid is already in use.
+
+`M_THREEPID_NOT_FOUND`
+Sent when a threepid given to an API cannot be used because no record
+matching the threepid was found.
+
+`M_THREEPID_AUTH_FAILED`
+Authentication could not be performed on the third party identifier.
+
+`M_THREEPID_DENIED`
+The server does not permit this third party identifier. This may happen
+if the server only permits, for example, email addresses from a
+particular domain.
+
+`M_SERVER_NOT_TRUSTED`
+The client's request used a third party server, e.g. identity server,
+that this server does not trust.
+
+`M_UNSUPPORTED_ROOM_VERSION`
+The client's request to create a room used a room version that the
+server does not support.
+
+`M_INCOMPATIBLE_ROOM_VERSION`
+The client attempted to join a room that has a version the server does
+not support. Inspect the `room_version` property of the error response
+for the room's version.
+
+`M_BAD_STATE`
+The state change requested cannot be performed, such as attempting to
+unban a user who is not banned.
+
+`M_GUEST_ACCESS_FORBIDDEN`
+The room or resource does not permit guests to access it.
+
+`M_CAPTCHA_NEEDED`
+A Captcha is required to complete the request.
+
+`M_CAPTCHA_INVALID`
+The Captcha provided did not match what was expected.
+
+`M_MISSING_PARAM`
+A required parameter was missing from the request.
+
+`M_INVALID_PARAM`
+A parameter that was specified has the wrong value. For example, the
+server expected an integer and instead received a string.
+
+`M_TOO_LARGE`
+The request or entity was too large.
+
+`M_EXCLUSIVE`
+The resource being requested is reserved by an application service, or
+the application service making the request has not created the resource.
+
+`M_RESOURCE_LIMIT_EXCEEDED`
+The request cannot be completed because the homeserver has reached a
+resource limit imposed on it. For example, a homeserver held in a shared
+hosting environment may reach a resource limit if it starts using too
+much memory or disk space. The error MUST have an `admin_contact` field
+to provide the user receiving the error a place to reach out to.
+Typically, this error will appear on routes which attempt to modify
+state (e.g.: sending messages, account data, etc) and not routes which
+only read state (e.g.: `/sync`, get account data, etc).
+
+`M_CANNOT_LEAVE_SERVER_NOTICE_ROOM`
+The user is unable to reject an invite to join the server notices room.
+See the [Server Notices](#server-notices) module for more information.
+
+The client-server API typically uses `HTTP PUT` to submit requests with
+a client-generated transaction identifier. This means that these
+requests are idempotent. The scope of a transaction identifier is a
+particular access token. It **only** serves to identify new requests
+from retransmits. After the request has finished, the `{txnId}` value
+should be changed (how is not specified; a monotonically increasing
+integer is recommended).
+
+Some API endpoints may allow or require the use of `POST` requests
+without a transaction ID. Where this is optional, the use of a `PUT`
+request is strongly recommended.
+
+{{% http-api spec="client-server" api="versions" %}}
+
+## Web Browser Clients
+
+It is realistic to expect that some clients will be written to be run
+within a web browser or similar environment. In these cases, the
+homeserver should respond to pre-flight requests and supply Cross-Origin
+Resource Sharing (CORS) headers on all requests.
+
+Servers MUST expect that clients will approach them with `OPTIONS`
+requests, allowing clients to discover the CORS headers. All endpoints
+in this specification support the `OPTIONS` method, however the server
+MUST NOT perform any logic defined for the endpoints when approached
+with an `OPTIONS` request.
+
+When a client approaches the server with a request, the server should
+respond with the CORS headers for that route. The recommended CORS
+headers to be returned by servers on all requests are:
+
+    Access-Control-Allow-Origin: *
+    Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
+    Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization
+
+## Server Discovery
+
+In order to allow users to connect to a Matrix server without needing to
+explicitly specify the homeserver's URL or other parameters, clients
+SHOULD use an auto-discovery mechanism to determine the server's URL
+based on a user's Matrix ID. Auto-discovery should only be done at login
+time.
+
+In this section, the following terms are used with specific meanings:
+
+`PROMPT`
+Retrieve the specific piece of information from the user in a way which
+fits within the existing client user experience, if the client is
+inclined to do so. Failure can take place instead if no good user
+experience for this is possible at this point.
+
+`IGNORE`
+Stop the current auto-discovery mechanism. If no more auto-discovery
+mechanisms are available, then the client may use other methods of
+determining the required parameters, such as prompting the user, or
+using default values.
+
+`FAIL_PROMPT`
+Inform the user that auto-discovery failed due to invalid/empty data and
+`PROMPT` for the parameter.
+
+`FAIL_ERROR`
+Inform the user that auto-discovery did not return any usable URLs. Do
+not continue further with the current login process. At this point,
+valid data was obtained, but no server is available to serve the client.
+No further guess should be attempted and the user should make a
+conscientious decision what to do next.
+
+### Well-known URI
+
+{{% boxes/note %}}
+Servers hosting the `.well-known` JSON file SHOULD offer CORS headers,
+as per the [CORS](#web-browser-clients) section in this specification.
+{{% /boxes/note %}}
+
+The `.well-known` method uses a JSON file at a predetermined location to
+specify parameter values. The flow for this method is as follows:
+
+1.  Extract the server name from the user's Matrix ID by splitting the
+    Matrix ID at the first colon.
+2.  Extract the hostname from the server name.
+3.  Make a GET request to `https://hostname/.well-known/matrix/client`.
+    1.  If the returned status code is 404, then `IGNORE`.
+    2.  If the returned status code is not 200, or the response body is
+        empty, then `FAIL_PROMPT`.
+    3.  Parse the response body as a JSON object
+        1.  If the content cannot be parsed, then `FAIL_PROMPT`.
+    4.  Extract the `base_url` value from the `m.homeserver` property.
+        This value is to be used as the base URL of the homeserver.
+        1.  If this value is not provided, then `FAIL_PROMPT`.
+    5.  Validate the homeserver base URL:
+        1.  Parse it as a URL. If it is not a URL, then `FAIL_ERROR`.
+        2.  Clients SHOULD validate that the URL points to a valid
+            homeserver before accepting it by connecting to the
+            [`/_matrix/client/versions`](/client-server-api/#get_matrixclientversions) endpoint, ensuring that it does
+            not return an error, and parsing and validating that the
+            data conforms with the expected response format. If any step
+            in the validation fails, then `FAIL_ERROR`. Validation is
+            done as a simple check against configuration errors, in
+            order to ensure that the discovered address points to a
+            valid homeserver.
+    6.  If the `m.identity_server` property is present, extract the
+        `base_url` value for use as the base URL of the identity server.
+        Validation for this URL is done as in the step above, but using
+        `/_matrix/identity/v2` as the endpoint to connect to. If the
+        `m.identity_server` property is present, but does not have a
+        `base_url` value, then `FAIL_PROMPT`.
+
+{{% http-api spec="client-server" api="wellknown" %}}
+
+## Client Authentication
+
+Most API endpoints require the user to identify themselves by presenting
+previously obtained credentials in the form of an `access_token` query
+parameter or through an Authorization Header of `Bearer $access_token`.
+An access token is typically obtained via the [Login](#login) or
+[Registration](#account-registration-and-management) processes.
+
+{{% boxes/note %}}
+This specification does not mandate a particular format for the access
+token. Clients should treat it as an opaque byte sequence. Servers are
+free to choose an appropriate format. Server implementors may like to
+investigate [macaroons](http://research.google.com/pubs/pub41892.html).
+{{% /boxes/note %}}
+
+### Using access tokens
+
+Access tokens may be provided in two ways, both of which the homeserver
+MUST support:
+
+1.  Via a query string parameter, `access_token=TheTokenHere`.
+2.  Via a request header, `Authorization: Bearer TheTokenHere`.
+
+Clients are encouraged to use the `Authorization` header where possible
+to prevent the access token being leaked in access/HTTP logs. The query
+string should only be used in cases where the `Authorization` header is
+inaccessible for the client.
+
+When credentials are required but missing or invalid, the HTTP call will
+return with a status of 401 and the error code, `M_MISSING_TOKEN` or
+`M_UNKNOWN_TOKEN` respectively.
+
+### Relationship between access tokens and devices
+
+Client [devices](../index.html#devices) are closely related to access
+tokens. Matrix servers should record which device each access token is
+assigned to, so that subsequent requests can be handled correctly.
+
+By default, the [Login](#login) and [Registration](#account-registration-and-management)
+processes auto-generate a new `device_id`. A client is also free to
+generate its own `device_id` or, provided the user remains the same,
+reuse a device: in either case the client should pass the `device_id` in
+the request body. If the client sets the `device_id`, the server will
+invalidate any access token previously assigned to that device. There is
+therefore at most one active access token assigned to each device at any
+one time.
+
+### Soft logout
+
+When a request fails due to a 401 status code per above, the server can
+include an extra response parameter, `soft_logout`, to indicate if the
+client's persisted information can be retained. This defaults to
+`false`, indicating that the server has destroyed the session. Any
+persisted state held by the client, such as encryption keys and device
+information, must not be reused and must be discarded.
+
+When `soft_logout` is true, the client can acquire a new access token by
+specifying the device ID it is already using to the login API. In most
+cases a `soft_logout: true` response indicates that the user's session
+has expired on the server-side and the user simply needs to provide
+their credentials again.
+
+In either case, the client's previously known access token will no
+longer function.
+
+### User-Interactive Authentication API
+
+#### Overview
+
+Some API endpoints require authentication that interacts with the user.
+The homeserver may provide many different ways of authenticating, such
+as user/password auth, login via a single-sign-on server (SSO), etc.
+This specification does not define how homeservers should authorise
+their users but instead defines the standard interface which
+implementations should follow so that ANY client can log in to ANY
+homeserver.
+
+The process takes the form of one or more 'stages'. At each stage the
+client submits a set of data for a given authentication type and awaits
+a response from the server, which will either be a final success or a
+request to perform an additional stage. This exchange continues until
+the final success.
+
+For each endpoint, a server offers one or more 'flows' that the client
+can use to authenticate itself. Each flow comprises a series of stages,
+as described above. The client is free to choose which flow it follows,
+however the flow's stages must be completed in order. Failing to follow
+the flows in order must result in an HTTP 401 response, as defined
+below. When all stages in a flow are complete, authentication is
+complete and the API call succeeds.
+
+#### User-interactive API in the REST API
+
+In the REST API described in this specification, authentication works by
+the client and server exchanging JSON dictionaries. The server indicates
+what authentication data it requires via the body of an HTTP 401
+response, and the client submits that authentication data via the `auth`
+request parameter.
+
+A client should first make a request with no `auth` parameter.
+The homeserver returns an HTTP 401 response, with a JSON body, as follows:
+
+    HTTP/1.1 401 Unauthorized
+    Content-Type: application/json
+
+```json
+{
+  "flows": [
+    {
+      "stages": [ "example.type.foo", "example.type.bar" ]
+    },
+    {
+      "stages": [ "example.type.foo", "example.type.baz" ]
+    }
+  ],
+  "params": {
+      "example.type.baz": {
+          "example_key": "foobar"
+      }
+  },
+  "session": "xxxxxx"
+}
+```
+
+In addition to the `flows`, this object contains some extra information:
+
+* `params`: This section contains any information that the client will
+need to know in order to use a given type of authentication. For each
+authentication type presented, that type may be present as a key in this
+dictionary. For example, the public part of an OAuth client ID could be
+given here.
+
+* `session`: This is a session identifier that the client must pass back
+to the homeserver, if one is provided, in subsequent attempts to authenticate
+in the same API call.
+
+The client then chooses a flow and attempts to complete the first stage.
+It does this by resubmitting the same request with the addition of an
+`auth` key in the object that it submits. This dictionary contains a
+`type` key whose value is the name of the authentication type that the
+client is attempting to complete. It must also contain a `session` key
+with the value of the session key given by the homeserver, if one was
+given. It also contains other keys dependent on the auth type being
+attempted. For example, if the client is attempting to complete auth
+type `example.type.foo`, it might submit something like this:
+
+    POST /_matrix/client/r0/endpoint HTTP/1.1
+    Content-Type: application/json
+
+```json
+{
+  "a_request_parameter": "something",
+  "another_request_parameter": "something else",
+  "auth": {
+      "type": "example.type.foo",
+      "session": "xxxxxx",
+      "example_credential": "verypoorsharedsecret"
+  }
+}
+```
+
+If the homeserver deems the authentication attempt to be successful but
+still requires more stages to be completed, it returns HTTP status 401
+along with the same object as when no authentication was attempted, with
+the addition of the `completed` key which is an array of auth types the
+client has completed successfully:
+
+    HTTP/1.1 401 Unauthorized
+    Content-Type: application/json
+
+```json
+{
+  "completed": [ "example.type.foo" ],
+  "flows": [
+    {
+      "stages": [ "example.type.foo", "example.type.bar" ]
+    },
+    {
+      "stages": [ "example.type.foo", "example.type.baz" ]
+    }
+  ],
+  "params": {
+      "example.type.baz": {
+          "example_key": "foobar"
+      }
+  },
+  "session": "xxxxxx"
+}
+```
+
+Individual stages may require more than one request to complete, in
+which case the response will be as if the request was unauthenticated
+with the addition of any other keys as defined by the auth type.
+
+If the homeserver decides that an attempt on a stage was unsuccessful,
+but the client may make a second attempt, it returns the same HTTP
+status 401 response as above, with the addition of the standard
+`errcode` and `error` fields describing the error. For example:
+
+    HTTP/1.1 401 Unauthorized
+    Content-Type: application/json
+
+```json
+{
+  "errcode": "M_FORBIDDEN",
+  "error": "Invalid password",
+  "completed": [ "example.type.foo" ],
+  "flows": [
+    {
+      "stages": [ "example.type.foo", "example.type.bar" ]
+    },
+    {
+      "stages": [ "example.type.foo", "example.type.baz" ]
+    }
+  ],
+  "params": {
+      "example.type.baz": {
+          "example_key": "foobar"
+      }
+  },
+  "session": "xxxxxx"
+}
+```
+
+If the request fails for a reason other than authentication, the server
+returns an error message in the standard format. For example:
+
+    HTTP/1.1 400 Bad request
+    Content-Type: application/json
+
+```json
+{
+  "errcode": "M_EXAMPLE_ERROR",
+  "error": "Something was wrong"
+}
+```
+
+If the client has completed all stages of a flow, the homeserver
+performs the API call and returns the result as normal. Completed stages
+cannot be retried by clients, therefore servers must return either a 401
+response with the completed stages, or the result of the API call if all
+stages were completed when a client retries a stage.
+
+Some authentication types may be completed by means other than through
+the Matrix client, for example, an email confirmation may be completed
+when the user clicks on the link in the email. In this case, the client
+retries the request with an auth dict containing only the session key.
+The response to this will be the same as if the client were attempting
+to complete an auth state normally, i.e. the request will either
+complete or request auth, with the presence or absence of that auth type
+in the 'completed' array indicating whether that stage is complete.
+
+{{% boxes/note %}}
+A request to an endpoint that uses User-Interactive Authentication never
+succeeds without auth. Homeservers may allow requests that don't require
+auth by offering a stage with only the `m.login.dummy` auth type, but they
+must still give a 401 response to requests with no auth data.
+{{% /boxes/note %}}
+
+#### Example
+
+At a high level, the requests made for an API call completing an auth
+flow with three stages will resemble the following diagram:
+
+```
+    _______________________
+    |       Stage 0         |
+    | No auth               |
+    |  ___________________  |
+    | |_Request_1_________| | <-- Returns "session" key which is used throughout.
+    |_______________________|
+             |
+             |
+    _________V_____________
+    |       Stage 1         |
+    | type: "<auth type1>"  |
+    |  ___________________  |
+    | |_Request_1_________| |
+    |_______________________|
+             |
+             |
+    _________V_____________
+    |       Stage 2         |
+    | type: "<auth type2>"  |
+    |  ___________________  |
+    | |_Request_1_________| |
+    |  ___________________  |
+    | |_Request_2_________| |
+    |  ___________________  |
+    | |_Request_3_________| |
+    |_______________________|
+             |
+             |
+    _________V_____________
+    |       Stage 3         |
+    | type: "<auth type3>"  |
+    |  ___________________  |
+    | |_Request_1_________| | <-- Returns API response
+    |_______________________|
+```
+
+#### Authentication types
+
+This specification defines the following auth types:
+-   `m.login.password`
+-   `m.login.recaptcha`
+-   `m.login.sso`
+-   `m.login.email.identity`
+-   `m.login.msisdn`
+-   `m.login.dummy`
+
+##### Password-based
+
+
+| Type               | Description                                                                    |
+|--------------------|--------------------------------------------------------------------------------|
+| `m.login.password` | The client submits an identifier and secret password, both sent in plain-text. |
+
+To use this authentication type, clients should submit an auth dict as
+follows:
+
+```
+{
+  "type": "m.login.password",
+  "identifier": {
+    ...
+  },
+  "password": "<password>",
+  "session": "<session ID>"
+}
+```
+
+where the `identifier` property is a user identifier object, as
+described in [Identifier types](#identifier-types).
+
+For example, to authenticate using the user's Matrix ID, clients would
+submit:
+
+```json
+{
+  "type": "m.login.password",
+  "identifier": {
+    "type": "m.id.user",
+    "user": "<user_id or user localpart>"
+  },
+  "password": "<password>",
+  "session": "<session ID>"
+}
+```
+
+Alternatively reply using a 3PID bound to the user's account on the
+homeserver using the `/account/3pid`\_ API rather than giving the `user`
+explicitly as follows:
+
+```json
+{
+  "type": "m.login.password",
+  "identifier": {
+    "type": "m.id.thirdparty",
+    "medium": "<The medium of the third party identifier.>",
+    "address": "<The third party address of the user>"
+  },
+  "password": "<password>",
+  "session": "<session ID>"
+}
+```
+
+In the case that the homeserver does not know about the supplied 3PID,
+the homeserver must respond with 403 Forbidden.
+
+##### Google ReCaptcha
+
+| Type                | Description                                          |
+|---------------------|------------------------------------------------------|
+| `m.login.recaptcha` | The user completes a Google ReCaptcha 2.0 challenge. |
+
+To use this authentication type, clients should submit an auth dict as
+follows:
+
+```json
+{
+  "type": "m.login.recaptcha",
+  "response": "<captcha response>",
+  "session": "<session ID>"
+}
+```
+
+##### Single Sign-On
+
+| Type          | Description                                                                          |
+|---------------|--------------------------------------------------------------------------------------|
+| `m.login.sso` | Authentication is supported by authorising with an external single sign-on provider. |
+
+A client wanting to complete authentication using SSO should use the
+[Fallback](#fallback) mechanism. See [SSO during User-Interactive
+Authentication](#sso-during-user-interactive-authentication) for more information.
+
+##### Email-based (identity / homeserver)
+
+| Type                     | Description                                                                                                      |
+|--------------------------|------------------------------------------------------------------------------------------------------------------|
+| `m.login.email.identity` | Authentication is supported by authorising an email address with an identity server, or homeserver if supported. |
+
+Prior to submitting this, the client should authenticate with an
+identity server (or homeserver). After authenticating, the session
+information should be submitted to the homeserver.
+
+To use this authentication type, clients should submit an auth dict as
+follows:
+
+```json
+{
+  "type": "m.login.email.identity",
+  "threepidCreds": [
+    {
+      "sid": "<identity server session id>",
+      "client_secret": "<identity server client secret>",
+      "id_server": "<url of identity server authed with, e.g. 'matrix.org:8090'>",
+      "id_access_token": "<access token previously registered with the identity server>"
+    }
+  ],
+  "session": "<session ID>"
+}
+```
+
+Note that `id_server` (and therefore `id_access_token`) is optional if
+the `/requestToken` request did not include them.
+
+##### Phone number/MSISDN-based (identity / homeserver)
+
+| Type             | Description                                                                                                    |
+|------------------|----------------------------------------------------------------------------------------------------------------|
+| `m.login.msisdn` | Authentication is supported by authorising a phone number with an identity server, or homeserver if supported. |
+
+Prior to submitting this, the client should authenticate with an
+identity server (or homeserver). After authenticating, the session
+information should be submitted to the homeserver.
+
+To use this authentication type, clients should submit an auth dict as
+follows:
+
+```json
+{
+  "type": "m.login.msisdn",
+  "threepidCreds": [
+    {
+      "sid": "<identity server session id>",
+      "client_secret": "<identity server client secret>",
+      "id_server": "<url of identity server authed with, e.g. 'matrix.org:8090'>",
+      "id_access_token": "<access token previously registered with the identity server>"
+    }
+  ],
+  "session": "<session ID>"
+}
+```
+
+Note that `id_server` (and therefore `id_access_token`) is optional if
+the `/requestToken` request did not include them.
+
+##### Dummy Auth
+
+| Type             | Description                                                            |
+|------------------|------------------------------------------------------------------------|
+| `m.login.dummy`  | Dummy authentication always succeeds and requires no extra parameters. |
+
+The purpose of dummy authentication is to allow servers to not require any form of
+User-Interactive Authentication to perform a request. It can also be
+used to differentiate flows where otherwise one flow would be a subset
+of another flow. e.g. if a server offers flows `m.login.recaptcha` and
+`m.login.recaptcha, m.login.email.identity` and the client completes the
+recaptcha stage first, the auth would succeed with the former flow, even
+if the client was intending to then complete the email auth stage. A
+server can instead send flows `m.login.recaptcha, m.login.dummy` and
+`m.login.recaptcha, m.login.email.identity` to fix the ambiguity.
+
+To use this authentication type, clients should submit an auth dict with
+just the type and session, if provided:
+
+```json
+{
+  "type": "m.login.dummy",
+  "session": "<session ID>"
+}
+```
+
+#### Fallback
+
+Clients cannot be expected to be able to know how to process every
+single login type. If a client does not know how to handle a given login
+type, it can direct the user to a web browser with the URL of a fallback
+page which will allow the user to complete that login step out-of-band
+in their web browser. The URL it should open is:
+
+    /_matrix/client/%CLIENT_MAJOR_VERSION%/auth/<auth type>/fallback/web?session=<session ID>
+
+Where `auth type` is the type name of the stage it is attempting and
+`session ID` is the ID of the session given by the homeserver.
+
+This MUST return an HTML page which can perform this authentication
+stage. This page must use the following JavaScript when the
+authentication has been completed:
+
+```js
+if (window.onAuthDone) {
+    window.onAuthDone();
+} else if (window.opener && window.opener.postMessage) {
+    window.opener.postMessage("authDone", "*");
+}
+```
+
+This allows the client to either arrange for the global function
+`onAuthDone` to be defined in an embedded browser, or to use the HTML5
+[cross-document
+messaging](https://www.w3.org/TR/webmessaging/#web-messaging) API, to
+receive a notification that the authentication stage has been completed.
+
+Once a client receives the notification that the authentication stage
+has been completed, it should resubmit the request with an auth dict
+with just the session ID:
+
+```json
+{
+  "session": "<session ID>"
+}
+```
+
+##### Example
+
+A client webapp might use the following JavaScript to open a popup
+window which will handle unknown login types:
+
+```js
+/**
+ * Arguments:
+ *     homeserverUrl: the base url of the homeserver (e.g. "https://matrix.org")
+ *
+ *     apiEndpoint: the API endpoint being used (e.g.
+ *        "/_matrix/client/%CLIENT_MAJOR_VERSION%/account/password")
+ *
+ *     loginType: the loginType being attempted (e.g. "m.login.recaptcha")
+ *
+ *     sessionID: the session ID given by the homeserver in earlier requests
+ *
+ *     onComplete: a callback which will be called with the results of the request
+ */
+function unknownLoginType(homeserverUrl, apiEndpoint, loginType, sessionID, onComplete) {
+    var popupWindow;
+
+    var eventListener = function(ev) {
+        // check it's the right message from the right place.
+        if (ev.data !== "authDone" || ev.origin !== homeserverUrl) {
+            return;
+        }
+
+        // close the popup
+        popupWindow.close();
+        window.removeEventListener("message", eventListener);
+
+        // repeat the request
+        var requestBody = {
+            auth: {
+                session: sessionID,
+            },
+        };
+
+        request({
+            method:'POST', url:apiEndpoint, json:requestBody,
+        }, onComplete);
+    };
+
+    window.addEventListener("message", eventListener);
+
+    var url = homeserverUrl +
+        "/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/" +
+        encodeURIComponent(loginType) +
+        "/fallback/web?session=" +
+        encodeURIComponent(sessionID);
+
+   popupWindow = window.open(url);
+}
+```
+
+#### Identifier types
+
+Some authentication mechanisms use a user identifier object to identify
+a user. The user identifier object has a `type` field to indicate the
+type of identifier being used, and depending on the type, has other
+fields giving the information required to identify the user as described
+below.
+
+This specification defines the following identifier types:
+-   `m.id.user`
+-   `m.id.thirdparty`
+-   `m.id.phone`
+
+##### Matrix User ID
+
+| Type        | Description                                |
+|-------------|--------------------------------------------|
+| `m.id.user` | The user is identified by their Matrix ID. |
+
+A client can identify a user using their Matrix ID. This can either be
+the fully qualified Matrix user ID, or just the localpart of the user
+ID.
+
+```json
+"identifier": {
+  "type": "m.id.user",
+  "user": "<user_id or user localpart>"
+}
+```
+
+##### Third-party ID
+
+| Type              | Description                                                               |
+|-------------------|---------------------------------------------------------------------------|
+| `m.id.thirdparty` | The user is identified by a third-party identifier in canonicalised form. |
+
+A client can identify a user using a 3PID associated with the user's
+account on the homeserver, where the 3PID was previously associated
+using the `/account/3pid`\_ API. See the [3PID
+Types](/appendices#3pid-types) Appendix for a list of Third-party
+ID media.
+
+```json
+"identifier": {
+  "type": "m.id.thirdparty",
+  "medium": "<The medium of the third party identifier>",
+  "address": "<The canonicalised third party address of the user>"
+}
+```
+
+##### Phone number
+
+| Type         | Description                               |
+|--------------|-------------------------------------------|
+| `m.id.phone` | The user is identified by a phone number. |
+
+A client can identify a user using a phone number associated with the
+user's account, where the phone number was previously associated using
+the `/account/3pid`\_ API. The phone number can be passed in as entered
+by the user; the homeserver will be responsible for canonicalising it.
+If the client wishes to canonicalise the phone number, then it can use
+the `m.id.thirdparty` identifier type with a `medium` of `msisdn`
+instead.
+
+```json
+"identifier": {
+  "type": "m.id.phone",
+  "country": "<The country that the phone number is from>",
+  "phone": "<The phone number>"
+}
+```
+
+The `country` is the two-letter uppercase ISO-3166-1 alpha-2 country
+code that the number in `phone` should be parsed as if it were dialled
+from.
+
+### Login
+
+A client can obtain access tokens using the `/login` API.
+
+Note that this endpoint does <span class="title-ref">not</span>
+currently use the [User-Interactive Authentication
+API](#user-interactive-authentication-api).
+
+For a simple username/password login, clients should submit a `/login`
+request as follows:
+
+```json
+{
+  "type": "m.login.password",
+  "identifier": {
+    "type": "m.id.user",
+    "user": "<user_id or user localpart>"
+  },
+  "password": "<password>"
+}
+```
+
+Alternatively, a client can use a 3PID bound to the user's account on
+the homeserver using the `/account/3pid`\_ API rather than giving the
+`user` explicitly, as follows:
+
+```json
+{
+  "type": "m.login.password",
+  "identifier": {
+    "medium": "<The medium of the third party identifier>",
+    "address": "<The canonicalised third party address of the user>"
+  },
+  "password": "<password>"
+}
+```
+
+In the case that the homeserver does not know about the supplied 3PID,
+the homeserver must respond with `403 Forbidden`.
+
+To log in using a login token, clients should submit a `/login` request
+as follows:
+
+```json
+{
+  "type": "m.login.token",
+  "token": "<login token>"
+}
+```
+
+As with [token-based]() interactive login, the `token` must encode the
+user ID. In the case that the token is not valid, the homeserver must
+respond with `403 Forbidden` and an error code of `M_FORBIDDEN`.
+
+If the homeserver advertises `m.login.sso` as a viable flow, and the
+client supports it, the client should redirect the user to the
+`/redirect` endpoint for [client login via SSO](#client-login-via-sso). After authentication
+is complete, the client will need to submit a `/login` request matching
+`m.login.token`.
+
+#### Appservice Login
+
+An appservice can log in by providing a valid appservice token and a user within the appservice's
+namespace. 
+
+{{% boxes/note %}}
+Appservices do not need to log in as individual users in all cases, as they
+can perform [Identity Assertion](/application-service-api#identity-assertion)
+using the appservice token. However, if the appservice needs a scoped token
+for a single user then they can use this API instead.
+{{% /boxes/note %}}
+
+This request must be authenticated by the [appservice `as_token`](/application-service-api#registration) 
+(see [Client Authentication](#client-authentication) on how to provide the token).
+
+To use this login type, clients should submit a `/login` request as follows:
+
+```json
+{
+  "type": "m.login.appservice",
+  "identifier": {
+    "type": "m.id.user",
+    "user": "<user_id or user localpart>"
+  }
+}
+```
+
+If the access token is not valid, does not correspond to an appservice
+or the user has not previously been registered then the homeserver will
+respond with an errcode of `M_FORBIDDEN`.
+
+If the access token does correspond to an appservice, but the user id does
+not lie within its namespace then the homeserver will respond with an
+errcode of `M_EXCLUSIVE`.
+
+{{% http-api spec="client-server" api="login" %}}
+
+{{% http-api spec="client-server" api="logout" %}}
+
+#### Login Fallback
+
+If a client does not recognize any or all login flows it can use the
+fallback login API:
+
+    GET /_matrix/static/client/login/
+
+This returns an HTML and JavaScript page which can perform the entire
+login process. The page will attempt to call the JavaScript function
+`window.onLogin` when login has been successfully completed.
+
+Non-credential parameters valid for the `/login` endpoint can be
+provided as query string parameters here. These are to be forwarded to
+the login endpoint during the login process. For example:
+
+    GET /_matrix/static/client/login/?device_id=GHTYAJCE
+
+### Account registration and management
+
+{{% http-api spec="client-server" api="registration" %}}
+
+#### Notes on password management
+
+{{% boxes/warning %}}
+Clients SHOULD enforce that the password provided is suitably complex.
+The password SHOULD include a lower-case letter, an upper-case letter, a
+number and a symbol and be at a minimum 8 characters in length. Servers
+MAY reject weak passwords with an error code `M_WEAK_PASSWORD`.
+{{% /boxes/warning %}}
+
+### Adding Account Administrative Contact Information
+
+A homeserver may keep some contact information for administrative use.
+This is independent of any information kept by any identity servers,
+though can be proxied (bound) to the identity server in many cases.
+
+{{% boxes/note %}}
+This section deals with two terms: "add" and "bind". Where "add" (or
+"remove") is used, it is speaking about an identifier that was not bound
+to an identity server. As a result, "bind" (or "unbind") references an
+identifier that is found in an identity server. Note that an identifier
+can be added and bound at the same time, depending on context.
+{{% /boxes/note %}}
+
+{{% http-api spec="client-server" api="administrative_contact" %}}
+
+### Current account information
+
+{{% http-api spec="client-server" api="whoami" %}}
+
+#### Notes on identity servers
+
+Identity servers in Matrix store bindings (relationships) between a
+user's third party identifier, typically email or phone number, and
+their user ID. Once a user has chosen an identity server, that identity
+server should be used by all clients.
+
+Clients can see which identity server the user has chosen through the
+`m.identity_server` account data event, as described below. Clients
+SHOULD refrain from making requests to any identity server until the
+presence of `m.identity_server` is confirmed as (not) present. If
+present, the client SHOULD check for the presence of the `base_url`
+property in the event's content. If the `base_url` is present, the
+client SHOULD use the identity server in that property as the identity
+server for the user. If the `base_url` is missing, or the account data
+event is not present, the client SHOULD use whichever default value it
+normally would for an identity server, if applicable. Clients SHOULD NOT
+update the account data with the default identity server when the user
+is missing an identity server in their account data.
+
+Clients SHOULD listen for changes to the `m.identity_server` account
+data event and update the identity server they are contacting as a
+result.
+
+If the client offers a way to set the identity server to use, it MUST
+update the value of `m.identity_server` accordingly. A `base_url` of
+`null` MUST be treated as though the user does not want to use an
+identity server, disabling all related functionality as a result.
+
+Clients SHOULD refrain from populating the account data as a migration
+step for users who are lacking the account data, unless the user sets
+the identity server within the client to a value. For example, a user
+which has no `m.identity_server` account data event should not end up
+with the client's default identity server in their account data, unless
+the user first visits their account settings to set the identity server.
+
+{{% event event="m.identity_server" %}}
+
+## Capabilities negotiation
+
+A homeserver may not support certain operations and clients must be able
+to query for what the homeserver can and can't offer. For example, a
+homeserver may not support users changing their password as it is
+configured to perform authentication against an external system.
+
+The capabilities advertised through this system are intended to
+advertise functionality which is optional in the API, or which depend in
+some way on the state of the user or server. This system should not be
+used to advertise unstable or experimental features - this is better
+done by the `/versions` endpoint.
+
+Some examples of what a reasonable capability could be are:
+
+-   Whether the server supports user presence.
+-   Whether the server supports optional features, such as the user or
+    room directories.
+-   The rate limits or file type restrictions imposed on clients by the
+    server.
+
+Some examples of what should **not** be a capability are:
+
+-   Whether the server supports a feature in the `unstable`
+    specification.
+-   Media size limits - these are handled by the
+    `/media/%CLIENT_MAJOR_VERSION%/config` API.
+-   Optional encodings or alternative transports for communicating with
+    the server.
+
+Capabilities prefixed with `m.` are reserved for definition in the
+Matrix specification while other values may be used by servers using the
+Java package naming convention. The capabilities supported by the Matrix
+specification are defined later in this section.
+
+{{% http-api spec="client-server" api="capabilities" %}}
+
+### `m.change_password` capability
+
+This capability has a single flag, `enabled`, which indicates whether or
+not the user can use the `/account/password` API to change their
+password. If not present, the client should assume that password changes
+are possible via the API. When present, clients SHOULD respect the
+capability's `enabled` flag and indicate to the user if they are unable
+to change their password.
+
+An example of the capability API's response for this capability is:
+
+```json
+{
+  "capabilities": {
+    "m.change_password": {
+      "enabled": false
+    }
+  }
+}
+```
+
+### `m.room_versions` capability
+
+This capability describes the default and available room versions a
+server supports, and at what level of stability. Clients should make use
+of this capability to determine if users need to be encouraged to
+upgrade their rooms.
+
+An example of the capability API's response for this capability is:
+
+```json
+{
+  "capabilities": {
+    "m.room_versions": {
+      "default": "1",
+      "available": {
+        "1": "stable",
+        "2": "stable",
+        "3": "unstable",
+        "custom-version": "unstable"
+      }
+    }
+  }
+}
+```
+
+This capability mirrors the same restrictions of [room
+versions](../index.html#room-versions) to describe which versions are
+stable and unstable. Clients should assume that the `default` version is
+`stable`. Any version not explicitly labelled as `stable` in the
+`available` versions is to be treated as `unstable`. For example, a
+version listed as `future-stable` should be treated as `unstable`.
+
+The `default` version is the version the server is using to create new
+rooms. Clients should encourage users with sufficient permissions in a
+room to upgrade their room to the `default` version when the room is
+using an `unstable` version.
+
+When this capability is not listed, clients should use `"1"` as the
+default and only stable `available` room version.
+
+## Filtering
+
+Filters can be created on the server and can be passed as a parameter to
+APIs which return events. These filters alter the data returned from
+those APIs. Not all APIs accept filters.
+
+### Lazy-loading room members
+
+Membership events often take significant resources for clients to track.
+In an effort to reduce the number of resources used, clients can enable
+"lazy-loading" for room members. By doing this, servers will attempt to
+only send membership events which are relevant to the client.
+
+It is important to understand that lazy-loading is not intended to be a
+perfect optimisation, and that it may not be practical for the server to
+calculate precisely which membership events are relevant to the client.
+As a result, it is valid for the server to send redundant membership
+events to the client to ease implementation, although such redundancy
+should be minimised where possible to conserve bandwidth.
+
+In terms of filters, lazy-loading is enabled by enabling
+`lazy_load_members` on a `RoomEventFilter` (or a `StateFilter` in the
+case of `/sync` only). When enabled, lazy-loading aware endpoints (see
+below) will only include membership events for the `sender` of events
+being included in the response. For example, if a client makes a `/sync`
+request with lazy-loading enabled, the server will only return
+membership events for the `sender` of events in the timeline, not all
+members of a room.
+
+When processing a sequence of events (e.g. by looping on `/sync` or
+paginating `/messages`), it is common for blocks of events in the
+sequence to share a similar set of senders. Rather than responses in the
+sequence sending duplicate membership events for these senders to the
+client, the server MAY assume that clients will remember membership
+events they have already been sent, and choose to skip sending
+membership events for members whose membership has not changed. These
+are called 'redundant membership events'. Clients may request that
+redundant membership events are always included in responses by setting
+`include_redundant_members` to true in the filter.
+
+The expected pattern for using lazy-loading is currently:
+
+-   Client performs an initial /sync with lazy-loading enabled, and
+    receives only the membership events which relate to the senders of
+    the events it receives.
+-   Clients which support display-name tab-completion or other
+    operations which require rapid access to all members in a room
+    should call /members for the currently selected room, with an `?at`
+    parameter set to the /sync response's from token. The member list
+    for the room is then maintained by the state in subsequent
+    incremental /sync responses.
+-   Clients which do not support tab-completion may instead pull in
+    profiles for arbitrary users (e.g. read receipts, typing
+    notifications) on demand by querying the room state or `/profile`.
+
+The current endpoints which support lazy-loading room members are:
+
+-   [`/sync`](/client-server-api/#get_matrixclientr0sync)
+-   [`/rooms/<room_id>/messages`](/client-server-api/#get_matrixclientr0roomsroomidmessages)
+-   [`/rooms/{roomId}/context/{eventId}`](/client-server-api/#get_matrixclientr0roomsroomidcontexteventid)
+
+### API endpoints
+
+{{% http-api spec="client-server" api="filter" %}}
+
+## Events
+
+The model of conversation history exposed by the client-server API can
+be considered as a list of events. The server 'linearises' the
+eventually-consistent event graph of events into an 'event stream' at
+any given point in time:
+
+    [E0]->[E1]->[E2]->[E3]->[E4]->[E5]
+
+{{% boxes/warning %}}
+The format of events can change depending on room version. Check the
+[room version specification](../index.html#room-versions) for specific
+details on what to expect for event formats. Examples contained within
+the client-server specification are expected to be compatible with all
+specified room versions, however some differences may still apply.
+
+For this version of the specification, clients only need to worry about
+the event ID format being different depending on room version. Clients
+should not be parsing the event ID, and instead be treating it as an
+opaque string. No changes should be required to support the currently
+available room versions.
+{{% /boxes/warning %}}
+
+{{% boxes/warning %}}
+Event bodies are considered untrusted data. This means that any application using
+Matrix must validate that the event body is of the expected shape/schema
+before using the contents verbatim.
+
+**It is not safe to assume that an event body will have all the expected
+fields of the expected types.**
+
+See [MSC2801](https://github.com/matrix-org/matrix-doc/pull/2801) for more
+detail on why this assumption is unsafe.
+{{% /boxes/warning %}}
+
+### Types of room events
+
+Room events are split into two categories:
+
+* **State events**: These are events which update the metadata state of the room (e.g. room
+topic, room membership etc). State is keyed by a tuple of event `type`
+and a `state_key`. State in the room with the same key-tuple will be
+overwritten.
+
+* **Message events**: These are events which describe transient "once-off" activity in a room:
+typically communication such as sending an instant message or setting up
+a VoIP call.
+
+This specification outlines several events, all with the event type
+prefix `m.`. (See [Room Events](#room-events) for the m. event
+specification.) However, applications may wish to add their own type of
+event, and this can be achieved using the REST API detailed in the
+following sections. If new events are added, the event `type` key SHOULD
+follow the Java package naming convention, e.g.
+`com.example.myapp.event`. This ensures event types are suitably
+namespaced for each application and reduces the risk of clashes.
+
+{{% boxes/note %}}
+Events are not limited to the types defined in this specification. New
+or custom event types can be created on a whim using the Java package
+naming convention. For example, a `com.example.game.score` event can be
+sent by clients and other clients would receive it through Matrix,
+assuming the client has access to the `com.example` namespace.
+{{% /boxes/note %}}
+
+Note that the structure of these events may be different than those in
+the server-server API.
+
+#### Event fields
+
+{{% event-fields event_type="event" %}}
+
+#### Room event fields
+
+{{% event-fields event_type="room_event" %}}
+
+#### State event fields
+
+In addition to the fields of a Room Event, State Events have the
+following fields.
+
+
+| Key          | Type         | Description                                                                                                  |
+|--------------|--------------|--------------------------------------------------------------------------------------------------------------|
+| state_key    | string       | **Required.** A unique key which defines the overwriting semantics for this piece of room state. This value is often a zero-length string. The presence of this key makes this event a State Event. State keys starting with an `@` are reserved for referencing user IDs, such as room members. With the exception of a few events, state events set with a given user's ID as the state key MUST only be set by that user.         |
+| prev_content | EventContent | Optional. The previous `content` for this event. If there is no previous content, this key will be missing.  |
+
+### Size limits
+
+The complete event MUST NOT be larger than 65536 bytes, when formatted
+as a [PDU for the Server-Server
+protocol](/server-server-api/#pdus), including any
+signatures, and encoded as [Canonical
+JSON](/appendices#canonical-json).
+
+There are additional restrictions on sizes per key:
+
+-   `sender` MUST NOT exceed 255 bytes (including domain).
+-   `room_id` MUST NOT exceed 255 bytes.
+-   `state_key` MUST NOT exceed 255 bytes.
+-   `type` MUST NOT exceed 255 bytes.
+-   `event_id` MUST NOT exceed 255 bytes.
+
+Some event types have additional size restrictions which are specified
+in the description of the event. Additional keys have no limit other
+than that implied by the total 64 KiB limit on events.
+
+### Room Events
+
+{{% boxes/note %}}
+This section is a work in progress.
+{{% /boxes/note %}}
+
+This specification outlines several standard event types, all of which
+are prefixed with `m.`
+
+{{% event event="m.room.canonical_alias" %}}
+
+{{% event event="m.room.create" %}}
+
+{{% event event="m.room.join_rules" %}}
+
+{{% event event="m.room.member" %}}
+
+{{% event event="m.room.power_levels" %}}
+
+#### Historical events
+
+Some events within the `m.` namespace might appear in rooms, however
+they serve no significant meaning in this version of the specification.
+They are:
+
+-   `m.room.aliases`
+
+Previous versions of the specification have more information on these
+events.
+
+### Syncing
+
+To read events, the intended flow of operation is for clients to first
+call the [`/sync`](/client-server-api/#get_matrixclientr0sync) API without a `since` parameter. This returns the
+most recent message events for each room, as well as the state of the
+room at the start of the returned timeline. The response also includes a
+`next_batch` field, which should be used as the value of the `since`
+parameter in the next call to `/sync`. Finally, the response includes,
+for each room, a `prev_batch` field, which can be passed as a `start`
+parameter to the [`/rooms/<room_id>/messages`](/client-server-api/#get_matrixclientr0roomsroomidmessages) API to retrieve earlier
+messages.
+
+You can visualise the range of events being returned as:
+
+```
+    [E0]->[E1]->[E2]->[E3]->[E4]->[E5]
+               ^                      ^
+               |                      |
+         prev_batch: '1-2-3'        next_batch: 'a-b-c'
+```
+
+Clients then receive new events by "long-polling" the homeserver via the
+`/sync` API, passing the value of the `next_batch` field from the
+response to the previous call as the `since` parameter. The client
+should also pass a `timeout` parameter. The server will then hold open
+the HTTP connection for a short period of time waiting for new events,
+returning early if an event occurs. Only the `/sync` API (and the
+deprecated `/events` API) support long-polling in this way.
+
+The response for such an incremental sync can be visualised as:
+
+```
+    [E0]->[E1]->[E2]->[E3]->[E4]->[E5]->[E6]
+                                      ^     ^
+                                      |     |
+                                      |  next_batch: 'x-y-z'
+                                    prev_batch: 'a-b-c'
+```
+
+Normally, all new events which are visible to the client will appear in
+the response to the `/sync` API. However, if a large number of events
+arrive between calls to `/sync`, a "limited" timeline is returned,
+containing only the most recent message events. A state "delta" is also
+returned, summarising any state changes in the omitted part of the
+timeline. The client may therefore end up with "gaps" in its knowledge
+of the message timeline. The client can fill these gaps using the
+[`/rooms/<room_id>/messages`](/client-server-api/#get_matrixclientr0roomsroomidmessages) API. This situation looks like this:
+
+```
+    | gap |
+    | <-> |
+    [E0]->[E1]->[E2]->[E3]->[E4]->[E5]->[E6]->[E7]->[E8]->[E9]->[E10]
+          ^                        ^
+          |                        |
+     prev_batch: 'd-e-f'       next_batch: 'u-v-w'
+```
+
+{{% boxes/warning %}}
+Events are ordered in this API according to the arrival time of the
+event on the homeserver. This can conflict with other APIs which order
+events based on their partial ordering in the event graph. This can
+result in duplicate events being received (once per distinct API
+called). Clients SHOULD de-duplicate events based on the event ID when
+this happens.
+{{% /boxes/warning %}}
+
+{{% boxes/note %}}
+The `/sync` API returns a `state` list which is separate from the
+`timeline`. This `state` list allows clients to keep their model of the
+room state in sync with that on the server. In the case of an initial
+(`since`-less) sync, the `state` list represents the complete state of
+the room at the **start** of the returned timeline (so in the case of a
+recently-created room whose state fits entirely in the `timeline`, the
+`state` list will be empty).
+
+In the case of an incremental sync, the `state` list gives a delta
+between the state of the room at the `since` parameter and that at the
+start of the returned `timeline`. (It will therefore be empty unless the
+timeline was `limited`.)
+
+In both cases, it should be noted that the events returned in the
+`state` list did **not** necessarily take place just before the returned
+`timeline`, so clients should not display them to the user in the
+timeline.
+{{% /boxes/note %}}
+
+{{% boxes/rationale %}}
+An early design of this specification made the `state` list represent
+the room state at the end of the returned timeline, instead of the
+start. This was unsatisfactory because it led to duplication of events
+between the `state` list and the `timeline`, but more importantly, it
+made it difficult for clients to show the timeline correctly.
+
+In particular, consider a returned timeline \[M0, S1, M2\], where M0 and
+M2 are both messages sent by the same user, and S1 is a state event
+where that user changes their displayname. If the `state` list
+represents the room state at the end of the timeline, the client must
+take a copy of the state dictionary, and *rewind* S1, in order to
+correctly calculate the display name for M0.
+{{% /boxes/rationale %}}
+
+{{% http-api spec="client-server" api="sync" %}}
+
+{{% http-api spec="client-server" api="old_sync" %}}
+
+### Getting events for a room
+
+There are several APIs provided to `GET` events for a room:
+
+{{% http-api spec="client-server" api="rooms" %}}
+
+{{% http-api spec="client-server" api="message_pagination" %}}
+
+{{% http-api spec="client-server" api="room_initial_sync" %}}
+
+### Sending events to a room
+
+{{% http-api spec="client-server" api="room_state" %}}
+
+**Examples**
+
+Valid requests look like:
+
+```
+PUT /rooms/!roomid:domain/state/m.example.event
+{ "key" : "without a state key" }
+```
+```
+PUT /rooms/!roomid:domain/state/m.another.example.event/foo
+{ "key" : "with 'foo' as the state key" }
+```
+
+In contrast, these requests are invalid:
+
+```
+POST /rooms/!roomid:domain/state/m.example.event/
+{ "key" : "cannot use POST here" }
+```
+```
+PUT /rooms/!roomid:domain/state/m.another.example.event/foo/11
+{ "key" : "txnIds are not supported" }
+```
+
+Care should be taken to avoid setting the wrong `state key`:
+
+```
+PUT /rooms/!roomid:domain/state/m.another.example.event/11
+{ "key" : "with '11' as the state key, but was probably intended to be a txnId" }
+```
+
+The `state_key` is often used to store state about individual users, by
+using the user ID as the `state_key` value. For example:
+
+```
+PUT /rooms/!roomid:domain/state/m.favorite.animal.event/%40my_user%3Aexample.org
+{ "animal" : "cat", "reason": "fluffy" }
+```
+
+In some cases, there may be no need for a `state_key`, so it can be
+omitted:
+
+```
+PUT /rooms/!roomid:domain/state/m.room.bgd.color
+{ "color": "red", "hex": "#ff0000" }
+```
+
+{{% http-api spec="client-server" api="room_send" %}}
+
+### Redactions
+
+Since events are extensible it is possible for malicious users and/or
+servers to add keys that are, for example offensive or illegal. Since
+some events cannot be simply deleted, e.g. membership events, we instead
+'redact' events. This involves removing all keys from an event that are
+not required by the protocol. This stripped down event is thereafter
+returned anytime a client or remote server requests it. Redacting an
+event cannot be undone, allowing server owners to delete the offending
+content from the databases. Events that have been redacted include a
+`redacted_because` key whose value is the event that caused it to be
+redacted, which may include a reason.
+
+The exact algorithm to apply against an event is defined in the [room
+version specification](../index.html#room-versions).
+
+The server should add the event causing the redaction to the `unsigned`
+property of the redacted event, under the `redacted_because` key. When a
+client receives a redaction event it should change the redacted event in
+the same way a server does.
+
+{{% boxes/note %}}
+Redacted events can still affect the state of the room. When redacted,
+state events behave as though their properties were simply not
+specified, except those protected by the redaction algorithm. For
+example, a redacted `join` event will still result in the user being
+considered joined. Similarly, a redacted topic does not necessarily
+cause the topic to revert to what it was prior to the event - it causes
+the topic to be removed from the room.
+{{% /boxes/note %}}
+
+#### Events
+
+{{% event event="m.room.redaction" %}}
+
+#### Client behaviour
+
+{{% http-api spec="client-server" api="redaction" %}}
+
+## Rooms
+
+### Creation
+
+The homeserver will create an `m.room.create` event when a room is
+created, which serves as the root of the event graph for this room. This
+event also has a `creator` key which contains the user ID of the room
+creator. It will also generate several other events in order to manage
+permissions in this room. This includes:
+
+-   `m.room.power_levels` : Sets the power levels of users and required power
+    levels for various actions within the room such as sending events.
+
+-   `m.room.join_rules` : Whether the room is "invite-only" or not.
+
+See [Room Events](#room-events) for more information on these events. To
+create a room, a client has to use the following API.
+
+{{% http-api spec="client-server" api="create_room" %}}
+
+### Room aliases
+
+Servers may host aliases for rooms with human-friendly names. Aliases
+take the form `#friendlyname:server.name`.
+
+As room aliases are scoped to a particular homeserver domain name, it is
+likely that a homeserver will reject attempts to maintain aliases on
+other domain names. This specification does not provide a way for
+homeservers to send update requests to other servers. However,
+homeservers MUST handle `GET` requests to resolve aliases on other
+servers; they should do this using the federation API if necessary.
+
+Rooms do not store a list of all aliases present on a room, though
+members of the room with relevant permissions may publish preferred
+aliases through the `m.room.canonical_alias` state event. The aliases in
+the state event should point to the room ID they are published within,
+however room aliases can and do drift to other room IDs over time.
+Clients SHOULD NOT treat the aliases as accurate. They SHOULD be checked
+before they are used or shared with another user. If a room appears to
+have a room alias of `#alias:example.com`, this SHOULD be checked to
+make sure that the room's ID matches the `room_id` returned from the
+request.
+
+{{% http-api spec="client-server" api="directory" %}}
+
+### Permissions
+
+{{% boxes/note %}}
+This section is a work in progress.
+{{% /boxes/note %}}
+
+Permissions for rooms are done via the concept of power levels - to do
+any action in a room a user must have a suitable power level. Power
+levels are stored as state events in a given room. The power levels
+required for operations and the power levels for users are defined in
+`m.room.power_levels`, where both a default and specific users' power
+levels can be set. By default all users have a power level of 0, other
+than the room creator whose power level defaults to 100. Users can grant
+other users increased power levels up to their own power level. For
+example, user A with a power level of 50 could increase the power level
+of user B to a maximum of level 50. Power levels for users are tracked
+per-room even if the user is not present in the room. The keys contained
+in `m.room.power_levels` determine the levels required for certain
+operations such as kicking, banning and sending state events. See
+[m.room.power\_levels](#room-events) for more information.
+
+Clients may wish to assign names to particular power levels. A suggested
+mapping is as follows: - 0 User - 50 Moderator - 100 Admin
+
+### Room membership
+
+Users need to be a member of a room in order to send and receive events
+in that room. There are several states in which a user may be, in
+relation to a room:
+
+-   Unrelated (the user cannot send or receive events in the room)
+-   Knocking (the user has requested to participate in the room, but has
+    not yet been allowed to)
+-   Invited (the user has been invited to participate in the room, but
+    is not yet participating)
+-   Joined (the user can send and receive events in the room)
+-   Banned (the user is not allowed to join the room)
+
+There are a few notable exceptions which allow non-joined members of the
+room to send events in the room:
+
+- Users wishing to reject an invite would send `m.room.member` events with
+  `content.membership` of `leave`. They must have been invited first.
+
+- If the room allows, users can send `m.room.member` events with `content.membership`
+  of `knock` to knock on the room. This is a request for an invite by the user.
+
+- To retract a previous knock, a user would send a `leave` event similar to
+  rejecting an invite.
+
+Some rooms require that users be invited to it before they can join;
+others allow anyone to join. Whether a given room is an "invite-only"
+room is determined by the room config key `m.room.join_rules`. It can
+have one of the following values:
+
+`public`
+This room is free for anyone to join without an invite.
+
+`invite`
+This room can only be joined if you were invited.
+
+`knock`
+This room can only be joined if you were invited, and allows anyone to
+request an invite to the room. Note that this join rule is only available
+to rooms based upon [room version 7](/rooms/v7).
+
+The allowable state transitions of membership are:
+
+![membership-flow-diagram](/diagrams/membership.png)
+
+{{% http-api spec="client-server" api="list_joined_rooms" %}}
+
+#### Joining rooms
+
+{{% http-api spec="client-server" api="inviting" %}}
+
+{{% http-api spec="client-server" api="joining" %}}
+
+##### Knocking on rooms
+
+<!--
+This section is here because it's most similar to being invited/joining a
+room, though has added complexity which needs to be explained. Otherwise
+this will have been just the API definition and nothing more (like invites).
+-->
+
+If the join rules allow, external users to the room can `/knock` on it to
+request permission to join. Users with appropriate permissions within the
+room can then approve (`/invite`) or deny (`/kick`, `/ban`, or otherwise
+set membership to `leave`) the knock. Knocks can be retracted by calling
+`/leave` or otherwise setting membership to `leave`.
+
+Users who are currently in the room, already invited, or banned cannot
+knock on the room.
+
+To accept another user's knock, the user must have permission to invite
+users to the room. To reject another user's knock, the user must have
+permission to either kick or ban users (whichever is being performed).
+Note that setting another user's membership to `leave` is kicking them.
+
+The knocking homeserver should assume that an invite to the room means
+that the knock was accepted, even if the invite is not explicitly related
+to the knock.
+
+Homeservers are permitted to automatically accept invites as a result of
+knocks as they should be aware of the user's intent to join the room. If
+the homeserver is not auto-accepting invites (or there was an unrecoverable
+problem with accepting it), the invite is expected to be passed down normally
+to the client to handle. Clients can expect to see the join event if the
+server chose to auto-accept.
+
+{{% http-api spec="client-server" api="knocking" %}}
+
+#### Leaving rooms
+
+A user can leave a room to stop receiving events for that room. A user
+must have been invited to or have joined the room before they are
+eligible to leave the room. Leaving a room to which the user has been
+invited rejects the invite, and can retract a knock. Once a user leaves
+a room, it will no longer appear in the response to the
+[`/sync`](/client-server-api/#get_matrixclientr0sync) API unless it is
+explicitly requested via a filter with the `include_leave` field set
+to `true`.
+
+Whether or not they actually joined the room, if the room is an
+"invite-only" room the user will need to be re-invited before they can
+re-join the room.
+
+A user can also forget a room which they have left. Rooms which have
+been forgotten will never appear the response to the [`/sync`](/client-server-api/#get_matrixclientr0sync) API,
+until the user re-joins, is re-invited, or knocks.
+
+A user may wish to force another user to leave a room. This can be done
+by 'kicking' the other user. To do so, the user performing the kick MUST
+have the required power level. Once a user has been kicked, the
+behaviour is the same as if they had left of their own accord. In
+particular, the user is free to re-join if the room is not
+"invite-only".
+
+{{% http-api spec="client-server" api="leaving" %}}
+
+{{% http-api spec="client-server" api="kicking" %}}
+
+##### Banning users in a room
+
+A user may decide to ban another user in a room. 'Banning' forces the
+target user to leave the room and prevents them from re-joining the
+room. A banned user will not be treated as a joined user, and so will
+not be able to send or receive events in the room. In order to ban
+someone, the user performing the ban MUST have the required power level.
+To ban a user, a request should be made to [`/rooms/<room_id>/ban`](/client-server-api/#post_matrixclientr0roomsroomidban)
+with:
+
+```json
+{
+  "user_id": "<user id to ban>",
+  "reason": "string: <reason for the ban>"
+}
+````
+
+Banning a user adjusts the banned member's membership state to `ban`.
+Like with other membership changes, a user can directly adjust the
+target member's state, by making a request to
+`/rooms/<room id>/state/m.room.member/<user id>`:
+
+```json
+{
+  "membership": "ban"
+}
+```
+
+A user must be explicitly unbanned with a request to
+[`/rooms/<room_id>/unban`](/client-server-api/#post_matrixclientr0roomsroomidunban) before they can re-join the room or be
+re-invited.
+
+{{% http-api spec="client-server" api="banning" %}}
+
+### Listing rooms
+
+{{% http-api spec="client-server" api="list_public_rooms" %}}
+
+## User Data
+
+### User Directory
+
+{{% http-api spec="client-server" api="users" %}}
+
+### Profiles
+
+{{% http-api spec="client-server" api="profile" %}}
+
+#### Events on Change of Profile Information
+
+Because the profile display name and avatar information are likely to be
+used in many places of a client's display, changes to these fields cause
+an automatic propagation event to occur, informing likely-interested
+parties of the new values. This change is conveyed using two separate
+mechanisms:
+
+-   an `m.room.member` event (with a `join` membership) is sent to every
+    room the user is a member of, to update the `displayname` and
+    `avatar_url`.
+-   an `m.presence` presence status update is sent, again containing the
+    new values of the `displayname` and `avatar_url` keys, in addition
+    to the required `presence` key containing the current presence state
+    of the user.
+
+Both of these should be done automatically by the homeserver when a user
+successfully changes their display name or avatar URL fields.
+
+Additionally, when homeservers emit room membership events for their own
+users, they should include the display name and avatar URL fields in
+these events so that clients already have these details to hand, and do
+not have to perform extra round trips to query it.
+
+## Security
+
+### Rate limiting
+
+Homeservers SHOULD implement rate limiting to reduce the risk of being
+overloaded. If a request is refused due to rate limiting, it should
+return a standard error response of the form:
+
+```json
+{
+  "errcode": "M_LIMIT_EXCEEDED",
+  "error": "string",
+  "retry_after_ms": integer (optional)
+}
+```
+
+The `retry_after_ms` key SHOULD be included to tell the client how long
+they have to wait in milliseconds before they can try again.
+
+## Modules
+
+Modules are parts of the Client-Server API which are not universal to
+all endpoints. Modules are strictly defined within this specification
+and should not be mistaken for experimental extensions or optional
+features. A compliant server implementation MUST support all modules and
+supporting specification (unless the implementation only targets clients
+of certain profiles, in which case only the required modules for those
+feature profiles MUST be implemented). A compliant client implementation
+MUST support all the required modules and supporting specification for
+the [Feature Profile](#feature-profiles) it targets.
+
+### Feature Profiles
+
+Matrix supports many different kinds of clients: from embedded IoT
+devices to desktop clients. Not all clients can provide the same feature
+sets as other clients e.g. due to lack of physical hardware such as not
+having a screen. Clients can fall into one of several profiles and each
+profile contains a set of features that the client MUST support. This
+section details a set of "feature profiles". Clients are expected to
+implement a profile in its entirety in order for it to be classified as
+that profile.
+
+#### Summary
+
+| Module / Profile                                           | Web       | Mobile   | Desktop  | CLI      | Embedded |
+|------------------------------------------------------------|-----------|----------|----------|----------|----------|
+| [Instant Messaging](#instant-messaging)                    | Required  | Required | Required | Required | Optional |
+| [Direct Messaging](#direct-messaging)                      | Required  | Required | Required | Required | Optional |
+| [Mentions](#user-room-and-group-mentions)                  | Required  | Required | Required | Optional | Optional |
+| [Presence](#presence)                                      | Required  | Required | Required | Required | Optional |
+| [Push Notifications](#push-notifications)                  | Optional  | Required | Optional | Optional | Optional |
+| [Receipts](#receipts)                                      | Required  | Required | Required | Required | Optional |
+| [Fully read markers](#fully-read-markers)                  | Optional  | Optional | Optional | Optional | Optional |
+| [Typing Notifications](#typing-notifications)              | Required  | Required | Required | Required | Optional |
+| [VoIP](#voice-over-ip)                                     | Required  | Required | Required | Optional | Optional |
+| [Ignoring Users](#ignoring-users)                          | Required  | Required | Required | Optional | Optional |
+| [Reporting Content](#reporting-content)                    | Optional  | Optional | Optional | Optional | Optional |
+| [Content Repository](#content-repository)                  | Required  | Required | Required | Optional | Optional |
+| [Managing History Visibility](#room-history-visibility)    | Required  | Required | Required | Required | Optional |
+| [Server Side Search](#server-side-search)                  | Optional  | Optional | Optional | Optional | Optional |
+| [Room Upgrades](#room-upgrades)                            | Required  | Required | Required | Required | Optional |
+| [Server Administration](#server-administration)            | Optional  | Optional | Optional | Optional | Optional |
+| [Event Context](#event-context)                            | Optional  | Optional | Optional | Optional | Optional |
+| [Third Party Networks](#third-party-networks)              | Optional  | Optional | Optional | Optional | Optional |
+| [Send-to-Device Messaging](#send-to-device-messaging)      | Optional  | Optional | Optional | Optional | Optional |
+| [Device Management](#device-management)                    | Optional  | Optional | Optional | Optional | Optional |
+| [End-to-End Encryption](#end-to-end-encryption)            | Optional  | Optional | Optional | Optional | Optional |
+| [Guest Accounts](#guest-access)                            | Optional  | Optional | Optional | Optional | Optional |
+| [Room Previews](#room-previews)                            | Optional  | Optional | Optional | Optional | Optional |
+| [Client Config](#client-config)                            | Optional  | Optional | Optional | Optional | Optional |
+| [SSO Login](#sso-client-loginauthentication)               | Optional  | Optional | Optional | Optional | Optional |
+| [OpenID](#openid)                                          | Optional  | Optional | Optional | Optional | Optional |
+| [Stickers](#sticker-messages)                              | Optional  | Optional | Optional | Optional | Optional |
+| [Server ACLs](#server-access-control-lists-acls-for-rooms) | Optional  | Optional | Optional | Optional | Optional |
+| [Server Notices](#server-notices)                          | Optional  | Optional | Optional | Optional | Optional |
+| [Moderation policies](#moderation-policy-lists)            | Optional  | Optional | Optional | Optional | Optional |
+
+*Please see each module for more details on what clients need to
+implement.*
+
+#### Clients
+
+##### Stand-alone web (`Web`)
+
+This is a web page which heavily uses Matrix for communication.
+Single-page web apps would be classified as a stand-alone web client, as
+would multi-page web apps which use Matrix on nearly every page.
+
+##### Mobile (`Mobile`)
+
+This is a Matrix client specifically designed for consumption on mobile
+devices. This is typically a mobile app but need not be so provided the
+feature set can be reached (e.g. if a mobile site could display push
+notifications it could be classified as a mobile client).
+
+##### Desktop (`Desktop`)
+
+This is a native GUI application which can run in its own environment
+outside a browser.
+
+##### Command Line Interface (`CLI`)
+
+This is a client which is used via a text-based terminal.
+
+##### Embedded (`Embedded`)
+
+This is a client which is embedded into another application or an
+embedded device.
+
+###### Application
+
+This is a Matrix client which is embedded in another website, e.g. using
+iframes. These embedded clients are typically for a single purpose
+related to the website in question, and are not intended to be
+fully-fledged communication apps.
+
+###### Device
+
+This is a client which is typically running on an embedded device such
+as a kettle, fridge or car. These clients tend to perform a few
+operations and run in a resource constrained environment. Like embedded
+applications, they are not intended to be fully-fledged communication
+systems.
+
+{{% cs-modules %}}
diff --git a/content/client-server-api/modules/account_data.md b/content/client-server-api/modules/account_data.md
new file mode 100644
index 00000000000..2ae3468645c
--- /dev/null
+++ b/content/client-server-api/modules/account_data.md
@@ -0,0 +1,32 @@
+---
+type: module
+weight: 190
+---
+
+### Client Config
+
+Clients can store custom config data for their account on their
+homeserver. This account data will be synced between different devices
+and can persist across installations on a particular device. Users may
+only view the account data for their own account
+
+The account\_data may be either global or scoped to a particular rooms.
+
+#### Events
+
+The client receives the account data as events in the `account_data`
+sections of a `/sync`.
+
+These events can also be received in a `/events` response or in the
+`account_data` section of a room in `/sync`. `m.tag` events appearing in
+`/events` will have a `room_id` with the room the tags are for.
+
+#### Client Behaviour
+
+{{% http-api spec="client-server" api="account-data" %}}
+
+#### Server Behaviour
+
+Servers MUST reject clients from setting account data for event types
+that the server manages. Currently, this only includes
+[m.fully\_read](#mfully_read).
diff --git a/content/client-server-api/modules/admin.md b/content/client-server-api/modules/admin.md
new file mode 100644
index 00000000000..1f0cbe2225a
--- /dev/null
+++ b/content/client-server-api/modules/admin.md
@@ -0,0 +1,13 @@
+---
+type: module
+weight: 200
+---
+
+### Server Administration
+
+This module adds capabilities for server administrators to inspect
+server state and data.
+
+#### Client Behaviour
+
+{{% http-api spec="client-server" api="admin" %}}
diff --git a/content/client-server-api/modules/content_repo.md b/content/client-server-api/modules/content_repo.md
new file mode 100644
index 00000000000..fba296a064c
--- /dev/null
+++ b/content/client-server-api/modules/content_repo.md
@@ -0,0 +1,118 @@
+---
+type: module
+weight: 70
+---
+
+### Content repository
+
+The content repository (or "media repository") allows users to upload
+files to their homeserver for later use. For example, files which the
+user wants to send to a room would be uploaded here, as would an avatar
+the user wants to use.
+
+Uploads are POSTed to a resource on the user's local homeserver which
+returns a MXC URI which can later be used to GET the download. Content
+is downloaded from the recipient's local homeserver, which must first
+transfer the content from the origin homeserver using the same API
+(unless the origin and destination homeservers are the same).
+
+When serving content, the server SHOULD provide a
+`Content-Security-Policy` header. The recommended policy is
+`sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';`.
+
+#### Matrix Content (MXC) URIs
+
+Content locations are represented as Matrix Content (MXC) URIs. They
+look like:
+
+    mxc://<server-name>/<media-id>
+
+    <server-name> : The name of the homeserver where this content originated, e.g. matrix.org
+    <media-id> : An opaque ID which identifies the content.
+
+#### Client behaviour
+
+Clients can upload and download content using the following HTTP APIs.
+
+{{% http-api spec="client-server" api="content-repo" %}}
+
+##### Thumbnails
+
+The homeserver SHOULD be able to supply thumbnails for uploaded images
+and videos. The exact file types which can be thumbnailed are not
+currently specified - see [Issue
+\#1938](https://github.com/matrix-org/matrix-doc/issues/1938) for more
+information.
+
+The thumbnail methods are "crop" and "scale". "scale" tries to return an
+image where either the width or the height is smaller than the requested
+size. The client should then scale and letterbox the image if it needs
+to fit within a given rectangle. "crop" tries to return an image where
+the width and height are close to the requested size and the aspect
+matches the requested size. The client should scale the image if it
+needs to fit within a given rectangle.
+
+The dimensions given to the thumbnail API are the minimum size the
+client would prefer. Servers must never return thumbnails smaller than
+the client's requested dimensions, unless the content being thumbnailed
+is smaller than the dimensions. When the content is smaller than the
+requested dimensions, servers should return the original content rather
+than thumbnail it.
+
+Servers SHOULD produce thumbnails with the following dimensions and
+methods:
+
+-   32x32, crop
+-   96x96, crop
+-   320x240, scale
+-   640x480, scale
+-   800x600, scale
+
+In summary:  
+-   "scale" maintains the original aspect ratio of the image
+-   "crop" provides an image in the aspect ratio of the sizes given in
+    the request
+-   The server will return an image larger than or equal to the
+    dimensions requested where possible.
+
+Servers MUST NOT upscale thumbnails under any circumstance. Servers MUST
+NOT return a smaller thumbnail than requested, unless the original
+content makes that impossible.
+
+#### Security considerations
+
+The HTTP GET endpoint does not require any authentication. Knowing the
+URL of the content is sufficient to retrieve the content, even if the
+entity isn't in the room.
+
+MXC URIs are vulnerable to directory traversal attacks such as
+`mxc://127.0.0.1/../../../some_service/etc/passwd`. This would cause the
+target homeserver to try to access and return this file. As such,
+homeservers MUST sanitise MXC URIs by allowing only alphanumeric
+(`A-Za-z0-9`), `_` and `-` characters in the `server-name` and
+`media-id` values. This set of whitelisted characters allows URL-safe
+base64 encodings specified in RFC 4648. Applying this character
+whitelist is preferable to blacklisting `.` and `/` as there are
+techniques around blacklisted characters (percent-encoded characters,
+UTF-8 encoded traversals, etc).
+
+Homeservers have additional content-specific concerns:
+
+-   Clients may try to upload very large files. Homeservers should not
+    store files that are too large and should not serve them to clients,
+    returning a HTTP 413 error with the `M_TOO_LARGE` code.
+-   Clients may try to upload very large images. Homeservers should not
+    attempt to generate thumbnails for images that are too large,
+    returning a HTTP 413 error with the `M_TOO_LARGE` code.
+-   Remote homeservers may host very large files or images. Homeservers
+    should not proxy or thumbnail large files or images from remote
+    homeservers, returning a HTTP 502 error with the `M_TOO_LARGE` code.
+-   Clients may try to upload a large number of files. Homeservers
+    should limit the number and total size of media that can be uploaded
+    by clients, returning a HTTP 403 error with the `M_FORBIDDEN` code.
+-   Clients may try to access a large number of remote files through a
+    homeserver. Homeservers should restrict the number and size of
+    remote files that it caches.
+-   Clients or remote homeservers may try to upload malicious files
+    targeting vulnerabilities in either the homeserver thumbnailing or
+    the client decoders.
diff --git a/content/client-server-api/modules/device_management.md b/content/client-server-api/modules/device_management.md
new file mode 100644
index 00000000000..2cf93f45a75
--- /dev/null
+++ b/content/client-server-api/modules/device_management.md
@@ -0,0 +1,28 @@
+---
+type: module
+weight: 90
+---
+
+### Device Management
+
+This module provides a means for a user to manage their [devices](/#devices).
+
+#### Client behaviour
+
+Clients that implement this module should offer the user a list of
+registered devices, as well as the means to update their display names.
+Clients should also allow users to delete disused devices.
+
+{{% http-api spec="client-server" api="device_management" %}}
+
+#### Security considerations
+
+Deleting devices has security implications: it invalidates the
+access\_token assigned to the device, so an attacker could use it to log
+out the real user (and do it repeatedly every time the real user tries
+to log in to block the attacker). Servers should require additional
+authentication beyond the access token when deleting devices (for
+example, requiring that the user resubmit their password).
+
+The display names of devices are publicly visible. Clients should
+consider advising the user of this.
diff --git a/content/client-server-api/modules/dm.md b/content/client-server-api/modules/dm.md
new file mode 100644
index 00000000000..59d09e3e619
--- /dev/null
+++ b/content/client-server-api/modules/dm.md
@@ -0,0 +1,47 @@
+---
+type: module
+weight: 230
+---
+
+### Direct Messaging
+
+All communication over Matrix happens within a room. It is sometimes
+desirable to offer users the concept of speaking directly to one
+particular person. This module defines a way of marking certain rooms as
+'direct chats' with a given person. This does not restrict the chat to
+being between exactly two people since this would preclude the presence
+of automated 'bot' users or even a 'personal assistant' who is able to
+answer direct messages on behalf of the user in their absence.
+
+A room may not necessarily be considered 'direct' by all members of the
+room, but a signalling mechanism exists to propagate the information of
+whether a chat is 'direct' to an invitee.
+
+#### Events
+
+{{% event event="m.direct" %}}
+
+#### Client behaviour
+
+To start a direct chat with another user, the inviting user's client
+should set the `is_direct` flag to [`/createRoom`](/client-server-api/#post_matrixclientr0createroom). The client should do this
+whenever the flow the user has followed is one where their intention is
+to speak directly with another person, as opposed to bringing that
+person in to a shared room. For example, clicking on 'Start Chat' beside
+a person's profile picture would imply the `is_direct` flag should be
+set.
+
+The invitee's client may use the `is_direct` flag in the
+[m.room.member](#mroommember) event to automatically mark the room as a direct chat
+but this is not required: it may for example, prompt the user, or ignore
+the flag altogether.
+
+Both the inviting client and the invitee's client should record the fact
+that the room is a direct chat by storing an `m.direct` event in the
+account data using [`/user/<user_id>/account_data/<type>`](/client-server-api/#put_matrixclientr0useruseridaccount_datatype).
+
+#### Server behaviour
+
+When the `is_direct` flag is given to [`/createRoom`](/client-server-api/#post_matrixclientr0createroom), the home server must set the
+`is_direct` flag in the invite member event for any users invited in the
+[`/createRoom`](/client-server-api/#post_matrixclientr0createroom) call.
diff --git a/content/client-server-api/modules/end_to_end_encryption.md b/content/client-server-api/modules/end_to_end_encryption.md
new file mode 100644
index 00000000000..cbd4f161b0b
--- /dev/null
+++ b/content/client-server-api/modules/end_to_end_encryption.md
@@ -0,0 +1,1673 @@
+---
+type: module
+weight: 100
+---
+
+### End-to-End Encryption
+
+Matrix optionally supports end-to-end encryption, allowing rooms to be
+created whose conversation contents are not decryptable or interceptable
+on any of the participating homeservers.
+
+#### Key Distribution
+
+Encryption and Authentication in Matrix is based around public-key
+cryptography. The Matrix protocol provides a basic mechanism for
+exchange of public keys, though an out-of-band channel is required to
+exchange fingerprints between users to build a web of trust.
+
+##### Overview
+
+1) Bob publishes the public keys and supported algorithms for his
+device. This may include long-term identity keys, and/or one-time
+keys.
+
+```
+      +----------+  +--------------+
+      | Bob's HS |  | Bob's Device |
+      +----------+  +--------------+
+            |              |
+            |<=============|
+              /keys/upload
+```
+
+2) Alice requests Bob's public identity keys and supported algorithms.
+
+```
+      +----------------+  +------------+  +----------+
+      | Alice's Device |  | Alice's HS |  | Bob's HS |
+      +----------------+  +------------+  +----------+
+             |                  |               |
+             |=================>|==============>|
+               /keys/query        <federation>
+```
+
+3) Alice selects an algorithm and claims any one-time keys needed.
+
+```
+      +----------------+  +------------+  +----------+
+      | Alice's Device |  | Alice's HS |  | Bob's HS |
+      +----------------+  +------------+  +----------+
+             |                  |               |
+             |=================>|==============>|
+               /keys/claim         <federation>
+```
+
+##### Key algorithms
+
+The name `ed25519` corresponds to the
+[Ed25519](http://ed25519.cr.yp.to/) signature algorithm. The key is a
+32-byte Ed25519 public key, encoded using [unpadded Base64](/appendices/#unpadded-base64). Example:
+
+    "SogYyrkTldLz0BXP+GYWs0qaYacUI0RleEqNT8J3riQ"
+
+The name `curve25519` corresponds to the
+[Curve25519](https://cr.yp.to/ecdh.html) ECDH algorithm. The key is a
+32-byte Curve25519 public key, encoded using [unpadded Base64](/appendices/#unpadded-base64).
+Example:
+
+    "JGLn/yafz74HB2AbPLYJWIVGnKAtqECOBf11yyXac2Y"
+
+The name `signed_curve25519` also corresponds to the Curve25519
+algorithm, but a key using this algorithm is represented by an object
+with the following properties:
+
+`KeyObject`
+
+| Parameter  | Type       | Description                                                                                                                                       |
+|------------|------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
+| key        | string     | **Required.** The unpadded Base64-encoded 32-byte Curve25519 public key.                                                                          |
+| signatures | Signatures | **Required.** Signatures of the key object. The signature is calculated using the process described at [Signing JSON](/appendices/#signing-json). |
+
+Example:
+
+```json
+{
+  "key":"06UzBknVHFMwgi7AVloY7ylC+xhOhEX4PkNge14Grl8",
+  "signatures": {
+    "@user:example.com": {
+      "ed25519:EGURVBUNJP": "YbJva03ihSj5mPk+CHMJKUKlCXCPFXjXOK6VqBnN9nA2evksQcTGn6hwQfrgRHIDDXO2le49x7jnWJHMJrJoBQ"
+    }
+  }
+}
+```
+
+##### Device keys
+
+Each device should have one Ed25519 signing key. This key should be
+generated on the device from a cryptographically secure source, and the
+private part of the key should never be exported from the device. This
+key is used as the fingerprint for a device by other clients.
+
+A device will generally need to generate a number of additional keys.
+Details of these will vary depending on the messaging algorithm in use.
+
+Algorithms generally require device identity keys as well as signing
+keys. Some algorithms also require one-time keys to improve their
+secrecy and deniability. These keys are used once during session
+establishment, and are then thrown away.
+
+For Olm version 1, each device requires a single Curve25519 identity
+key, and a number of signed Curve25519 one-time keys.
+
+##### Uploading keys
+
+A device uploads the public parts of identity keys to their homeserver
+as a signed JSON object, using the [`/keys/upload`](/client-server-api/#post_matrixclientr0keysupload) API. The JSON object
+must include the public part of the device's Ed25519 key, and must be
+signed by that key, as described in [Signing
+JSON](/appendices/#signing-json).
+
+One-time keys are also uploaded to the homeserver using the
+[`/keys/upload`](/client-server-api/#post_matrixclientr0keysupload) API.
+
+Devices must store the private part of each key they upload. They can
+discard the private part of a one-time key when they receive a message
+using that key. However it's possible that a one-time key given out by a
+homeserver will never be used, so the device that generates the key will
+never know that it can discard the key. Therefore a device could end up
+trying to store too many private keys. A device that is trying to store
+too many private keys may discard keys starting with the oldest.
+
+##### Tracking the device list for a user
+
+Before Alice can send an encrypted message to Bob, she needs a list of
+each of his devices and the associated identity keys, so that she can
+establish an encryption session with each device. This list can be
+obtained by calling [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery), passing Bob's user ID in the
+`device_keys` parameter.
+
+From time to time, Bob may add new devices, and Alice will need to know
+this so that she can include his new devices for later encrypted
+messages. A naive solution to this would be to call [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery)
+before sending each message -however, the number of users and devices
+may be large and this would be inefficient.
+
+It is therefore expected that each client will maintain a list of
+devices for a number of users (in practice, typically each user with
+whom we share an encrypted room). Furthermore, it is likely that this
+list will need to be persisted between invocations of the client
+application (to preserve device verification data and to alert Alice if
+Bob suddenly gets a new device).
+
+Alice's client can maintain a list of Bob's devices via the following
+process:
+
+1.  It first sets a flag to record that it is now tracking Bob's device
+    list, and a separate flag to indicate that its list of Bob's devices
+    is outdated. Both flags should be in storage which persists over
+    client restarts.
+2.  It then makes a request to [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery), passing Bob's user ID in
+    the `device_keys` parameter. When the request completes, it stores
+    the resulting list of devices in persistent storage, and clears the
+    'outdated' flag.
+3.  During its normal processing of responses to [`/sync`](/client-server-api/#get_matrixclientr0sync), Alice's client
+    inspects the `changed` property of the [`device_lists`](/client-server-api/#extensions-to-sync-1) field. If it
+    is tracking the device lists of any of the listed users, then it
+    marks the device lists for those users outdated, and initiates
+    another request to [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery) for them.
+4.  Periodically, Alice's client stores the `next_batch` field of the
+    result from [`/sync`](/client-server-api/#get_matrixclientr0sync) in persistent storage. If Alice later restarts her
+    client, it can obtain a list of the users who have updated their
+    device list while it was offline by calling [`/keys/changes`](/client-server-api/#get_matrixclientr0keyschanges),
+    passing the recorded `next_batch` field as the `from` parameter. If
+    the client is tracking the device list of any of the users listed in
+    the response, it marks them as outdated. It combines this list with
+    those already flagged as outdated, and initiates a [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery)
+    request for all of them.
+
+{{% boxes/warning %}}
+Bob may update one of his devices while Alice has a request to
+`/keys/query` in flight. Alice's client may therefore see Bob's user ID
+in the `device_lists` field of the `/sync` response while the first
+request is in flight, and initiate a second request to `/keys/query`.
+This may lead to either of two related problems.
+
+The first problem is that, when the first request completes, the client
+will clear the 'outdated' flag for Bob's devices. If the second request
+fails, or the client is shut down before it completes, this could lead
+to Alice using an outdated list of Bob's devices.
+
+The second possibility is that, under certain conditions, the second
+request may complete *before* the first one. When the first request
+completes, the client could overwrite the later results from the second
+request with those from the first request.
+
+Clients MUST guard against these situations. For example, a client could
+ensure that only one request to `/keys/query` is in flight at a time for
+each user, by queuing additional requests until the first completes.
+Alternatively, the client could make a new request immediately, but
+ensure that the first request's results are ignored (possibly by
+cancelling the request).
+{{% /boxes/warning %}}
+
+{{% boxes/note %}}
+When Bob and Alice share a room, with Bob tracking Alice's devices, she
+may leave the room and then add a new device. Bob will not be notified
+of this change, as he doesn't share a room anymore with Alice. When they
+start sharing a room again, Bob has an out-of-date list of Alice's
+devices. In order to address this issue, Bob's homeserver will add
+Alice's user ID to the `changed` property of the `device_lists` field,
+thus Bob will update his list of Alice's devices as part of his normal
+processing. Note that Bob can also be notified when he stops sharing any
+room with Alice by inspecting the `left` property of the `device_lists`
+field, and as a result should remove her from its list of tracked users.
+{{% /boxes/note %}}
+
+##### Sending encrypted attachments
+
+When encryption is enabled in a room, files should be uploaded encrypted
+on the homeserver.
+
+In order to achieve this, a client should generate a single-use 256-bit
+AES key, and encrypt the file using AES-CTR. The counter should be
+64-bit long, starting at 0 and prefixed by a random 64-bit
+Initialization Vector (IV), which together form a 128-bit unique counter
+block.
+
+{{% boxes/warning %}}
+An IV must never be used multiple times with the same key. This implies
+that if there are multiple files to encrypt in the same message,
+typically an image and its thumbnail, the files must not share both the
+same key and IV.
+{{% /boxes/warning %}}
+
+Then, the encrypted file can be uploaded to the homeserver. The key and
+the IV must be included in the room event along with the resulting
+`mxc://` in order to allow recipients to decrypt the file. As the event
+containing those will be Megolm encrypted, the server will never have
+access to the decrypted file.
+
+A hash of the ciphertext must also be included, in order to prevent the
+homeserver from changing the file content.
+
+A client should send the data as an encrypted `m.room.message` event,
+using either `m.file` as the msgtype, or the appropriate msgtype for the
+file type. The key is sent using the [JSON Web
+Key](https://tools.ietf.org/html/rfc7517#appendix-A.3) format, with a
+[W3C extension](https://w3c.github.io/webcrypto/#iana-section-jwk).
+
+###### Extensions to `m.room.message` msgtypes
+
+This module adds `file` and `thumbnail_file` properties, of type
+`EncryptedFile`, to `m.room.message` msgtypes that reference files, such
+as [m.file](#mfile) and [m.image](#mimage), replacing the `url` and `thumbnail_url`
+properties.
+
+`EncryptedFile`
+
+| Parameter | Type             | Description                                                                                    |
+|-----------|------------------|------------------------------------------------------------------------------------------------|
+| url       | string           | **Required.** The URL to the file.                                                             |
+| key       | JWK              | **Required.** A [JSON Web Key](https://tools.ietf.org/html/rfc7517#appendix-A.3) object.       |
+| iv        | string           | **Required.** The 128-bit unique counter block used by AES-CTR, encoded as unpadded base64.    |
+| hashes    | {string: string} | **Required.** A map from an algorithm name to a hash of the ciphertext, encoded as unpadded base64. Clients should support the SHA-256 hash, which uses the key `sha256`. |
+| v         | string           | **Required.** Version of the encrypted attachments protocol. Must be `v2`.                     |
+
+`JWK`
+
+| Parameter | Type     | Description                                                                                                              |
+| --------- |----------|--------------------------------------------------------------------------------------------------------------------------|
+| kty       | string   | **Required.** Key type. Must be `oct`.                                                                                   |
+| key_ops   | [string] | **Required.** Key operations. Must at least contain `encrypt` and `decrypt`.                                             |
+| alg       | string   | **Required.** Algorithm. Must be `A256CTR`.                                                                              |
+| k         | string   | **Required.** The key, encoded as urlsafe unpadded base64.                                                               |
+| ext       | boolean  | **Required.** Extractable. Must be `true`. This is a [W3C extension](https://w3c.github.io/webcrypto/#iana-section-jwk). |
+
+Example:
+
+```json
+{
+  "content": {
+    "body": "something-important.jpg",
+    "file": {
+      "url": "mxc://example.org/FHyPlCeYUSFFxlgbQYZmoEoe",
+      "mimetype": "image/jpeg",
+      "v": "v2",
+      "key": {
+        "alg": "A256CTR",
+        "ext": true,
+        "k": "aWF6-32KGYaC3A_FEUCk1Bt0JA37zP0wrStgmdCaW-0",
+        "key_ops": ["encrypt","decrypt"],
+        "kty": "oct"
+      },
+      "iv": "w+sE15fzSc0AAAAAAAAAAA",
+      "hashes": {
+        "sha256": "fdSLu/YkRx3Wyh3KQabP3rd6+SFiKg5lsJZQHtkSAYA"
+      }
+    },
+    "info": {
+      "mimetype": "image/jpeg",
+      "h": 1536,
+      "size": 422018,
+      "thumbnail_file": {
+        "hashes": {
+          "sha256": "/NogKqW5bz/m8xHgFiH5haFGjCNVmUIPLzfvOhHdrxY"
+        },
+        "iv": "U+k7PfwLr6UAAAAAAAAAAA",
+        "key": {
+          "alg": "A256CTR",
+          "ext": true,
+          "k": "RMyd6zhlbifsACM1DXkCbioZ2u0SywGljTH8JmGcylg",
+          "key_ops": ["encrypt", "decrypt"],
+          "kty": "oct"
+        },
+        "mimetype": "image/jpeg",
+        "url": "mxc://example.org/pmVJxyxGlmxHposwVSlOaEOv",
+        "v": "v2"
+      },
+      "thumbnail_info": {
+        "h": 768,
+        "mimetype": "image/jpeg",
+        "size": 211009,
+        "w": 432
+      },
+      "w": 864
+    },
+    "msgtype": "m.image"
+  },
+  "event_id": "$143273582443PhrSn:example.org",
+  "origin_server_ts": 1432735824653,
+  "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
+  "sender": "@example:example.org",
+  "type": "m.room.message",
+  "unsigned": {
+      "age": 1234
+  }
+}
+```
+
+##### Claiming one-time keys
+
+A client wanting to set up a session with another device can claim a
+one-time key for that device. This is done by making a request to the
+[`/keys/claim`](/client-server-api/#post_matrixclientr0keysclaim) API.
+
+A homeserver should rate-limit the number of one-time keys that a given
+user or remote server can claim. A homeserver should discard the public
+part of a one time key once it has given that key to another user.
+
+#### Device verification
+
+Before Alice sends Bob encrypted data, or trusts data received from him,
+she may want to verify that she is actually communicating with him,
+rather than a man-in-the-middle. This verification process requires an
+out-of-band channel: there is no way to do it within Matrix without
+trusting the administrators of the homeservers.
+
+In Matrix, verification works by Alice meeting Bob in person, or
+contacting him via some other trusted medium, and using one of the
+verification methods defined below to interactively verify Bob's devices.
+Alice and Bob may also read aloud their unpadded base64 encoded Ed25519
+public key, as returned by `/keys/query`.
+
+Device verification may reach one of several conclusions. For example:
+
+-   Alice may "accept" the device. This means that she is satisfied that
+    the device belongs to Bob. She can then encrypt sensitive material
+    for that device, and knows that messages received were sent from
+    that device.
+-   Alice may "reject" the device. She will do this if she knows or
+    suspects that Bob does not control that device (or equivalently,
+    does not trust Bob). She will not send sensitive material to that
+    device, and cannot trust messages apparently received from it.
+-   Alice may choose to skip the device verification process. She is not
+    able to verify that the device actually belongs to Bob, but has no
+    reason to suspect otherwise. The encryption protocol continues to
+    protect against passive eavesdroppers.
+
+{{% boxes/note %}}
+Once the signing key has been verified, it is then up to the encryption
+protocol to verify that a given message was sent from a device holding
+that Ed25519 private key, or to encrypt a message so that it may only be
+decrypted by such a device. For the Olm protocol, this is documented at
+<https://matrix.org/docs/olm_signing.html>.
+{{% /boxes/note %}}
+
+##### Key verification framework
+
+Verifying keys manually by reading out the Ed25519 key is not very
+user-friendly, and can lead to errors. In order to help mitigate errors,
+and to make the process easier for users, some verification methods are
+supported by the specification and use messages exchanged by the user's devices
+to assist in the verification. The methods all use a common framework
+for negotiating the key verification.
+
+Verification messages can be sent either in a room shared by the two parties,
+which should be a [direct messaging](#direct-messaging) room between the two
+parties, or by using [to-device](#send-to-device-messaging) messages sent
+directly between the two devices involved.  In both cases, the messages
+exchanged are similar, with minor differences as detailed below. Verifying
+between two different users should be performed using in-room messages, whereas
+verifying two devices belonging to the same user should be performed using
+to-device messages.
+
+A key verification session is identified by an ID that is established by the
+first message sent in that session. For verifications using in-room messages,
+the ID is the event ID of the initial message, and for verifications using
+to-device messages, the first message contains a `transaction_id` field that is
+shared by the other messages of that session.
+
+In general, verification operates as follows:
+
+- Alice requests a key verification with Bob by sending an
+  `m.key.verification.request` event. This event indicates the verification
+  methods that Alice's client supports. (Note that "Alice" and "Bob" may in
+  fact be the same user, in the case where a user is verifying their own
+  devices.)
+- Bob's client prompts Bob to accept the key verification. When Bob accepts
+  the verification, Bob's client sends an `m.key.verification.ready` event.
+  This event indicates the verification methods, corresponding to the
+  verification methods supported by Alice's client, that Bob's client supports.
+- Alice's or Bob's devices allow their users to select one of the verification
+  methods supported by both devices to use for verification. When Alice or Bob
+  selects a verification method, their device begins the verification by
+  sending an `m.key.verification.start` event, indicating the selected
+  verification method. Note that if there is only one verification method in
+  common between the devices then the receiver's device (Bob) can auto-select
+  it.
+- Alice and Bob complete the verification as defined by the selected
+  verification method. This could involve their clients exchanging messages,
+  Alice and Bob exchanging information out-of-band, and/or Alice and Bob
+  interacting with their devices.
+- Alice's and Bob's clients send `m.key.verification.done` events to indicate
+  that the verification was successful.
+
+Verifications can be cancelled by either device at any time by sending an
+`m.key.verification.cancel` event with a `code` field that indicates the reason
+it was cancelled.
+
+When using to-device messages, Alice may not know which of Bob's devices to
+verify, or may not want to choose a specific device. In this case, Alice will
+send `m.key.verification.request` events to all of Bob's devices. All of these
+events will use the same transaction ID. When Bob accepts or declines the
+verification on one of his devices (sending either an
+`m.key.verification.ready` or `m.key.verification.cancel` event), Alice will
+send an `m.key.verification.cancel` event to Bob's other devices with a `code`
+of `m.accepted` in the case where Bob accepted the verification, or `m.user` in
+the case where Bob rejected the verification. This yields the following
+handshake when using to-device messages, assuming both Alice and Bob each have
+2 devices, Bob's first device accepts the key verification request, and Alice's
+second device initiates the request. Note how Alice's first device is not
+involved in the request or verification process. Also note that, although in
+this example, Bob's device sends the `m.key.verification.start`, Alice's device
+could also send that message. As well, the order of the
+`m.key.verification.done` messages could be reversed.
+
+```
+    +---------------+ +---------------+                    +-------------+ +-------------+
+    | AliceDevice1  | | AliceDevice2  |                    | BobDevice1  | | BobDevice2  |
+    +---------------+ +---------------+                    +-------------+ +-------------+
+            |                 |                                   |               |
+            |                 | m.key.verification.request        |               |
+            |                 |---------------------------------->|               |
+            |                 |                                   |               |
+            |                 | m.key.verification.request        |               |
+            |                 |-------------------------------------------------->|
+            |                 |                                   |               |
+            |                 |          m.key.verification.ready |               |
+            |                 |<----------------------------------|               |
+            |                 |                                   |               |
+            |                 | m.key.verification.cancel         |               |
+            |                 |-------------------------------------------------->|
+            |                 |                                   |               |
+            |                 |          m.key.verification.start |               |
+            |                 |<----------------------------------|               |
+            |                 |                                   |               |
+            .
+            .                       (verification messages)
+            .
+            |                 |                                   |               |
+            |                 |           m.key.verification.done |               |
+            |                 |<----------------------------------|               |
+            |                 |                                   |               |
+            |                 | m.key.verification.done           |               |
+            |                 |---------------------------------->|               |
+            |                 |                                   |               |
+```
+
+When using in-room messages and the room has encryption enabled, clients should
+ensure that encryption does not hinder the verification. For example, if the
+verification messages are encrypted, clients must ensure that all the
+recipient's unverified devices receive the keys necessary to decrypt the
+messages, even if they would normally not be given the keys to decrypt messages
+in the room. Alternatively, verification messages may be sent unencrypted,
+though this is not encouraged.
+
+Upon receipt of Alice's `m.key.verification.request` message, if Bob's device
+does not understand any of the methods, it should not cancel the request as one
+of his other devices may support the request. Instead, Bob's device should tell
+Bob that no supported method was found, and allow him to manually reject the
+request.
+
+The prompt for Bob to accept/reject Alice's request (or the unsupported method
+prompt) should be automatically dismissed 10 minutes after the `timestamp` (in
+the case of to-device messages) or `origin_ts` (in the case of in-room
+messages) field or 2 minutes after Bob's client receives the message, whichever
+comes first, if Bob does not interact with the prompt. The prompt should
+additionally be hidden if an appropriate `m.key.verification.cancel` message is
+received.
+
+If Bob rejects the request, Bob's client must send an
+`m.key.verification.cancel` event with `code` set to `m.user`. Upon receipt,
+Alice's device should tell her that Bob does not want to verify her device and,
+if the request was sent as a to-device message, send
+`m.key.verification.cancel` messages to all of Bob's devices to notify them
+that the request was rejected.
+
+If Alice's and Bob's clients both send an `m.key.verification.start` message,
+and both specify the same verification method, then the
+`m.key.verification.start` message sent by the user whose ID is the
+lexicographically largest user ID should be ignored, and the situation should
+be treated the same as if only the user with the lexicographically smallest
+user ID had sent the `m.key.verification.start` message.  In the case where the
+user IDs are the same (that is, when a user is verifying their own device),
+then the device IDs should be compared instead.  If the two
+`m.key.verification.start` messages do not specify the same verification
+method, then the verification should be cancelled with a `code` of
+`m.unexpected_message`.
+
+An `m.key.verification.start` message can also be sent independently of any
+request, specifying the verification method to use. This behaviour is
+deprecated, and new clients should not begin verifications in this way.
+However, clients should handle such verifications started by other clients.
+
+Individual verification methods may add additional steps, events, and
+properties to the verification messages. Event types for methods defined
+in this specification must be under the `m.key.verification` namespace
+and any other event types must be namespaced according to the Java
+package naming convention.
+
+{{% event event="m.key.verification.request" %}}
+
+{{% event event="m.key.verification.ready" %}}
+
+{{% event event="m.key.verification.start" %}}
+
+{{% event event="m.key.verification.done" %}}
+
+{{% event event="m.key.verification.cancel" %}}
+
+##### Short Authentication String (SAS) verification
+
+SAS verification is a user-friendly key verification process built off
+the common framework outlined above. SAS verification is intended to be
+a highly interactive process for users, and as such exposes verification
+methods which are easier for users to use.
+
+The verification process is heavily inspired by Phil Zimmermann's ZRTP
+key agreement handshake. A key part of key agreement in ZRTP is the hash
+commitment: the party that begins the Diffie-Hellman key sharing sends a
+hash of their part of the Diffie-Hellman exchange, and does not send
+their part of the Diffie-Hellman exchange until they have received the
+other party's part. Thus an attacker essentially only has one attempt to
+attack the Diffie-Hellman exchange, and hence we can verify fewer bits
+while still achieving a high degree of security: if we verify n bits,
+then an attacker has a 1 in 2<sup>n</sup> chance of success. For
+example, if we verify 40 bits, then an attacker has a 1 in
+1,099,511,627,776 chance (or less than 1 in 10<sup>12</sup> chance) of
+success. A failed attack would result in a mismatched Short
+Authentication String, alerting users to the attack.
+
+To advertise support for this method, clients use the name `m.sas.v1` in the
+`methods` fields of the `m.key.verification.request` and
+`m.key.verification.ready` events.
+
+The verification process takes place in two phases:
+
+1.  Key agreement phase (based on [ZRTP key
+    agreement](https://tools.ietf.org/html/rfc6189#section-4.4.1)).
+2.  Key verification phase (based on HMAC).
+
+The process between Alice and Bob verifying each other would be:
+
+1.  Alice and Bob establish a secure out-of-band connection, such as
+    meeting in-person or a video call. "Secure" here means that either
+    party cannot be impersonated, not explicit secrecy.
+2.  Alice and Bob begin a key verification using the key verification
+    framework as described above.
+3.  Alice's device sends Bob's device an `m.key.verification.start`
+    message. Alice's device ensures it has a copy of Bob's device key.
+4.  Bob's device receives the message and selects a key agreement
+    protocol, hash algorithm, message authentication code, and SAS
+    method supported by Alice's device.
+5.  Bob's device ensures it has a copy of Alice's device key.
+6.  Bob's device creates an ephemeral Curve25519 key pair
+    (*K<sub>B</sub><sup>private</sup>*, *K<sub>B</sub><sup>public</sup>*),
+    and calculates the hash (using the chosen algorithm) of the public
+    key *K<sub>B</sub><sup>public</sup>*.
+7.  Bob's device replies to Alice's device with an
+    `m.key.verification.accept` message.
+8.  Alice's device receives Bob's message and stores the commitment hash
+    for later use.
+9.  Alice's device creates an ephemeral Curve25519 key pair
+    (*K<sub>A</sub><sup>private</sup>*, *K<sub>A</sub><sup>public</sup>*)
+    and replies to Bob's device with an `m.key.verification.key`,
+    sending only the public key
+    *K<sub>A</sub><sup>public</sup>*.
+10. Bob's device receives Alice's message and replies with its own
+    `m.key.verification.key` message containing its public key
+    *K<sub>B</sub><sup>public</sup>*.
+11. Alice's device receives Bob's message and verifies the commitment
+    hash from earlier matches the hash of the key Bob's device just sent
+    and the content of Alice's `m.key.verification.start` message.
+12. Both Alice and Bob's devices perform an Elliptic-curve
+    Diffie-Hellman
+    (*ECDH(K<sub>A</sub><sup>private</sup>*, *K<sub>B</sub><sup>public</sup>*)),
+    using the result as the shared secret.
+13. Both Alice and Bob's devices display a SAS to their users, which is
+    derived from the shared key using one of the methods in this
+    section. If multiple SAS methods are available, clients should allow
+    the users to select a method.
+14. Alice and Bob compare the strings shown by their devices, and tell
+    their devices if they match or not.
+15. Assuming they match, Alice and Bob's devices calculate the HMAC of
+    their own device keys and a comma-separated sorted list of the key
+    IDs that they wish the other user to verify, using SHA-256 as the
+    hash function. HMAC is defined in [RFC
+    2104](https://tools.ietf.org/html/rfc2104). The key for the HMAC is
+    different for each item and is calculated by generating 32 bytes
+    (256 bits) using [the key verification HKDF](#hkdf-calculation).
+16. Alice's device sends Bob's device an `m.key.verification.mac`
+    message containing the MAC of Alice's device keys and the MAC of her
+    key IDs to be verified. Bob's device does the same for Bob's device
+    keys and key IDs concurrently with Alice.
+17. When the other device receives the `m.key.verification.mac` message,
+    the device calculates the HMAC of its copies of the other device's
+    keys given in the message, as well as the HMAC of the
+    comma-separated, sorted, list of key IDs in the message. The device
+    compares these with the HMAC values given in the message, and if
+    everything matches then the device keys are verified.
+18. Alice and Bob's devices send `m.key.verification.done` messages to complete
+    the verification.
+
+The wire protocol looks like the following between Alice and Bob's
+devices:
+
+```
+    +-------------+                    +-----------+
+    | AliceDevice |                    | BobDevice |
+    +-------------+                    +-----------+
+          |                                 |
+          | m.key.verification.start        |
+          |-------------------------------->|
+          |                                 |
+          |       m.key.verification.accept |
+          |<--------------------------------|
+          |                                 |
+          | m.key.verification.key          |
+          |-------------------------------->|
+          |                                 |
+          |          m.key.verification.key |
+          |<--------------------------------|
+          |                                 |
+          | m.key.verification.mac          |
+          |-------------------------------->|
+          |                                 |
+          |          m.key.verification.mac |
+          |<--------------------------------|
+          |                                 |
+```
+
+###### Error and exception handling
+
+At any point the interactive verification can go wrong. The following
+describes what to do when an error happens:
+
+-   Alice or Bob can cancel the verification at any time. An
+    `m.key.verification.cancel` message must be sent to signify the
+    cancellation.
+-   The verification can time out. Clients should time out a
+    verification that does not complete within 10 minutes. Additionally,
+    clients should expire a `transaction_id` which goes unused for 10
+    minutes after having last sent/received it. The client should inform
+    the user that the verification timed out, and send an appropriate
+    `m.key.verification.cancel` message to the other device.
+-   When the same device attempts to initiate multiple verification
+    attempts, the recipient should cancel all attempts with that device.
+-   When a device receives an unknown `transaction_id`, it should send
+    an appropriate `m.key.verification.cancel` message to the other
+    device indicating as such. This does not apply for inbound
+    `m.key.verification.start` or `m.key.verification.cancel` messages.
+-   If the two devices do not share a common key share, hash, HMAC, or
+    SAS method then the device should notify the other device with an
+    appropriate `m.key.verification.cancel` message.
+-   If the user claims the Short Authentication Strings do not match,
+    the device should send an appropriate `m.key.verification.cancel`
+    message to the other device.
+-   If the device receives a message out of sequence or that it was not
+    expecting, it should notify the other device with an appropriate
+    `m.key.verification.cancel` message.
+
+###### Verification messages specific to SAS
+
+Building off the common framework, the following events are involved in
+SAS verification.
+
+The `m.key.verification.cancel` event is unchanged, however the
+following error codes are used in addition to those already specified:
+
+-   `m.unknown_method`: The devices are unable to agree on the key
+    agreement, hash, MAC, or SAS method.
+-   `m.mismatched_commitment`: The hash commitment did not match.
+-   `m.mismatched_sas`: The SAS did not match.
+
+{{% event event="m.key.verification.start$m.sas.v1" %}}
+
+{{% event event="m.key.verification.accept" %}}
+
+{{% event event="m.key.verification.key" %}}
+
+{{% event event="m.key.verification.mac" %}}
+
+###### HKDF calculation
+
+In all of the SAS methods, HKDF is as defined in [RFC
+5869](https://tools.ietf.org/html/rfc5869) and uses the previously
+agreed-upon hash function for the hash function. The shared secret is
+supplied as the input keying material. No salt is used. When the
+`key_agreement_protocol` is `curve25519-hkdf-sha256`, the info parameter
+is the concatenation of:
+
+-   The string `MATRIX_KEY_VERIFICATION_SAS|`.
+-   The Matrix ID of the user who sent the `m.key.verification.start`
+    message, followed by `|`.
+-   The Device ID of the device which sent the
+    `m.key.verification.start` message, followed by `|`.
+-   The public key from the `m.key.verification.key` message sent by
+    the device which sent the `m.key.verification.start` message,
+    followed by `|`.
+-   The Matrix ID of the user who sent the `m.key.verification.accept`
+    message, followed by `|`.
+-   The Device ID of the device which sent the
+    `m.key.verification.accept` message, followed by `|`.
+-   The public key from the `m.key.verification.key` message sent by
+    the device which sent the `m.key.verification.accept` message,
+    followed by `|`.
+-   The `transaction_id` being used.
+
+When the `key_agreement_protocol` is the deprecated method `curve25519`,
+the info parameter is the concatenation of:
+
+-   The string `MATRIX_KEY_VERIFICATION_SAS`.
+-   The Matrix ID of the user who sent the `m.key.verification.start`
+    message.
+-   The Device ID of the device which sent the
+    `m.key.verification.start` message.
+-   The Matrix ID of the user who sent the `m.key.verification.accept`
+    message.
+-   The Device ID of the device which sent the
+    `m.key.verification.accept` message.
+-   The `transaction_id` being used.
+
+New implementations are discouraged from implementing the `curve25519`
+method.
+
+{{% boxes/rationale %}}
+HKDF is used over the plain shared secret as it results in a harder
+attack as well as more uniform data to work with.
+{{% /boxes/rationale %}}
+
+For verification of each party's device keys, HKDF is as defined in RFC
+5869 and uses SHA-256 as the hash function. The shared secret is
+supplied as the input keying material. No salt is used, and in the info
+parameter is the concatenation of:
+
+-   The string `MATRIX_KEY_VERIFICATION_MAC`.
+-   The Matrix ID of the user whose key is being MAC-ed.
+-   The Device ID of the device sending the MAC.
+-   The Matrix ID of the other user.
+-   The Device ID of the device receiving the MAC.
+-   The `transaction_id` being used.
+-   The Key ID of the key being MAC-ed, or the string `KEY_IDS` if the
+    item being MAC-ed is the list of key IDs.
+
+###### SAS method: `decimal`
+
+Generate 5 bytes using [HKDF](#hkdf-calculation) then take sequences of 13 bits
+to convert to decimal numbers (resulting in 3 numbers between 0 and 8191
+inclusive each). Add 1000 to each calculated number.
+
+The bitwise operations to get the numbers given the 5 bytes
+*B<sub>0</sub>*, *B<sub>1</sub>*, *B<sub>2</sub>*, *B<sub>3</sub>*, *B<sub>4</sub>*
+would be:
+
+-   First: (*B<sub>0</sub>* ≪ 5|*B<sub>1</sub>* ≫ 3) + 1000
+-   Second:
+    ((*B<sub>1</sub>*&0x7) ≪ 10|*B<sub>2</sub>* ≪ 2|*B<sub>3</sub>* ≫ 6) + 1000
+-   Third: ((*B<sub>3</sub>*&0x3F) ≪ 7|*B<sub>4</sub>* ≫ 1) + 1000
+
+The digits are displayed to the user either with an appropriate
+separator, such as dashes, or with the numbers on individual lines.
+
+###### SAS method: `emoji`
+
+Generate 6 bytes using [HKDF](#hkdf-calculation) then split the first 42 bits
+into 7 groups of 6 bits, similar to how one would base64 encode
+something. Convert each group of 6 bits to a number and use the
+following table to get the corresponding emoji:
+
+{{% sas-emojis %}}
+
+{{% boxes/note %}}
+This table is available as JSON at
+<https://github.com/matrix-org/matrix-doc/blob/master/data-definitions/sas-emoji.json>
+{{% /boxes/note %}}
+
+{{% boxes/rationale %}}
+The emoji above were chosen to:
+
+-   Be recognisable without colour.
+-   Be recognisable at a small size.
+-   Be recognisable by most cultures.
+-   Be distinguishable from each other.
+-   Easily described by a few words.
+-   Avoid symbols with negative connotations.
+-   Be likely similar across multiple platforms.
+{{% /boxes/rationale %}}
+
+Clients SHOULD show the emoji with the descriptions from the table, or
+appropriate translation of those descriptions. Client authors SHOULD
+collaborate to create a common set of translations for all languages.
+
+{{% boxes/note %}}
+Known translations for the emoji are available from
+<https://github.com/matrix-org/matrix-doc/blob/master/data-definitions/>
+and can be translated online:
+<https://translate.riot.im/projects/matrix-doc/sas-emoji-v1>
+{{% /boxes/note %}}
+
+##### Cross-signing
+
+Rather than requiring Alice to verify each of Bob's devices with each of
+her own devices and vice versa, the cross-signing feature allows users
+to sign their device keys such that Alice and Bob only need to verify
+once. With cross-signing, each user has a set of cross-signing keys that
+are used to sign their own device keys and other users' keys, and can be
+used to trust device keys that were not verified directly.
+
+Each user has three ed25519 key pairs for cross-signing:
+
+-   a master key (MSK) that serves as the user's identity in
+    cross-signing and signs their other cross-signing keys;
+-   a user-signing key (USK) -- only visible to the user that it belongs
+    to --that signs other users' master keys; and
+-   a self-signing key (SSK) that signs the user's own device keys.
+
+The master key may also be used to sign other items such as the backup
+key. The master key may also be signed by the user's own device keys to
+aid in migrating from device verifications: if Alice's device had
+previously verified Bob's device and Bob's device has signed his master
+key, then Alice's device can trust Bob's master key, and she can sign it
+with her user-signing key.
+
+Users upload their cross-signing keys to the server using [POST
+/\_matrix/client/r0/keys/device\_signing/upload](/client-server-api/#post_matrixclientr0keysdevice_signingupload). When Alice uploads
+new cross-signing keys, her user ID will appear in the `changed`
+property of the `device_lists` field of the `/sync` of response of all
+users who share an encrypted room with her. When Bob sees Alice's user
+ID in his `/sync`, he will call [POST /\_matrix/client/r0/keys/query](/client-server-api/#post_matrixclientr0keysquery)
+to retrieve Alice's device and cross-signing keys.
+
+If Alice has a device and wishes to send an encrypted message to Bob,
+she can trust Bob's device if:
+
+-   Alice's device is using a master key that has signed her
+    user-signing key,
+-   Alice's user-signing key has signed Bob's master key,
+-   Bob's master key has signed Bob's self-signing key, and
+-   Bob's self-signing key has signed Bob's device key.
+
+The following diagram illustrates how keys are signed:
+
+```
+    +------------------+                ..................   +----------------+
+    | +--------------+ |   ..................            :   | +------------+ |
+    | |              v v   v            :   :            v   v v            | |
+    | |           +-----------+         :   :         +-----------+         | |
+    | |           | Alice MSK |         :   :         |  Bob MSK  |         | |
+    | |           +-----------+         :   :         +-----------+         | |
+    | |             |       :           :   :           :       |           | |
+    | |          +--+       :...        :   :        ...:       +--+        | |
+    | |          v             v        :   :        v             v        | |
+    | |    +-----------+ .............  :   :  ............. +-----------+  | |
+    | |    | Alice SSK | : Alice USK :  :   :  :  Bob USK  : |  Bob SSK  |  | |
+    | |    +-----------+ :...........:  :   :  :...........: +-----------+  | |
+    | |      |  ...  |         :        :   :        :         |  ...  |    | |
+    | |      V       V         :........:   :........:         V       V    | |
+    | | +---------+   -+                                  +---------+   -+  | |
+    | | | Devices | ...|                                  | Devices | ...|  | |
+    | | +---------+   -+                                  +---------+   -+  | |
+    | |      |  ...  |                                         |  ...  |    | |
+    | +------+       |                                         |       +----+ |
+    +----------------+                                         +--------------+
+```
+
+In the diagram, boxes represent keys and lines represent signatures with
+the arrows pointing from the signing key to the key being signed. Dotted
+boxes and lines represent keys and signatures that are only visible to
+the user who created them.
+
+The following diagram illustrates Alice's view, hiding the keys and
+signatures that she cannot see:
+
+```
+    +------------------+                +----------------+   +----------------+
+    | +--------------+ |                |                |   | +------------+ |
+    | |              v v                |                v   v v            | |
+    | |           +-----------+         |             +-----------+         | |
+    | |           | Alice MSK |         |             |  Bob MSK  |         | |
+    | |           +-----------+         |             +-----------+         | |
+    | |             |       |           |                       |           | |
+    | |          +--+       +--+        |                       +--+        | |
+    | |          v             v        |                          v        | |
+    | |    +-----------+ +-----------+  |                    +-----------+  | |
+    | |    | Alice SSK | | Alice USK |  |                    |  Bob SSK  |  | |
+    | |    +-----------+ +-----------+  |                    +-----------+  | |
+    | |      |  ...  |         |        |                      |  ...  |    | |
+    | |      V       V         +--------+                      V       V    | |
+    | | +---------+   -+                                  +---------+   -+  | |
+    | | | Devices | ...|                                  | Devices | ...|  | |
+    | | +---------+   -+                                  +---------+   -+  | |
+    | |      |  ...  |                                         |  ...  |    | |
+    | +------+       |                                         |       +----+ |
+    +----------------+                                         +--------------+
+```
+
+[Verification methods](#device-verification) can be used to verify a
+user's master key by using the master public key, encoded using unpadded
+base64, as the device ID, and treating it as a normal device. For
+example, if Alice and Bob verify each other using SAS, Alice's
+`m.key.verification.mac` message to Bob may include
+`"ed25519:alices+master+public+key": "alices+master+public+key"` in the
+`mac` property. Servers therefore must ensure that device IDs will not
+collide with cross-signing public keys.
+
+The cross-signing private keys can be stored on the server or shared with other
+devices using the [Secrets](#secrets) module.  When doing so, the master,
+user-signing, and self-signing keys are identified using the names
+`m.cross_signing.master`, `m.cross_signing.user_signing`, and
+`m.cross_signing.self_signing`, respectively, and the keys are base64-encoded
+before being encrypted.
+
+###### Key and signature security
+
+A user's master key could allow an attacker to impersonate that user to
+other users, or other users to that user. Thus clients must ensure that
+the private part of the master key is treated securely. If clients do
+not have a secure means of storing the master key (such as a secret
+storage system provided by the operating system), then clients must not
+store the private part.
+
+If a user's client sees that any other user has changed their master
+key, that client must notify the user about the change before allowing
+communication between the users to continue.
+
+A user's user-signing and self-signing keys are intended to be easily
+replaceable if they are compromised by re-issuing a new key signed by
+the user's master key and possibly by re-verifying devices or users.
+However, doing so relies on the user being able to notice when their
+keys have been compromised, and it involves extra work for the user, and
+so although clients do not have to treat the private parts as
+sensitively as the master key, clients should still make efforts to
+store the private part securely, or not store it at all. Clients will
+need to balance the security of the keys with the usability of signing
+users and devices when performing key verification.
+
+To avoid leaking of social graphs, servers will only allow users to see:
+
+-   signatures made by the user's own master, self-signing or
+    user-signing keys,
+-   signatures made by the user's own devices about their own master
+    key,
+-   signatures made by other users' self-signing keys about their
+    respective devices,
+-   signatures made by other users' master keys about their respective
+    self-signing key, or
+-   signatures made by other users' devices about their respective
+    master keys.
+
+Users will not be able to see signatures made by other users'
+user-signing keys.
+
+{{% http-api spec="client-server" api="cross_signing" %}}
+
+##### QR codes
+
+Verifying by QR codes provides a quick way to verify when one of the parties
+has a device capable of scanning a QR code. The QR code encodes both parties'
+master signing keys as well as a random shared secret that is used to allow
+bi-directional verification from a single scan.
+
+To advertise the ability to show a QR code, clients use the names
+`m.qr_code.show.v1` and `m.reciprocate.v1` in the `methods` fields of the
+`m.key.verification.request` and `m.key.verification.ready` events. To
+advertise the ability to scan a QR code, clients use the names
+`m.qr_code.scan.v1` and `m.reciprocate.v1` in the `methods` fields of the
+`m.key.verification.request` and `m.key.verification.ready` events.
+Clients that support both showing and scanning QR codes would advertise
+`m.qr_code.show.v1`, `m.qr_code.scan.v1`, and `m.reciprocate.v1` as
+methods.
+
+The process between Alice and Bob verifying each other would be:
+
+1. Alice and Bob meet in person, and want to verify each other's keys.
+2. Alice and Bob begin a key verification using the key verification
+   framework as described above.
+3. Alice's client displays a QR code that Bob is able to scan if Bob's client
+   indicated the ability to scan, an option to scan Bob's QR code if her client
+   is able to scan.  Bob's client prompts displays a QR code that Alice can
+   scan if Alice's client indicated the ability to scan, and an option to scan
+   Alice's QR code if his client is able to scan. The format for the QR code
+   is described below. Other options, like starting SAS Emoji verification, 
+   can be presented alongside the QR code if the devices have appropriate 
+   support.
+5. Alice scans Bob's QR code.
+6. Alice's device ensures that the keys encoded in the QR code match the
+   expected values for the keys. If not, Alice's device displays an error
+   message indicating that the code is incorrect, and sends a
+   `m.key.verification.cancel` message to Bob's device.
+
+   Otherwise, at this point:
+   - Alice's device has now verified Bob's key, and
+   - Alice's device knows that Bob has the correct key for her.
+
+   Thus for Bob to verify Alice's key, Alice needs to tell Bob that he has the
+   right key.
+7. Alice's device displays a message saying that the verification was
+   successful because the QR code's keys will have matched the keys
+   expected for Bob. Bob's device hasn't had a chance to verify Alice's
+   keys yet so wouldn't show the same message. Bob will know that
+   he has the right key for Alice because Alice's device will have shown
+   this message, as otherwise the verification would be cancelled.
+8. Alice's device sends an `m.key.verification.start` message with `method` set
+   to `m.reciprocate.v1` to Bob (see below).  The message includes the shared
+   secret from the QR code.  This signals to Bob's device that Alice has
+   scanned Bob's QR code.
+
+   This message is merely a signal for Bob's device to proceed to the next
+   step, and is not used for verification purposes.
+9. Upon receipt of the `m.key.verification.start` message, Bob's device ensures
+   that the shared secret matches.
+
+   If the shared secret does not match, it should display an error message
+   indicating that an attack was attempted.  (This does not affect Alice's
+   verification of Bob's keys.)
+
+   If the shared secret does match, it asks Bob to confirm that Alice
+   has scanned the QR code.
+10. Bob sees Alice's device confirm that the key matches, and presses the button
+    on his device to indicate that Alice's key is verified.
+
+    Bob's verification of Alice's key hinges on Alice telling Bob the result of
+    her scan.  Since the QR code includes what Bob thinks Alice's key is,
+    Alice's device can check whether Bob has the right key for her.  Alice has
+    no motivation to lie about the result, as getting Bob to trust an incorrect
+    key would only affect communications between herself and Bob.  Thus Alice
+    telling Bob that the code was scanned successfully is sufficient for Bob to
+    trust Alice's key, under the assumption that this communication is done
+    over a trusted medium (such as in-person).
+11. Both devices send an `m.key.verification.done` message.
+
+###### QR code format
+
+The QR codes to be displayed and scanned using this format will encode binary
+strings in the general form:
+
+- the ASCII string `MATRIX`
+- one byte indicating the QR code version (must be `0x02`)
+- one byte indicating the QR code verification mode.  Should be one of the
+  following values:
+  - `0x00` verifying another user with cross-signing
+  - `0x01` self-verifying in which the current device does trust the master key
+  - `0x02` self-verifying in which the current device does not yet trust the
+    master key
+- the event ID or `transaction_id` of the associated verification
+  request event, encoded as:
+  - two bytes in network byte order (big-endian) indicating the length in
+    bytes of the ID as a UTF-8 string
+  - the ID as a UTF-8 string
+- the first key, as 32 bytes.  The key to use depends on the mode field:
+  - if `0x00` or `0x01`, then the current user's own master cross-signing public key
+  - if `0x02`, then the current device's device key
+- the second key, as 32 bytes.  The key to use depends on the mode field:
+  - if `0x00`, then what the device thinks the other user's master
+    cross-signing key is
+  - if `0x01`, then what the device thinks the other device's device key is
+  - if `0x02`, then what the device thinks the user's master cross-signing key
+    is
+- a random shared secret, as a byte string.  It is suggested to use a secret
+  that is about 8 bytes long.  Note: as we do not share the length of the
+  secret, and it is not a fixed size, clients will just use the remainder of
+  binary string as the shared secret.
+
+For example, if Alice displays a QR code encoding the following binary string:
+
+```
+      "MATRIX"    |ver|mode| len   | event ID
+ 4D 41 54 52 49 58  02  00   00 2D   21 41 42 43 44 ...
+| user's cross-signing key    | other user's cross-signing key | shared secret
+  00 01 02 03 04 05 06 07 ...   10 11 12 13 14 15 16 17 ...      20 21 22 23 24 25 26 27
+```
+
+this indicates that Alice is verifying another user (say Bob), in response to
+the request from event "$ABCD...", her cross-signing key is
+`0001020304050607...` (which is "AAECAwQFBg..." in base64), she thinks that
+Bob's cross-signing key is `1011121314151617...` (which is "EBESExQVFh..." in
+base64), and the shared secret is `2021222324252627` (which is "ICEiIyQlJic" in
+base64).
+
+###### Verification messages specific to QR codes
+
+{{% event event="m.key.verification.start$m.reciprocate.v1" %}}
+
+#### Sharing keys between devices
+
+If Bob has an encrypted conversation with Alice on his computer, and
+then logs in through his phone for the first time, he may want to have
+access to the previously exchanged messages. To address this issue,
+several methods are provided to allow users to transfer keys from one
+device to another.
+
+##### Key requests
+
+When a device is missing keys to decrypt messages, it can request the
+keys by sending [m.room\_key\_request](#mroom_key_request) to-device messages to other
+devices with `action` set to `request`.
+
+If a device wishes to share the keys with that device, it can forward
+the keys to the first device by sending an encrypted
+[m.forwarded\_room\_key](#mforwarded_room_key) to-device message. The first device should
+then send an [m.room\_key\_request](#mroom_key_request) to-device message with `action`
+set to `request_cancellation` to the other devices that it had
+originally sent the key request to; a device that receives a
+`request_cancellation` should disregard any previously-received
+`request` message with the same `request_id` and `requesting_device_id`.
+
+If a device does not wish to share keys with that device, it can
+indicate this by sending an [m.room\_key.withheld](#mroom_key.withheld) to-device message,
+as described in [Reporting that decryption keys are
+withheld](#reporting-that-decryption-keys-are-withheld).
+
+{{% boxes/note %}}
+Key sharing can be a big attack vector, thus it must be done very
+carefully. A reasonable strategy is for a user's client to only send
+keys requested by the verified devices of the same user.
+{{% /boxes/note %}}
+
+##### Server-side key backups
+
+Devices may upload encrypted copies of keys to the server. When a device
+tries to read a message that it does not have keys for, it may request
+the key from the server and decrypt it. Backups are per-user, and users
+may replace backups with new backups.
+
+In contrast with [Key requests](#key-requests), Server-side key backups
+do not require another device to be online from which to request keys.
+However, as the session keys are stored on the server encrypted, it
+requires users to enter a decryption key to decrypt the session keys.
+
+To create a backup, a client will call [POST
+/\_matrix/client/r0/room\_keys/version](#post_matrixclientr0room_keysversion) and define how the keys are to
+be encrypted through the backup's `auth_data`; other clients can
+discover the backup by calling [GET
+/\_matrix/client/r0/room\_keys/version](#get_matrixclientr0room_keysversion). Keys are encrypted according
+to the backup's `auth_data` and added to the backup by calling [PUT
+/\_matrix/client/r0/room\_keys/keys](#put_matrixclientr0room_keyskeys) or one of its variants, and can
+be retrieved by calling [GET /\_matrix/client/r0/room\_keys/keys](#get_matrixclientr0room_keyskeys) or
+one of its variants. Keys can only be written to the most recently
+created version of the backup. Backups can also be deleted using [DELETE
+/\_matrix/client/r0/room\_keys/version/{version}](#delete_matrixclientr0room_keysversionversion), or individual keys
+can be deleted using [DELETE /\_matrix/client/r0/room\_keys/keys](#delete_matrixclientr0room_keyskeys) or
+one of its variants.
+
+Clients must only store keys in backups after they have ensured that the
+`auth_data` is trusted, either by checking the signatures on it, or by
+deriving the public key from a private key that it obtained from a
+trusted source.
+
+When a client uploads a key for a session that the server already has a
+key for, the server will choose to either keep the existing key or
+replace it with the new key based on the key metadata as follows:
+
+-   if the keys have different values for `is_verified`, then it will
+    keep the key that has `is_verified` set to `true`;
+-   if they have the same values for `is_verified`, then it will keep
+    the key with a lower `first_message_index`;
+-   and finally, is `is_verified` and `first_message_index` are equal,
+    then it will keep the key with a lower `forwarded_count`.
+
+###### Recovery key
+
+If the recovery key (the private half of the backup encryption key) is
+presented to the user to save, it is presented as a string constructed
+as follows:
+
+1.  The 256-bit curve25519 private key is prepended by the bytes `0x8B`
+    and `0x01`
+2.  All the bytes in the string above, including the two header bytes,
+    are XORed together to form a parity byte. This parity byte is
+    appended to the byte string.
+3.  The byte string is encoded using base58, using the same [mapping as
+    is used for Bitcoin
+    addresses](https://en.bitcoin.it/wiki/Base58Check_encoding#Base58_symbol_chart),
+    that is, using the alphabet
+    `123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz`.
+4.  A space should be added after every 4th character.
+
+When reading in a recovery key, clients must disregard whitespace, and
+perform the reverse of steps 1 through 3.
+
+The recovery key can also be stored on the server or shared with other devices
+using the [Secrets](#secrets) module. When doing so, it is identified using the
+name `m.megolm_backup.v1`, and the key is base64-encoded before being
+encrypted.
+
+###### Backup algorithm: `m.megolm_backup.v1.curve25519-aes-sha2`
+
+When a backup is created with the `algorithm` set to
+`m.megolm_backup.v1.curve25519-aes-sha2`, the `auth_data` should have
+the following format:
+
+`AuthData`
+
+| Parameter  | Type       | Description                                                                                      |
+| -----------| -----------|--------------------------------------------------------------------------------------------------|
+| public_key | string     | **Required.** The curve25519 public key used to encrypt the backups, encoded in unpadded base64. |
+| signatures | Signatures | Optional. Signatures of the ``auth_data``, as Signed JSON                                        |
+
+The `session_data` field in the backups is constructed as follows:
+
+1.  Encode the session key to be backed up as a JSON object with the
+    properties:
+
+| Parameter                       | Type              | Description                                                                                                                                                                 |
+| --------------------------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| algorithm                       | string            | **Required.** The end-to-end message encryption algorithm that the key is for.  Must be `m.megolm.v1.aes-sha2`.                                                             |
+| forwarding_curve25519_key_chain | [string]          | **Required.** Chain of Curve25519 keys through which this session was forwarded, via [m.forwarded_room_key](#mforwarded_room_key) events.                                   |
+| sender_key                      | string            | **Required.** Unpadded base64-encoded device curve25519 key.                                                                                                                |
+| sender_claimed_keys             | {string: string}  | **Required.** A map from algorithm name (`ed25519`) to the identity key for the sending device.                                                                             |
+| session_key                     | string            | **Required.** Unpadded base64-encoded session key in [session-sharing format](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#session-sharing-format).  |
+
+2.  Generate an ephemeral curve25519 key, and perform an ECDH with the
+    ephemeral key and the backup's public key to generate a shared
+    secret. The public half of the ephemeral key, encoded using unpadded
+    base64, becomes the `ephemeral` property of the `session_data`.
+
+3.  Using the shared secret, generate 80 bytes by performing an HKDF
+    using SHA-256 as the hash, with a salt of 32 bytes of 0, and with
+    the empty string as the info. The first 32 bytes are used as the AES
+    key, the next 32 bytes are used as the MAC key, and the last 16
+    bytes are used as the AES initialization vector.
+
+4.  Stringify the JSON object, and encrypt it using AES-CBC-256 with
+    PKCS\#7 padding. This encrypted data, encoded using unpadded base64,
+    becomes the `ciphertext` property of the `session_data`.
+
+5.  Pass the raw encrypted data (prior to base64 encoding) through
+    HMAC-SHA-256 using the MAC key generated above. The first 8 bytes of
+    the resulting MAC are base64-encoded, and become the `mac` property
+    of the `session_data`.
+
+{{% http-api spec="client-server" api="key_backup" %}}
+
+##### Key exports
+
+Keys can be manually exported from one device to an encrypted file,
+copied to another device, and imported. The file is encrypted using a
+user-supplied passphrase, and is created as follows:
+
+1.  Encode the sessions as a JSON object, formatted as described in [Key
+    export format](#key-export-format).
+
+2.  Generate a 512-bit key from the user-entered passphrase by computing
+    [PBKDF2](https://tools.ietf.org/html/rfc2898#section-5.2)(HMAC-SHA-512,
+    passphrase, S, N, 512), where S is a 128-bit
+    cryptographically-random salt and N is the number of rounds. N
+    should be at least 100,000. The keys K and K' are set to the first
+    and last 256 bits of this generated key, respectively. K is used as
+    an AES-256 key, and K' is used as an HMAC-SHA-256 key.
+
+3.  Serialize the JSON object as a UTF-8 string, and encrypt it using
+    AES-CTR-256 with the key K generated above, and with a 128-bit
+    cryptographically-random initialization vector, IV, that has bit 63
+    set to zero. (Setting bit 63 to zero in IV is needed to work around
+    differences in implementations of AES-CTR.)
+
+4.  Concatenate the following data:
+
+| Size (bytes)| Description                                                                             |
+| ------------|-----------------------------------------------------------------------------------------|
+| 1           | Export format version, which must be `0x01`.                                            |
+| 16          | The salt S.                                                                             |
+| 16          | The initialization vector IV.                                                           |
+| 4           | The number of rounds N, as a big-endian unsigned 32-bit integer.                        |
+| variable    | The encrypted JSON object.                                                              |
+| 32          | The HMAC-SHA-256 of all the above string concatenated together, using K' as the key.    |
+
+5.  Base64-encode the string above. Newlines may be added to avoid
+    overly long lines.
+
+6.  Prepend the resulting string with
+    `-----BEGIN MEGOLM SESSION DATA-----`, with a trailing newline, and
+    append `-----END MEGOLM SESSION DATA-----`, with a leading and
+    trailing newline.
+
+###### Key export format
+
+The exported sessions are formatted as a JSON array of `SessionData`
+objects described as follows:
+
+`SessionData`
+
+| Parameter                         | Type             | Description                                                                                                                           |
+|-----------------------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------|
+| algorithm                         | string           | Required. The encryption algorithm that the session uses. Must be `m.megolm.v1.aes-sha2`.                                             |
+| forwarding_curve25519_key_chain   | [string]         | Required. Chain of Curve25519 keys through which this session was forwarded, via [m.forwarded_room_key](#mforwarded_room_key) events. |
+| room_id                           | string           | Required. The room where the session is used.                                                                                         |
+| sender_key                        | string           | Required. The Curve25519 key of the device which initiated the session originally.                                                    |
+| sender_claimed_keys               | {string: string} | Required. The Ed25519 key of the device which initiated the session originally.                                                       |
+| session_id                        | string           | Required. The ID of the session.                                                                                                      |
+| session_key                       | string           | Required. The key for the session.                                                                                                    |
+
+This is similar to the format before encryption used for the session
+keys in [Server-side key backups](#server-side-key-backups) but adds the
+`room_id` and `session_id` fields.
+
+Example:
+
+```
+[
+    {
+        "algorithm": "m.megolm.v1.aes-sha2",
+        "forwarding_curve25519_key_chain": [
+            "hPQNcabIABgGnx3/ACv/jmMmiQHoeFfuLB17tzWp6Hw"
+        ],
+        "room_id": "!Cuyf34gef24t:localhost",
+        "sender_key": "RF3s+E7RkTQTGF2d8Deol0FkQvgII2aJDf3/Jp5mxVU",
+        "sender_claimed_keys": {
+            "ed25519": "<device ed25519 identity key>",
+        },
+        "session_id": "X3lUlvLELLYxeTx4yOVu6UDpasGEVO0Jbu+QFnm0cKQ",
+        "session_key": "AgAAAADxKHa9uFxcXzwYoNueL5Xqi69IkD4sni8Llf..."
+    },
+    ...
+]
+```
+
+#### Messaging Algorithms
+
+##### Messaging Algorithm Names
+
+Messaging algorithm names use the extensible naming scheme used
+throughout this specification. Algorithm names that start with `m.` are
+reserved for algorithms defined by this specification. Implementations
+wanting to experiment with new algorithms must be uniquely globally
+namespaced following Java's package naming conventions.
+
+Algorithm names should be short and meaningful, and should list the
+primitives used by the algorithm so that it is easier to see if the
+algorithm is using a broken primitive.
+
+A name of `m.olm.v1` is too short: it gives no information about the
+primitives in use, and is difficult to extend for different primitives.
+However a name of
+`m.olm.v1.ecdh-curve25519-hdkfsha256.hmacsha256.hkdfsha256-aes256-cbc-hmac64sha256`
+is too long despite giving a more precise description of the algorithm:
+it adds to the data transfer overhead and sacrifices clarity for human
+readers without adding any useful extra information.
+
+##### `m.olm.v1.curve25519-aes-sha2`
+
+The name `m.olm.v1.curve25519-aes-sha2` corresponds to version 1 of the
+Olm ratchet, as defined by the [Olm
+specification](http://matrix.org/docs/spec/olm.html). This uses:
+
+-   Curve25519 for the initial key agreement.
+-   HKDF-SHA-256 for ratchet key derivation.
+-   Curve25519 for the root key ratchet.
+-   HMAC-SHA-256 for the chain key ratchet.
+-   HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated HMAC-SHA-256
+    for authenticated encryption.
+
+Devices that support Olm must include "m.olm.v1.curve25519-aes-sha2" in
+their list of supported messaging algorithms, must list a Curve25519
+device key, and must publish Curve25519 one-time keys.
+
+An event encrypted using Olm has the following format:
+
+```json
+{
+  "type": "m.room.encrypted",
+  "content": {
+    "algorithm": "m.olm.v1.curve25519-aes-sha2",
+    "sender_key": "<sender_curve25519_key>",
+    "ciphertext": {
+      "<device_curve25519_key>": {
+        "type": 0,
+        "body": "<encrypted_payload_base_64>"
+      }
+    }
+  }
+}
+```
+
+`ciphertext` is a mapping from device Curve25519 key to an encrypted
+payload for that device. `body` is a Base64-encoded Olm message body.
+`type` is an integer indicating the type of the message body: 0 for the
+initial pre-key message, 1 for ordinary messages.
+
+Olm sessions will generate messages with a type of 0 until they receive
+a message. Once a session has decrypted a message it will produce
+messages with a type of 1.
+
+When a client receives a message with a type of 0 it must first check if
+it already has a matching session. If it does then it will use that
+session to try to decrypt the message. If there is no existing session
+then the client must create a new session and use the new session to
+decrypt the message. A client must not persist a session or remove
+one-time keys used by a session until it has successfully decrypted a
+message using that session.
+
+Messages with type 1 can only be decrypted with an existing session. If
+there is no matching session, the client must treat this as an invalid
+message.
+
+The plaintext payload is of the form:
+
+```json
+{
+  "type": "<type of the plaintext event>",
+  "content": "<content for the plaintext event>",
+  "sender": "<sender_user_id>",
+  "recipient": "<recipient_user_id>",
+  "recipient_keys": {
+    "ed25519": "<our_ed25519_key>"
+  },
+  "keys": {
+    "ed25519": "<sender_ed25519_key>"
+  }
+}
+```
+
+The type and content of the plaintext message event are given in the
+payload.
+
+Other properties are included in order to prevent an attacker from
+publishing someone else's curve25519 keys as their own and subsequently
+claiming to have sent messages which they didn't. `sender` must
+correspond to the user who sent the event, `recipient` to the local
+user, and `recipient_keys` to the local ed25519 key.
+
+Clients must confirm that the `sender_key` and the `ed25519` field value
+under the `keys` property match the keys returned by [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery) for
+the given user, and must also verify the signature of the payload.
+Without this check, a client cannot be sure that the sender device owns
+the private part of the ed25519 key it claims to have in the Olm
+payload. This is crucial when the ed25519 key corresponds to a verified
+device.
+
+If a client has multiple sessions established with another device, it
+should use the session from which it last received and successfully
+decrypted a message. For these purposes, a session that has not received
+any messages should use its creation time as the time that it last
+received a message. A client may expire old sessions by defining a
+maximum number of olm sessions that it will maintain for each device,
+and expiring sessions on a Least Recently Used basis. The maximum number
+of olm sessions maintained per device should be at least 4.
+
+###### Recovering from undecryptable messages
+
+Occasionally messages may be undecryptable by clients due to a variety
+of reasons. When this happens to an Olm-encrypted message, the client
+should assume that the Olm session has become corrupted and create a new
+one to replace it.
+
+{{% boxes/note %}}
+Megolm-encrypted messages generally do not have the same problem.
+Usually the key for an undecryptable Megolm-encrypted message will come
+later, allowing the client to decrypt it successfully. Olm does not have
+a way to recover from the failure, making this session replacement
+process required.
+{{% /boxes/note %}}
+
+To establish a new session, the client sends an [m.dummy](#mdummy)
+to-device event to the other party to notify them of the new session
+details.
+
+Clients should rate-limit the number of sessions it creates per device
+that it receives a message from. Clients should not create a new session
+with another device if it has already created one for that given device
+in the past 1 hour.
+
+Clients should attempt to mitigate loss of the undecryptable messages.
+For example, Megolm sessions that were sent using the old session would
+have been lost. The client can attempt to retrieve the lost sessions
+through `m.room_key_request` messages.
+
+##### `m.megolm.v1.aes-sha2`
+
+The name `m.megolm.v1.aes-sha2` corresponds to version 1 of the Megolm
+ratchet, as defined by the [Megolm
+specification](http://matrix.org/docs/spec/megolm.html). This uses:
+
+-   HMAC-SHA-256 for the hash ratchet.
+-   HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated HMAC-SHA-256
+    for authenticated encryption.
+-   Ed25519 for message authenticity.
+
+Devices that support Megolm must support Olm, and include
+"m.megolm.v1.aes-sha2" in their list of supported messaging algorithms.
+
+An event encrypted using Megolm has the following format:
+
+```json
+{
+  "type": "m.room.encrypted",
+  "content": {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "sender_key": "<sender_curve25519_key>",
+    "device_id": "<sender_device_id>",
+    "session_id": "<outbound_group_session_id>",
+    "ciphertext": "<encrypted_payload_base_64>"
+  }
+}
+```
+
+The encrypted payload can contain any message event. The plaintext is of
+the form:
+
+```json
+{
+  "type": "<event_type>",
+  "content": "<event_content>",
+  "room_id": "<the room_id>"
+}
+```
+
+We include the room ID in the payload, because otherwise the homeserver
+would be able to change the room a message was sent in.
+
+Clients must guard against replay attacks by keeping track of the
+ratchet indices of Megolm sessions. They should reject messages with a
+ratchet index that they have already decrypted. Care should be taken in
+order to avoid false positives, as a client may decrypt the same event
+twice as part of its normal processing.
+
+As with Olm events, clients must confirm that the `sender_key` belongs
+to the user who sent the message. The same reasoning applies, but the
+sender ed25519 key has to be inferred from the `keys.ed25519` property
+of the event which established the Megolm session.
+
+In order to enable end-to-end encryption in a room, clients can send an
+`m.room.encryption` state event specifying `m.megolm.v1.aes-sha2` as its
+`algorithm` property.
+
+When creating a Megolm session in a room, clients must share the
+corresponding session key using Olm with the intended recipients, so
+that they can decrypt future messages encrypted using this session. An
+`m.room_key` event is used to do this. Clients must also handle
+`m.room_key` events sent by other devices in order to decrypt their
+messages.
+
+#### Protocol definitions
+
+##### Events
+
+{{% event event="m.room.encryption" %}}
+
+{{% event event="m.room.encrypted" %}}
+
+{{% event event="m.room_key" %}}
+
+{{% event event="m.room_key_request" %}}
+
+{{% event event="m.forwarded_room_key" %}}
+
+{{% event event="m.dummy" %}}
+
+##### Key management API
+
+{{% http-api spec="client-server" api="keys" %}}
+
+##### Extensions to /sync
+
+This module adds an optional `device_lists` property to the [`/sync`](/client-server-api/#get_matrixclientr0sync)  response,
+as specified below. The server need only populate this property for an
+incremental `/sync` (i.e., one where the `since` parameter was
+specified). The client is expected to use [`/keys/query`](/client-server-api/#post_matrixclientr0keysquery) or
+[`/keys/changes`](/client-server-api/#get_matrixclientr0keyschanges) for the equivalent functionality after an initial
+sync, as documented in [Tracking the device list for a
+user](#tracking-the-device-list-for-a-user).
+
+It also adds a `one_time_keys_count` property. Note the spelling
+difference with the `one_time_key_counts` property in the
+[`/keys/upload`](/client-server-api/#post_matrixclientr0keysupload) response.
+
+| Parameter                  | Type               | Description                                                                                                            |
+|----------------------------|--------------------|------------------------------------------------------------------------------------------------------------------------|
+| device_lists               | DeviceLists        | Optional. Information on e2e device updates. Note: only present on an incremental sync.                                |
+| device_one_time_keys_count | {string: integer}  | Optional. For each key algorithm, the number of unclaimed one-time keys currently held on the server for this device.  |
+
+`DeviceLists`
+
+| Parameter  | Type      | Description                                                                                                                                                      |
+|------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| changed    | [string]  | List of users who have updated their device identity or cross-signing keys, or who now share an encrypted room with the client since the previous sync response. |
+| left       | [string]  | List of users with whom we do not share any encrypted rooms anymore since the previous sync response.                                                            |
+
+{{% boxes/note %}}
+For optimal performance, Alice should be added to `changed` in Bob's
+sync only when she updates her devices or cross-signing keys, or when
+Alice and Bob now share a room but didn't share any room previously.
+However, for the sake of simpler logic, a server may add Alice to
+`changed` when Alice and Bob share a new room, even if they previously
+already shared a room.
+{{% /boxes/note %}}
+
+Example response:
+
+```json
+{
+  "next_batch": "s72595_4483_1934",
+  "rooms": {"leave": {}, "join": {}, "invite": {}},
+  "device_lists": {
+    "changed": [
+       "@alice:example.com",
+    ],
+    "left": [
+       "@bob:example.com",
+    ],
+  },
+  "device_one_time_keys_count": {
+    "curve25519": 10,
+    "signed_curve25519": 20
+  }
+}
+```
+
+#### Reporting that decryption keys are withheld
+
+When sending an encrypted event to a room, a client can optionally
+signal to other devices in that room that it is not sending them the
+keys needed to decrypt the event. In this way, the receiving client can
+indicate to the user why it cannot decrypt the event, rather than just
+showing a generic error message.
+
+In the same way, when one device requests keys from another using [Key
+requests](#key-requests), the device from which the key is being
+requested may want to tell the requester that it is purposely not
+sharing the key.
+
+If Alice withholds a megolm session from Bob for some messages in a
+room, and then later on decides to allow Bob to decrypt later messages,
+she can send Bob the megolm session, ratcheted up to the point at which
+she allows Bob to decrypt the messages. If Bob logs into a new device
+and uses key sharing to obtain the decryption keys, the new device will
+be sent the megolm sessions that have been ratcheted up. Bob's old
+device can include the reason that the session was initially not shared
+by including a `withheld` property in the `m.forwarded_room_key` message
+that is an object with the `code` and `reason` properties from the
+`m.room_key.withheld` message.
+
+{{% event event="m.room_key.withheld" %}}
diff --git a/content/client-server-api/modules/event_context.md b/content/client-server-api/modules/event_context.md
new file mode 100644
index 00000000000..65b1a7a4f52
--- /dev/null
+++ b/content/client-server-api/modules/event_context.md
@@ -0,0 +1,21 @@
+---
+type: module
+weight: 210
+---
+
+### Event Context
+
+This API returns a number of events that happened just before and after
+the specified event. This allows clients to get the context surrounding
+an event.
+
+#### Client behaviour
+
+There is a single HTTP API for retrieving event context, documented
+below.
+
+{{% http-api spec="client-server" api="event_context" %}}
+
+#### Security considerations
+
+The server must only return results that the user has permission to see.
diff --git a/content/client-server-api/modules/guest_access.md b/content/client-server-api/modules/guest_access.md
new file mode 100644
index 00000000000..7d04035e9cb
--- /dev/null
+++ b/content/client-server-api/modules/guest_access.md
@@ -0,0 +1,91 @@
+---
+type: module
+weight: 160
+---
+
+### Guest Access
+
+There are times when it is desirable for clients to be able to interact
+with rooms without having to fully register for an account on a
+homeserver or join the room. This module specifies how these clients
+should interact with servers in order to participate in rooms as guests.
+
+Guest users retrieve access tokens from a homeserver using the ordinary
+[register
+endpoint](#post_matrixclientr0register),
+specifying the `kind` parameter as `guest`. They may then interact with
+the client-server API as any other user would, but will only have access
+to a subset of the API as described the Client behaviour subsection
+below. Homeservers may choose not to allow this access at all to their
+local users, but have no information about whether users on other
+homeservers are guests or not.
+
+Guest users can also upgrade their account by going through the ordinary
+`register` flow, but specifying the additional POST parameter
+`guest_access_token` containing the guest's access token. They are also
+required to specify the `username` parameter to the value of the local
+part of their username, which is otherwise optional.
+
+This module does not fully factor in federation; it relies on individual
+homeservers properly adhering to the rules set out in this module,
+rather than allowing all homeservers to enforce the rules on each other.
+
+#### Events
+
+{{% event event="m.room.guest_access" %}}
+
+#### Client behaviour
+
+The following API endpoints are allowed to be accessed by guest accounts
+for retrieving events:
+
+-   [GET /rooms/:room\_id/state](#get_matrixclientr0roomsroomidstate)
+-   [GET /rooms/:room\_id/context/:event\_id](#get_matrixclientr0roomsroomidcontexteventid)
+-   [GET /rooms/:room\_id/event/:event\_id](#get_matrixclientr0roomsroomideventeventid)
+-   [GET /rooms/:room\_id/state/:event\_type/:state\_key](#get_matrixclientr0roomsroomidstateeventtypestatekey)
+-   [GET /rooms/:room\_id/messages](#get_matrixclientr0roomsroomidmessages)
+-   [GET /rooms/:room\_id/members](#get_matrixclientr0roomsroomidmembers)
+-   [GET /rooms/:room\_id/initialSync](#get_matrixclientr0roomsroomidinitialsync)
+-   [GET /sync](#get_matrixclientr0sync)
+-   [GET /events](#get_matrixclientr0events) as used for room previews.
+
+The following API endpoints are allowed to be accessed by guest accounts
+for sending events:
+
+-   [POST /rooms/:room\_id/join](#post_matrixclientr0roomsroomidjoin)
+-   [POST /rooms/:room\_id/leave](#post_matrixclientr0roomsroomidleave)
+-   [PUT /rooms/:room\_id/send/m.room.message/:txn\_id](#put_matrixclientr0roomsroomidsendeventtypetxnid)
+-   [PUT /sendToDevice/{eventType}/{txnId}](#put_matrixclientr0sendtodeviceeventtypetxnid)
+
+The following API endpoints are allowed to be accessed by guest accounts
+for their own account maintenance:
+
+-   [PUT /profile/:user\_id/displayname](#put_matrixclientr0profileuseriddisplayname)
+-   [GET /devices](#get_matrixclientr0devices)
+-   [GET /devices/{deviceId}](#get_matrixclientr0devicesdeviceid)
+-   [PUT /devices/{deviceId}](#put_matrixclientr0devicesdeviceid)
+
+The following API endpoints are allowed to be accessed by guest accounts
+for end-to-end encryption:
+
+-   [POST /keys/upload](#post_matrixclientr0keysupload)
+-   [POST /keys/query](#post_matrixclientr0keysquery)
+-   [POST /keys/claim](#post_matrixclientr0keysclaim)
+
+#### Server behaviour
+
+Servers MUST only allow guest users to join rooms if the
+`m.room.guest_access` state event is present on the room, and has the
+`guest_access` value `can_join`. If the `m.room.guest_access` event is
+changed to stop this from being the case, the server MUST set those
+users' `m.room.member` state to `leave`.
+
+#### Security considerations
+
+Each homeserver manages its own guest accounts itself, and whether an
+account is a guest account or not is not information passed from server
+to server. Accordingly, any server participating in a room is trusted to
+properly enforce the permissions outlined in this section.
+
+Homeservers may want to enable protections such as captchas for guest
+registration to prevent spam, denial of service, and similar attacks.
diff --git a/content/client-server-api/modules/history_visibility.md b/content/client-server-api/modules/history_visibility.md
new file mode 100644
index 00000000000..0a00f01eecb
--- /dev/null
+++ b/content/client-server-api/modules/history_visibility.md
@@ -0,0 +1,91 @@
+---
+type: module
+weight: 120
+---
+
+### Room History Visibility
+
+This module adds support for controlling the visibility of previous
+events in a room.
+
+In all cases except `world_readable`, a user needs to join a room to
+view events in that room. Once they have joined a room, they will gain
+access to a subset of events in the room. How this subset is chosen is
+controlled by the `m.room.history_visibility` event outlined below.
+After a user has left a room, they may see any events which they were
+allowed to see before they left the room, but no events received after
+they left.
+
+The four options for the `m.room.history_visibility` event are:
+
+-   `world_readable` - All events while this is the
+    `m.room.history_visibility` value may be shared by any participating
+    homeserver with anyone, regardless of whether they have ever joined
+    the room.
+-   `shared` - Previous events are always accessible to newly joined
+    members. All events in the room are accessible, even those sent when
+    the member was not a part of the room.
+-   `invited` - Events are accessible to newly joined members from the
+    point they were invited onwards. Events stop being accessible when
+    the member's state changes to something other than `invite` or
+    `join`.
+-   `joined` - Events are accessible to newly joined members from the
+    point they joined the room onwards. Events stop being accessible
+    when the member's state changes to something other than `join`.
+
+{{% boxes/warning %}}
+These options are applied at the point an event is *sent*. Checks are
+performed with the state of the `m.room.history_visibility` event when
+the event in question is added to the DAG. This means clients cannot
+retrospectively choose to show or hide history to new users if the
+setting at that time was more restrictive.
+{{% /boxes/warning %}}
+
+#### Events
+
+{{% event event="m.room.history_visibility" %}}
+
+#### Client behaviour
+
+Clients that implement this module MUST present to the user the possible
+options for setting history visibility when creating a room.
+
+Clients may want to display a notice that their events may be read by
+non-joined people if the value is set to `world_readable`.
+
+#### Server behaviour
+
+By default if no `history_visibility` is set, or if the value is not
+understood, the visibility is assumed to be `shared`. The rules
+governing whether a user is allowed to see an event depend on the state
+of the room *at that event*.
+
+1.  If the `history_visibility` was set to `world_readable`, allow.
+2.  If the user's `membership` was `join`, allow.
+3.  If `history_visibility` was set to `shared`, and the user joined the
+    room at any point after the event was sent, allow.
+4.  If the user's `membership` was `invite`, and the
+    `history_visibility` was set to `invited`, allow.
+5.  Otherwise, deny.
+
+For `m.room.history_visibility` events themselves, the user should be
+allowed to see the event if the `history_visibility` before *or* after
+the event would allow them to see it. (For example, a user should be
+able to see `m.room.history_visibility` events which change the
+`history_visibility` from `world_readable` to `joined` *or* from
+`joined` to `world_readable`, even if that user was not a member of the
+room.)
+
+Likewise, for the user's own `m.room.member` events, the user should be
+allowed to see the event if their `membership` before *or* after the
+event would allow them to see it. (For example, a user can always see
+`m.room.member` events which set their membership to `join`, or which
+change their membership from `join` to any other value, even if
+`history_visibility` is `joined`.)
+
+#### Security considerations
+
+The default value for `history_visibility` is `shared` for
+backwards-compatibility reasons. Clients need to be aware that by not
+setting this event they are exposing all of their room history to anyone
+in the room.
diff --git a/content/client-server-api/modules/ignore_users.md b/content/client-server-api/modules/ignore_users.md
new file mode 100644
index 00000000000..b67f5976c17
--- /dev/null
+++ b/content/client-server-api/modules/ignore_users.md
@@ -0,0 +1,50 @@
+---
+type: module
+weight: 240
+---
+
+### Ignoring Users
+
+With all the communication through Matrix it may be desirable to ignore
+a particular user for whatever reason. This module defines how clients
+and servers can implement the ignoring of users.
+
+#### Events
+
+{{% event event="m.ignored_user_list" %}}
+
+#### Client behaviour
+
+To ignore a user, effectively blocking them, the client should add the
+target user to the `m.ignored_user_list` event in their account data
+using [`/user/<user_id>/account_data/<type>`](/client-server-api/#put_matrixclientr0useruseridaccount_datatype). Once ignored, the client will no longer receive events sent by
+that user, with the exception of state events. The client should either
+hide previous content sent by the newly ignored user or perform a new
+`/sync` with no previous token.
+
+Invites to new rooms by ignored users will not be sent to the client.
+The server may optionally reject the invite on behalf of the client.
+
+State events will still be sent to the client, even if the user is
+ignored. This is to ensure parts, such as the room name, do not appear
+different to the user just because they ignored the sender.
+
+To remove a user from the ignored users list, remove them from the
+account data event. The server will resume sending events from the
+previously ignored user, however it should not send events that were
+missed while the user was ignored. To receive the events that were sent
+while the user was ignored the client should perform a fresh sync. The
+client may also un-hide any events it previously hid due to the user
+becoming ignored.
+
+#### Server behaviour
+
+Following an update of the `m.ignored_user_list`, the sync API for all
+clients should immediately start ignoring (or un-ignoring) the user.
+Clients are responsible for determining if they should hide previously
+sent events or to start a new sync stream.
+
+Servers must still send state events sent by ignored users to clients.
+
+Servers must not send room invites from ignored users to clients.
+Servers may optionally decide to reject the invite, however.
diff --git a/content/client-server-api/modules/instant_messaging.md b/content/client-server-api/modules/instant_messaging.md
new file mode 100644
index 00000000000..ca2cb74a37c
--- /dev/null
+++ b/content/client-server-api/modules/instant_messaging.md
@@ -0,0 +1,524 @@
+---
+type: module
+weight: 10
+---
+
+### Instant Messaging
+
+This module adds support for sending human-readable messages to a room.
+It also adds support for associating human-readable information with the
+room itself such as a room name and topic.
+
+#### Events
+
+{{% event event="m.room.message" %}}
+
+{{% event event="m.room.message.feedback" %}}
+
+Usage of this event is discouraged for several reasons:  
+-   The number of feedback events will grow very quickly with the number
+    of users in the room. This event provides no way to "batch"
+    feedback, unlike the [receipts module](#receipts).
+-   Pairing feedback to messages gets complicated when paginating as
+    feedback arrives before the message it is acknowledging.
+-   There are no guarantees that the client has seen the event ID being
+    acknowledged.
+
+{{% event event="m.room.name" %}}
+
+{{% event event="m.room.topic" %}}
+
+{{% event event="m.room.avatar" %}}
+
+{{% event event="m.room.pinned_events" %}}
+
+##### m.room.message msgtypes
+
+Each [m.room.message](#m.room.message) MUST have a `msgtype` key which identifies the
+type of message being sent. Each type has their own required and
+optional keys, as outlined below. If a client cannot display the given
+`msgtype` then it SHOULD display the fallback plain text `body` key
+instead.
+
+Some message types support HTML in the event content that clients should
+prefer to display if available. Currently `m.text`, `m.emote`, and
+`m.notice` support an additional `format` parameter of
+`org.matrix.custom.html`. When this field is present, a `formatted_body`
+with the HTML must be provided. The plain text version of the HTML
+should be provided in the `body`.
+
+Clients should limit the HTML they render to avoid Cross-Site Scripting,
+HTML injection, and similar attacks. The strongly suggested set of HTML
+tags to permit, denying the use and rendering of anything else, is:
+`font`, `del`, `h1`, `h2`, `h3`, `h4`, `h5`, `h6`, `blockquote`, `p`,
+`a`, `ul`, `ol`, `sup`, `sub`, `li`, `b`, `i`, `u`, `strong`, `em`,
+`strike`, `code`, `hr`, `br`, `div`, `table`, `thead`, `tbody`, `tr`,
+`th`, `td`, `caption`, `pre`, `span`, `img`, `details`, `summary`.
+
+Not all attributes on those tags should be permitted as they may be
+avenues for other disruption attempts, such as adding `onclick` handlers
+or excessively large text. Clients should only permit the attributes
+listed for the tags below. Where `data-mx-bg-color` and `data-mx-color`
+are listed, clients should translate the value (a 6-character hex color
+code) to the appropriate CSS/attributes for the tag.
+
+`font`  
+`data-mx-bg-color`, `data-mx-color`, `color`
+
+`span`  
+`data-mx-bg-color`, `data-mx-color`, `data-mx-spoiler` (see 
+[spoiler messages](#spoiler-messages))
+
+`a`  
+`name`, `target`, `href` (provided the value is not relative and has a
+scheme matching one of: `https`, `http`, `ftp`, `mailto`, `magnet`)
+
+`img`  
+`width`, `height`, `alt`, `title`, `src` (provided it is a [Matrix
+Content (MXC) URI](#matrix-content-mxc-uris))
+
+`ol`  
+`start`
+
+`code`  
+`class` (only classes which start with `language-` for syntax
+highlighting)
+
+Additionally, web clients should ensure that *all* `a` tags get a
+`rel="noopener"` to prevent the target page from referencing the
+client's tab/window.
+
+Tags must not be nested more than 100 levels deep. Clients should only
+support the subset of tags they can render, falling back to other
+representations of the tags where possible. For example, a client may
+not be able to render tables correctly and instead could fall back to
+rendering tab-delimited text.
+
+In addition to not rendering unsafe HTML, clients should not emit unsafe
+HTML in events. Likewise, clients should not generate HTML that is not
+needed, such as extra paragraph tags surrounding text due to Rich Text
+Editors. HTML included in events should otherwise be valid, such as
+having appropriate closing tags, appropriate attributes (considering the
+custom ones defined in this specification), and generally valid
+structure.
+
+A special tag, `mx-reply`, may appear on rich replies (described below)
+and should be allowed if, and only if, the tag appears as the very first
+tag in the `formatted_body`. The tag cannot be nested and cannot be
+located after another tag in the tree. Because the tag contains HTML, an
+`mx-reply` is expected to have a partner closing tag and should be
+treated similar to a `div`. Clients that support rich replies will end
+up stripping the tag and its contents and therefore may wish to exclude
+the tag entirely.
+
+{{% boxes/note %}}
+A future iteration of the specification will support more powerful and
+extensible message formatting options, such as the proposal
+[MSC1767](https://github.com/matrix-org/matrix-doc/pull/1767).
+{{% /boxes/note %}}
+
+{{% msgtypes %}}
+
+#### Client behaviour
+
+Clients SHOULD verify the structure of incoming events to ensure that
+the expected keys exist and that they are of the right type. Clients can
+discard malformed events or display a placeholder message to the user.
+Redacted `m.room.message` events MUST be removed from the client. This
+can either be replaced with placeholder text (e.g. "\[REDACTED\]") or
+the redacted message can be removed entirely from the messages view.
+
+Events which have attachments (e.g. `m.image`, `m.file`) SHOULD be
+uploaded using the [content repository module](#content-repository)
+where available. The resulting `mxc://` URI can then be used in the `url`
+key.
+
+Clients MAY include a client generated thumbnail image for an attachment
+under a `info.thumbnail_url` key. The thumbnail SHOULD also be a
+`mxc://` URI. Clients displaying events with attachments can either use
+the client generated thumbnail or ask its homeserver to generate a
+thumbnail from the original attachment using the [content repository
+module](#content-repository).
+
+##### Recommendations when sending messages
+
+In the event of send failure, clients SHOULD retry requests using an
+exponential-backoff algorithm for a certain amount of time T. It is
+recommended that T is no longer than 5 minutes. After this time, the
+client should stop retrying and mark the message as "unsent". Users
+should be able to manually resend unsent messages.
+
+Users may type several messages at once and send them all in quick
+succession. Clients SHOULD preserve the order in which they were sent by
+the user. This means that clients should wait for the response to the
+previous request before sending the next request. This can lead to
+head-of-line blocking. In order to reduce the impact of head-of-line
+blocking, clients should use a queue per room rather than a global
+queue, as ordering is only relevant within a single room rather than
+between rooms.
+
+##### Local echo
+
+Messages SHOULD appear immediately in the message view when a user
+presses the "send" button. This should occur even if the message is
+still sending. This is referred to as "local echo". Clients SHOULD
+implement "local echo" of messages. Clients MAY display messages in a
+different format to indicate that the server has not processed the
+message. This format should be removed when the server responds.
+
+Clients need to be able to match the message they are sending with the
+same message which they receive from the event stream. The echo of the
+same message from the event stream is referred to as "remote echo". Both
+echoes need to be identified as the same message in order to prevent
+duplicate messages being displayed. Ideally this pairing would occur
+transparently to the user: the UI would not flicker as it transitions
+from local to remote. Flickering can be reduced through clients making
+use of the transaction ID they used to send a particular event. The
+transaction ID used will be included in the event's `unsigned` data as
+`transaction_id` when it arrives through the event stream.
+
+Clients unable to make use of the transaction ID are likely to
+experience flickering when the remote echo arrives on the event stream
+*before* the request to send the message completes. In that case the
+event arrives before the client has obtained an event ID, making it
+impossible to identify it as a remote echo. This results in the client
+displaying the message twice for some time (depending on the server
+responsiveness) before the original request to send the message
+completes. Once it completes, the client can take remedial actions to
+remove the duplicate event by looking for duplicate event IDs.
+
+##### Calculating the display name for a user
+
+Clients may wish to show the human-readable display name of a room
+member as part of a membership list, or when they send a message.
+However, different members may have conflicting display names. Display
+names MUST be disambiguated before showing them to the user, in order to
+prevent spoofing of other users.
+
+To ensure this is done consistently across clients, clients SHOULD use
+the following algorithm to calculate a disambiguated display name for a
+given user:
+
+1.  Inspect the `m.room.member` state event for the relevant user id.
+2.  If the `m.room.member` state event has no `displayname` field, or if
+    that field has a `null` value, use the raw user id as the display
+    name. Otherwise:
+3.  If the `m.room.member` event has a `displayname` which is unique
+    among members of the room with `membership: join` or
+    `membership: invite`, use the given `displayname` as the
+    user-visible display name. Otherwise:
+4.  The `m.room.member` event has a non-unique `displayname`. This
+    should be disambiguated using the user id, for example "display name
+    (@id:homeserver.org)".
+
+Developers should take note of the following when implementing the above
+algorithm:
+
+-   The user-visible display name of one member can be affected by
+    changes in the state of another member. For example, if
+    `@user1:matrix.org` is present in a room, with `displayname: Alice`,
+    then when `@user2:example.com` joins the room, also with
+    `displayname: Alice`, *both* users must be given disambiguated
+    display names. Similarly, when one of the users then changes their
+    display name, there is no longer a clash, and *both* users can be
+    given their chosen display name. Clients should be alert to this
+    possibility and ensure that all affected users are correctly
+    renamed.
+-   The display name of a room may also be affected by changes in the
+    membership list. This is due to the room name sometimes being based
+    on user display names (see [Calculating the display name for a
+    room](#calculating-the-display-name-for-a-room)).
+-   If the entire membership list is searched for clashing display
+    names, this leads to an O(N^2) implementation for building the list
+    of room members. This will be very inefficient for rooms with large
+    numbers of members. It is recommended that client implementations
+    maintain a hash table mapping from `displayname` to a list of room
+    members using that name. Such a table can then be used for efficient
+    calculation of whether disambiguation is needed.
+
+##### Displaying membership information with messages
+
+Clients may wish to show the display name and avatar URL of the room
+member who sent a message. This can be achieved by inspecting the
+`m.room.member` state event for that user ID (see [Calculating the
+display name for a user](#calculating-the-display-name-for-a-user)).
+
+When a user paginates the message history, clients may wish to show the
+**historical** display name and avatar URL for a room member. This is
+possible because older `m.room.member` events are returned when
+paginating. This can be implemented efficiently by keeping two sets of
+room state: old and current. As new events arrive and/or the user
+paginates back in time, these two sets of state diverge from each other.
+New events update the current state and paginated events update the old
+state. When paginated events are processed sequentially, the old state
+represents the state of the room *at the time the event was sent*. This
+can then be used to set the historical display name and avatar URL.
+
+##### Calculating the display name for a room
+
+Clients may wish to show a human-readable name for a room. There are a
+number of possibilities for choosing a useful name. To ensure that rooms
+are named consistently across clients, clients SHOULD use the following
+algorithm to choose a name:
+
+1.  If the room has an [m.room.name](#m.room.name) state event with a non-empty
+    `name` field, use the name given by that field.
+2.  If the room has an [m.room.canonical\_alias](#m.room.canonical_alias) state event with a
+    valid `alias` field, use the alias given by that field as the name.
+    Note that clients should avoid using `alt_aliases` when calculating
+    the room name.
+3.  If none of the above conditions are met, a name should be composed
+    based on the members of the room. Clients should consider
+    [m.room.member](#m.room.member) events for users other than the logged-in user, as
+    defined below.
+    1.  If the number of `m.heroes` for the room are greater or equal to
+        `m.joined_member_count + m.invited_member_count - 1`, then use
+        the membership events for the heroes to calculate display names
+        for the users ([disambiguating them if
+        required](#calculating-the-display-name-for-a-user)) and
+        concatenating them. For example, the client may choose to show
+        "Alice, Bob, and Charlie (@charlie:example.org)" as the room
+        name. The client may optionally limit the number of users it
+        uses to generate a room name.
+    2.  If there are fewer heroes than
+        `m.joined_member_count + m.invited_member_count - 1`, and
+        `m.joined_member_count + m.invited_member_count` is greater than
+        1, the client should use the heroes to calculate display names
+        for the users ([disambiguating them if
+        required](#calculating-the-display-name-for-a-user)) and
+        concatenating them alongside a count of the remaining users. For
+        example, "Alice, Bob, and 1234 others".
+    3.  If `m.joined_member_count + m.invited_member_count` is less than
+        or equal to 1 (indicating the member is alone), the client
+        should use the rules above to indicate that the room was empty.
+        For example, "Empty Room (was Alice)", "Empty Room (was Alice
+        and 1234 others)", or "Empty Room" if there are no heroes.
+
+Clients SHOULD internationalise the room name to the user's language
+when using the `m.heroes` to calculate the name. Clients SHOULD use
+minimum 5 heroes to calculate room names where possible, but may use
+more or less to fit better with their user experience.
+
+##### Rich replies
+
+In some cases, events may wish to reference other events. This could be
+to form a thread of messages for the user to follow along with, or to
+provide more context as to what a particular event is describing.
+Currently, the only kind of relation defined is a "rich reply" where a
+user may reference another message to create a thread-like conversation.
+
+Relationships are defined under an `m.relates_to` key in the event's
+`content`. If the event is of the type `m.room.encrypted`, the
+`m.relates_to` key MUST NOT be covered by the encryption and instead be
+put alongside the encryption information held in the `content`.
+
+A rich reply is formed through use of an `m.relates_to` relation for
+`m.in_reply_to` where a single key, `event_id`, is used to reference the
+event being replied to. The referenced event ID SHOULD belong to the
+same room where the reply is being sent. Clients should be cautious of
+the event ID belonging to another room, or being invalid entirely. Rich
+replies can only be constructed in the form of `m.room.message` events
+with a `msgtype` of `m.text` or `m.notice`. Due to the fallback
+requirements, rich replies cannot be constructed for types of `m.emote`,
+`m.file`, etc. Rich replies may reference any other `m.room.message`
+event, however. Rich replies may reference another event which also has
+a rich reply, infinitely.
+
+An `m.in_reply_to` relationship looks like the following:
+
+```
+{
+  ...
+  "type": "m.room.message",
+  "content": {
+    "msgtype": "m.text",
+    "body": "<body including fallback>",
+    "format": "org.matrix.custom.html",
+    "formatted_body": "<HTML including fallback>",
+    "m.relates_to": {
+      "m.in_reply_to": {
+        "event_id": "$another:event.com"
+      }
+    }
+  }
+}
+```
+
+##### Fallbacks for rich replies
+
+Some clients may not have support for rich replies and therefore need a
+fallback to use instead. Clients that do not support rich replies should
+render the event as if rich replies were not special.
+
+Clients that do support rich replies MUST provide the fallback format on
+replies, and MUST strip the fallback before rendering the reply. Rich
+replies MUST have a `format` of `org.matrix.custom.html` and therefore a
+`formatted_body` alongside the `body` and appropriate `msgtype`. The
+specific fallback text is different for each `msgtype`, however the
+general format for the `body` is:
+
+    > <@alice:example.org> This is the original body
+
+    This is where the reply goes
+
+The `formatted_body` should use the following template:
+
+    <mx-reply>
+      <blockquote>
+        <a href="https://matrix.to/#/!somewhere:example.org/$event:example.org">In reply to</a>
+        <a href="https://matrix.to/#/@alice:example.org">@alice:example.org</a>
+        <br />
+        <!-- This is where the related event's HTML would be. -->
+      </blockquote>
+    </mx-reply>
+    This is where the reply goes.
+
+If the related event does not have a `formatted_body`, the event's
+`body` should be considered after encoding any HTML special characters.
+Note that the `href` in both of the anchors use a [matrix.to
+URI](/appendices#matrixto-navigation).
+
+###### Stripping the fallback
+
+Clients which support rich replies MUST strip the fallback from the
+event before rendering the event. This is because the text provided in
+the fallback cannot be trusted to be an accurate representation of the
+event. After removing the fallback, clients are recommended to represent
+the event referenced by `m.in_reply_to` similar to the fallback's
+representation, although clients do have creative freedom for their user
+interface. Clients should prefer the `formatted_body` over the `body`,
+just like with other `m.room.message` events.
+
+To strip the fallback on the `body`, the client should iterate over each
+line of the string, removing any lines that start with the fallback
+prefix ("&gt; ", including the space, without quotes) and stopping when
+a line is encountered without the prefix. This prefix is known as the
+"fallback prefix sequence".
+
+To strip the fallback on the `formatted_body`, the client should remove
+the entirety of the `mx-reply` tag.
+
+###### Fallback for `m.text`, `m.notice`, and unrecognised message types
+
+Using the prefix sequence, the first line of the related event's `body`
+should be prefixed with the user's ID, followed by each line being
+prefixed with the fallback prefix sequence. For example:
+
+    > <@alice:example.org> This is the first line
+    > This is the second line
+
+    This is the reply
+
+The `formatted_body` uses the template defined earlier in this section.
+
+###### Fallback for `m.emote`
+
+Similar to the fallback for `m.text`, each line gets prefixed with the
+fallback prefix sequence. However an asterisk should be inserted before
+the user's ID, like so:
+
+    > * <@alice:example.org> feels like today is going to be a great day
+
+    This is the reply
+
+The `formatted_body` has a subtle difference for the template where the
+asterisk is also inserted ahead of the user's ID:
+
+    <mx-reply>
+      <blockquote>
+        <a href="https://matrix.to/#/!somewhere:example.org/$event:example.org">In reply to</a>
+        * <a href="https://matrix.to/#/@alice:example.org">@alice:example.org</a>
+        <br />
+        <!-- This is where the related event's HTML would be. -->
+      </blockquote>
+    </mx-reply>
+    This is where the reply goes.
+
+###### Fallback for `m.image`, `m.video`, `m.audio`, and `m.file`
+
+The related event's `body` would be a file name, which may not be very
+descriptive. The related event should additionally not have a `format`
+or `formatted_body` in the `content` - if the event does have a `format`
+and/or `formatted_body`, those fields should be ignored. Because the
+filename alone may not be descriptive, the related event's `body` should
+be considered to be `"sent a file."` such that the output looks similar
+to the following:
+
+    > <@alice:example.org> sent a file.
+
+    This is the reply
+
+    <mx-reply>
+      <blockquote>
+        <a href="https://matrix.to/#/!somewhere:example.org/$event:example.org">In reply to</a>
+        <a href="https://matrix.to/#/@alice:example.org">@alice:example.org</a>
+        <br />
+        sent a file.
+      </blockquote>
+    </mx-reply>
+    This is where the reply goes.
+
+For `m.image`, the text should be `"sent an image."`. For `m.video`, the
+text should be `"sent a video."`. For `m.audio`, the text should be
+`"sent an audio file"`.
+
+##### Spoiler messages
+
+Parts of a message can be hidden visually from the user through use of spoilers. 
+This does not affect the server's representation of the event content - it 
+is simply a visual cue to the user that the message may reveal important 
+information about something, spoiling any relevant surprise.
+
+To send spoilers clients MUST use the `formatted_body` and therefore the 
+`org.matrix.custom.html` format, described above. This makes spoilers valid on
+any `msgtype` which can support this format appropriately. 
+
+Spoilers themselves are contained with `span` tags, with the reason (optionally)
+being in the `data-mx-spoiler` attribute. Spoilers without a reason must at least
+specify the attribute, though the value may be empty/undefined.
+
+An example of a spoiler is:
+
+```json
+{
+  "msgtype": "m.text",
+  "format": "org.matrix.custom.html",
+  "body": "Alice [Spoiler](mxc://example.org/abc123) in the movie.",
+  "formatted_body": "Alice <span data-mx-spoiler>lived happily ever after</span> in the movie."
+}
+```
+
+If a reason were to be supplied, it would look like:
+
+```json
+{
+  "msgtype": "m.text",
+  "format": "org.matrix.custom.html",
+  "body": "Alice [Spoiler for health of Alice](mxc://example.org/abc123) in the movie.",
+  "formatted_body": "Alice <span data-mx-spoiler='health of alice'>lived happily ever after</span> in the movie."
+}
+```
+
+When sending a spoiler, clients SHOULD provide the plain text fallback in the `body`
+as shown above (including the reason). The fallback SHOULD omit the spoiler text verbatim
+since `body` might show up in text-only clients or in notifications. To prevent spoilers
+showing up in such situations, clients are strongly encouraged to first upload the plaintext
+to the media repository then reference the MXC URI in a markdown-style link, as shown above.
+
+Clients SHOULD render spoilers differently with some sort of disclosure. For example, the
+client could blur the actual text and ask the user to click on it for it to be revealed.
+
+#### Server behaviour
+
+Homeservers SHOULD reject `m.room.message` events which don't have a
+`msgtype` key, or which don't have a textual `body` key, with an HTTP
+status code of 400.
+
+#### Security considerations
+
+Messages sent using this module are not encrypted, although end to end
+encryption is in development (see [E2E module](#end-to-end-encryption)).
+
+Clients should sanitise **all displayed keys** for unsafe HTML to
+prevent Cross-Site Scripting (XSS) attacks. This includes room names and
+topics.
diff --git a/content/client-server-api/modules/mentions.md b/content/client-server-api/modules/mentions.md
new file mode 100644
index 00000000000..f6f9084ae85
--- /dev/null
+++ b/content/client-server-api/modules/mentions.md
@@ -0,0 +1,60 @@
+---
+type: module
+weight: 300
+---
+
+### User, room, and group mentions
+
+This module allows users to mention other users, rooms, and groups
+within a room message. This is achieved by including a [matrix.to
+URI](/appendices/#matrixto-navigation) in the HTML body of an
+[m.room.message](#mroommessage) event. This module does not have any server-specific
+behaviour to it.
+
+Mentions apply only to [m.room.message](#mroommessage) events where the `msgtype` is
+`m.text`, `m.emote`, or `m.notice`. The `format` for the event must be
+`org.matrix.custom.html` and therefore requires a `formatted_body`.
+
+To make a mention, reference the entity being mentioned in the
+`formatted_body` using an anchor, like so:
+
+```json
+{
+    "body": "Hello Alice!",
+    "msgtype": "m.text",
+    "format": "org.matrix.custom.html",
+    "formatted_body": "Hello <a href='https://matrix.to/#/@alice:example.org'>Alice</a>!"
+}
+```
+
+#### Client behaviour
+
+In addition to using the appropriate `matrix.to URI` for the mention,
+clients should use the following guidelines when making mentions in
+events to be sent:
+
+-   When mentioning users, use the user's potentially ambiguous display
+    name for the anchor's text. If the user does not have a display
+    name, use the user's ID.
+-   When mentioning rooms, use the canonical alias for the room. If the
+    room does not have a canonical alias, prefer one of the aliases
+    listed on the room. If no alias can be found, fall back to the room
+    ID. In all cases, use the alias/room ID being linked to as the
+    anchor's text.
+-   When referencing groups, use the group ID as the anchor's text.
+
+The text component of the anchor should be used in the event's `body`
+where the mention would normally be represented, as shown in the example
+above.
+
+Clients should display mentions differently from other elements. For
+example, this may be done by changing the background color of the
+mention to indicate that it is different from a normal link.
+
+If the current user is mentioned in a message (either by a mention as
+defined in this module or by a push rule), the client should show that
+mention differently from other mentions, such as by using a red
+background color to signify to the user that they were mentioned.
+
+When clicked, the mention should navigate the user to the appropriate
+room, group, or user information.
diff --git a/content/client-server-api/modules/moderation_policies.md b/content/client-server-api/modules/moderation_policies.md
new file mode 100644
index 00000000000..c164b1b1e75
--- /dev/null
+++ b/content/client-server-api/modules/moderation_policies.md
@@ -0,0 +1,126 @@
+---
+type: module
+weight: 330
+---
+
+### Moderation policy lists
+
+With Matrix being an open network where anyone can participate, a very
+wide range of content exists and it is important that users are
+empowered to select which content they wish to see, and which content
+they wish to block. By extension, room moderators and server admins
+should also be able to select which content they do not wish to host in
+their rooms and servers.
+
+The protocol's position on this is one of neutrality: it should not be
+deciding what content is undesirable for any particular entity and
+should instead be empowering those entities to make their own decisions.
+As such, a generic framework for communicating "moderation policy lists"
+or "moderation policy rooms" is described. Note that this module only
+describes the data structures and not how they should be interpreting:
+the entity making the decisions on filtering is best positioned to
+interpret the rules how it sees fit.
+
+Moderation policy lists are stored as room state events. There are no
+restrictions on how the rooms can be configured (they could be public,
+private, encrypted, etc).
+
+There are currently 3 kinds of entities which can be affected by rules:
+`user`, `server`, and `room`. All 3 are described with
+`m.policy.rule.<kind>` state events. The `state_key` for a policy rule
+is an arbitrary string decided by the sender of the rule.
+
+Rules contain recommendations and reasons for the rule existing. The
+`reason` is a human-readable string which describes the
+`recommendation`. Currently only one recommendation, `m.ban`, is
+specified.
+
+#### `m.ban` recommendation
+
+When this recommendation is used, the entities affected by the rule
+should be banned from participation where possible. The enforcement of
+this is deliberately left as an implementation detail to avoid the
+protocol imposing its opinion on how the policy list is to be
+interpreted. However, a suggestion for a simple implementation is as
+follows:
+
+-   Is a `user` rule...
+    -   Applied to a user: The user should be added to the subscriber's
+        ignore list.
+    -   Applied to a room: The user should be banned from the room
+        (either on sight or immediately).
+    -   Applied to a server: The user should not be allowed to send
+        invites to users on the server.
+-   Is a `room` rule...
+    -   Applied to a user: The user should leave the room and not join
+        it
+        ([MSC2270](https://github.com/matrix-org/matrix-doc/pull/2270)-style
+        ignore).
+    -   Applied to a room: No-op because a room cannot ban itself.
+    -   Applied to a server: The server should prevent users from
+        joining the room and from receiving invites to it.
+-   Is a `server` rule...
+    -   Applied to a user: The user should not receive events or invites
+        from the server.
+    -   Applied to a room: The server is added as a denied server in the
+        ACLs.
+    -   Applied to a server: The subscriber should avoid federating with
+        the server as much as possible by blocking invites from the
+        server and not sending traffic unless strictly required (no
+        outbound invites).
+
+#### Subscribing to policy lists
+
+This is deliberately left as an implementation detail. For
+implementations using the Client-Server API, this could be as easy as
+joining or peeking the room. Joining or peeking is not required,
+however: an implementation could poll for updates or use a different
+technique for receiving updates to the policy's rules.
+
+#### Sharing
+
+In addition to sharing a direct reference to the room which contains the
+policy's rules, plain http or https URLs can be used to share links to
+the list. When the URL is approached with a `Accept: application/json`
+header or has `.json` appended to the end of the URL, it should return a
+JSON object containing a `room_uri` property which references the room.
+Currently this would be a `matrix.to` URI, however in future it could be
+a Matrix-schemed URI instead. When not approached with the intent of
+JSON, the service could return a user-friendly page describing what is
+included in the ban list.
+
+#### Events
+
+The `entity` described by the state events can contain `*` and `?` to
+match zero or more and one or more characters respectively. Note that
+rules against rooms can describe a room ID or room alias - the
+subscriber is responsible for resolving the alias to a room ID if
+desired.
+
+{{% event event="m.policy.rule.user" %}}
+
+{{% event event="m.policy.rule.room" %}}
+
+{{% event event="m.policy.rule.server" %}}
+
+#### Client behaviour
+
+As described above, the client behaviour is deliberately left undefined.
+
+#### Server behaviour
+
+Servers have no additional requirements placed on them by this module.
+
+#### Security considerations
+
+This module could be used to build a system of shared blacklists, which
+may create a divide within established communities if not carefully
+deployed. This may well not be a suitable solution for all communities.
+
+Depending on how implementations handle subscriptions, user IDs may be
+linked to policy lists and therefore expose the views of that user. For
+example, a client implementation which joins the user to the policy room
+would expose the user's ID to observers of the policy room. In future,
+[MSC1228](https://github.com/matrix-org/matrix-doc/pulls/1228) and
+[MSC1777](https://github.com/matrix-org/matrix-doc/pulls/1777) (or
+similar) could help solve this concern.
diff --git a/content/client-server-api/modules/openid.md b/content/client-server-api/modules/openid.md
new file mode 100644
index 00000000000..c51591fe4c7
--- /dev/null
+++ b/content/client-server-api/modules/openid.md
@@ -0,0 +1,13 @@
+---
+type: module
+weight: 280
+---
+
+### OpenID
+
+This module allows users to verify their identity with a third party
+service. The third party service does need to be matrix-aware in that it
+will need to know to resolve matrix homeservers to exchange the user's
+token for identity information.
+
+{{% http-api spec="client-server" api="openid" %}}
diff --git a/content/client-server-api/modules/presence.md b/content/client-server-api/modules/presence.md
new file mode 100644
index 00000000000..9944f086c48
--- /dev/null
+++ b/content/client-server-api/modules/presence.md
@@ -0,0 +1,76 @@
+---
+type: module
+weight: 60
+---
+
+### Presence
+
+Each user has the concept of presence information. This encodes:
+
+-   Whether the user is currently online
+-   How recently the user was last active (as seen by the server)
+-   Whether a given client considers the user to be currently idle
+-   Arbitrary information about the user's current status (e.g. "in a
+    meeting").
+
+This information is collated from both per-device (`online`, `idle`,
+`last_active`) and per-user (status) data, aggregated by the user's
+homeserver and transmitted as an `m.presence` event. Presence events are
+sent to interested parties where users share a room membership.
+
+User's presence state is represented by the `presence` key, which is an
+enum of one of the following:
+
+-   `online` : The default state when the user is connected to an event
+    stream.
+-   `unavailable` : The user is not reachable at this time e.g. they are
+    idle.
+-   `offline` : The user is not connected to an event stream or is
+    explicitly suppressing their profile information from being sent.
+
+#### Events
+
+{{% event-group group_name="m.presence" %}}
+
+#### Client behaviour
+
+Clients can manually set/get their presence using the HTTP APIs listed
+below.
+
+{{% http-api spec="client-server" api="presence" %}}
+
+##### Last active ago
+
+The server maintains a timestamp of the last time it saw a pro-active
+event from the user. A pro-active event may be sending a message to a
+room or changing presence state to `online`. This timestamp is presented
+via a key called `last_active_ago` which gives the relative number of
+milliseconds since the pro-active event.
+
+To reduce the number of presence updates sent to clients the server may
+include a `currently_active` boolean field when the presence state is
+`online`. When true, the server will not send further updates to the
+last active time until an update is sent to the client with either a)
+`currently_active` set to false or b) a presence state other than
+`online`. During this period clients must consider the user to be
+currently active, irrespective of the last active time.
+
+The last active time must be up to date whenever the server gives a
+presence event to the client. The `currently_active` mechanism should
+purely be used by servers to stop sending continuous presence updates,
+as opposed to disabling last active tracking entirely. Thus clients can
+fetch up to date last active times by explicitly requesting the presence
+for a given user.
+
+##### Idle timeout
+
+The server will automatically set a user's presence to `unavailable` if
+their last active time was over a threshold value (e.g. 5 minutes).
+Clients can manually set a user's presence to `unavailable`. Any
+activity that bumps the last active time on any of the user's clients
+will cause the server to automatically set their presence to `online`.
+
+#### Security considerations
+
+Presence information is shared with all users who share a room with the
+target user. In large public rooms this could be undesirable.
diff --git a/content/client-server-api/modules/push.md b/content/client-server-api/modules/push.md
new file mode 100644
index 00000000000..e98d7eda80c
--- /dev/null
+++ b/content/client-server-api/modules/push.md
@@ -0,0 +1,742 @@
+---
+type: module
+weight: 130
+---
+
+### Push Notifications
+
+```
+                                   +--------------------+  +-------------------+
+                  Matrix HTTP      |                    |  |                   |
+             Notification Protocol |   App Developer    |  |   Device Vendor   |
+                                   |                    |  |                   |
+           +-------------------+   | +----------------+ |  | +---------------+ |
+           |                   |   | |                | |  | |               | |
+           | Matrix homeserver +----->  Push Gateway  +------> Push Provider | |
+           |                   |   | |                | |  | |               | |
+           +-^-----------------+   | +----------------+ |  | +----+----------+ |
+             |                     |                    |  |      |            |
+    Matrix   |                     |                    |  |      |            |
+ Client/Server API  +              |                    |  |      |            |
+             |      |              +--------------------+  +-------------------+
+             |   +--+-+                                           |
+             |   |    <-------------------------------------------+
+             +---+    |
+                 |    |          Provider Push Protocol
+                 +----+
+          Mobile Device or Client
+```
+
+This module adds support for push notifications. Homeservers send
+notifications of events to user-configured HTTP endpoints. Users may
+also configure a number of rules that determine which events generate
+notifications. These are all stored and managed by the user's
+homeserver. This allows user-specific push settings to be reused between
+client applications.
+
+The above diagram shows the flow of push notifications being sent to a
+handset where push notifications are submitted via the handset vendor,
+such as Apple's APNS or Google's GCM. This happens as follows:
+
+1.  The client app signs in to a homeserver.
+2.  The client app registers with its vendor's Push Provider and obtains
+    a routing token of some kind.
+3.  The mobile app uses the Client/Server API to add a 'pusher',
+    providing the URL of a specific Push Gateway which is configured for
+    that application. It also provides the routing token it has acquired
+    from the Push Provider.
+4.  The homeserver starts sending HTTP requests to the Push Gateway
+    using the supplied URL. The Push Gateway relays this notification to
+    the Push Provider, passing the routing token along with any
+    necessary private credentials the provider requires to send push
+    notifications.
+5.  The Push Provider sends the notification to the device.
+
+Definitions for terms used in this section are below:
+
+Push Provider  
+A push provider is a service managed by the device vendor which can send
+notifications directly to the device. Google Cloud Messaging (GCM) and
+Apple Push Notification Service (APNS) are two examples of push
+providers.
+
+Push Gateway  
+A push gateway is a server that receives HTTP event notifications from
+homeservers and passes them on to a different protocol such as APNS for
+iOS devices or GCM for Android devices. Clients inform the homeserver
+which Push Gateway to send notifications to when it sets up a Pusher.
+
+Pusher  
+A pusher is a worker on the homeserver that manages the sending of HTTP
+notifications for a user. A user can have multiple pushers: one per
+device.
+
+Push Rule  
+A push rule is a single rule that states under what *conditions* an
+event should be passed onto a push gateway and *how* the notification
+should be presented. These rules are stored on the user's homeserver.
+They are manually configured by the user, who can create and view them
+via the Client/Server API.
+
+Push Ruleset  
+A push ruleset *scopes a set of rules according to some criteria*. For
+example, some rules may only be applied for messages from a particular
+sender, a particular room, or by default. The push ruleset contains the
+entire set of scopes and rules.
+
+#### Client behaviour
+
+Clients MUST configure a Pusher before they will receive push
+notifications. There is a single API endpoint for this, as described
+below.
+
+{{% http-api spec="client-server" api="pusher" %}}
+
+##### Listing Notifications
+
+A client can retrieve a list of events that it has been notified about.
+This may be useful so that users can see a summary of what important
+messages they have received.
+
+{{% http-api spec="client-server" api="notifications" %}}
+
+##### Receiving notifications
+
+Servers MUST include the number of unread notifications in a client's
+`/sync` stream, and MUST update it as it changes. Notifications are
+determined by the push rules which apply to an event.
+
+When the user updates their read receipt (either by using the API or by
+sending an event), notifications prior to and including that event MUST
+be marked as read.
+
+##### Push Rules
+
+A push rule is a single rule that states under what *conditions* an
+event should be passed onto a push gateway and *how* the notification
+should be presented. There are different "kinds" of push rules and each
+rule has an associated priority. Every push rule MUST have a `kind` and
+`rule_id`. The `rule_id` is a unique string within the kind of rule and
+its' scope: `rule_ids` do not need to be unique between rules of the
+same kind on different devices. Rules may have extra keys depending on
+the value of `kind`.
+
+The different `kind`s of rule, in the order that they are checked, are:
+
+Override Rules `override`  
+The highest priority rules are user-configured overrides.
+
+Content-specific Rules `content`  
+These configure behaviour for (unencrypted) messages that match certain
+patterns. Content rules take one parameter: `pattern`, that gives the
+glob pattern to match against. This is treated in the same way as
+`pattern` for `event_match`.
+
+Room-specific Rules `room`  
+These rules change the behaviour of all messages for a given room. The
+`rule_id` of a room rule is always the ID of the room that it affects.
+
+Sender-specific rules `sender`  
+These rules configure notification behaviour for messages from a
+specific Matrix user ID. The `rule_id` of Sender rules is always the
+Matrix user ID of the user whose messages they'd apply to.
+
+Underride rules `underride`  
+These are identical to `override` rules, but have a lower priority than
+`content`, `room` and `sender` rules.
+
+Rules with the same `kind` can specify an ordering priority. This
+determines which rule is selected in the event of multiple matches. For
+example, a rule matching "tea" and a separate rule matching "time" would
+both match the sentence "It's time for tea". The ordering of the rules
+would then resolve the tiebreak to determine which rule is executed.
+Only `actions` for highest priority rule will be sent to the Push
+Gateway.
+
+Each rule can be enabled or disabled. Disabled rules never match. If no
+rules match an event, the homeserver MUST NOT notify the Push Gateway
+for that event. Homeservers MUST NOT notify the Push Gateway for events
+that the user has sent themselves.
+
+###### Actions
+
+All rules have an associated list of `actions`. An action affects if and
+how a notification is delivered for a matching event. The following
+actions are defined:
+
+`notify`  
+This causes each matching event to generate a notification.
+
+`dont_notify`  
+This prevents each matching event from generating a notification
+
+`coalesce`  
+This enables notifications for matching events but activates homeserver
+specific behaviour to intelligently coalesce multiple events into a
+single notification. Not all homeservers may support this. Those that do
+not support it should treat it as the `notify` action.
+
+`set_tweak`  
+Sets an entry in the `tweaks` dictionary key that is sent in the
+notification request to the Push Gateway. This takes the form of a
+dictionary with a `set_tweak` key whose value is the name of the tweak
+to set. It may also have a `value` key which is the value to which it
+should be set.
+
+The following tweaks are defined:
+
+* `sound`: A string representing the sound to be played when this notification
+arrives. A value of `default` means to play a default sound. A device
+may choose to alert the user by some other means if appropriate, eg.
+vibration.
+
+* `highlight`: A boolean representing whether or not this message should be highlighted
+in the UI. This will normally take the form of presenting the message in
+a different colour and/or style. The UI might also be adjusted to draw
+particular attention to the room in which the event occurred. If a
+`highlight` tweak is given with no value, its value is defined to be
+`true`. If no highlight tweak is given at all then the value of
+`highlight` is defined to be false.
+
+Tweaks are passed transparently through the homeserver so client
+applications and Push Gateways may agree on additional tweaks. For
+example, a tweak may be added to specify how to flash the notification
+light on a mobile device.
+
+Actions that have no parameters are represented as a string. Otherwise,
+they are represented as a dictionary with a key equal to their name and
+other keys as their parameters, e.g.
+`{ "set_tweak": "sound", "value": "default" }`
+
+###### Conditions
+
+`override` and `underride` rules MAY have a list of 'conditions'. All
+conditions must hold true for an event in order for the rule to match. A
+rule with no conditions always matches. The following conditions are
+defined:
+
+`event_match`  
+This is a glob pattern match on a field of the event. Parameters:
+
+-   `key`: The dot-separated field of the event to match, e.g.
+    `content.body`
+-   `pattern`: The glob-style pattern to match against. Patterns with no
+    special glob characters should be treated as having asterisks
+    prepended and appended when testing the condition.
+
+`contains_display_name`  
+This matches unencrypted messages where `content.body` contains the
+owner's display name in that room. This is a separate rule because
+display names may change and as such it would be hard to maintain a rule
+that matched the user's display name. This condition has no parameters.
+
+`room_member_count`  
+This matches the current number of members in the room. Parameters:
+
+-   `is`: A decimal integer optionally prefixed by one of, `==`, `<`,
+    `>`, `>=` or `<=`. A prefix of `<` matches rooms where the member
+    count is strictly less than the given number and so forth. If no
+    prefix is present, this parameter defaults to `==`.
+
+`sender_notification_permission`  
+This takes into account the current power levels in the room, ensuring
+the sender of the event has high enough power to trigger the
+notification.
+
+Parameters:
+
+-   `key`: A string that determines the power level the sender must have
+    to trigger notifications of a given type, such as `room`. Refer to
+    the [m.room.power\_levels](#mroompower_levels) event schema for information about what
+    the defaults are and how to interpret the event. The `key` is used
+    to look up the power level required to send a notification type from
+    the `notifications` object in the power level event content.
+
+Unrecognised conditions MUST NOT match any events, effectively making
+the push rule disabled.
+
+`room`, `sender` and `content` rules do not have conditions in the same
+way, but instead have predefined conditions. In the cases of `room` and
+`sender` rules, the `rule_id` of the rule determines its behaviour.
+
+##### Predefined Rules
+
+Homeservers can specify "server-default rules" which operate at a lower
+priority than "user-defined rules". The `rule_id` for all server-default
+rules MUST start with a dot (".") to identify them as "server-default".
+The following server-default rules are specified:
+
+###### Default Override Rules
+
+**`.m.rule.master`**
+
+Matches all events. This can be enabled to turn off all push
+notifications other than those generated by override rules set by the
+user. By default this rule is disabled.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.master",
+    "default": true,
+    "enabled": false,
+    "conditions": [],
+    "actions": [
+        "dont_notify"
+    ]
+}
+```
+
+**`.m.rule.suppress_notices`**
+
+Matches messages with a `msgtype` of `notice`.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.suppress_notices",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "kind": "event_match",
+            "key": "content.msgtype",
+            "pattern": "m.notice",
+        }
+    ],
+    "actions": [
+        "dont_notify",
+    ]
+}
+```
+
+**`.m.rule.invite_for_me`**
+
+Matches any invites to a new room for this user.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.invite_for_me",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "key": "type",
+            "kind": "event_match",
+            "pattern": "m.room.member"
+        },
+        {
+            "key": "content.membership",
+            "kind": "event_match",
+            "pattern": "invite"
+        },
+        {
+            "key": "state_key",
+            "kind": "event_match",
+            "pattern": "[the user's Matrix ID]"
+        }
+    ],
+    "actions": [
+       "notify",
+        {
+            "set_tweak": "sound",
+            "value": "default"
+        }
+    ]
+}
+```
+
+**`.m.rule.member_event`**
+
+Matches any `m.room.member_event`.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.member_event",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "key": "type",
+            "kind": "event_match",
+            "pattern": "m.room.member"
+        }
+    ],
+    "actions": [
+        "dont_notify"
+    ]
+}
+```
+
+**`.m.rule.contains_display_name`**
+
+Matches any message whose content is unencrypted and contains the user's
+current display name in the room in which it was sent.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.contains_display_name",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "kind": "contains_display_name"
+        }
+    ],
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "sound",
+            "value": "default"
+        },
+        {
+            "set_tweak": "highlight"
+        }
+    ]
+}
+```
+
+**`.m.rule.tombstone`**
+
+Matches any state event whose type is `m.room.tombstone`. This is
+intended to notify users of a room when it is upgraded, similar to what
+an `@room` notification would accomplish.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.tombstone",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "kind": "event_match",
+            "key": "type",
+            "pattern": "m.room.tombstone"
+        },
+        {
+            "kind": "event_match",
+            "key": "state_key",
+            "pattern": ""
+        }
+    ],
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "highlight"
+        }
+    ]
+}
+```
+
+**`.m.rule.roomnotif`**
+
+Matches any message whose content is unencrypted and contains the text
+`@room`, signifying the whole room should be notified of the event.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.roomnotif",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "kind": "event_match",
+            "key": "content.body",
+            "pattern": "@room"
+        },
+        {
+            "kind": "sender_notification_permission",
+            "key": "room"
+        }
+    ],
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "highlight"
+        }
+    ]
+}
+```
+
+###### Default Content Rules
+
+**`.m.rule.contains_user_name`**
+
+Matches any message whose content is unencrypted and contains the local
+part of the user's Matrix ID, separated by word boundaries.
+
+Definition (as a `content` rule):
+
+```json
+{
+    "rule_id": ".m.rule.contains_user_name",
+    "default": true,
+    "enabled": true,
+    "pattern": "[the local part of the user's Matrix ID]",
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "sound",
+            "value": "default"
+        },
+        {
+            "set_tweak": "highlight"
+        }
+    ]
+}
+```
+
+###### Default Underride Rules
+
+**`.m.rule.call`**
+
+Matches any incoming VOIP call.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.call",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "key": "type",
+            "kind": "event_match",
+            "pattern": "m.call.invite"
+        }
+    ],
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "sound",
+            "value": "ring"
+        }
+    ]
+}
+```
+
+**`.m.rule.encrypted_room_one_to_one`**
+
+Matches any encrypted event sent in a room with exactly two members.
+Unlike other push rules, this rule cannot be matched against the content
+of the event by nature of it being encrypted. This causes the rule to be
+an "all or nothing" match where it either matches *all* events that are
+encrypted (in 1:1 rooms) or none.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.encrypted_room_one_to_one",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "kind": "room_member_count",
+            "is": "2"
+        },
+        {
+            "kind": "event_match",
+            "key": "type",
+            "pattern": "m.room.encrypted"
+        }
+    ],
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "sound",
+            "value": "default"
+        }
+    ]
+}
+```
+
+**`.m.rule.room_one_to_one`**
+
+Matches any message sent in a room with exactly two members.
+
+Definition:
+
+```json
+{
+    "rule_id": ".m.rule.room_one_to_one",
+    "default": true,
+    "enabled": true,
+    "conditions": [
+        {
+            "kind": "room_member_count",
+            "is": "2"
+        },
+        {
+            "kind": "event_match",
+            "key": "type",
+            "pattern": "m.room.message"
+        }
+    ],
+    "actions": [
+        "notify",
+        {
+            "set_tweak": "sound",
+            "value": "default"
+        }
+    ]
+}
+```
+
+**`.m.rule.message`**
+
+Matches all chat messages.
+
+Definition:
+
+```json
+{
+     "rule_id": ".m.rule.message",
+     "default": true,
+     "enabled": true,
+     "conditions": [
+         {
+             "kind": "event_match",
+             "key": "type",
+             "pattern": "m.room.message"
+         }
+     ],
+     "actions": [
+         "notify"
+     ]
+}
+```
+
+**`.m.rule.encrypted`**
+
+Matches all encrypted events. Unlike other push rules, this rule cannot
+be matched against the content of the event by nature of it being
+encrypted. This causes the rule to be an "all or nothing" match where it
+either matches *all* events that are encrypted (in group rooms) or none.
+
+Definition:
+
+```json
+{
+     "rule_id": ".m.rule.encrypted",
+     "default": true,
+     "enabled": true,
+     "conditions": [
+         {
+             "kind": "event_match",
+             "key": "type",
+             "pattern": "m.room.encrypted"
+         }
+     ],
+     "actions": [
+         "notify"
+     ]
+}
+```
+
+##### Push Rules: API
+
+Clients can retrieve, add, modify and remove push rules globally or
+per-device using the APIs below.
+
+{{% http-api spec="client-server" api="pushrules" %}}
+
+##### Push Rules: Events
+
+When a user changes their push rules a `m.push_rules` event is sent to
+all clients in the `account_data` section of their next `/sync` request.
+The content of the event is the current push rules for the user.
+
+{{% event event="m.push_rules" %}}
+
+###### Examples
+
+To create a rule that suppresses notifications for the room with ID
+`!dj234r78wl45Gh4D:matrix.org`:
+
+    curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/room/%21dj234r78wl45Gh4D%3Amatrix.org?access_token=123456" -d \
+    '{
+       "actions" : ["dont_notify"]
+     }'
+
+To suppress notifications for the user `@spambot:matrix.org`:
+
+    curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/sender/%40spambot%3Amatrix.org?access_token=123456" -d \
+    '{
+       "actions" : ["dont_notify"]
+     }'
+
+To always notify for messages that contain the work 'cake' and set a
+specific sound (with a rule\_id of `SSByZWFsbHkgbGlrZSBjYWtl`):
+
+    curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/content/SSByZWFsbHkgbGlrZSBjYWtl?access_token=123456" -d \
+    '{
+       "pattern": "cake",
+       "actions" : ["notify", {"set_sound":"cakealarm.wav"}]
+     }'
+
+To add a rule suppressing notifications for messages starting with
+'cake' but ending with 'lie', superseding the previous rule:
+
+    curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/content/U3BvbmdlIGNha2UgaXMgYmVzdA?access_token=123456&before=SSByZWFsbHkgbGlrZSBjYWtl" -d \
+    '{
+       "pattern": "cake*lie",
+       "actions" : ["notify"]
+     }'
+
+To add a custom sound for notifications messages containing the word
+'beer' in any rooms with 10 members or fewer (with greater importance
+than the room, sender and content rules):
+
+    curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/override/U2VlIHlvdSBpbiBUaGUgRHVrZQ?access_token=123456" -d \
+    '{
+       "conditions": [
+         {"kind": "event_match", "key": "content.body", "pattern": "beer" },
+         {"kind": "room_member_count", "is": "<=10"}
+       ],
+       "actions" : [
+         "notify",
+         {"set_sound":"beeroclock.wav"}
+       ]
+     }'
+
+#### Server behaviour
+
+#### Push Gateway behaviour
+
+##### Recommendations for APNS
+
+The exact format for sending APNS notifications is flexible and up to
+the client app and its' push gateway to agree on. As APNS requires that
+the sender has a private key owned by the app developer, each app must
+have its own push gateway. It is recommended that:
+
+-   The APNS token be base64 encoded and used as the pushkey.
+-   A different app\_id be used for apps on the production and sandbox
+    APS environments.
+-   APNS push gateways do not attempt to wait for errors from the APNS
+    gateway before returning and instead to store failures and return
+    'rejected' responses next time that pushkey is used.
+
+#### Security considerations
+
+Clients specify the Push Gateway URL to use to send event notifications
+to. This URL should be over HTTPS and *never* over HTTP.
+
+As push notifications will pass through a Push Provider, message content
+shouldn't be sent in the push itself where possible. Instead, Push
+Gateways should send a "sync" command to instruct the client to get new
+events from the homeserver directly.
diff --git a/content/client-server-api/modules/read_markers.md b/content/client-server-api/modules/read_markers.md
new file mode 100644
index 00000000000..a2c0150b7bc
--- /dev/null
+++ b/content/client-server-api/modules/read_markers.md
@@ -0,0 +1,54 @@
+---
+type: module
+weight: 50
+---
+
+### Fully read markers
+
+The history for a given room may be split into three sections: messages
+the user has read (or indicated they aren't interested in them),
+messages the user might have read some but not others, and messages the
+user hasn't seen yet. The "fully read marker" (also known as a "read
+marker") marks the last event of the first section, whereas the user's
+read receipt marks the last event of the second section.
+
+#### Events
+
+The user's fully read marker is kept as an event in the room's [account
+data](#client-config). The event may be read to determine the user's
+current fully read marker location in the room, and just like other
+account data events the event will be pushed down the event stream when
+updated.
+
+The fully read marker is kept under an `m.fully_read` event. If the
+event does not exist on the user's account data, the fully read marker
+should be considered to be the user's read receipt location.
+
+{{% event event="m.fully_read" %}}
+
+#### Client behaviour
+
+The client cannot update fully read markers by directly modifying the
+`m.fully_read` account data event. Instead, the client must make use of
+the read markers API to change the values.
+
+The read markers API can additionally update the user's read receipt
+(`m.read`) location in the same operation as setting the fully read
+marker location. This is because read receipts and read markers are
+commonly updated at the same time, and therefore the client might wish
+to save an extra HTTP call. Providing an `m.read` location performs the
+same task as a request to `/receipt/m.read/$event:example.org`.
+
+{{% http-api spec="client-server" api="read_markers" %}}
+
+#### Server behaviour
+
+The server MUST prevent clients from setting `m.fully_read` directly in
+room account data. The server must additionally ensure that it treats
+the presence of `m.read` in the `/read_markers` request the same as how
+it would for a request to `/receipt/m.read/$event:example.org`.
+
+Upon updating the `m.fully_read` event due to a request to
+`/read_markers`, the server MUST send the updated account data event
+through to the client via the event stream (eg: `/sync`), provided any
+applicable filters are also satisfied.
diff --git a/content/client-server-api/modules/receipts.md b/content/client-server-api/modules/receipts.md
new file mode 100644
index 00000000000..fb28aacd7ba
--- /dev/null
+++ b/content/client-server-api/modules/receipts.md
@@ -0,0 +1,89 @@
+---
+type: module
+weight: 40
+---
+
+### Receipts
+
+This module adds in support for receipts. These receipts are a form of
+acknowledgement of an event. This module defines a single
+acknowledgement: `m.read` which indicates that the user has read up to a
+given event.
+
+Sending a receipt for each event can result in sending large amounts of
+traffic to a homeserver. To prevent this from becoming a problem,
+receipts are implemented using "up to" markers. This marker indicates
+that the acknowledgement applies to all events "up to and including" the
+event specified. For example, marking an event as "read" would indicate
+that the user had read all events *up to* the referenced event. See the
+[Receiving notifications](#receiving-notifications) section for more
+information on how read receipts affect notification counts.
+
+#### Events
+
+Each `user_id`, `receipt_type` pair must be associated with only a
+single `event_id`.
+
+{{% event event="m.receipt" %}}
+
+#### Client behaviour
+
+In `/sync`, receipts are listed under the `ephemeral` array of events
+for a given room. New receipts that come down the event streams are
+deltas which update existing mappings. Clients should replace older
+receipt acknowledgements based on `user_id` and `receipt_type` pairs.
+For example:
+
+    Client receives m.receipt:
+      user = @alice:example.com
+      receipt_type = m.read
+      event_id = $aaa:example.com
+
+    Client receives another m.receipt:
+      user = @alice:example.com
+      receipt_type = m.read
+      event_id = $bbb:example.com
+
+    The client should replace the older acknowledgement for $aaa:example.com with
+    this one for $bbb:example.com
+
+Clients should send read receipts when there is some certainty that the
+event in question has been **displayed** to the user. Simply receiving
+an event does not provide enough certainty that the user has seen the
+event. The user SHOULD need to *take some action* such as viewing the
+room that the event was sent to or dismissing a notification in order
+for the event to count as "read". Clients SHOULD NOT send read receipts
+for events sent by their own user.
+
+A client can update the markers for its user by interacting with the
+following HTTP APIs.
+
+{{% http-api spec="client-server" api="receipts" %}}
+
+#### Server behaviour
+
+For efficiency, receipts SHOULD be batched into one event per room
+before delivering them to clients.
+
+Receipts are sent across federation as EDUs with type `m.receipt`. The
+format of the EDUs are:
+
+```
+{
+    <room_id>: {
+        <receipt_type>: {
+            <user_id>: { <content> }
+        },
+        ...
+    },
+    ...
+}
+```
+
+These are always sent as deltas to previously sent receipts. Currently
+only a single `<receipt_type>` should be used: `m.read`.
+
+#### Security considerations
+
+As receipts are sent outside the context of the event graph, there are
+no integrity checks performed on the contents of `m.receipt` events.
diff --git a/content/client-server-api/modules/report_content.md b/content/client-server-api/modules/report_content.md
new file mode 100644
index 00000000000..c6157f3c5bf
--- /dev/null
+++ b/content/client-server-api/modules/report_content.md
@@ -0,0 +1,24 @@
+---
+type: module
+weight: 260
+---
+
+### Reporting Content
+
+Users may encounter content which they find inappropriate and should be
+able to report it to the server administrators or room moderators for
+review. This module defines a way for users to report content.
+
+Content is reported based upon a negative score, where -100 is "most
+offensive" and 0 is "inoffensive".
+
+#### Client behaviour
+
+{{% http-api spec="client-server" api="report_content" %}}
+
+#### Server behaviour
+
+Servers are free to handle the reported content however they desire.
+This may be a dedicated room to alert server administrators to the
+reported content or some other mechanism for notifying the appropriate
+people.
diff --git a/content/client-server-api/modules/room_previews.md b/content/client-server-api/modules/room_previews.md
new file mode 100644
index 00000000000..ecaedcbd5f0
--- /dev/null
+++ b/content/client-server-api/modules/room_previews.md
@@ -0,0 +1,42 @@
+---
+type: module
+weight: 170
+---
+
+### Room Previews
+
+It is sometimes desirable to offer a preview of a room, where a user can
+"lurk" and read messages posted to the room, without joining the room.
+This can be particularly effective when combined with [Guest Access](#guest-access).
+
+Previews are implemented via the `world_readable` [Room History
+Visibility](#room-history-visibility). setting, along with a special version of the [GET
+/events](#get_matrixclientr0events) endpoint.
+
+#### Client behaviour
+
+A client wishing to view a room without joining it should call [GET
+/rooms/:room\_id/initialSync](#get_matrixclientr0roomsroomidinitialsync),
+followed by [GET /events](#get_matrixclientr0events). Clients will need to do
+this in parallel for each room they wish to view.
+
+Clients can of course also call other endpoints such as [GET
+/rooms/:room\_id/messages](#get_matrixclientr0roomsroomidmessages)
+and [GET /search](#post_matrixclientr0search) to
+access events outside the `/events` stream.
+
+{{% http-api spec="client-server" api="peeking_events" %}}
+
+#### Server behaviour
+
+For clients which have not joined a room, servers are required to only
+return events where the room state at the event had the
+`m.room.history_visibility` state event present with
+`history_visibility` value `world_readable`.
+
+#### Security considerations
+
+Clients may wish to display to their users that rooms which are
+`world_readable` *may* be showing messages to non-joined users. There is
+no way using this module to find out whether any non-joined guest users
+*do* see events in the room, or to list or count any lurking users.
diff --git a/content/client-server-api/modules/room_upgrades.md b/content/client-server-api/modules/room_upgrades.md
new file mode 100644
index 00000000000..dbcb82334ae
--- /dev/null
+++ b/content/client-server-api/modules/room_upgrades.md
@@ -0,0 +1,73 @@
+---
+type: module
+weight: 310
+---
+
+### Room Upgrades
+
+From time to time, a room may need to be upgraded to a different room
+version for a variety for reasons. This module defines a way for rooms
+to upgrade to a different room version when needed.
+
+#### Events
+
+{{% event event="m.room.tombstone" %}}
+
+#### Client behaviour
+
+Clients which understand `m.room.tombstone` events and the `predecessor`
+field on `m.room.create` events should communicate to the user that the
+room was upgraded. One way of accomplishing this would be hiding the old
+room from the user's room list and showing banners linking between the
+old and new room - ensuring that permalinks work when referencing the
+old room. Another approach may be to virtually merge the rooms such that
+the old room's timeline seamlessly continues into the new timeline
+without the user having to jump between the rooms.
+
+{{% http-api spec="client-server" api="room_upgrades" %}}
+
+#### Server behaviour
+
+When the client requests to upgrade a known room to a known version, the
+server:
+
+1.  Checks that the user has permission to send `m.room.tombstone`
+    events in the room.
+
+2.  Creates a replacement room with a `m.room.create` event containing a
+    `predecessor` field and the applicable `room_version`.
+
+3.  Replicates transferable state events to the new room. The exact
+    details for what is transferred is left as an implementation detail,
+    however the recommended state events to transfer are:
+
+    -   `m.room.server_acl`
+    -   `m.room.encryption`
+    -   `m.room.name`
+    -   `m.room.avatar`
+    -   `m.room.topic`
+    -   `m.room.guest_access`
+    -   `m.room.history_visibility`
+    -   `m.room.join_rules`
+    -   `m.room.power_levels`
+
+    Membership events should not be transferred to the new room due to
+    technical limitations of servers not being able to impersonate
+    people from other homeservers. Additionally, servers should not
+    transfer state events which are sensitive to who sent them, such as
+    events outside of the Matrix namespace where clients may rely on the
+    sender to match certain criteria.
+
+4.  Moves any local aliases to the new room.
+
+5.  Sends a `m.room.tombstone` event to the old room to indicate that it
+    is not intended to be used any further.
+
+6.  If possible, the power levels in the old room should also be
+    modified to prevent sending of events and inviting new users. For
+    example, setting `events_default` and `invite` to the greater of
+    `50` and `users_default + 1`.
+
+When a user joins the new room, the server should automatically
+transfer/replicate some of the user's personalized settings such as
+notifications, tags, etc.
diff --git a/content/client-server-api/modules/search.md b/content/client-server-api/modules/search.md
new file mode 100644
index 00000000000..2fa5bc44ee2
--- /dev/null
+++ b/content/client-server-api/modules/search.md
@@ -0,0 +1,91 @@
+---
+type: module
+weight: 150
+---
+
+### Server Side Search
+
+The search API allows clients to perform full text search across events
+in all rooms that the user has been in, including those that they have
+left. Only events that the user is allowed to see will be searched, e.g.
+it won't include events in rooms that happened after you left.
+
+#### Client behaviour
+
+There is a single HTTP API for performing server-side search, documented
+below.
+
+{{% http-api spec="client-server" api="search" %}}
+
+#### Search Categories
+
+The search API allows clients to search in different categories of
+items. Currently the only specified category is `room_events`.
+
+##### `room_events`
+
+This category covers all events that the user is allowed to see,
+including events in rooms that they have left. The search is performed
+on certain keys of certain event types.
+
+The supported keys to search over are:
+
+-   `content.body` in `m.room.message`
+-   `content.name` in `m.room.name`
+-   `content.topic` in `m.room.topic`
+
+The search will *not* include rooms that are end to end encrypted.
+
+The results include a `rank` key that can be used to sort the results by
+relevancy. The higher the `rank` the more relevant the result is.
+
+The value of `count` gives an approximation of the total number of
+results. Homeservers may give an estimate rather than an exact value for
+this field.
+
+#### Ordering
+
+The client can specify the ordering that the server returns results in.
+The two allowed orderings are:
+
+-   `rank`, which returns the most relevant results first.
+-   `recent`, which returns the most recent results first.
+
+The default ordering is `rank`.
+
+#### Groups
+
+The client can request that the results are returned along with grouping
+information, e.g. grouped by `room_id`. In this case the response will
+contain a group entry for each distinct value of `room_id`. Each group
+entry contains at least a list of the `event_ids` that are in that
+group, as well as potentially other metadata about the group.
+
+The current required supported groupings are:
+
+-   `room_id`
+-   `sender`
+
+#### Pagination
+
+The server may return a `next_batch` key at various places in the
+response. These are used to paginate the results. To fetch more results,
+the client should send the *same* request to the server with a
+`next_batch` query parameter set to that of the token.
+
+The scope of the pagination is defined depending on where the
+`next_batch` token was returned. For example, using a token inside a
+group will return more results from within that group.
+
+The currently supported locations for the `next_batch` token are:
+
+-   `search_categories.<category>.next_batch`
+-   `search_categories.<category>.groups.<group_key>.<group_id>.next_batch`
+
+A server need not support pagination, even if there are more matching
+results. In that case, they must not return a `next_batch` token in the
+response.
+
+#### Security considerations
+
+The server must only return results that the user has permission to see.
diff --git a/content/client-server-api/modules/secrets.md b/content/client-server-api/modules/secrets.md
new file mode 100644
index 00000000000..897ea196428
--- /dev/null
+++ b/content/client-server-api/modules/secrets.md
@@ -0,0 +1,335 @@
+---
+type: module
+weight: 110
+---
+
+### Secrets
+
+Clients may have secret information that they wish to be made available
+to other authorised clients, but that the server should not be able to
+see, so the information must be encrypted as it passes through the
+server. This can be done either asynchronously, by storing encrypted
+data on the server for later retrieval, or synchronously, by sending
+messages to each other.
+
+Each secret has an identifier that is used by clients to refer to the
+secret when storing, fetching, requesting, or sharing the secret.
+Secrets are plain strings; structured data can be stored by encoding it
+as a string.
+
+#### Storage
+
+When secrets are stored on the server, they are stored in the user's
+[account-data](#client-config), using an event type equal to the
+secret's identifier. The keys that secrets are encrypted with are
+described by data that is also stored in the user's account-data. Users
+can have multiple keys, allowing them to control what sets of secrets
+clients can access, depending on what keys are given to them.
+
+##### Key storage
+
+Each key has an ID, and the description of the key is stored in the
+user's account\_data using the event type
+`m.secret_storage.key.[key ID]`. The contents of the account data for
+the key will include an `algorithm` property, which indicates the
+encryption algorithm used, as well as a `name` property, which is a
+human-readable name. Key descriptions may also have a `passphrase`
+property for generating the key from a user-entered passphrase, as
+described in [deriving keys from
+passphrases](#deriving-keys-from-passphrases).
+
+`KeyDescription`
+
+| Parameter  | Type      | Description
+|------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------|
+| name       | string    | Optional. The name of the key. If not given, the client may use a generic name such as "Unnamed key", or "Default key" if the key is marked as the default key (see below). |
+| algorithm  | string    | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported.   |
+| passphrase | string    | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property.                   |
+
+Other properties depend on the encryption algorithm, and are described
+below.
+
+A key can be marked as the "default" key by setting the user's
+account\_data with event type `m.secret_storage.default_key` to an
+object that has the ID of the key as its `key` property. The default key
+will be used to encrypt all secrets that the user would expect to be
+available on all their clients. Unless the user specifies otherwise,
+clients will try to use the default key to decrypt secrets.
+
+Clients that want to present a simplified interface to users by not supporting
+multiple keys should use the default key if one is specified. If not default
+key is specified, the client may behave as if there is no key is present at
+all. When such a client creates a key, it should mark that key as being the
+default key.
+
+`DefaultKey`
+
+| Parameter  | Type      | Description
+|------------|-----------|------------------------------------------|
+| key        | string    | **Required.** The ID of the default key. |
+
+##### Secret storage
+
+Encrypted data is stored in the user's account\_data using the event
+type defined by the feature that uses the data. The account\_data will
+have an `encrypted` property that is a map from key ID to an object. The
+algorithm from the `m.secret_storage.key.[key ID]` data for the given
+key defines how the other properties are interpreted, though it's
+expected that most encryption schemes would have `ciphertext` and `mac`
+properties, where the `ciphertext` property is the unpadded
+base64-encoded ciphertext, and the `mac` is used to ensure the integrity
+of the data.
+
+`Secret`
+
+| Parameter | Type             | Description |
+|-----------|------------------|-------------|
+| encrypted | {string: object} | **Required.** Map from key ID the encrypted data. The exact format for the encrypted data is dependent on the key algorithm. See the definition of `AesHmacSha2EncryptedData` in the [m.secret_storage.v1.aes-hmac-sha2](#msecret_storagev1aes-hmac-sha2) section. |
+
+Example:
+
+Some secret is encrypted using keys with ID `key_id_1` and `key_id_2`:
+
+`org.example.some.secret`:
+
+```
+{
+  "encrypted": {
+    "key_id_1": {
+      "ciphertext": "base64+encoded+encrypted+data",
+      "mac": "base64+encoded+mac",
+      // ... other properties according to algorithm property in
+      // m.secret_storage.key.key_id_1
+    },
+    "key_id_2": {
+      // ...
+    }
+  }
+}
+```
+
+and the key descriptions for the keys would be:
+
+`m.secret_storage.key.key_id_1`:
+
+```
+{
+  "name": "Some key",
+  "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
+  // ... other properties according to algorithm
+}
+```
+
+`m.secret_storage.key.key_id_2`:
+
+```
+{
+  "name": "Some other key",
+  "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
+  // ... other properties according to algorithm
+}
+```
+
+If `key_id_1` is the default key, then we also have:
+
+`m.secret_storage.default_key`:
+
+```
+{
+  "key": "key_id_1"
+}
+```
+
+###### `m.secret_storage.v1.aes-hmac-sha2`
+
+Secrets encrypted using the `m.secret_storage.v1.aes-hmac-sha2`
+algorithm are encrypted using AES-CTR-256, and authenticated using
+HMAC-SHA-256. The secret is encrypted as follows:
+
+1.  Given the secret storage key, generate 64 bytes by performing an
+    HKDF with SHA-256 as the hash, a salt of 32 bytes of 0, and with the
+    secret name as the info. The first 32 bytes are used as the AES key,
+    and the next 32 bytes are used as the MAC key
+2.  Generate 16 random bytes, set bit 63 to 0 (in order to work around
+    differences in AES-CTR implementations), and use this as the AES
+    initialization vector. This becomes the `iv` property, encoded using
+    base64.
+3.  Encrypt the data using AES-CTR-256 using the AES key generated
+    above. This encrypted data, encoded using base64, becomes the
+    `ciphertext` property.
+4.  Pass the raw encrypted data (prior to base64 encoding) through
+    HMAC-SHA-256 using the MAC key generated above. The resulting MAC is
+    base64-encoded and becomes the `mac` property.
+
+`AesHmacSha2EncryptedData`
+
+| Parameter  | Type    | Description
+|------------|---------|------------------------------------------------------------------------|
+| iv         | string  |   **Required.** The 16-byte initialization vector, encoded as base64.  |
+| ciphertext | string  |   **Required.** The AES-CTR-encrypted data, encoded as base64.         |
+| mac        | string  |   **Required.** The MAC, encoded as base64.                            |
+
+For the purposes of allowing clients to check whether a user has
+correctly entered the key, clients should:
+
+1.  encrypt and MAC a message consisting of 32 bytes of 0 as described
+    above, using the empty string as the info parameter to the HKDF in
+    step 1.
+2.  store the `iv` and `mac` in the `m.secret_storage.key.[key ID]`
+    account-data.
+
+`AesHmacSha2KeyDescription`
+
+| Parameter   | Type   | Description                                                                                                                       |
+|-------------|--------|-----------------------------------------------------------------------------------------------------------------------------------|
+| name        | string | **Required.** The name of the key.                                                                                                |
+| algorithm   | string | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported. |
+| passphrase  | object | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property.                 |
+| iv          | string | The 16-byte initialization vector, encoded as base64.                                                                             |
+| mac         | string | The MAC of the result of encrypting 32 bytes of 0, encoded as base64.                                                             |
+
+For example, the `m.secret_storage.key.key_id` for a key using this
+algorithm could look like:
+
+```json
+{
+  "name": "m.default",
+  "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
+  "iv": "random+data",
+  "mac": "mac+of+encrypted+zeros"
+}
+```
+
+and data encrypted using this algorithm could look like this:
+
+```json
+{
+  "encrypted": {
+      "key_id": {
+        "iv": "16+bytes+base64",
+        "ciphertext": "base64+encoded+encrypted+data",
+        "mac": "base64+encoded+mac"
+      }
+  }
+}
+```
+
+###### Key representation
+
+When a user is given a raw key for `m.secret_storage.v1.aes-hmac-sha2`,
+it will be presented as a string constructed as follows:
+
+1.  The key is prepended by the two bytes `0x8b` and `0x01`
+2.  All the bytes in the string above, including the two header bytes,
+    are XORed together to form a parity byte. This parity byte is
+    appended to the byte string.
+3.  The byte string is encoded using base58, using the same [mapping as
+    is used for Bitcoin
+    addresses](https://en.bitcoin.it/wiki/Base58Check_encoding#Base58_symbol_chart),
+    that is, using the alphabet
+    `123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz`.
+4.  The string is formatted into groups of four characters separated by
+    spaces.
+
+When decoding a raw key, the process should be reversed, with the
+exception that whitespace is insignificant in the user's input.
+
+###### Deriving keys from passphrases
+
+A user may wish to use a chosen passphrase rather than a randomly
+generated key. In this case, information on how to generate the key from
+a passphrase will be stored in the `passphrase` property of the
+`m.secret_storage.key.[key ID]` account-data. The `passphrase` property
+has an `algorithm` property that indicates how to generate the key from
+the passphrase. Other properties of the `passphrase` property are
+defined by the `algorithm` specified.
+
+Currently, the only algorithm defined is `m.pbkdf2`. For the `m.pbkdf2` algorithm, the `passphrase` property has the
+following properties:
+
+| Parameter  | Type    | Description                                                            |
+|------------|---------|------------------------------------------------------------------------|
+| algorithm  | string  | **Required.** Must be `m.pbkdf2`                                       |
+| salt       | string  | **Required.** The salt used in PBKDF2.                                 |
+| iterations | integer | **Required.** The number of iterations to use in PBKDF2.               |
+| bits       | integer | Optional. The number of bits to generate for the key. Defaults to 256. |
+
+The key is generated using PBKDF2 with SHA-512 as the hash, using the
+salt given in the `salt` parameter, and the number of iterations given
+in the `iterations` parameter.
+
+Example:
+
+```
+{
+    "passphrase": {
+        "algorithm": "m.pbkdf2",
+        "salt": "MmMsAlty",
+        "iterations": 100000,
+        "bits": 256
+    },
+    ...
+}
+```
+
+#### Sharing
+
+To request a secret from other devices, a client sends an
+`m.secret.requests` device event with `action` set to `request` and
+`name` set to the identifier of the secret. A device that wishes to
+share the secret will reply with an `m.secret.send` event, encrypted
+using olm. When the original client obtains the secret, it sends an
+`m.secret.request` event with `action` set to `request_cancellation` to
+all devices other than the one that it received the secret from. Clients
+should ignore `m.secret.send` events received from devices that it did
+not send an `m.secret.request` event to.
+
+Clients must ensure that they only share secrets with other devices that
+are allowed to see them. For example, clients should only share secrets
+with the user’s own devices that are verified and may prompt the user to
+confirm sharing the secret.
+
+##### Event definitions
+
+###### `m.secret.request`
+
+Sent by a client to request a secret from another device or to cancel a
+previous request. It is sent as an unencrypted to-device event.
+
+| Parameter             | Type   | Description                                                                            |
+|-----------------------|--------|----------------------------------------------------------------------------------------|
+| name                  | string | Required if ``action`` is ``request``. The name of the secret that is being requested. |
+| action                | enum   | **Required.** One of ["request", "request_cancellation"].                              |
+| requesting_device_id  | string | **Required.** The ID of the device requesting the secret.                              |
+| request_id            | string | **Required.** A random string uniquely identifying (with respect to the requester and the target) the target for a secret. If the secret is requested from multiple devices at the same time, the same ID may be used for every target. The same ID is also used in order to cancel a previous request.                                                  |
+
+Example:
+
+```json
+{
+  "name": "org.example.some.secret",
+  "action": "request",
+  "requesting_device_id": "ABCDEFG",
+  "request_id": "randomly_generated_id_9573"
+}
+```
+
+###### `m.secret.send`
+
+Sent by a client to share a secret with another device, in response to
+an `m.secret.request` event. It must be encrypted as an
+`m.room.encrypted` event, then sent as a to-device event.
+
+| Parameter   | Type   | Description                                                  |
+|-------------|--------|--------------------------------------------------------------|
+| request_id  | string | **Required.** The ID of the request that this a response to. |
+|  secret     | string | **Required.** The contents of the secret.                    |
+
+Example:
+
+```json
+{
+  "request_id": "randomly_generated_id_9573",
+  "secret": "ThisIsASecretDon'tTellAnyone"
+}
+```
diff --git a/content/client-server-api/modules/send_to_device.md b/content/client-server-api/modules/send_to_device.md
new file mode 100644
index 00000000000..16ce3e46b94
--- /dev/null
+++ b/content/client-server-api/modules/send_to_device.md
@@ -0,0 +1,99 @@
+---
+type: module
+weight: 80
+---
+
+### Send-to-Device messaging
+
+This module provides a means by which clients can exchange signalling
+messages without them being stored permanently as part of a shared
+communication history. A message is delivered exactly once to each
+client device.
+
+The primary motivation for this API is exchanging data that is
+meaningless or undesirable to persist in the room DAG - for example,
+one-time authentication tokens or key data. It is not intended for
+conversational data, which should be sent using the normal [`/rooms/<room_id>/send`](/client-server-api/#put_matrixclientr0roomsroomidsendeventtypetxnid) API for
+consistency throughout Matrix.
+
+#### Client behaviour
+
+To send a message to other devices, a client should call
+[`/sendToDevice`](/client-server-api/#put_matrixclientr0sendtodeviceeventtypetxnid). Only one message can be sent to each device per
+transaction, and they must all have the same event type. The device ID
+in the request body can be set to `*` to request that the message be
+sent to all known devices.
+
+If there are send-to-device messages waiting for a client, they will be
+returned by [`/sync`](/client-server-api/#get_matrixclientr0sync), as detailed in [Extensions to /sync](/client-server-api/#extensions-to-sync). Clients should
+inspect the `type` of each returned event, and ignore any they do not
+understand.
+
+#### Server behaviour
+
+Servers should store pending messages for local users until they are
+successfully delivered to the destination device. When a client calls
+[`/sync`](/client-server-api/#get_matrixclientr0sync)
+with an access token which corresponds to a device with pending
+messages, the server should list the pending messages, in order of
+arrival, in the response body.
+
+When the client calls `/sync` again with the `next_batch` token from the
+first response, the server should infer that any send-to-device messages
+in that response have been delivered successfully, and delete them from
+the store.
+
+If there is a large queue of send-to-device messages, the server should
+limit the number sent in each `/sync` response. 100 messages is
+recommended as a reasonable limit.
+
+If the client sends messages to users on remote domains, those messages
+should be sent on to the remote servers via
+[federation](/server-server-api#send-to-device-messaging).
+
+#### Protocol definitions
+
+{{% http-api spec="client-server" api="to_device" %}}
+
+##### Extensions to /sync
+
+This module adds the following properties to the [`/sync`](/client-server-api/#get_matrixclientr0sync) response:
+
+| Parameter | Type      | Description                                                                 |
+|-----------|-----------|-----------------------------------------------------------------------------|
+| to_device | ToDevice  | Optional. Information on the send-to-device messages for the client device. |
+
+`ToDevice`
+
+| Parameter | Type      | Description                      |
+|-----------|-----------|----------------------------------|
+| events    | [Event]   | List of send-to-device messages. |
+
+`Event`
+
+| Parameter  | Type         | Description                                                                                     |
+|------------|--------------|-------------------------------------------------------------------------------------------------|
+| content    | EventContent | The content of this event. The fields in this object will vary depending on the type of event.  |
+| sender     | string       | The Matrix user ID of the user who sent this event.                                             |
+| type       | string       | The type of event.                                                                              |
+
+Example response:
+
+```json
+{
+  "next_batch": "s72595_4483_1934",
+  "rooms": {"leave": {}, "join": {}, "invite": {}},
+  "to_device": {
+    "events": [
+      {
+        "sender": "@alice:example.com",
+        "type": "m.new_device",
+        "content": {
+          "device_id": "XYZABCDE",
+          "rooms": ["!726s6s6q:example.com"]
+        }
+      }
+    ]
+  }
+}
+```
diff --git a/content/client-server-api/modules/server_acls.md b/content/client-server-api/modules/server_acls.md
new file mode 100644
index 00000000000..fc3089155df
--- /dev/null
+++ b/content/client-server-api/modules/server_acls.md
@@ -0,0 +1,62 @@
+---
+type: module
+weight: 290
+---
+
+### Server Access Control Lists (ACLs) for rooms
+
+In some scenarios room operators may wish to prevent a malicious or
+untrusted server from participating in their room. Sending an
+[m.room.server\_acl](#mroomserver_acl) state event into a room is an effective way to
+prevent the server from participating in the room at the federation
+level.
+
+Server ACLs can also be used to make rooms only federate with a limited
+set of servers, or retroactively make the room no longer federate with
+any other server, similar to setting the `m.federate` value on the
+[m.room.create](#mroomcreate) event.
+
+{{% event event="m.room.server_acl" %}}
+
+{{% boxes/note %}}
+Port numbers are not supported because it is unclear to parsers whether
+a port number should be matched or an IP address literal. Additionally,
+it is unlikely that one would trust a server running on a particular
+domain's port but not a different port, especially considering the
+server host can easily change ports.
+{{% /boxes/note %}}
+
+{{% boxes/note %}}
+CIDR notation is not supported for IP addresses because Matrix does not
+encourage the use of IPs for identifying servers. Instead, a blanket
+`allow_ip_literals` is provided to cover banning them.
+{{% /boxes/note %}}
+
+#### Client behaviour
+
+Clients are not expected to perform any additional duties beyond sending
+the event. Clients should describe changes to the server ACLs to the
+user in the user interface, such as in the timeline.
+
+Clients may wish to kick affected users from the room prior to denying a
+server access to the room to help prevent those servers from
+participating and to provide feedback to the users that they have been
+excluded from the room.
+
+#### Server behaviour
+
+Servers MUST prevent blacklisted servers from sending events or
+participating in the room when an [m.room.server\_acl](#mroomserver_acl) event is
+present in the room state. Which APIs are specifically affected are
+described in the Server-Server API specification.
+
+Servers should still send events to denied servers if they are still
+residents of the room.
+
+#### Security considerations
+
+Server ACLs are only effective if every server in the room honours them.
+Servers that do not honour the ACLs may still permit events sent by
+denied servers into the room, leaking them to other servers in the room.
+To effectively enforce an ACL in a room, the servers that do not honour
+the ACLs should be denied in the room as well.
diff --git a/content/client-server-api/modules/server_notices.md b/content/client-server-api/modules/server_notices.md
new file mode 100644
index 00000000000..199acd85bc9
--- /dev/null
+++ b/content/client-server-api/modules/server_notices.md
@@ -0,0 +1,68 @@
+---
+type: module
+weight: 320
+---
+
+### Server Notices
+
+Homeserver hosts often want to send messages to users in an official
+capacity, or have resource limits which affect a user's ability to use
+the homeserver. For example, the homeserver may be limited to a certain
+number of active users per month and has exceeded that limit. To
+communicate this failure to users, the homeserver would use the Server
+Notices room.
+
+The aesthetics of the room (name, topic, avatar, etc) are left as an
+implementation detail. It is recommended that the homeserver decorate
+the room such that it looks like an official room to users.
+
+#### Events
+
+Notices are sent to the client as normal `m.room.message` events with a
+`msgtype` of `m.server_notice` in the server notices room. Events with a
+`m.server_notice` `msgtype` outside of the server notice room must be
+ignored by clients.
+
+The specified values for `server_notice_type` are:
+
+`m.server_notice.usage_limit_reached`  
+The server has exceeded some limit which requires the server
+administrator to intervene. The `limit_type` describes the kind of limit
+reached. The specified values for `limit_type` are:
+
+`monthly_active_user`  
+The server's number of active users in the last 30 days has exceeded the
+maximum. New connections are being refused by the server. What defines
+"active" is left as an implementation detail, however servers are
+encouraged to treat syncing users as "active".
+
+{{% event event="m.room.message$m.server_notice" %}}
+
+#### Client behaviour
+
+Clients can identify the server notices room by the `m.server_notice`
+tag on the room. Active notices are represented by the [pinned
+events](#mroompinned_events) in the server notices room. Server notice
+events pinned in that room should be shown to the user through special
+UI and not through the normal pinned events interface in the client. For
+example, clients may show warning banners or bring up dialogs to get the
+user's attention. Events which are not server notice events and are
+pinned in the server notices room should be shown just like any other
+pinned event in a room.
+
+The client must not expect to be able to reject an invite to join the
+server notices room. Attempting to reject the invite must result in a
+`M_CANNOT_LEAVE_SERVER_NOTICE_ROOM` error. Servers should not prevent
+the user leaving the room after joining the server notices room, however
+the same error code must be used if the server will prevent leaving the
+room.
+
+#### Server behaviour
+
+Servers should manage exactly 1 server notices room per user. Servers
+must identify this room to clients with the `m.server_notice` tag.
+Servers should invite the target user rather than automatically join
+them to the server notice room.
+
+How servers send notices to clients, and which user they use to send the
+events, is left as an implementation detail for the server.
diff --git a/content/client-server-api/modules/sso_login.md b/content/client-server-api/modules/sso_login.md
new file mode 100644
index 00000000000..2bc3916b92e
--- /dev/null
+++ b/content/client-server-api/modules/sso_login.md
@@ -0,0 +1,326 @@
+---
+type: module
+weight: 220
+---
+
+### SSO client login/authentication
+
+Single Sign-On (SSO) is a generic term which refers to protocols which
+allow users to log into applications via a single web-based
+authentication portal. Examples include OpenID Connect, "Central
+Authentication Service" (CAS) and SAML.
+
+This module allows a Matrix homeserver to delegate user authentication
+to an external authentication server supporting one of these protocols.
+In this process, there are three systems involved:
+
+-   A Matrix client, using the APIs defined this specification, which
+    is seeking to authenticate a user to a Matrix homeserver.
+-   A Matrix homeserver, implementing the APIs defined in this
+    specification, but which is delegating user authentication to the
+    authentication server.
+-   An "authentication server", which is responsible for
+    authenticating the user.
+
+This specification is concerned only with communication between the
+Matrix client and the homeserver, and is independent of the SSO protocol
+used to communicate with the authentication server. Different Matrix
+homeserver implementations might support different SSO protocols.
+
+Clients and homeservers implementing the SSO flow will need to consider
+both [login](#login) and [user-interactive authentication](#user-interactive-authentication-api). The flow is
+similar in both cases, but there are slight differences.
+
+Typically, SSO systems require a single "callback" URI to be configured
+at the authentication server. Once the user is authenticated, their
+browser is redirected to that URI. It is up to the Matrix homeserver
+implementation to implement a suitable endpoint. For example, for CAS
+authentication the homeserver should provide a means for the
+administrator to configure where the CAS server is and the REST
+endpoints which consume the ticket.
+
+Homeservers may optionally expose multiple possible SSO options for
+the user to pursue, typically in the form of several "log in with $provider"
+buttons. These are known as "identity providers" (IdPs).
+
+#### Client login via SSO
+
+An overview of the process is as follows:
+
+1.  The Matrix client calls [`GET /login`](/client-server-api/#get_matrixclientr0login) to find the supported login
+    types, and the homeserver includes a flow with
+    `"type": "m.login.sso"` in the response.
+2.  To initiate the `m.login.sso` login type, the Matrix client
+    instructs the user's browser to navigate to the
+    [`/login/sso/redirect`](/client-server-api/#get_matrixclientr0loginssoredirect) endpoint on the user's homeserver.
+    Note that this may be the IdP-dependent version of the endpoint if the
+    user has selected one of the `identity_providers` from the flow.
+3.  The homeserver responds with an HTTP redirect to the SSO user
+    interface, which the browser follows.
+4.  The authentication server and the homeserver interact to verify the
+    user's identity and other authentication information, potentially
+    using a number of redirects.
+5.  The browser is directed to the `redirectUrl` provided by the client
+    with a `loginToken` query parameter for the client to log in with.
+6.  The client exchanges the login token for an access token by calling
+    the [`/login`](/client-server-api/#post_matrixclientr0login) endpoint with a `type` of `m.login.token`.
+
+For native applications, typically steps 1 to 4 are carried out by
+opening an embedded web view.
+
+These steps are illustrated as follows:
+
+```
+    Matrix Client                        Matrix Homeserver      Auth Server
+        |                                       |                   |
+        |-------------(0) GET /login----------->|                   |
+        |<-------------login types--------------|                   |
+        |                                       |                   |
+        |   Webview                             |                   |
+        |      |                                |                   |
+        |----->|                                |                   |
+        |      |--(1) GET /login/sso/redirect-->|                   |
+        |      |<---------(2) 302---------------|                   |
+        |      |                                |                   |
+        |      |<========(3) Authentication process================>|
+        |      |                                |                   |
+        |      |<--(4) redirect to redirectUrl--|                   |
+        |<-----|                                |                   |
+        |                                       |                   |
+        |---(5) POST /login with login token--->|                   |
+        |<-------------access token-------------|                   |
+```
+
+{{% boxes/note %}}
+In the older [r0.4.0
+version](https://matrix.org/docs/spec/client_server/r0.4.0.html#cas-based-client-login)
+of this specification it was possible to authenticate via CAS when the
+homeserver provides a `m.login.cas` login flow. This specification
+deprecates the use of `m.login.cas` to instead prefer `m.login.sso`,
+which is the same process with the only change being which redirect
+endpoint to use: for `m.login.cas`, use `/cas/redirect` and for
+`m.login.sso` use `/sso/redirect` (described below). The endpoints are
+otherwise the same.
+{{% /boxes/note %}}
+
+{{% definition path="api/client-server/definitions/sso_login_flow" %}}
+
+##### Client behaviour
+
+The client starts the process by instructing the browser to navigate to
+[`/login/sso/redirect`](/client-server-api/#get_matrixclientr0loginssoredirect)
+(or [`/login/sso/redirect/{idpId}`](/client-server-api/#get_matrixclientr0loginssoredirectidpid)
+when using one of the `identity_providers`)
+with an appropriate `redirectUrl`. Once
+authentication is successful, the browser will be redirected to that
+`redirectUrl`.
+
+{{% http-api spec="client-server" api="sso_login_redirect" %}}
+
+###### Security considerations
+
+1.  CSRF attacks via manipulation of parameters on the `redirectUrl`
+
+    Clients should validate any requests to the `redirectUrl`. In
+    particular, it may be possible for attackers to falsify any query
+    parameters, leading to cross-site request forgery (CSRF) attacks.
+
+    For example, consider a web-based client at
+    `https://client.example.com`, which wants to initiate SSO login on
+    the homeserver at `server.example.org`. It does this by storing the
+    homeserver name in a query parameter for the `redirectUrl`: it
+    redirects to
+    `https://server.example.org/login/sso/redirect?redirectUrl=https://client.example.com?hs=server.example.org`.
+
+    An attacker could trick a victim into following a link to
+    `https://server.example.org/login/sso/redirect?redirectUrl=https://client.example.com?hs=evil.com`,
+    which would result in the client sending a login token for the
+    victim's account to the attacker-controlled site `evil.com`.
+
+    To guard against this, clients MUST NOT store state (such as the
+    address of the homeserver being logged into) anywhere it can be
+    modified by external processes.
+
+    Instead, the state could be stored in
+    [localStorage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage)
+    or in a cookie.
+
+2.  For added security, clients SHOULD include a unique identifier in
+    the `redirectUrl` and reject any callbacks that do not contain a
+    recognised identifier, to guard against unsolicited login attempts
+    and replay attacks.
+
+##### Server behaviour
+
+Servers should note that `identity_providers` are optional, and older clients
+might not interpret the value correctly. In these cases, the client will use
+the generic `/redirect` endpoint instead of the `/redirect/{idpId}` endpoint.
+
+###### Redirecting to the Authentication server
+
+The server should handle
+`/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect` as follows:
+
+1.  It should build a suitable request for the SSO system.
+2.  It should store enough state that the flow can be securely resumed
+    after the SSO process completes. One way to do this is by storing a
+    cookie which is stored in the user's browser, by adding a
+    `Set-Cookie` header to the response.
+3.  It should redirect the user's browser to the SSO login page with the
+    appropriate parameters.
+
+See also the "Security considerations" below.
+
+###### Handling the callback from the Authentication server
+
+Note that there will normally be a single callback URI which is used for
+both login and user-interactive authentication: it is up to the
+homeserver implementation to distinguish which is taking place.
+
+The homeserver should validate the response from the SSO system: this
+may require additional calls to the authentication server, and/or may
+require checking a signature on the response.
+
+The homeserver then proceeds as follows:
+
+1.  The homeserver MUST map the user details received from the
+    authentication server to a valid [Matrix user
+    identifier](/appendices#user-identifiers). The guidance in
+    [Mapping from other character
+    sets](/appendices#mapping-from-other-character-sets) may be
+    useful.
+2.  If the generated user identifier represents a new user, it should be
+    registered as a new user.
+3.  The homeserver should generate a short-term login token. This is an
+    opaque token, suitable for use with the `m.login.token` type of the
+    [`/login`](/client-server-api/#post_matrixclientr0login) API. The lifetime of this token SHOULD be limited to
+    around five seconds.
+4.  The homeserver adds a query parameter of `loginToken`, with the
+    value of the generated login token, to the `redirectUrl` given in
+    the `/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect`
+    request. (Note: `redirectURL` may or may not include existing query
+    parameters. If it already includes one or more `loginToken`
+    parameters, they should be removed before adding the new one.)
+5.  The homeserver redirects the user's browser to the URI thus built.
+
+##### Security considerations
+
+1.  Homeservers should ensure that login tokens are not sent to
+    malicious clients.
+
+    For example, consider a homeserver at `server.example.org`. An
+    attacker tricks a victim into following a link to
+    `https://server.example.org/login/sso/redirect?redirectUrl=https://evil.com`,
+    resulting in a login token being sent to the attacker-controlled
+    site `evil.com`. This is a form of cross-site request forgery
+    (CSRF).
+
+    To mitigate this, Homeservers SHOULD confirm with the user that they
+    are happy to grant access to their matrix account to the site named
+    in the `redirectUrl`. This can be done either *before* redirecting
+    to the SSO login page when handling the
+    `/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect`
+    endpoint, or *after* login when handling the callback from the
+    authentication server. (If the check is performed before
+    redirecting, it is particularly important that the homeserver guards
+    against unsolicited authentication attempts as below).
+
+    It may be appropriate to whitelist a set of known-trusted client
+    URLs in this process. In particular, the homeserver's own [login
+    fallback](#login-fallback) implementation could be excluded.
+
+2.  For added security, homeservers SHOULD guard against unsolicited
+    authentication attempts by tracking pending requests. One way to do
+    this is to set a cookie when handling
+    `/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect`, which
+    is checked and cleared when handling the callback from the
+    authentication server.
+
+#### SSO during User-Interactive Authentication
+
+[User-interactive authentication](#user-interactive-authentication-api) is used by client-server endpoints
+which require additional confirmation of the user's identity (beyond
+holding an access token). Typically this means that the user must
+re-enter their password, but for homeservers which delegate to an SSO
+server, this means redirecting to the authentication server during
+user-interactive auth.
+
+The implemementation of this is based on the [Fallback](#fallback) mechanism for
+user-interactive auth.
+
+#### Client behaviour
+
+Clients do not need to take any particular additional steps beyond
+ensuring that the fallback mechanism has been implemented, and treating
+the `m.login.sso` authentication type the same as any other unknown type
+(i.e. they should open a browser window for
+`/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web?session=<session_id>`.
+Once the flow has completed, the client retries the request with the
+session only.)
+
+#### Server behaviour
+
+##### Redirecting to the Authentication server
+
+The server should handle
+`/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web`
+in much the same way as
+`/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect`, which is to
+say:
+
+1.  It should build a suitable request for the SSO system.
+2.  It should store enough state that the flow can be securely resumed
+    after the SSO process completes. One way to do this is by storing a
+    cookie which is stored in the user's browser, by adding a
+    `Set-Cookie` header to the response.
+3.  It should redirect the user's browser to the SSO login page with the
+    appropriate parameters.
+
+See also the "Security considerations" below.
+
+###### Handling the callback from the Authentication server
+
+Note that there will normally be a single callback URI which is used for
+both login and user-interactive authentication: it is up to the
+homeserver implementation to distinguish which is taking place.
+
+The homeserver should validate the response from the SSO system: this
+may require additional calls to the authentication server, and/or may
+require checking a signature on the response.
+
+The homeserver then returns the [user-interactive authentication
+fallback completion](#fallback) page to the user's browser.
+
+###### Security considerations
+
+1.  Confirming the operation
+
+    The homeserver SHOULD confirm that the user is happy for the
+    operation to go ahead. The goal of the user-interactive
+    authentication operation is to guard against a compromised
+    `access_token` being used to take over the user's account. Simply
+    redirecting the user to the SSO system is insufficient, since they
+    may not realise what is being asked of them, or the SSO system may
+    even confirm the authentication automatically.
+
+    For example, the homeserver might serve a page with words to the
+    effect of:
+
+    > A client is trying to remove a device from your account. To
+    > confirm this action, re-authenticate with single sign-on. If you
+    > did not expect this, your account may be compromised!
+
+    This confirmation could take place before redirecting to the SSO
+    authentication page (when handling the
+    `/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web`
+    endpoint), or *after* authentication when handling the callback from
+    the authentication server. (If the check is performed before
+    redirecting, it is particularly important that the homeserver guards
+    against unsolicited authentication attempts as below).
+
+2.  For added security, homeservers SHOULD guard against unsolicited
+    authentication attempts by tracking pending requests. One way to do
+    this is to set a cookie when handling
+    `/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web`,
+    which is checked and cleared when handling the callback from the
+    authentication server.
diff --git a/content/client-server-api/modules/stickers.md b/content/client-server-api/modules/stickers.md
new file mode 100644
index 00000000000..234ebba25fb
--- /dev/null
+++ b/content/client-server-api/modules/stickers.md
@@ -0,0 +1,40 @@
+---
+type: module
+weight: 250
+---
+
+### Sticker Messages
+
+This module allows users to send sticker messages in to rooms or direct
+messaging sessions.
+
+Sticker messages are specialised image messages that are displayed
+without controls (e.g. no "download" link, or light-box view on click,
+as would be displayed for for [m.image](#mimage) events).
+
+Sticker messages are intended to provide simple "reaction" events in the
+message timeline. The matrix client should provide some mechanism to
+display the sticker "body" e.g. as a tooltip on hover, or in a modal
+when the sticker image is clicked.
+
+#### Events
+
+Sticker events are received as a single `m.sticker` event in the
+`timeline` section of a room, in a `/sync`.
+
+{{% event event="m.sticker" %}}
+
+#### Client behaviour
+
+Clients supporting this message type should display the image content
+from the event URL directly in the timeline.
+
+A thumbnail image should be provided in the `info` object. This is
+largely intended as a fallback for clients that do not fully support the
+`m.sticker` event type. In most cases it is fine to set the thumbnail
+URL to the same URL as the main event content.
+
+It is recommended that sticker image content should be 512x512 pixels in
+size or smaller. The dimensions of the image file should be twice the
+intended display size specified in the `info` object in order to assist
+rendering sharp images on higher DPI screens.
diff --git a/content/client-server-api/modules/tags.md b/content/client-server-api/modules/tags.md
new file mode 100644
index 00000000000..c47be0c1d9e
--- /dev/null
+++ b/content/client-server-api/modules/tags.md
@@ -0,0 +1,66 @@
+---
+type: module
+weight: 180
+---
+
+### Room Tagging
+
+Users can add tags to rooms. Tags are namespaced strings used to label
+rooms. A room may have multiple tags. Tags are only visible to the user
+that set them but are shared across all their devices.
+
+#### Events
+
+The tags on a room are received as single `m.tag` event in the
+`account_data` section of a room. The content of the `m.tag` event is a
+`tags` key whose value is an object mapping the name of each tag to
+another object.
+
+The JSON object associated with each tag gives information about the
+tag, e.g how to order the rooms with a given tag.
+
+Ordering information is given under the `order` key as a number between
+0 and 1. The numbers are compared such that 0 is displayed first.
+Therefore a room with an `order` of `0.2` would be displayed before a
+room with an `order` of `0.7`. If a room has a tag without an `order`
+key then it should appear after the rooms with that tag that have an
+`order` key.
+
+The name of a tag MUST NOT exceed 255 bytes.
+
+The tag namespace is defined as follows:
+
+-   The namespace `m.*` is reserved for tags defined in the Matrix
+    specification. Clients must ignore any tags in this namespace they
+    don't understand.
+-   The namespace `u.*` is reserved for user-defined tags. The portion
+    of the string after the `u.` is defined to be the display name of
+    this tag. No other semantics should be inferred from tags in this
+    namespace.
+-   A client or app willing to use special tags for advanced
+    functionality should namespace them similarly to state keys:
+    `tld.name.*`
+-   Any tag in the `tld.name.*` form but not matching the namespace of
+    the current client should be ignored
+-   Any tag not matching the above rules should be interpreted as a user
+    tag from the `u.*` namespace, as if the name had already had `u.`
+    stripped from the start (ie. the name of the tag is used as the
+    display name directly). These non-namespaced tags are supported for
+    historical reasons. New tags should use one of the defined
+    namespaces above.
+
+Several special names are listed in the specification: The following
+tags are defined in the `m.*` namespace:
+
+-   `m.favourite`: The user's favourite rooms. These should be shown
+    with higher precedence than other rooms.
+-   `m.lowpriority`: These should be shown with lower precedence than
+    others.
+-   `m.server_notice`: Used to identify [Server Notice
+    Rooms](#server-notices).
+
+{{% event event="m.tag" %}}
+
+#### Client Behaviour
+
+{{% http-api spec="client-server" api="tags" %}}
diff --git a/specification/modules/third_party_invites.rst b/content/client-server-api/modules/third_party_invites.md
similarity index 70%
rename from specification/modules/third_party_invites.rst
rename to content/client-server-api/modules/third_party_invites.md
index 04c3b180318..4a5c63e50c3 100644
--- a/specification/modules/third_party_invites.rst
+++ b/content/client-server-api/modules/third_party_invites.md
@@ -1,69 +1,52 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
+---
+type: module
+weight: 140
+---
 
-Third party invites
-===================
+### Third party invites
 
-.. _module:third-party-invites:
+This module adds in support for inviting new members to a room where
+their Matrix user ID is not known, instead addressing them by a third
+party identifier such as an email address. There are two flows here; one
+if a Matrix user ID is known for the third party identifier, and one if
+not. Either way, the client calls `/invite` with the details of the
+third party identifier.
 
-This module adds in support for inviting new members to a room where their
-Matrix user ID is not known, instead addressing them by a third party identifier
-such as an email address.
-There are two flows here; one if a Matrix user ID is known for the third party
-identifier, and one if not. Either way, the client calls ``/invite`` with the
-details of the third party identifier.
+The homeserver asks the identity server whether a Matrix user ID is
+known for that identifier:
 
-The homeserver asks the identity server whether a Matrix user ID is known for
-that identifier:
+-   If it is, an invite is simply issued for that user.
+-   If it is not, the homeserver asks the identity server to record the
+    details of the invitation, and to notify the invitee's homeserver of
+    this pending invitation if it gets a binding for this identifier in
+    the future. The identity server returns a token and public key to
+    the inviting homeserver.
 
-- If it is, an invite is simply issued for that user.
+When the invitee's homeserver receives the notification of the binding,
+it should insert an `m.room.member` event into the room's graph for that
+user, with `content.membership` = `invite`, as well as a
+`content.third_party_invite` property which contains proof that the
+invitee does indeed own that third party identifier. See the
+[m.room.member](#mroommember) schema for more information.
 
-- If it is not, the homeserver asks the identity server to record the details of
-  the invitation, and to notify the invitee's homeserver of this pending invitation if it gets
-  a binding for this identifier in the future. The identity server returns a token
-  and public key to the inviting homeserver.
+#### Events
 
-When the invitee's homeserver receives the notification of the binding, it
-should insert an ``m.room.member`` event into the room's graph for that user,
-with ``content.membership`` = ``invite``, as well as a
-``content.third_party_invite`` property which contains proof that the invitee
-does indeed own that third party identifier. See the `m.room.member <#m-room-member>`_
-schema for more information.
+{{% event event="m.room.third_party_invite" %}}
 
-
-Events
-------
-
-{{m_room_third_party_invite_event}}
-
-Client behaviour
-----------------
+#### Client behaviour
 
 A client asks a server to invite a user by their third party identifier.
 
-{{third_party_membership_cs_http_api}}
+{{% http-api spec="client-server" api="third_party_membership" %}}
 
-Server behaviour
-----------------
+#### Server behaviour
 
-Upon receipt of an ``/invite``, the server is expected to look up the third party
-identifier with the provided identity server. If the lookup yields a result for
-a Matrix User ID then the normal invite process can be initiated. This process
-ends up looking like this:
-
-::
+Upon receipt of an `/invite`, the server is expected to look up the
+third party identifier with the provided identity server. If the lookup
+yields a result for a Matrix User ID then the normal invite process can
+be initiated. This process ends up looking like this:
 
+```
     +---------+                         +-------------+                                    +-----------------+
     | Client  |                         | Homeserver  |                                    | IdentityServer  |
     +---------+                         +-------------+                                    +-----------------+
@@ -85,14 +68,14 @@ ends up looking like this:
         |        Complete the /invite request |                                                    |
         |<------------------------------------|                                                    |
         |                                     |                                                    |
+```
 
+However, if the lookup does not yield a bound User ID, the homeserver
+must store the invite on the identity server and emit a valid
+`m.room.third_party_invite` event to the room. This process ends up
+looking like this:
 
-However, if the lookup does not yield a bound User ID, the homeserver must store
-the invite on the identity server and emit a valid ``m.room.third_party_invite``
-event to the room. This process ends up looking like this:
-
-::
-
+```
     +---------+                         +-------------+                                               +-----------------+
     | Client  |                         | Homeserver  |                                               | IdentityServer  |
     +---------+                         +-------------+                                               +-----------------+
@@ -120,35 +103,35 @@ event to the room. This process ends up looking like this:
         |        Complete the /invite request |                                                               |
         |<------------------------------------|                                                               |
         |                                     |                                                               |
-
+```
 
 All homeservers MUST verify the signature in the event's
-``content.third_party_invite.signed`` object.
+`content.third_party_invite.signed` object.
 
-The third party user will then need to verify their identity, which results in
-a call from the identity server to the homeserver that bound the third party
-identifier to a user. The homeserver then exchanges the ``m.room.third_party_invite``
-event in the room for a complete ``m.room.member`` event for ``membership: invite``
-for the user that has bound the third party identifier.
+The third party user will then need to verify their identity, which
+results in a call from the identity server to the homeserver that bound
+the third party identifier to a user. The homeserver then exchanges the
+`m.room.third_party_invite` event in the room for a complete
+`m.room.member` event for `membership: invite` for the user that has
+bound the third party identifier.
 
 If a homeserver is joining a room for the first time because of an
-``m.room.third_party_invite``, the server which is already participating in the
-room (which is chosen as per the standard server-server specification) MUST
-validate that the public key used for signing is still valid, by checking
-``key_validity_url`` in the above described way.
+`m.room.third_party_invite`, the server which is already participating
+in the room (which is chosen as per the standard server-server
+specification) MUST validate that the public key used for signing is
+still valid, by checking `key_validity_url` in the above described way.
 
 No other homeservers may reject the joining of the room on the basis of
-``key_validity_url``, this is so that all homeservers have a consistent view of
-the room. They may, however, indicate to their clients that a member's
-membership is questionable.
+`key_validity_url`, this is so that all homeservers have a consistent
+view of the room. They may, however, indicate to their clients that a
+member's membership is questionable.
 
-For example, given H1, H2, and H3 as homeservers, UserA as a user of H1, and an
-identity server IS, the full sequence for a third party invite would look like
-the following. This diagram assumes H1 and H2 are residents of the room while
-H3 is attempting to join.
-
-::
+For example, given H1, H2, and H3 as homeservers, UserA as a user of H1,
+and an identity server IS, the full sequence for a third party invite
+would look like the following. This diagram assumes H1 and H2 are
+residents of the room while H3 is attempting to join.
 
+```
     +-------+ +-----------------+         +-----+                                          +-----+           +-----+                      +-----+
     | UserA | | ThirdPartyUser  |         | H1  |                                          | H2  |           | H3  |                      | IS  |
     +-------+ +-----------------+         +-----+                                          +-----+           +-----+                      +-----+
@@ -203,56 +186,56 @@ H3 is attempting to join.
         |              |                     |                                                |                 |                       |    |
         |              |                     |                                                |                 |<-----------------------    |
         |              |                     |                                                |                 |                            |
-
-
-Note that when H1 sends the ``m.room.member`` event to H2 and H3 it does not
-have to block on either server's receipt of the event. Likewise, H1 may complete
-the ``/exchange_third_party_invite/:roomId`` request at the same time as sending
-the ``m.room.member`` event to H2 and H3. Additionally, H3 may complete the
-``/3pid/onbind`` request it got from IS at any time - the completion is not shown
-in the diagram.
-
-H1 MUST verify the request from H3 to ensure the ``signed`` property is correct
-as well as the ``key_validity_url`` as still being valid. This is done by making
-a request to the `identity server /isvalid`_ endpoint, using the provided URL
-rather than constructing a new one. The query string and response for the provided
-URL must match the Identity Service Specification.
-
-The reason that no other homeserver may reject the event based on checking
-``key_validity_url`` is that we must ensure event acceptance is deterministic.
-If some other participating server doesn't have a network path to the keyserver,
-or if the keyserver were to go offline, or revoke its keys, that other server
-would reject the event and cause the participating servers' graphs to diverge.
-This relies on participating servers trusting each other, but that trust is
-already implied by the server-server protocol. Also, the public key signature
-verification must still be performed, so the attack surface here is minimized.
-
-Security considerations
------------------------
+```
+
+Note that when H1 sends the `m.room.member` event to H2 and H3 it does
+not have to block on either server's receipt of the event. Likewise, H1
+may complete the `/exchange_third_party_invite/:roomId` request at the
+same time as sending the `m.room.member` event to H2 and H3.
+Additionally, H3 may complete the `/3pid/onbind` request it got from IS
+at any time - the completion is not shown in the diagram.
+
+H1 MUST verify the request from H3 to ensure the `signed` property is
+correct as well as the `key_validity_url` as still being valid. This is
+done by making a request to the [identity server
+/isvalid](/identity-service-api/#get_matrixidentityv2pubkeyisvalid)
+endpoint, using the provided URL rather than constructing a new one. The
+query string and response for the provided URL must match the Identity
+Service Specification.
+
+The reason that no other homeserver may reject the event based on
+checking `key_validity_url` is that we must ensure event acceptance is
+deterministic. If some other participating server doesn't have a network
+path to the keyserver, or if the keyserver were to go offline, or revoke
+its keys, that other server would reject the event and cause the
+participating servers' graphs to diverge. This relies on participating
+servers trusting each other, but that trust is already implied by the
+server-server protocol. Also, the public key signature verification must
+still be performed, so the attack surface here is minimized.
+
+#### Security considerations
 
 There are a number of privacy and trust implications to this module.
 
-It is important for user privacy that leaking the mapping between a matrix user
-ID and a third party identifier is hard. In particular, being able to look up
-all third party identifiers from a matrix user ID (and accordingly, being able
-to link each third party identifier) should be avoided wherever possible.
-To this end, the third party identifier is not put in any event, rather an
-opaque display name provided by the identity server is put into the events.
-Clients should not remember or display third party identifiers from invites,
-other than for the use of the inviter themself.
-
-Homeservers are not required to trust any particular identity server(s). It is
-generally a client's responsibility to decide which identity servers it trusts,
-not a homeserver's. Accordingly, this API takes identity servers as input from
-end users, and doesn't have any specific trusted set. It is possible some
-homeservers may want to supply defaults, or reject some identity servers for
-*its* users, but no homeserver is allowed to dictate which identity servers
-*other* homeservers' users trust.
-
-There is some risk of denial of service attacks by flooding homeservers or
-identity servers with many requests, or much state to store. Defending against
-these is left to the implementer's discretion.
-
-
-
-.. _`identity server /isvalid`: ../identity_service/%IDENTITY_RELEASE_LABEL%.html#get-matrix-identity-v2-pubkey-isvalid
+It is important for user privacy that leaking the mapping between a
+matrix user ID and a third party identifier is hard. In particular,
+being able to look up all third party identifiers from a matrix user ID
+(and accordingly, being able to link each third party identifier) should
+be avoided wherever possible. To this end, the third party identifier is
+not put in any event, rather an opaque display name provided by the
+identity server is put into the events. Clients should not remember or
+display third party identifiers from invites, other than for the use of
+the inviter themself.
+
+Homeservers are not required to trust any particular identity server(s).
+It is generally a client's responsibility to decide which identity
+servers it trusts, not a homeserver's. Accordingly, this API takes
+identity servers as input from end users, and doesn't have any specific
+trusted set. It is possible some homeservers may want to supply
+defaults, or reject some identity servers for *its* users, but no
+homeserver is allowed to dictate which identity servers *other*
+homeservers' users trust.
+
+There is some risk of denial of service attacks by flooding homeservers
+or identity servers with many requests, or much state to store.
+Defending against these is left to the implementer's discretion.
diff --git a/content/client-server-api/modules/third_party_networks.md b/content/client-server-api/modules/third_party_networks.md
new file mode 100644
index 00000000000..40ca1883ec3
--- /dev/null
+++ b/content/client-server-api/modules/third_party_networks.md
@@ -0,0 +1,22 @@
+---
+type: module
+weight: 270
+---
+
+### Third Party Networks
+
+Application services can provide access to third party networks via
+bridging. This allows Matrix users to communicate with users on other
+communication platforms, with messages ferried back and forth by the
+application service. A single application service may bridge multiple
+third party networks, and many individual locations within those
+networks. A single third party network location may be bridged to
+multiple Matrix rooms.
+
+#### Third Party Lookups
+
+A client may wish to provide a rich interface for joining third party
+locations and connecting with third party users. Information necessary
+for such an interface is provided by third party lookups.
+
+{{% http-api spec="client-server" api="third_party_lookup" %}}
diff --git a/content/client-server-api/modules/typing_notifications.md b/content/client-server-api/modules/typing_notifications.md
new file mode 100644
index 00000000000..b9254cdb909
--- /dev/null
+++ b/content/client-server-api/modules/typing_notifications.md
@@ -0,0 +1,41 @@
+---
+type: module
+weight: 30
+---
+
+### Typing Notifications
+
+Users may wish to be informed when another user is typing in a room.
+This can be achieved using typing notifications. These are ephemeral
+events scoped to a `room_id`. This means they do not form part of the
+[Event Graph](index.html#event-graphs) but still have a `room_id` key.
+
+#### Events
+
+{{% event event="m.typing" %}}
+
+#### Client behaviour
+
+When a client receives an `m.typing` event, it MUST use the user ID list
+to **REPLACE** its knowledge of every user who is currently typing. The
+reason for this is that the server *does not remember* users who are not
+currently typing as that list gets big quickly. The client should mark
+as not typing any user ID who is not in that list.
+
+It is recommended that clients store a `boolean` indicating whether the
+user is typing or not. Whilst this value is `true` a timer should fire
+periodically every N seconds to send a typing HTTP request. The value of
+N is recommended to be no more than 20-30 seconds. This request should
+be re-sent by the client to continue informing the server the user is
+still typing. As subsequent requests will replace older requests, a
+safety margin of 5 seconds before the expected timeout runs out is
+recommended. When the user stops typing, the state change of the
+`boolean` to `false` should trigger another HTTP request to inform the
+server that the user has stopped typing.
+
+{{% http-api spec="client-server" api="typing" %}}
+
+#### Security considerations
+
+Clients may not wish to inform everyone in a room that they are typing
+and instead only specific users in the room.
diff --git a/content/client-server-api/modules/voip_events.md b/content/client-server-api/modules/voip_events.md
new file mode 100644
index 00000000000..db33eb4c039
--- /dev/null
+++ b/content/client-server-api/modules/voip_events.md
@@ -0,0 +1,91 @@
+---
+type: module
+weight: 20
+---
+
+### Voice over IP
+
+This module outlines how two users in a room can set up a Voice over IP
+(VoIP) call to each other. Voice and video calls are built upon the
+WebRTC 1.0 standard. Call signalling is achieved by sending [message
+events](#events) to the room. In this version of the spec, only two-party
+communication is supported (e.g. between two peers, or between a peer
+and a multi-point conferencing unit). This means that clients MUST only
+send call events to rooms with exactly two participants.
+
+#### Events
+
+{{% event-group group_name="m.call" %}}
+
+#### Client behaviour
+
+A call is set up with message events exchanged as follows:
+
+```
+    Caller                    Callee
+    [Place Call]
+    m.call.invite ----------->
+    m.call.candidate -------->
+    [..candidates..] -------->
+                            [Answers call]
+           <--------------- m.call.answer
+     [Call is active and ongoing]
+           <--------------- m.call.hangup
+```
+
+Or a rejected call:
+
+```
+    Caller                      Callee
+    m.call.invite ------------>
+    m.call.candidate --------->
+    [..candidates..] --------->
+                             [Rejects call]
+             <-------------- m.call.hangup
+```
+
+Calls are negotiated according to the WebRTC specification.
+
+##### Glare
+
+"Glare" is a problem which occurs when two users call each other at
+roughly the same time. This results in the call failing to set up as
+there already is an incoming/outgoing call. A glare resolution algorithm
+can be used to determine which call to hangup and which call to answer.
+If both clients implement the same algorithm then they will both select
+the same call and the call will be successfully connected.
+
+As calls are "placed" to rooms rather than users, the glare resolution
+algorithm outlined below is only considered for calls which are to the
+same room. The algorithm is as follows:
+
+-   If an `m.call.invite` to a room is received whilst the client is
+    **preparing to send** an `m.call.invite` to the same room:
+    -   the client should cancel its outgoing call and instead
+        automatically accept the incoming call on behalf of the user.
+-   If an `m.call.invite` to a room is received **after the client has
+    sent** an `m.call.invite` to the same room and is waiting for a
+    response:
+    -   the client should perform a lexicographical comparison of the
+        call IDs of the two calls and use the *lesser* of the two calls,
+        aborting the greater. If the incoming call is the lesser, the
+        client should accept this call on behalf of the user.
+
+The call setup should appear seamless to the user as if they had simply
+placed a call and the other party had accepted. This means any media
+stream that had been setup for use on a call should be transferred and
+used for the call that replaces it.
+
+#### Server behaviour
+
+The homeserver MAY provide a TURN server which clients can use to
+contact the remote party. The following HTTP API endpoints will be used
+by clients in order to get information about the TURN server.
+
+{{% http-api spec="client-server" api="voip" %}}
+
+#### Security considerations
+
+Calls should only be placed to rooms with one other user in them. If
+they are placed to group chat rooms it is possible that another user
+will intercept and answer the call.
diff --git a/content/identity-service-api.md b/content/identity-service-api.md
new file mode 100644
index 00000000000..cf0536aba99
--- /dev/null
+++ b/content/identity-service-api.md
@@ -0,0 +1,400 @@
+---
+title: "Identity Service API"
+weight: 40
+type: docs
+---
+
+The Matrix client-server and server-server APIs are largely expressed in
+Matrix user identifiers. From time to time, it is useful to refer to
+users by other ("third-party") identifiers, or "3PID"s, e.g. their email
+address or phone number. This Identity Service Specification describes
+how mappings between third-party identifiers and Matrix user identifiers
+can be established, validated, and used. This description technically
+may apply to any 3PID, but in practice has only been applied
+specifically to email addresses and phone numbers.
+
+## General principles
+
+The purpose of an identity server is to validate, store, and answer
+questions about the identities of users. In particular, it stores
+associations of the form "identifier X represents the same user as
+identifier Y", where identities may exist on different systems (such as
+email addresses, phone numbers, Matrix user IDs, etc).
+
+The identity server has some private-public keypairs. When asked about
+an association, it will sign details of the association with its private
+key. Clients may validate the assertions about associations by verifying
+the signature with the public key of the identity server.
+
+In general, identity servers are treated as reliable oracles. They do
+not necessarily provide evidence that they have validated associations,
+but claim to have done so. Establishing the trustworthiness of an
+individual identity server is left as an exercise for the client.
+
+3PID types are described in [3PID Types](/appendices#pid-types)
+Appendix.
+
+## API standards
+
+The mandatory baseline for identity server communication in Matrix is
+exchanging JSON objects over HTTP APIs. HTTPS is required for
+communication, and all API calls use a Content-Type of
+`application/json`. In addition, strings MUST be encoded as UTF-8.
+
+Any errors which occur at the Matrix API level MUST return a "standard
+error response". This is a JSON object which looks like:
+
+```json
+{
+  "errcode": "<error code>",
+  "error": "<error message>"
+}
+```
+
+The `error` string will be a human-readable error message, usually a
+sentence explaining what went wrong. The `errcode` string will be a
+unique string which can be used to handle an error message e.g.
+`M_FORBIDDEN`. There may be additional keys depending on the error, but
+the keys `error` and `errcode` MUST always be present.
+
+Some standard error codes are below:
+
+`M_NOT_FOUND`
+The resource requested could not be located.
+
+`M_MISSING_PARAMS`
+The request was missing one or more parameters.
+
+`M_INVALID_PARAM`
+The request contained one or more invalid parameters.
+
+`M_SESSION_NOT_VALIDATED`
+The session has not been validated.
+
+`M_NO_VALID_SESSION`
+A session could not be located for the given parameters.
+
+`M_SESSION_EXPIRED`
+The session has expired and must be renewed.
+
+`M_INVALID_EMAIL`
+The email address provided was not valid.
+
+`M_EMAIL_SEND_ERROR`
+There was an error sending an email. Typically seen when attempting to
+verify ownership of a given email address.
+
+`M_INVALID_ADDRESS`
+The provided third party address was not valid.
+
+`M_SEND_ERROR`
+There was an error sending a notification. Typically seen when
+attempting to verify ownership of a given third party address.
+
+`M_UNRECOGNIZED`
+The request contained an unrecognised value, such as an unknown token or
+medium.
+
+`M_THREEPID_IN_USE`
+The third party identifier is already in use by another user. Typically
+this error will have an additional `mxid` property to indicate who owns
+the third party identifier.
+
+`M_UNKNOWN`
+An unknown error has occurred.
+
+{{% http-api spec="identity" api="versions" %}}
+
+## Privacy
+
+Identity is a privacy-sensitive issue. While the identity server exists
+to provide identity information, access should be restricted to avoid
+leaking potentially sensitive data. In particular, being able to
+construct large-scale connections between identities should be avoided.
+To this end, in general APIs should allow a 3PID to be mapped to a
+Matrix user identity, but not in the other direction (i.e. one should
+not be able to get all 3PIDs associated with a Matrix user ID, or get
+all 3PIDs associated with a 3PID).
+
+## Web browser clients
+
+It is realistic to expect that some clients will be written to be run
+within a web browser or similar environment. In these cases, the
+identity server should respond to pre-flight requests and supply
+Cross-Origin Resource Sharing (CORS) headers on all requests.
+
+When a client approaches the server with a pre-flight (OPTIONS) request,
+the server should respond with the CORS headers for that route. The
+recommended CORS headers to be returned by servers on all requests are:
+
+    Access-Control-Allow-Origin: *
+    Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
+    Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
+
+## Authentication
+
+Most endpoints in the Identity Service API require authentication
+in order to ensure that the requesting user has accepted all relevant
+policies and is otherwise permitted to make the request.
+
+Identity Servers use a scheme similar to the Client-Server API's concept
+of access tokens to authenticate users. The access tokens provided by an
+Identity Server cannot be used to authenticate Client-Server API
+requests.
+
+An access token is provided to an endpoint in one of two ways:
+
+1.  Via a query string parameter, `access_token=TheTokenHere`.
+2.  Via a request header, `Authorization: Bearer TheTokenHere`.
+
+Clients are encouraged to the use the `Authorization` header where
+possible to prevent the access token being leaked in access/HTTP logs.
+The query string should only be used in cases where the `Authorization`
+header is inaccessible for the client.
+
+When credentials are required but missing or invalid, the HTTP call will
+return with a status of 401 and the error code `M_UNAUTHORIZED`.
+
+{{% http-api spec="identity" api="v2_auth" %}}
+
+## Terms of service
+
+Identity Servers are encouraged to have terms of service (or similar
+policies) to ensure that users have agreed to their data being processed
+by the server. To facilitate this, an identity server can respond to
+almost any authenticated API endpoint with an HTTP 403 and the error
+code `M_TERMS_NOT_SIGNED`. The error code is used to indicate that the
+user must accept new terms of service before being able to continue.
+
+All endpoints which support authentication can return the
+`M_TERMS_NOT_SIGNED` error. When clients receive the error, they are
+expected to make a call to `GET /terms` to find out what terms the
+server offers. The client compares this to the `m.accepted_terms`
+account data for the user (described later) and presents the user with
+option to accept the still-missing terms of service. After the user has
+made their selection, if applicable, the client sends a request to
+`POST /terms` to indicate the user's acceptance. The server cannot
+expect that the client will send acceptance for all pending terms, and
+the client should not expect that the server will not respond with
+another `M_TERMS_NOT_SIGNED` on their next request. The terms the user
+has just accepted are appended to `m.accepted_terms`.
+
+{{% event event="m.accepted_terms" %}}
+
+{{% http-api spec="identity" api="v2_terms" %}}
+
+## Status check
+
+{{% http-api spec="identity" api="v2_ping" %}}
+
+## Key management
+
+An identity server has some long-term public-private keypairs. These are
+named in a scheme `algorithm:identifier`, e.g. `ed25519:0`. When signing
+an association, the standard [Signing
+JSON](/appendices#signing-json) algorithm applies.
+
+The identity server may also keep track of some short-term
+public-private keypairs, which may have different usage and lifetime
+characteristics than the service's long-term keys.
+
+{{% http-api spec="identity" api="v2_pubkey" %}}
+
+## Association lookup
+
+{{% http-api spec="identity" api="v2_lookup" %}}
+
+### Client behaviour
+
+Prior to performing a lookup clients SHOULD make a request to the
+`/hash_details` endpoint to determine what algorithms the server
+supports (described in more detail below). The client then uses this
+information to form a `/lookup` request and receive known bindings from
+the server.
+
+Clients MUST support at least the `sha256` algorithm.
+
+### Server behaviour
+
+Servers, upon receipt of a `/lookup` request, will compare the query
+against known bindings it has, hashing the identifiers it knows about as
+needed to verify exact matches to the request.
+
+Servers MUST support at least the `sha256` algorithm.
+
+### Algorithms
+
+Some algorithms are defined as part of the specification, however other
+formats can be negotiated between the client and server using
+`/hash_details`.
+
+#### `sha256`
+
+This algorithm MUST be supported by clients and servers at a minimum. It
+is additionally the preferred algorithm for lookups.
+
+When using this algorithm, the client converts the query first into
+strings separated by spaces in the format `<address> <medium> <pepper>`.
+The `<pepper>` is retrieved from `/hash_details`, the `<medium>` is
+typically `email` or `msisdn` (both lowercase), and the `<address>` is
+the 3PID to search for. For example, if the client wanted to know about
+`alice@example.org`'s bindings, it would first format the query as
+`alice@example.org email ThePepperGoesHere`.
+
+{{% boxes/rationale %}}
+Mediums and peppers are appended to the address to prevent a common
+prefix for each 3PID, helping prevent attackers from pre-computing the
+internal state of the hash function.
+{{% /boxes/rationale %}}
+
+After formatting each query, the string is run through SHA-256 as
+defined by [RFC 4634](https://tools.ietf.org/html/rfc4634). The
+resulting bytes are then encoded using URL-Safe [Unpadded
+Base64](/appendices#unpadded-base64) (similar to [room version
+4's event ID format](/rooms/v4#event-ids)).
+
+An example set of queries when using the pepper `matrixrocks` would be:
+
+    "alice@example.com email matrixrocks" -> "4kenr7N9drpCJ4AfalmlGQVsOn3o2RHjkADUpXJWZUc"
+    "bob@example.com email matrixrocks"   -> "LJwSazmv46n0hlMlsb_iYxI0_HXEqy_yj6Jm636cdT8"
+    "18005552067 msisdn matrixrocks"      -> "nlo35_T5fzSGZzJApqu8lgIudJvmOQtDaHtr-I4rU7I"
+
+The set of hashes is then given as the `addresses` array in `/lookup`.
+Note that the pepper used MUST be supplied as `pepper` in the `/lookup`
+request.
+
+#### `none`
+
+This algorithm performs plaintext lookups on the identity server.
+Typically this algorithm should not be used due to the security concerns
+of unhashed identifiers, however some scenarios (such as LDAP-backed
+identity servers) prevent the use of hashed identifiers. Identity
+servers (and optionally clients) can use this algorithm to perform those
+kinds of lookups.
+
+Similar to the `sha256` algorithm, the client converts the queries into
+strings separated by spaces in the format `<address> <medium>` - note
+the lack of `<pepper>`. For example, if the client wanted to know about
+`alice@example.org`'s bindings, it would format the query as
+`alice@example.org email`.
+
+The formatted strings are then given as the `addresses` in `/lookup`.
+Note that the `pepper` is still required, and must be provided to ensure
+the client has made an appropriate request to `/hash_details` first.
+
+### Security considerations
+
+{{% boxes/note %}}
+[MSC2134](https://github.com/matrix-org/matrix-doc/pull/2134) has much
+more information about the security considerations made for this section
+of the specification. This section covers the high-level details for why
+the specification is the way it is.
+{{% /boxes/note %}}
+
+Typically the lookup endpoint is used when a client has an unknown 3PID
+it wants to find a Matrix User ID for. Clients normally do this kind of
+lookup when inviting new users to a room or searching a user's address
+book to find any Matrix users they may not have discovered yet. Rogue or
+malicious identity servers could harvest this unknown information and do
+nefarious things with it if it were sent in plain text. In order to
+protect the privacy of users who might not have a Matrix identifier
+bound to their 3PID addresses, the specification attempts to make it
+difficult to harvest 3PIDs.
+
+{{% boxes/rationale %}}
+Hashing identifiers, while not perfect, helps make the effort required
+to harvest identifiers significantly higher. Phone numbers in particular
+are still difficult to protect with hashing, however hashing is
+objectively better than not.
+
+An alternative to hashing would be using bcrypt or similar with many
+rounds, however by nature of needing to serve mobile clients and clients
+on limited hardware the solution needs be kept relatively lightweight.
+{{% /boxes/rationale %}}
+
+Clients should be cautious of servers not rotating their pepper very
+often, and potentially of servers which use a weak pepper - these
+servers may be attempting to brute force the identifiers or use rainbow
+tables to mine the addresses. Similarly, clients which support the
+`none` algorithm should consider at least warning the user of the risks
+in sending identifiers in plain text to the identity server.
+
+Addresses are still potentially reversable using a calculated rainbow
+table given some identifiers, such as phone numbers, common email
+address domains, and leaked addresses are easily calculated. For
+example, phone numbers can have roughly 12 digits to them, making them
+an easier target for attack than email addresses.
+
+## Establishing associations
+
+The flow for creating an association is session-based.
+
+Within a session, one may prove that one has ownership of a 3PID. Once
+this has been established, the user can form an association between that
+3PID and a Matrix user ID. Note that this association is only proved one
+way; a user can associate *any* Matrix user ID with a validated 3PID,
+i.e. I can claim that any email address I own is associated with
+@billg:microsoft.com.
+
+Sessions are time-limited; a session is considered to have been modified
+when it was created, and then when a validation is performed within it.
+A session can only be checked for validation, and validation can only be
+performed within a session, within a 24-hour period since its most
+recent modification. Any attempts to perform these actions after the
+expiry will be rejected, and a new session should be created and used
+instead.
+
+To start a session, the client makes a request to the appropriate
+`/requestToken` endpoint. The identity server then sends a validation
+token to the user, and the user provides the token to the client. The
+client then provides the token to the appropriate `/submitToken`
+endpoint, completing the session. At this point, the client should
+`/bind` the third party identifier or leave it for another entity to
+bind.
+
+### Format of a validation token
+
+The format of the validation token is left up to the identity server: it
+should choose one appropriate to the 3PID type. (For example, it would
+be inappropriate to expect a user to copy a long passphrase including
+punctuation from an SMS message into a client.)
+
+Whatever format the identity server uses, the validation token must
+consist of at most 255 Unicode codepoints. Clients must pass the token
+through without modification.
+
+### Email associations
+
+{{% http-api spec="identity" api="v2_email_associations" %}}
+
+### Phone number associations
+
+{{% http-api spec="identity" api="v2_phone_associations" %}}
+
+### General
+
+{{% http-api spec="identity" api="v2_associations" %}}
+
+## Invitation storage
+
+An identity server can store pending invitations to a user's 3PID, which
+will be retrieved and can be either notified on or look up when the 3PID
+is associated with a Matrix user ID.
+
+At a later point, if the owner of that particular 3PID binds it with a
+Matrix user ID, the identity server will attempt to make an HTTP POST to
+the Matrix user's homeserver via the
+[/3pid/onbind](/server-server-api#put_matrixfederationv13pidonbind)
+endpoint. The request MUST be signed with a long-term private key for
+the identity server.
+
+{{% http-api spec="identity" api="v2_store_invite" %}}
+
+## Ephemeral invitation signing
+
+To aid clients who may not be able to perform crypto themselves, the
+identity server offers some crypto functionality to help in accepting
+invitations. This is less secure than the client doing it itself, but
+may be useful where this isn't possible.
+
+{{% http-api spec="identity" api="v2_invitation_signing" %}}
diff --git a/content/proposals.md b/content/proposals.md
new file mode 100644
index 00000000000..4a23670184f
--- /dev/null
+++ b/content/proposals.md
@@ -0,0 +1,523 @@
+---
+title: "Spec Change Proposals"
+weight: 60
+type: docs
+---
+
+If you are interested in submitting a change to the Matrix
+Specification, please take note of the following guidelines.
+
+Most changes to the Specification require a formal proposal. Bug fixes,
+typos, and clarifications to existing behaviour do not need proposals -
+see the [contributing
+guide](https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst)
+for more information on what does and does not need a proposal.
+
+The proposal process involves some technical writing, having it reviewed
+by everyone, having the proposal being accepted, then actually having
+your ideas implemented as committed changes to the [Specification
+repository](https://github.com/matrix-org/matrix-doc).
+
+Meet the [members of the Core Team](https://matrix.org/foundation), a
+group of individuals tasked with ensuring the spec process is as smooth
+and painless as possible. Members of the Spec Core Team will do their
+best to participate in discussion, summarise when things become
+long-winded, and generally try to act towards the benefit of everyone.
+As a majority, team members have the ability to change the state of a
+proposal, and individually have the final say in proposal discussion.
+
+## Guiding Principles
+
+Proposals **must** act to the greater benefit of the entire Matrix
+ecosystem, rather than benefiting or privileging any single player or
+subset of players -and must not contain any patent encumbered
+intellectual property. Members of the Core Team pledge to act as a
+neutral custodian for Matrix on behalf of the whole ecosystem.
+
+For clarity: the Matrix ecosystem is anyone who uses the Matrix
+protocol. That includes client users, server admins, client developers,
+bot developers, bridge and application service developers, users and
+admins who are indirectly using Matrix via 3rd party networks which
+happen to be bridged, server developers, room moderators and admins,
+companies/projects building products or services on Matrix, spec
+contributors, translators, and those who created it in the first place.
+
+"Greater benefit" could include maximising:
+
+-   the number of end-users reachable on the open Matrix network
+-   the number of regular users on the Matrix network (e.g. 30-day
+    retained federated users)
+-   the number of online servers in the open federation
+-   the number of developers building on Matrix
+-   the number of independent implementations which use Matrix
+-   the number of bridged end-users reachable on the open Matrix network
+-   the signal-to-noise ratio of the content on the open Matrix network
+    (i.e. minimising spam)
+-   the ability for users to discover content on their terms (empowering
+    them to select what to see and what not to see)
+-   the quality and utility of the Matrix spec (as defined by ease and
+    ability with which a developer can implement spec-compliant clients,
+    servers, bots, bridges, and other integrations without needing to
+    refer to any other external material)
+
+In addition, proposal authors are expected to uphold the following
+values in their proposed changes to the Matrix protocol:
+
+-   Supporting the whole long-term ecosystem rather than individual
+    stakeholder gain
+-   Openness rather than proprietary lock-in
+-   Interoperability rather than fragmentation
+-   Cross-platform rather than platform-specific
+-   Collaboration rather than competition
+-   Accessibility rather than elitism
+-   Transparency rather than stealth
+-   Empathy rather than contrariness
+-   Pragmatism rather than perfection
+-   Proof rather than conjecture
+
+Please [see
+MSC1779](https://github.com/matrix-org/matrix-doc/blob/master/proposals/1779-open-governance.md)
+for full details of the project's Guiding Principles.
+
+## Technical notes
+
+Proposals **must** develop Matrix as a layered protocol: with new
+features building on layers of shared abstractions rather than
+introducing tight vertical coupling within the stack. This ensures that
+new features can evolve rapidly by building on existing layers and
+swapping out old features without impacting the rest of the stack or
+requiring substantial upgrades to the whole ecosystem. This is critical
+for Matrix to rapidly evolve and compete effectively with centralised
+systems, despite being a federated protocol.
+
+For instance, new features should be implemented using the highest layer
+abstractions possible (e.g. new event types, which layer on top of the
+existing room semantics, and so don't even require any API changes).
+Failing that, the next recourse would be backwards-compatible changes to
+the next layer down (e.g. room APIs); failing that, considering changes
+to the format of events or the DAG; etc. It would be a very unusual
+feature which doesn't build on the existing infrastructure provided by
+the spec and instead created new primitives or low level APIs.
+
+Backwards compatibility is very important for Matrix, but not at the
+expense of hindering the protocol's evolution. Backwards incompatible
+changes to endpoints are allowed when no other alternative exists, and
+must be versioned under a new major release of the API. Backwards
+incompatible changes to the room algorithm are also allowed when no
+other alternative exists, and must be versioned under a new version of
+the room algorithm.
+
+There is sometimes a dilemma over where to include higher level
+features: for instance, should video conferencing be formalised in the
+spec, or should it be implemented via widgets? Should reputation systems
+be specified? Should search engine behaviour be specified?
+
+There is no universal answer to this, but the following guidelines
+should be applied:
+
+1.  If the feature would benefit the whole Matrix ecosystem and is
+    aligned with the guiding principles above, then it should be
+    supported by the spec.
+2.  If the spec already makes the feature possible without changing any
+    of the implementations and spec, then it may not need to be added to
+    the spec.
+3.  However, if the best user experience for a feature does require
+    custom implementation behaviour then the behaviour should be defined
+    in the spec such that all implementations may implement it.
+4.  However, the spec must never add dependencies on
+    unspecified/nonstandardised 3rd party behaviour.
+
+As a worked example:
+
+1.  Video conferencing is clearly a feature which would benefit the
+    whole ecosystem, and so the spec should find a way to make it
+    happen.
+2.  Video conferencing can be achieved by widgets without requiring any
+    compulsory changes to clients nor servers to work, and so could be
+    omitted from the spec.
+3.  A better experience could be achieved by embedding Jitsi natively
+    into clients rather than using a widget...
+4.  ...except that would add a dependency on unspecified/nonstandardised
+    3rd party behaviour, so must not be added to the spec.
+
+Therefore, our two options in the specific case of video conferencing
+are either to spec SFU conferencing semantics for WebRTC (or refer to an
+existing spec for doing so), or to keep it as a widget-based approach
+(optionally with widget extensions specific for more deeply integrating
+video conferencing use cases).
+
+As an alternative example: it's very unlikely that "how to visualise
+Magnetic Resonance Imaging data over Matrix" would ever be added to the
+Matrix spec (other than perhaps a custom event type in a wider
+standardised Matrix event registry) given that the spec's existing
+primitives of file transfer and extensible events (MSC1767) give
+excellent tools for transferring and visualising arbitrary rich data.
+
+Supporting public search engines are likely to not require custom spec
+features (other than possibly better bulk access APIs), given they can
+be implemented as clients using the existing CS API. An exception could
+be API features required by decentralised search infrastructure
+(avoiding centralisation of power by a centralised search engine).
+
+Features such as reactions, threaded messages, editable messages,
+spam/abuse/content filtering (and reputation systems), are all features
+which would clearly benefit the whole Matrix ecosystem, and cannot be
+implemented in an interoperable way using the current spec; so they
+necessitate a spec change.
+
+## Process
+
+The process for submitting a Matrix Spec Change (MSC) Proposal in detail
+is as follows:
+
+-   Create a first draft of your proposal using [GitHub-flavored
+    Markdown](https://help.github.com/articles/basic-writing-and-formatting-syntax/)
+    -   In the document, clearly state the problem being solved, and the
+        possible solutions being proposed for solving it and their
+        respective trade-offs.
+    -   Proposal documents are intended to be as lightweight and
+        flexible as the author desires; there is no formal template; the
+        intention is to iterate as quickly as possible to get to a good
+        design.
+    -   However, a [template with suggested
+        headers](https://github.com/matrix-org/matrix-doc/blob/master/proposals/0000-proposal-template.md)
+        is available to get you started if necessary.
+    -   Take care in creating your proposal. Specify your intended
+        changes, and give reasoning to back them up. Changes without
+        justification will likely be poorly received by the community.
+-   Fork and make a PR to the
+    [matrix-doc](https://github.com/matrix-org/matrix-doc) repository.
+    The ID of your PR will become the MSC ID for the lifetime of your
+    proposal.
+    -   The proposal must live in the `proposals/` directory with a
+        filename that follows the format `1234-my-new-proposal.md` where
+        `1234` is the MSC ID.
+    -   Your PR description must include a link to the rendered Markdown
+        document and a summary of the proposal.
+    -   It is often very helpful to link any related MSCs or [matrix-doc
+        issues](https://github.com/matrix-org/matrix-doc/issues) to give
+        context for the proposal.
+    -   Additionally, please be sure to sign off your proposal PR as per
+        the guidelines listed on
+        [CONTRIBUTING.rst](https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst).
+-   Gather feedback as widely as possible.
+    -   The aim is to get maximum consensus towards an optimal solution.
+        Sometimes trade-offs are required to meet this goal. Decisions
+        should be made to the benefit of all major use cases.
+    -   A good place to ask for feedback on a specific proposal is
+        [\#matrix-spec:matrix.org](https://matrix.to/#/#matrix-spec:matrix.org).
+        If preferred, an alternative room can be created and advertised
+        in \#matrix-spec:matrix.org. Please also link to the room in
+        your PR description.
+    -   For additional discussion areas, know that
+        \#matrix-dev:matrix.org is for developers using existing Matrix
+        APIs, \#matrix:matrix.org is for users trying to run Matrix apps
+        (clients & servers) and \#matrix-architecture:matrix.org is for
+        cross-cutting discussion of Matrix's architectural design.
+    -   The point of the spec proposal process is to be collaborative
+        rather than competitive, and to try to solve the problem in
+        question with the optimal set of trade-offs. The author should
+        neutrally gather the various viewpoints and get consensus, but
+        this can sometimes be time-consuming (or the author may be
+        biased), in which case an impartial 'shepherd' can be assigned
+        to help guide the proposal through this process instead. A
+        shepherd is typically a neutral party from the Spec Core Team or
+        an experienced member of the community. There is no formal
+        process for assignment. Simply ask for a shepherd to help get
+        your proposal through and one will be assigned based on
+        availability. Having a shepherd is not a requirement for
+        proposal acceptance.
+-   Members of the Spec Core Team and community will review and discuss
+    the PR in the comments and in relevant rooms on Matrix. Discussion
+    outside of GitHub should be summarised in a comment on the PR.
+-   When a member of the Spec Core Team believes that no new discussion
+    points are being made, and the proposal has suitable evidence of
+    working (see [implementing a proposal](#implementing-a-proposal)
+    below), they will propose a motion for a final comment period (FCP),
+    along with a *disposition* of either merge, close or postpone. This
+    FCP is provided to allow a short period of time for any invested
+    party to provide a final objection before a major decision is made.
+    If sufficient reasoning is given, an FCP can be cancelled. It is
+    often preceded by a comment summarising the current state of the
+    discussion, along with reasoning for its occurrence.
+-   A concern can be raised by a Spec Core Team member at any time,
+    which will block an FCP from beginning. An FCP will only begin when
+    75% of the members of the Spec Core Team agree on its outcome, and
+    all existing concerns have been resolved.
+-   The FCP will then begin and last for 5 days, giving anyone else some
+    time to speak up before it concludes. If sufficient reasoning
+    against the disposition is provided, a member of the Spec Core Team can
+    raise a concern and block FCP from completing. This will not reset or
+    pause the 5 day FCP timer, but FCP will not conclude until all concerns have
+    been resolved. If sufficient change in the MSC is required to resolve those
+    concerns, FCP might be cancelled and reproposed. Once FCP has concluded,
+    the disposition of the FCP will be carried out.
+-   Once the proposal has been accepted and merged, it is time to submit
+    the actual change to the Specification that your proposal reasoned
+    about. This is known as a spec PR. However in order for the spec PR
+    to be accepted, an implementation **must** be shown to prove that it
+    works well in practice. A link to the implementation should be
+    included in the PR description. In addition, any significant
+    unforeseen changes to the original idea found during this process
+    will warrant another MSC. Any minor, non-fundamental changes are
+    allowed but **must** be documented in the original proposal
+    document. This ensures that someone reading a proposal in the future
+    doesn't assume old information that wasn't merged into the spec.
+    -   Similar to the proposal PR, please sign off the spec PR as per
+        the guidelines on
+        [CONTRIBUTING.rst](https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst).
+-   Your PR will then be reviewed and hopefully merged on the grounds it
+    is implemented sufficiently. If so, then give yourself a pat on the
+    back knowing you've contributed to the Matrix protocol for the
+    benefit of users and developers alike :)
+
+The process for handling proposals is shown visually in the following
+diagram. Note that the lifetime of a proposal is tracked through the
+corresponding labels for each stage on the
+[matrix-doc](https://github.com/matrix-org/matrix-doc) issue and pull
+request trackers.
+
+```
+                           +                          +
+         Proposals         |          Spec PRs        |  Additional States
+         +-------+         |          +------+        |  +---------------+
+                           |                          |
+ +----------------------+  |         +---------+      |    +-----------+
+ |                      |  |         |         |      |    |           |
+ |      Proposal        |  |  +------= Spec PR |      |    | Postponed |
+ | Drafting and Initial |  |  |      | Missing |      |    |           |
+ |  Feedback Gathering  |  |  |      |         |      |    +-----------+
+ |                      |  |  |      +----+----+      |
+ +----------+-----------+  |  |           |           |    +----------+
+            |              |  |           v           |    |          |
+            v              |  |  +-----------------+  |    |  Closed  |
+  +-------------------+    |  |  |                 |  |    |          |
+  |                   |    |  |  | Spec PR Created |  |    +----------+
+  |    Proposal PR    |    |  |  |  and In Review  |  |
+  |     In Review     |    |  |  |                 |  |
+  |                   |    |  |  +--------+--------+  |
+  +---------+---------+    |  |           |           |
+            |              |  |           v           |
+            v              |  |     +-----------+     |
+ +----------------------+  |  |     |           |     |
+ |                      |  |  |     |  Spec PR  |     |
+ |    Proposed Final    |  |  |     |  Merged!  |     |
+ |    Comment Period    |  |  |     |           |     |
+ |                      |  |  |     +-----------+     |
+ +----------+-----------+  |  |                       |
+            |              |  |                       |
+            v              |  |                       |
+ +----------------------+  |  |                       |
+ |                      |  |  |                       |
+ | Final Comment Period |  |  |                       |
+ |                      |  |  |                       |
+ +----------+-----------+  |  |                       |
+            |              |  |                       |
+            v              |  |                       |
+ +----------------------+  |  |                       |
+ |                      |  |  |                       |
+ | Final Comment Period |  |  |                       |
+ |       Complete       |  |  |                       |
+ |                      |  |  |                       |
+ +----------+-----------+  |  |                       |
+            |              |  |                       |
+            +-----------------+                       |
+                           |                          |
+                           +                          +
+```
+
+## Lifetime States
+
+**Note:** All labels are to be placed on the proposal PR.
+
+| Name                            | GitHub Label                    | Description                                                                                                                                                                                                                          |
+|---------------------------------|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Proposal Drafting and Feedback  | [No label](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+-label%3Aabandoned+-label%3Afinal-comment-period+-label%3Afinished-final-comment-period+-label%3Amerged+-label%3Aobsolete+-label%3Aproposal-postponed+-label%3Aproposed-final-comment-period+-label%3Aproposal-in-review+-label%3Aspec-pr-in-review+-label%3Aspec-pr-missing) | A proposal document which is still work-in-progress but is being shared to incorporate feedback. Please prefix your proposal's title with `[WIP]` to make it easier for reviewers to skim their notifications list. |
+| Proposal In Review              | [proposal-in-review](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aproposal-in-review)                          | A proposal document which is now ready and waiting for review by the Spec Core Team and community                       |
+| Proposed Final Comment Period   | [proposed-final-comment-period](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aproposed-final-comment-period+)   | Currently awaiting signoff of a 75% majority of team members in order to enter the final comment period                 |
+| Final Comment Period            | [final-comment-period](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Afinal-comment-period+)                     | A proposal document which has reached final comment period either for merge, closure or postponement                    |
+| Final Comment Period Complete   | [finished-final-comment-period](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Afinished-final-comment-period+)   | The final comment period has been completed. Waiting for a demonstration implementation                                 |
+| Spec PR Missing                 | [spec-pr-missing](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aspec-pr-missing)                                | The proposal has been agreed, and proven with a demonstration implementation. Waiting for a PR against the Spec         |
+| Spec PR In Review               | [spec-pr-in-review](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aspec-pr-in-review+)                           | The spec PR has been written, and is currently under review                                                             |
+| Spec PR Merged                  | [merged](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Amerged)                                                  | A proposal with a sufficient working implementation and whose Spec PR has been merged!                                  |
+| Postponed                       | [proposal-postponed](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aproposal-postponed+)                         | A proposal that is temporarily blocked or a feature that may not be useful currently but perhaps sometime in the future |
+| Abandoned                       | [abandoned](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aabandoned)                                      | A proposal where the author/shepherd is not responsive                                                                  |
+| Obsolete                        | [obsolete](https://github.com/matrix-org/matrix-doc/issues?q=label%3Aproposal+label%3Aobsolete+)                                             | A proposal which has been made obsolete by another proposal or decision elsewhere.                                      |
+
+## Categories
+
+We use category labels on MSCs to place them into a track of work. The
+Spec Core Team decides which of the tracks they are focusing on for the
+next while and generally makes an effort to pull MSCs out of that
+category when possible.
+
+The current categories are:
+
+| Name        | GitHub Label     | Description                           |
+|-------------|------------------|---------------------------------------|
+| Core        | kind:core        | Important for the protocol's success. |
+| Feature     | kind:feature     | Nice to have additions to the spec.   |
+| Maintenance | kind:maintenance | Fixes or clarifies existing spec.     |
+
+Some examples of core MSCs would be aggregations, cross-signing, and
+groups/communities. These are the sorts of things that if not
+implemented could cause the protocol to fail or become second-class.
+Features would be areas like enhanced media APIs, new transports, and
+bookmarks in comparison. Finally, maintenance MSCs would include
+improving error codes, clarifying what is required of an API, and adding
+properties to an API which makes it easier to use.
+
+The Spec Core Team assigns a category to each MSC based on the
+descriptions above. This can mean that new MSCs get categorized into an
+area the team isn't focused on, though that can always change as
+priorities evolve. We still encourage that MSCs be opened, even if not
+the focus for the time being, as they can still make progress and even
+be merged without the Spec Core Team focusing on them specifically.
+
+## Implementing a proposal
+
+As part of the proposal process the Spec Core Team will require evidence
+of the MSC working in order for it to move into FCP. This can usually be
+a branch/pull request to whichever implementation of choice that proves
+the MSC works in practice, though in some cases the MSC itself will be
+small enough to be considered proven. Where it's unclear if an MSC will
+require an implementation proof, ask in
+[\#matrix-spec:matrix.org](https://matrix.to/#/#matrix-spec:matrix.org).
+
+### Early release of an MSC/idea
+
+To help facilitate early releases of software dependent on a spec
+release, implementations are required to use the following process to
+ensure that the official Matrix namespace is not cluttered with
+development or testing data.
+
+**Note:** Unreleased implementations (including proofs-of-concept demonstrating
+that a particular MSC works) do not have to follow this process.
+
+1.  Have an idea for a feature.
+1.  Implement the feature using unstable endpoints, vendor prefixes, and
+    unstable feature flags as appropriate.
+    -   When using unstable endpoints, they MUST include a vendor
+        prefix. For example:
+        `/_matrix/client/unstable/com.example/login`. Vendor prefixes
+        throughout Matrix always use the Java package naming convention.
+        The MSC for the feature should identify which preferred vendor
+        prefix is to be used by early adopters.
+    -   Note that unstable namespaces do not automatically inherit
+        endpoints from stable namespaces: for example, the fact that
+        `/_matrix/client/r0/sync` exists does not imply that
+        `/_matrix/client/unstable/com.example/sync` exists.
+    -   If the client needs to be sure the server supports the feature,
+        an unstable feature flag that MUST be vendor prefixed is to be
+        used. This kind of flag shows up in the `unstable_features`
+        section of `/versions` as, for example, `com.example.new_login`.
+        The MSC for the feature should identify which preferred feature
+        flag is to be used by early adopters.
+    -   When using this approach correctly, the implementation can
+        ship/release the feature at any time, so long as the
+        implementation is able to accept the technical debt that results
+        from needing to provide adequate backwards and forwards
+        compatibility. The implementation MUST support the flag (and
+        server-side implementation) disappearing and be generally safe
+        for users. Note that implementations early in the MSC review
+        process may also be required to provide backwards compatibility
+        with earlier editions of the proposal.
+    -   If the implementation cannot support the technical debt (or if
+        it's impossible to provide forwards/backwards compatibility -
+        e.g. a user authentication change which can't be safely rolled
+        back), the implementation should not attempt to implement the
+        feature and should instead wait for a spec release.
+    -   If at any point after early release, the idea changes in a
+        backwards-incompatible way, the feature flag should also change
+        so that implementations can adapt as needed.
+1.  In parallel, or ahead of implementation, open an MSC and solicit
+    review per above.
+1.  Before FCP can be called, the Spec Core Team will require evidence
+    of the MSC working as proposed. A typical example of this is an
+    implementation of the MSC, though the implementation does not need
+    to be shipped anywhere and can therefore avoid the
+    forwards/backwards compatibility concerns mentioned here.
+1.  The FCP process is completed, and assuming nothing is flagged the
+    MSC lands.
+1.  Implementations can now switch to using stable prefixes
+    (for example, for an endpoint, moving from
+    `/unstable/org.matrix.mscxxxx/frobnicate`
+    to `/v1/frobnicate`), assuming that the change
+    is backwards compatible with older implementations. In the rare occasion
+    where backwards compatibility is not possible without a new spec release,
+    implementations should continue to use unstable prefixes.
+1.  A spec PR is written to incorporate the changes into Matrix.
+1.  A spec release happens.
+1.  A transition period of about 2 months starts immediately after the
+    spec release, before implementations start to encourage other
+    implementations to switch to stable endpoints. For example, a server
+    implementation should start asking client implementations to support
+    the stable endpoints 2 months after the spec release, if they
+    haven't already. The same applies in the reverse: if clients cannot
+    switch to stable prefixes because server implementations haven't
+    started supporting the new spec release, some noise should be raised
+    in the general direction of the implementation.
+
+{{% boxes/note %}}
+MSCs MUST still describe what the stable endpoints/feature looks like
+with a note towards the bottom for what the unstable feature
+flag/prefixes are. For example, an MSC would propose `/_matrix/client/r0/new/endpoint`, not `/_matrix/client/unstable/
+com.example/new/endpoint`.
+{{% /boxes/note %}}
+
+In summary:
+
+-   Implementations MUST NOT use stable endpoints before the MSC has
+    completed FCP. Once that has occurred, implementations are allowed
+    to use stable endpoints, but are not required to.
+-   Implementations are able to ship features that are exposed to users
+    by default before an MSC has been merged to the spec, provided they
+    follow the process above.
+-   Implementations SHOULD be wary of the technical debt they are
+    incurring by moving faster than the spec.
+-   The vendor prefix is chosen by the developer of the feature, using
+    the Java package naming convention. The foundation's preferred
+    vendor prefix is `org.matrix`.
+-   The vendor prefixes, unstable feature flags, and unstable endpoints
+    should be included in the MSC, though the MSC MUST be written in a
+    way that proposes new stable endpoints. Typically this is solved by
+    a small table at the bottom mapping the various values from stable
+    to unstable.
+
+## Proposal Tracking
+
+This is a living document generated from the list of proposals on the
+issue and pull request trackers of the
+[matrix-doc](https://github.com/matrix-org/matrix-doc) repo.
+
+We use labels and some metadata in MSC PR descriptions to generate this
+page. Labels are assigned by the Spec Core Team whilst triaging the
+proposals based on those which exist in the
+[matrix-doc](https://github.com/matrix-org/matrix-doc) repo already.
+
+It is worth mentioning that a previous version of the MSC process used a
+mixture of GitHub issues and PRs, leading to some MSC numbers deriving
+from GitHub issue IDs instead. A useful feature of GitHub is that it
+does automatically resolve to an issue, if an issue ID is placed in a
+pull URL. This means that
+<https://github.com/matrix-org/matrix-doc/pull/$MSCID> will correctly
+resolve to the desired MSC, whether it started as an issue or a PR.
+
+Other metadata:
+
+-   The MSC number is taken from the GitHub Pull Request ID. This is
+    carried for the lifetime of the proposal. These IDs do not necessary
+    represent a chronological order.
+-   The GitHub PR title will act as the MSC's title.
+-   Please link to the spec PR (if any) by adding a "PRs: \#1234" line
+    in the issue description.
+-   The creation date is taken from the GitHub PR, but can be overridden
+    by adding a "Date: yyyy-mm-dd" line in the PR description.
+-   Updated Date is taken from GitHub.
+-   Author is the creator of the MSC PR, but can be overridden by adding
+    a "Author: @username" line in the body of the issue description.
+    Please make sure @username is a GitHub user (include the @!)
+-   A shepherd can be assigned by adding a "Shepherd: @username" line in
+    the issue description. Again, make sure this is a real GitHub user.
+
+{{% proposal-tables %}}
diff --git a/content/push-gateway-api.md b/content/push-gateway-api.md
new file mode 100644
index 00000000000..541db1296e1
--- /dev/null
+++ b/content/push-gateway-api.md
@@ -0,0 +1,57 @@
+---
+title: "Push Gateway API"
+weight: 50
+type: docs
+---
+
+Clients may want to receive push notifications when events are received
+at the homeserver. This is managed by a distinct entity called the Push
+Gateway.
+
+## Overview
+
+A client's homeserver forwards information about received events to the
+push gateway. The gateway then submits a push notification to the push
+notification provider (e.g. APNS, GCM).
+
+```
+                                   +--------------------+  +-------------------+
+                  Matrix HTTP      |                    |  |                   |
+             Notification Protocol |   App Developer    |  |   Device Vendor   |
+                                   |                    |  |                   |
+           +-------------------+   | +----------------+ |  | +---------------+ |
+           |                   |   | |                | |  | |               | |
+           | Matrix homeserver +----->  Push Gateway  +------> Push Provider | |
+           |                   |   | |                | |  | |               | |
+           +-^-----------------+   | +----------------+ |  | +----+----------+ |
+             |                     |                    |  |      |            |
+    Matrix   |                     |                    |  |      |            |
+ Client/Server API  +              |                    |  |      |            |
+             |      |              +--------------------+  +-------------------+
+             |   +--+-+                                           |
+             |   |    <-------------------------------------------+
+             +---+    |
+                 |    |          Provider Push Protocol
+                 +----+
+
+         Mobile Device or Client
+```
+
+## Homeserver behaviour
+
+This describes the format used by "HTTP" pushers to send notifications
+of events to Push Gateways. If the endpoint returns an HTTP error code,
+the homeserver SHOULD retry for a reasonable amount of time using
+exponential backoff.
+
+When pushing notifications for events, the homeserver is expected to
+include all of the event-related fields in the `/notify` request. When
+the homeserver is performing a push where the `format` is
+`"event_id_only"`, only the `event_id`, `room_id`, `counts`, and
+`devices` are required to be populated.
+
+Note that most of the values and behaviour of this endpoint is described
+by the Client-Server API's [Push
+Module](/client-server-api#push-notifications).
+
+{{% http-api spec="push-gateway" api="push_notifier" %}}
diff --git a/content/rooms/_index.md b/content/rooms/_index.md
new file mode 100644
index 00000000000..80c688a211c
--- /dev/null
+++ b/content/rooms/_index.md
@@ -0,0 +1,13 @@
+---
+title: Room Versions
+type: docs
+weight: 60
+---
+
+* [Room Version 1](v1)
+* [Room Version 2](v2)
+* [Room Version 3](v3)
+* [Room Version 4](v4)
+* [Room Version 5](v5)
+* [Room Version 6](v6)
+* [Room Version 7](v7)
diff --git a/content/rooms/v1.md b/content/rooms/v1.md
new file mode 100644
index 00000000000..b76147df166
--- /dev/null
+++ b/content/rooms/v1.md
@@ -0,0 +1,285 @@
+---
+title: Room Version 1
+type: docs
+weight: 10
+---
+
+This room version is the first ever version for rooms, and contains the
+building blocks for other room versions.
+
+## Client considerations
+
+Clients may need to consider some algorithms performed by the server for
+their own implementation.
+
+### Redactions
+
+Upon receipt of a redaction event, the server must strip off any keys
+not in the following list:
+
+-   `event_id`
+-   `type`
+-   `room_id`
+-   `sender`
+-   `state_key`
+-   `content`
+-   `hashes`
+-   `signatures`
+-   `depth`
+-   `prev_events`
+-   `prev_state`
+-   `auth_events`
+-   `origin`
+-   `origin_server_ts`
+-   `membership`
+
+The content object must also be stripped of all keys, unless it is one
+of one of the following event types:
+
+-   `m.room.member` allows key `membership`.
+-   `m.room.create` allows key `creator`.
+-   `m.room.join_rules` allows key `join_rule`.
+-   `m.room.power_levels` allows keys `ban`, `events`, `events_default`,
+    `kick`, `redact`, `state_default`, `users`, `users_default`.
+-   `m.room.aliases` allows key `aliases`.
+-   `m.room.history_visibility` allows key `history_visibility`.
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the intricacies contained here. The section above
+regarding client considerations is the resource that Client-Server API
+use cases should reference.
+{{% /boxes/warning %}}
+
+The algorithms defined here should only apply to version 1 rooms. Other
+algorithms may be used by other room versions, and as such servers
+should be aware of which version room they are dealing with prior to
+executing a given algorithm.
+
+{{% boxes/warning %}}
+Although there are many rooms using room version 1, it is known to have
+undesirable effects. Servers implementing support for room version 1
+should be aware that restrictions should be generally relaxed and that
+inconsistencies may occur.
+{{% /boxes/warning %}}
+
+### State resolution
+
+{{% boxes/warning %}}
+Room version 1 is known to have bugs that can cause the state of rooms
+to reset to older versions of the room's state. For example this could
+mean that users who had joined the room may be removed from the room,
+admins and moderators could lose their power level, and users who have
+been banned from the room may be able to rejoin. Other state events such
+as the the room's name or topic could also reset to a previous version.
+
+This is fixed in the state resolution algorithm introduced in room
+version 2.
+{{% /boxes/warning %}}
+
+The room state *S*′(*E*) after an event *E* is defined in terms of the
+room state *S*(*E*) before *E*, and depends on whether *E* is a state
+event or a message event:
+
+-   If *E* is a message event, then *S*′(*E*) = *S*(*E*).
+-   If *E* is a state event, then *S*′(*E*) is *S*(*E*), except that its
+    entry corresponding to *E*'s `event_type` and `state_key` is
+    replaced by *E*'s `event_id`.
+
+The room state *S*(*E*) before *E* is the *resolution* of the set of
+states {*S*′(*E*′), *S*′(*E*″), …} consisting of the states after each
+of *E*'s `prev_event`s {*E*′, *E*″, …}.
+
+The *resolution* of a set of states is defined as follows. The resolved
+state is built up in a number of passes; here we use *R* to refer to the
+results of the resolution so far.
+
+-   Start by setting *R* to the union of the states to be resolved,
+    excluding any *conflicting* events.
+-   First we resolve conflicts between `m.room.power_levels` events. If
+    there is no conflict, this step is skipped, otherwise:
+    -   Assemble all the `m.room.power_levels` events from the states to
+        be resolved into a list.
+    -   Sort the list by ascending `depth` then descending
+        `sha1(event_id)`.
+    -   Add the first event in the list to *R*.
+    -   For each subsequent event in the list, check that the event
+        would be allowed by the authorization rules for a room in state
+        *R*. If the event would be allowed, then update *R* with the
+        event and continue with the next event in the list. If it would
+        not be allowed, stop and continue below with `m.room.join_rules`
+        events.
+-   Repeat the above process for conflicts between `m.room.join_rules`
+    events.
+-   Repeat the above process for conflicts between `m.room.member`
+    events.
+-   No other events affect the authorization rules, so for all other
+    conflicts, just pick the event with the highest depth and lowest
+    `sha1(event_id)` that passes authentication in *R* and add it to
+    *R*.
+
+A *conflict* occurs between states where those states have different
+`event_ids` for the same `(event_type, state_key)`. The events thus
+affected are said to be *conflicting* events.
+
+### Authorization rules
+
+The types of state events that affect authorization are:
+
+-   `m.room.create`
+-   `m.room.member`
+-   `m.room.join_rules`
+-   `m.room.power_levels`
+-   `m.room.third_party_invite`
+
+{{% boxes/note %}}
+Power levels are inferred from defaults when not explicitly supplied.
+For example, mentions of the `sender`'s power level can also refer to
+the default power level for users in the room.
+{{% /boxes/note %}}
+
+The rules are as follows:
+
+1.  If type is `m.room.create`:
+    1.  If it has any previous events, reject.
+    2.  If the domain of the `room_id` does not match the domain of the
+        `sender`, reject.
+    3.  If `content.room_version` is present and is not a recognised
+        version, reject.
+    4.  If `content` has no `creator` field, reject.
+    5.  Otherwise, allow.
+2.  Reject if event has `auth_events` that:
+    1.  have duplicate entries for a given `type` and `state_key` pair
+    2.  have entries whose `type` and `state_key` don't match those
+        specified by the [auth events
+        selection](/server-server-api#auth-events-selection)
+        algorithm described in the server specification.
+3.  If event does not have a `m.room.create` in its `auth_events`,
+    reject.
+4.  If type is `m.room.aliases`:
+    1.  If event has no `state_key`, reject.
+    2.  If sender's domain doesn't matches `state_key`, reject.
+    3.  Otherwise, allow.
+5.  If type is `m.room.member`:
+    1.  If no `state_key` key or `membership` key in `content`, reject.
+    2.  If `membership` is `join`:
+        1.  If the only previous event is an `m.room.create` and the
+            `state_key` is the creator, allow.
+        2.  If the `sender` does not match `state_key`, reject.
+        3.  If the `sender` is banned, reject.
+        4.  If the `join_rule` is `invite` then allow if membership
+            state is `invite` or `join`.
+        5.  If the `join_rule` is `public`, allow.
+        6.  Otherwise, reject.
+    3.  If `membership` is `invite`:
+        1.  If `content` has `third_party_invite` key:
+            1.  If *target user* is banned, reject.
+            2.  If `content.third_party_invite` does not have a `signed`
+                key, reject.
+            3.  If `signed` does not have `mxid` and `token` keys,
+                reject.
+            4.  If `mxid` does not match `state_key`, reject.
+            5.  If there is no `m.room.third_party_invite` event in the
+                current room state with `state_key` matching `token`,
+                reject.
+            6.  If `sender` does not match `sender` of the
+                `m.room.third_party_invite`, reject.
+            7.  If any signature in `signed` matches any public key in
+                the `m.room.third_party_invite` event, allow. The public
+                keys are in `content` of `m.room.third_party_invite` as:
+                1.  A single public key in the `public_key` field.
+                2.  A list of public keys in the `public_keys` field.
+            8.  Otherwise, reject.
+        2.  If the `sender`'s current membership state is not `join`,
+            reject.
+        3.  If *target user*'s current membership state is `join` or
+            `ban`, reject.
+        4.  If the `sender`'s power level is greater than or equal to
+            the *invite level*, allow.
+        5.  Otherwise, reject.
+    4.  If `membership` is `leave`:
+        1.  If the `sender` matches `state_key`, allow if and only if
+            that user's current membership state is `invite` or `join`.
+        2.  If the `sender`'s current membership state is not `join`,
+            reject.
+        3.  If the *target user*'s current membership state is `ban`,
+            and the `sender`'s power level is less than the *ban level*,
+            reject.
+        4.  If the `sender`'s power level is greater than or equal to
+            the *kick level*, and the *target user*'s power level is
+            less than the `sender`'s power level, allow.
+        5.  Otherwise, reject.
+    5.  If `membership` is `ban`:
+        1.  If the `sender`'s current membership state is not `join`,
+            reject.
+        2.  If the `sender`'s power level is greater than or equal to
+            the *ban level*, and the *target user*'s power level is less
+            than the `sender`'s power level, allow.
+        3.  Otherwise, reject.
+    6.  Otherwise, the membership is unknown. Reject.
+6.  If the `sender`'s current membership state is not `join`, reject.
+7.  If type is `m.room.third_party_invite`:
+    1.  Allow if and only if `sender`'s current power level is greater
+        than or equal to the *invite level*.
+8.  If the event type's *required power level* is greater than the
+    `sender`'s power level, reject.
+9.  If the event has a `state_key` that starts with an `@` and does not
+    match the `sender`, reject.
+10. If type is `m.room.power_levels`:
+    1.  If `users` key in `content` is not a dictionary with keys that
+        are valid user IDs with values that are integers (or a string
+        that is an integer), reject.
+    2.  If there is no previous `m.room.power_levels` event in the room,
+        allow.
+    3.  For the keys `users_default`, `events_default`, `state_default`,
+        `ban`, `redact`, `kick`, `invite` check if they were added,
+        changed or removed. For each found alteration:
+        1.  If the current value is higher than the `sender`'s current
+            power level, reject.
+        2.  If the new value is higher than the `sender`'s current power
+            level, reject.
+    4.  For each entry being added, changed or removed in both the
+        `events` and `users` keys:
+        1.  If the current value is higher than the `sender`'s current
+            power level, reject.
+        2.  If the new value is higher than the `sender`'s current power
+            level, reject.
+    5.  For each entry being changed under the `users` key, other than
+        the `sender`'s own entry:
+        1.  If the current value is equal to the `sender`'s current
+            power level, reject.
+    6.  Otherwise, allow.
+11. If type is `m.room.redaction`:
+    1.  If the `sender`'s power level is greater than or equal to the
+        *redact level*, allow.
+    2.  If the domain of the `event_id` of the event being redacted is
+        the same as the domain of the `event_id` of the
+        `m.room.redaction`, allow.
+    3.  Otherwise, reject.
+12. Otherwise, allow.
+
+{{% boxes/note %}}
+Some consequences of these rules:
+
+-   Unless you are a member of the room, the only permitted operations
+    (apart from the initial create/join) are: joining a public room;
+    accepting or rejecting an invitation to a room.
+-   To unban somebody, you must have power level greater than or equal
+    to both the kick *and* ban levels, *and* greater than the target
+    user's power level.
+{{% /boxes/note %}}
+
+### Event format
+
+Events in version 1 rooms have the following structure:
+
+{{% definition path="api/server-server/definitions/pdu" %}}
+
+### Canonical JSON
+
+Servers MUST NOT strictly enforce the JSON format specified in the
+[appendices](/appendices#canonical-json) for the reasons
+described there.
diff --git a/content/rooms/v2.md b/content/rooms/v2.md
new file mode 100644
index 00000000000..f087f00e137
--- /dev/null
+++ b/content/rooms/v2.md
@@ -0,0 +1,188 @@
+---
+title: Room Version 2
+type: docs
+weight: 20
+---
+
+This room version builds off of [version 1](/rooms/v1) with an improved
+state resolution algorithm.
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the details contained here, and can safely ignore their
+presence.
+{{% /boxes/warning %}}
+
+Room version 2 uses the base components of [room version 1](/rooms/v1),
+changing only the state resolution algorithm.
+
+### State resolution
+
+The room state *S*′(*E*) after an event *E* is defined in terms of the
+room state *S*(*E*) before *E*, and depends on whether *E* is a state
+event or a message event:
+
+-   If *E* is a message event, then *S*′(*E*) = *S*(*E*).
+-   If *E* is a state event, then *S*′(*E*) is *S*(*E*), except that its
+    entry corresponding to *E*'s `event_type` and `state_key` is
+    replaced by *E*'s `event_id`.
+
+The room state *S*(*E*) before *E* is the *resolution* of the set of
+states {*S*′(*E*<sub>1</sub>), *S*′(*E*<sub>2</sub>), …} consisting of
+the states after each of *E*'s `prev_event`s
+{*E*<sub>1</sub>, *E*<sub>2</sub>, …}, where the resolution of a set of
+states is given in the algorithm below.
+
+#### Definitions
+
+The state resolution algorithm for version 2 rooms uses the following
+definitions, given the set of room states
+{*S*<sub>1</sub>, *S*<sub>2</sub>, …}:
+
+Power events  
+A *power event* is a state event with type `m.room.power_levels` or
+`m.room.join_rules`, or a state event with type `m.room.member` where
+the `membership` is `leave` or `ban` and the `sender` does not match the
+`state_key`. The idea behind this is that power events are events that
+might remove someone's ability to do something in the room.
+
+Unconflicted state map and conflicted state set  
+The *unconflicted state map* is the state where the value of each key
+exists and is the same in each state *S*<sub>*i*</sub>. The *conflicted
+state set* is the set of all other state events. Note that the
+unconflicted state map only has one event per `(event_type, state_key)`,
+whereas the conflicted state set may have multiple events.
+
+Auth difference  
+The *auth difference* is calculated by first calculating the full auth
+chain for each state *S*<sub>*i*</sub>, that is the union of the auth
+chains for each event in *S*<sub>*i*</sub>, and then taking every event
+that doesn't appear in every auth chain. If *C*<sub>*i*</sub> is the
+full auth chain of *S*<sub>*i*</sub>, then the auth difference is
+ ∪ *C*<sub>*i*</sub> −  ∩ *C*<sub>*i*</sub>.
+
+Full conflicted set  
+The *full conflicted set* is the union of the conflicted state set and
+the auth difference.
+
+Reverse topological power ordering  
+The *reverse topological power ordering* of a set of events is the
+lexicographically smallest topological ordering based on the DAG formed
+by auth events. The reverse topological power ordering is ordered from
+earliest event to latest. For comparing two topological orderings to
+determine which is the lexicographically smallest, the following
+comparison relation on events is used: for events *x* and *y*,
+*x* &lt; *y* if
+
+1.  *x*'s sender has *greater* power level than *y*'s sender, when
+    looking at their respective `auth_event`s; or
+2.  the senders have the same power level, but *x*'s `origin_server_ts`
+    is *less* than *y*'s `origin_server_ts`; or
+3.  the senders have the same power level and the events have the same
+    `origin_server_ts`, but *x*'s `event_id` is *less* than *y*'s
+    `event_id`.
+
+The reverse topological power ordering can be found by sorting the
+events using Kahn's algorithm for topological sorting, and at each step
+selecting, among all the candidate vertices, the smallest vertex using
+the above comparison relation.
+
+Mainline ordering  
+Given an `m.room.power_levels` event *P*, the *mainline of* *P* is the
+list of events generated by starting with *P* and recursively taking the
+`m.room.power_levels` events from the `auth_events`, ordered such that
+*P* is last. Given another event *e*, the *closest mainline event to*
+*e* is the first event encountered in the mainline when iteratively
+descending through the `m.room.power_levels` events in the `auth_events`
+starting at *e*. If no mainline event is encountered when iteratively
+descending through the `m.room.power_levels` events, then the closest
+mainline event to *e* can be considered to be a dummy event that is
+before any other event in the mainline of *P* for the purposes of
+condition 1 below.
+
+The *mainline ordering based on* *P* of a set of events is the ordering,
+from smallest to largest, using the following comparison relation on
+events: for events *x* and *y*, *x* &lt; *y* if
+
+1.  the closest mainline event to *x* appears *before* the closest
+    mainline event to *y*; or
+2.  the closest mainline events are the same, but *x*'s
+    `origin_server_ts` is *less* than *y*'s `origin_server_ts`; or
+3.  the closest mainline events are the same and the events have the
+    same `origin_server_ts`, but *x*'s `event_id` is *less* than *y*'s
+    `event_id`.
+
+Iterative auth checks  
+The *iterative auth checks algorithm* takes as input an initial room
+state and a sorted list of state events, and constructs a new room state
+by iterating through the event list and applying the state event to the
+room state if the state event is allowed by the [authorization
+rules](/server-server-api#authorization-rules).
+If the state event is not allowed by the authorization rules, then the
+event is ignored. If a `(event_type, state_key)` key that is required
+for checking the authorization rules is not present in the state, then
+the appropriate state event from the event's `auth_events` is used if
+the auth event is not rejected.
+
+#### Algorithm
+
+The *resolution* of a set of states is obtained as follows:
+
+1.  Take all *power events* and any events in their auth chains,
+    recursively, that appear in the *full conflicted set* and order them
+    by the *reverse topological power ordering*.
+2.  Apply the *iterative auth checks algorithm*, starting from the
+    *unconflicted state map*, to the list of events from the previous
+    step to get a partially resolved state.
+3.  Take all remaining events that weren't picked in step 1 and order
+    them by the mainline ordering based on the power level in the
+    partially resolved state obtained in step 2.
+4.  Apply the *iterative auth checks algorithm* on the partial resolved
+    state and the list of events from the previous step.
+5.  Update the result by replacing any event with the event with the
+    same key from the *unconflicted state map*, if such an event exists,
+    to get the final resolved state.
+
+#### Rejected events
+
+Events that have been rejected due to failing auth based on the state at
+the event (rather than based on their auth chain) are handled as usual
+by the algorithm, unless otherwise specified.
+
+Note that no events rejected due to failure to auth against their auth
+chain should appear in the process, as they should not appear in state
+(the algorithm only uses events that appear in either the state sets or
+in the auth chain of the events in the state sets).
+
+{{% boxes/rationale %}}
+This helps ensure that different servers' view of state is more likely
+to converge, since rejection state of an event may be different. This
+can happen if a third server gives an incorrect version of the state
+when a server joins a room via it (either due to being faulty or
+malicious). Convergence of state is a desirable property as it ensures
+that all users in the room have a (mostly) consistent view of the state
+of the room. If the view of the state on different servers diverges it
+can lead to bifurcation of the room due to e.g. servers disagreeing on
+who is in the room.
+
+Intuitively, using rejected events feels dangerous, however:
+
+1.  Servers cannot arbitrarily make up state, since they still need to
+    pass the auth checks based on the event's auth chain (e.g. they
+    can't grant themselves power levels if they didn't have them
+    before).
+2.  For a previously rejected event to pass auth there must be a set of
+    state that allows said event. A malicious server could therefore
+    produce a fork where it claims the state is that particular set of
+    state, duplicate the rejected event to point to that fork, and send
+    the event. The duplicated event would then pass the auth checks.
+    Ignoring rejected events would therefore not eliminate any potential
+    attack vectors.
+{{% /boxes/rationale %}}
+
+Rejected auth events are deliberately excluded from use in the iterative
+auth checks, as auth events aren't re-authed (although non-auth events
+are) during the iterative auth checks.
diff --git a/content/rooms/v3.md b/content/rooms/v3.md
new file mode 100644
index 00000000000..e1966b6e09f
--- /dev/null
+++ b/content/rooms/v3.md
@@ -0,0 +1,100 @@
+---
+title: Room Version 3
+type: docs
+weight: 30
+---
+
+This room version builds on [version 2](/rooms/v2) with an improved event
+format.
+
+## Client considerations
+
+This room version changes the format for event IDs sent to clients.
+Clients should be aware that these event IDs may contain slashes and
+other potentially problematic characters. Clients should be treating
+event IDs as opaque identifiers and should not be attempting to parse
+them into a usable form, just like with other room versions.
+
+Clients should expect to see event IDs changed from the format of
+`$randomstring:example.org` to something like
+`$acR1l0raoZnm60CBwAVgqbZqoO/mYU81xysh1u7XcJk` (note the lack of domain
+and the potentially problematic slash).
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the intricacies contained here. The section above
+regarding client considerations is the resource that Client-Server API
+use cases should reference.
+{{% /boxes/warning %}}
+
+Room version 3 uses the state resolution algorithm defined in [room
+version 2](/rooms/v2), and the event format defined here.
+
+### Event IDs
+
+{{% boxes/rationale %}}
+In other room versions (namely version 1 and 2) the event ID is a
+distinct field from the remainder of the event, which must be tracked as
+such. This leads to complications where servers receive multiple events
+with the same ID in either the same or different rooms where the server
+cannot easily keep track of which event it should be using. By removing
+the use of a dedicated event ID, servers are required to track the
+hashes on an event to determine its ID.
+{{% /boxes/rationale %}}
+
+The event ID is the [reference
+hash](/server-server-api#calculating-the-reference-hash-for-an-event) of
+the event encoded using [Unpadded
+Base64](/appendices#unpadded-base64), prefixed with `$`. A
+resulting event ID using this approach should look similar to
+`$CD66HAED5npg6074c6pDtLKalHjVfYb2q4Q3LZgrW6o`.
+
+Event IDs should not be sent over federation to servers when the room
+uses this room version. On the receiving end of an event, the server
+should compute the relevant event ID for itself.
+
+Additionally, the `auth_events` and `prev_events` have had a format
+change compared to other room versions to make it easier to handle.
+Instead of a tuple of values, they are now plain lists of events.
+
+{{% definition path="api/server-server/definitions/pdu_v3" %}}
+
+### Changes to APIs
+
+Due to the event ID being removed from the event, some APIs need to
+change. All APIs which currently accept an event ID must do so with the
+new format. Servers must append the calculated event ID to all events
+sent to clients where an event ID would normally be expected.
+
+Because the format of events has changed, servers must be aware of the
+room version where the event resides so that the server may parse and
+handle the event. The federation API has taken this concern into
+consideration by ensuring that servers are aware of (or can find) the
+room version during a request.
+
+### Authorization rules for events
+
+The authorization rules for a given event have changed in this room
+version due to the change in event format:
+
+-   The event no longer needs to be signed by the domain of the event ID
+    (as there is no domain in the event ID), but still needs to be
+    signed by the sender's domain.
+-   In past room versions, redactions were only permitted to enter the
+    DAG if the sender's domain matched the domain in the event ID being
+    redacted, or the sender had appropriate permissions per the power
+    levels. Due to servers now not being able to determine where an
+    event came from during event authorization, redaction events are
+    always accepted (provided the event is allowed by `events` and
+    `events_default` in the power levels). However, servers should not
+    apply or send redactions to clients until both the redaction event
+    and original event have been seen, and are valid. Servers should
+    only apply redactions to events where the sender's domains match, or
+    the sender of the redaction has the appropriate permissions per the
+    power levels.
+
+The remaining rules are the same as [room version
+1](/rooms/v1#authorization-rules).
diff --git a/content/rooms/v4.md b/content/rooms/v4.md
new file mode 100644
index 00000000000..c2853a2c352
--- /dev/null
+++ b/content/rooms/v4.md
@@ -0,0 +1,61 @@
+---
+title: Room Version 4
+type: docs
+weight: 40
+---
+
+This room version builds on [version 3](/rooms/v3) using a different
+encoding for event IDs.
+
+## Client considerations
+
+This room version changes the format form event IDs sent to clients.
+Clients should already be treating event IDs as opaque identifiers, and
+should not be concerned with the format of them. Clients should still
+encode the event ID when including it in a request path.
+
+Clients should expect to see event IDs changed from the format of
+`$randomstring:example.org` to something like
+`$Rqnc-F-dvnEYJTyHq_iKxU2bZ1CI92-kuZq3a5lr5Zg` (note the lack of
+domain).
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the intricacies contained here. The section above
+regarding client considerations is the resource that Client-Server API
+use cases should reference.
+{{% /boxes/warning %}}
+
+Room version 4 uses the same algorithms defined in [room version
+3](/rooms/v3), however using URL-safe base64 to generate the event ID.
+
+### Event IDs
+
+{{% boxes/rationale %}}
+Room version 3 generated event IDs that were difficult for client
+implementations which were not encoding the event ID to function in
+those rooms. It additionally raised concern due to the `/` character
+being interpretted differently by some reverse proxy software, and
+generally made administration harder.
+{{% /boxes/rationale %}}
+
+The event ID is the [reference
+hash](/server-server-api#calculating-the-reference-hash-for-an-event) of
+the event encoded using a variation of [Unpadded
+Base64](/appendices#unpadded-base64) which replaces the 62nd and
+63rd characters with `-` and `_` instead of using `+` and `/`. This
+matches [RFC4648's definition of URL-safe
+base64](https://tools.ietf.org/html/rfc4648#section-5). Event IDs are
+still prefixed with `$` and may result in looking like
+`$Rqnc-F-dvnEYJTyHq_iKxU2bZ1CI92-kuZq3a5lr5Zg`.
+
+Just like in room version 3, event IDs should not be sent over
+federation to servers when the room uses this room version. On the
+receiving end of an event, the server should compute the relevant event
+ID for itself. Room version 3 also changes the format of `auth_events`
+and `prev_events` in a PDU.
+
+{{% definition path="api/server-server/definitions/pdu_v4" %}}
diff --git a/content/rooms/v5.md b/content/rooms/v5.md
new file mode 100644
index 00000000000..9c5ade72dc1
--- /dev/null
+++ b/content/rooms/v5.md
@@ -0,0 +1,45 @@
+---
+title: Room Version 5
+type: docs
+weight: 50
+---
+
+This room version builds on [version 4](/rooms/v4) while enforcing signing
+key validity periods for events.
+
+## Client considerations
+
+There are no specific requirements for clients in this room version.
+Clients should be aware of event ID changes in [room version
+4](/rooms/v4), however.
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the intricacies contained here. The section above
+regarding client considerations is the resource that Client-Server API
+use cases should reference.
+{{% /boxes/warning %}}
+
+Room version 5 uses the same algorithms defined in [room version
+4](/rooms/v4), ensuring that signing key validity is respected.
+
+### Signing key validity period
+
+When validating event signatures, servers MUST enforce the
+`valid_until_ts` property from a key request is at least as large as the
+`origin_server_ts` for the event being validated. Servers missing a copy
+of the signing key MUST try to obtain one via the [GET
+/\_matrix/key/v2/server](/server-server-api#get_matrixkeyv2serverkeyid)
+or [POST
+/\_matrix/key/v2/query](/server-server-api#post_matrixkeyv2query)
+APIs. When using the `/query` endpoint, servers MUST set the
+`minimum_valid_until_ts` property to prompt the notary server to attempt
+to refresh the key if appropriate.
+
+Servers MUST use the lesser of `valid_until_ts` and 7 days into the
+future when determining if a key is valid. This is to avoid a situation
+where an attacker publishes a key which is valid for a significant
+amount of time without a way for the homeserver owner to revoke it.
diff --git a/content/rooms/v6.md b/content/rooms/v6.md
new file mode 100644
index 00000000000..e9cea27a7c9
--- /dev/null
+++ b/content/rooms/v6.md
@@ -0,0 +1,84 @@
+---
+title: Room Version 6
+type: docs
+weight: 60
+---
+
+This room version builds on [version 5](/rooms/v5) while changing various
+authorization rules performed on events.
+
+## Client considerations
+
+The redaction algorithm has changed from [room version 1](/rooms/v1) to
+remove all rules against events of type `m.room.aliases`. Room versions
+2, 3, 4, and 5 all use v1's redaction algorithm. The algorithm is
+otherwise unchanged.
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the intricacies contained here. The section above
+regarding client considerations is the resource that Client-Server API
+use cases should reference.
+{{% /boxes/warning %}}
+
+Room version 6 makes the following alterations to algorithms described
+in [room version 5](/rooms/v5).
+
+### Redactions
+
+As mentioned in the client considerations portion of this specification,
+all special meaning has been removed for events of type
+`m.room.aliases`. The algorithm is otherwise unchanged.
+
+### Authorization rules for events
+
+Like redactions, all rules relating specifically to events of type
+`m.room.aliases` are removed. They must still pass authorization checks
+relating to state events.
+
+Additionally, the authorization rules for events of type
+`m.room.power_levels` now include the content key `notifications`. This
+new rule takes the place of the rule which checks the `events` and
+`users` keys.
+
+For completeness, the changes to the auth rules can be represented as
+follows:
+
+    ...
+
+    -If type is `m.room.aliases`:
+    -
+    -   a. If event has no `state_key`, reject.
+    -   b. If sender's domain doesn't matches `state_key`, reject.
+    -   c. Otherwise, allow.
+
+    ...
+
+    If type is `m.room.power_levels`:
+
+    ...
+
+    -  * For each entry being added, changed or removed in both the `events` and `users` keys:
+    +  * For each entry being added, changed or removed in the `events`, `users`, and `notifications` keys:
+
+       i. If the current value is higher than the `sender`'s current power level, reject.
+
+       ii. If the new value is higher than the `sender`'s current power level, reject.
+
+    ...
+
+The remaining rules are the same as in [room version
+3](/rooms/v3#authorization-rules-for-events) (the last inherited room
+version to specify the authorization rules).
+
+### Canonical JSON
+
+Servers MUST strictly enforce the JSON format specified in the
+[appendices](/appendices#canonical-json). This translates to a
+400 `M_BAD_JSON` error on most endpoints, or discarding of events over
+federation. For example, the Federation API's `/send` endpoint would
+discard the event whereas the Client Server API's `/send/{eventType}`
+endpoint would return a `M_BAD_JSON` error.
diff --git a/content/rooms/v7.md b/content/rooms/v7.md
new file mode 100644
index 00000000000..d9d01317d3d
--- /dev/null
+++ b/content/rooms/v7.md
@@ -0,0 +1,52 @@
+---
+title: Room Version 7
+type: docs
+weight: 60
+---
+
+This room version builds on [version 6](/rooms/v6) to introduce knocking
+as a possible join rule and membership state.
+
+## Client considerations
+
+This is the first room version to support knocking completely. As such,
+users will not be able to knock on rooms which are not based off v7.
+
+## Server implementation components
+
+{{% boxes/warning %}}
+The information contained in this section is strictly for server
+implementors. Applications which use the Client-Server API are generally
+unaffected by the intricacies contained here. The section above
+regarding client considerations is the resource that Client-Server API
+use cases should reference.
+{{% /boxes/warning %}}
+
+Room version 7 adds new authorization rules for events to support knocking.
+[Room version 6](/rooms/v6) has details of other authorization rule changes,
+as do the versions v6 is based upon.
+
+For checks perfomed upon `m.room.member` events, the following conditions
+are added in context:
+
+    If type is `m.room.member`:
+
+    ...
+
+      * If `membership` is `ban`:
+
+        ...
+
+      * If `membership` is `knock`:
+
+        i. If the `join_rule` is anything other than `knock`, reject.
+
+        ii. If `sender` does not match `state_key`, reject.
+
+        iii. If the `sender`'s current membership is not `ban`, `invite`, or `join`, allow.
+
+        iv. Otherwise, reject.
+
+    ...
+
+The remaining rules are the same as in [room version 6](/rooms/v6#authorization-rules-for-events).
diff --git a/content/server-server-api.md b/content/server-server-api.md
new file mode 100644
index 00000000000..9c6552ab2d0
--- /dev/null
+++ b/content/server-server-api.md
@@ -0,0 +1,1189 @@
+---
+title: "Server-Server API"
+weight: 20
+type: docs
+---
+
+Matrix homeservers use the Federation APIs (also known as server-server
+APIs) to communicate with each other. Homeservers use these APIs to push
+messages to each other in real-time, to retrieve historic messages from
+each other, and to query profile and presence information about users on
+each other's servers.
+
+The APIs are implemented using HTTPS requests between each of the
+servers. These HTTPS requests are strongly authenticated using public
+key signatures at the TLS transport layer and using public key
+signatures in HTTP Authorization headers at the HTTP layer.
+
+There are three main kinds of communication that occur between
+homeservers:
+
+Persisted Data Units (PDUs):
+These events are broadcast from one homeserver to any others that have
+joined the same room (identified by Room ID). They are persisted in
+long-term storage and record the history of messages and state for a
+room.
+
+Like email, it is the responsibility of the originating server of a PDU
+to deliver that event to its recipient servers. However PDUs are signed
+using the originating server's private key so that it is possible to
+deliver them through third-party servers.
+
+Ephemeral Data Units (EDUs):
+These events are pushed between pairs of homeservers. They are not
+persisted and are not part of the history of a room, nor does the
+receiving homeserver have to reply to them.
+
+Queries:
+These are single request/response interactions between a given pair of
+servers, initiated by one side sending an HTTPS GET request to obtain
+some information, and responded by the other. They are not persisted and
+contain no long-term significant history. They simply request a snapshot
+state at the instant the query is made.
+
+EDUs and PDUs are further wrapped in an envelope called a Transaction,
+which is transferred from the origin to the destination homeserver using
+an HTTPS PUT request.
+
+## API standards
+
+The mandatory baseline for client-server communication in Matrix is
+exchanging JSON objects over HTTP APIs. More efficient optional
+transports will in future be supported as optional extensions - e.g. a
+packed binary encoding over stream-cipher encrypted TCP socket for
+low-bandwidth/low-roundtrip mobile usage. For the default HTTP
+transport, all API calls use a Content-Type of `application/json`. In
+addition, all strings MUST be encoded as UTF-8.
+
+## Server discovery
+
+### Resolving server names
+
+Each Matrix homeserver is identified by a server name consisting of a
+hostname and an optional port, as described by the
+[grammar](/appendices#server-name). Where applicable, a delegated
+server name uses the same grammar.
+
+Server names are resolved to an IP address and port to connect to, and
+have various conditions affecting which certificates and `Host` headers
+to send. The process overall is as follows:
+
+1.  If the hostname is an IP literal, then that IP address should be
+    used, together with the given port number, or 8448 if no port is
+    given. The target server must present a valid certificate for the IP
+    address. The `Host` header in the request should be set to the
+    server name, including the port if the server name included one.
+2.  If the hostname is not an IP literal, and the server name includes
+    an explicit port, resolve the IP address using AAAA or A records.
+    Requests are made to the resolved IP address and given port with a
+    `Host` header of the original server name (with port). The target
+    server must present a valid certificate for the hostname.
+3.  If the hostname is not an IP literal, a regular HTTPS request is
+    made to `https://<hostname>/.well-known/matrix/server`, expecting
+    the schema defined later in this section. 30x redirects should be
+    followed, however redirection loops should be avoided. Responses
+    (successful or otherwise) to the `/.well-known` endpoint should be
+    cached by the requesting server. Servers should respect the cache
+    control headers present on the response, or use a sensible default
+    when headers are not present. The recommended sensible default is 24
+    hours. Servers should additionally impose a maximum cache time for
+    responses: 48 hours is recommended. Errors are recommended to be
+    cached for up to an hour, and servers are encouraged to
+    exponentially back off for repeated failures. The schema of the
+    `/.well-known` request is later in this section. If the response is
+    invalid (bad JSON, missing properties, non-200 response, etc), skip
+    to step 4. If the response is valid, the `m.server` property is
+    parsed as `<delegated_hostname>[:<delegated_port>]` and processed as
+    follows:
+    -   If `<delegated_hostname>` is an IP literal, then that IP address
+        should be used together with the `<delegated_port>` or 8448 if
+        no port is provided. The target server must present a valid TLS
+        certificate for the IP address. Requests must be made with a
+        `Host` header containing the IP address, including the port if
+        one was provided.
+    -   If `<delegated_hostname>` is not an IP literal, and
+        `<delegated_port>` is present, an IP address is discovered by
+        looking up an AAAA or A record for `<delegated_hostname>`. The
+        resulting IP address is used, alongside the `<delegated_port>`.
+        Requests must be made with a `Host` header of
+        `<delegated_hostname>:<delegated_port>`. The target server must
+        present a valid certificate for `<delegated_hostname>`.
+    -   If `<delegated_hostname>` is not an IP literal and no
+        `<delegated_port>` is present, an SRV record is looked up for
+        `_matrix._tcp.<delegated_hostname>`. This may result in another
+        hostname (to be resolved using AAAA or A records) and port.
+        Requests should be made to the resolved IP address and port with
+        a `Host` header containing the `<delegated_hostname>`. The
+        target server must present a valid certificate for
+        `<delegated_hostname>`.
+    -   If no SRV record is found, an IP address is resolved using AAAA
+        or A records. Requests are then made to the resolve IP address
+        and a port of 8448, using a `Host` header of
+        `<delegated_hostname>`. The target server must present a valid
+        certificate for `<delegated_hostname>`.
+4.  If the `/.well-known` request resulted in an error response, a
+    server is found by resolving an SRV record for
+    `_matrix._tcp.<hostname>`. This may result in a hostname (to be
+    resolved using AAAA or A records) and port. Requests are made to the
+    resolved IP address and port, using 8448 as a default port, with a
+    `Host` header of `<hostname>`. The target server must present a
+    valid certificate for `<hostname>`.
+5.  If the `/.well-known` request returned an error response, and the
+    SRV record was not found, an IP address is resolved using AAAA and A
+    records. Requests are made to the resolved IP address using port
+    8448 and a `Host` header containing the `<hostname>`. The target
+    server must present a valid certificate for `<hostname>`.
+
+{{% boxes/note %}}
+The reasons we require `<hostname>` rather than `<delegated_hostname>` for SRV
+delegation are:
+  1. DNS is insecure (not all domains have DNSSEC), so the target of the delegation
+      must prove that it is a valid delegate for `<hostname>` via TLS.
+  2. Consistency with the recommendations in [RFC6125](https://datatracker.ietf.org/doc/html/rfc6125#section-6.2.1)
+     and other applications using SRV records such [XMPP](https://datatracker.ietf.org/doc/html/rfc6120#section-13.7.2.1).
+{{% /boxes/note %}}
+
+The TLS certificate provided by the target server must be signed by a
+known Certificate Authority. Servers are ultimately responsible for
+determining the trusted Certificate Authorities, however are strongly
+encouraged to rely on the operating system's judgement. Servers can
+offer administrators a means to override the trusted authorities list.
+Servers can additionally skip the certificate validation for a given
+whitelist of domains or netmasks for the purposes of testing or in
+networks where verification is done elsewhere, such as with `.onion`
+addresses. Servers should respect SNI when making requests where
+possible: a SNI should be sent for the certificate which is expected,
+unless that certificate is expected to be an IP address in which case
+SNI is not supported and should not be sent.
+
+Servers are encouraged to make use of the [Certificate
+Transparency](https://www.certificate-transparency.org/) project.
+
+{{% http-api spec="server-server" api="wellknown" %}}
+
+### Server implementation
+
+{{% http-api spec="server-server" api="version" %}}
+
+### Retrieving server keys
+
+{{% boxes/note %}}
+There was once a "version 1" of the key exchange. It has been removed
+from the specification due to lack of significance. It may be reviewed
+[from the historical
+draft](https://github.com/matrix-org/matrix-doc/blob/51faf8ed2e4a63d4cfd6d23183698ed169956cc0/specification/server_server_api.rst#232version-1).
+{{% /boxes/note %}}
+
+Each homeserver publishes its public keys under
+`/_matrix/key/v2/server/{keyId}`. Homeservers query for keys by either
+getting `/_matrix/key/v2/server/{keyId}` directly or by querying an
+intermediate notary server using a
+`/_matrix/key/v2/query/{serverName}/{keyId}` API. Intermediate notary
+servers query the `/_matrix/key/v2/server/{keyId}` API on behalf of
+another server and sign the response with their own key. A server may
+query multiple notary servers to ensure that they all report the same
+public keys.
+
+This approach is borrowed from the [Perspectives
+Project](https://web.archive.org/web/20170702024706/https://perspectives-project.org/),
+but modified to include the NACL keys and to use JSON instead of XML. It
+has the advantage of avoiding a single trust-root since each server is
+free to pick which notary servers they trust and can corroborate the
+keys returned by a given notary server by querying other servers.
+
+#### Publishing Keys
+
+Homeservers publish their signing keys in a JSON object at
+`/_matrix/key/v2/server/{key_id}`. The response contains a list of
+`verify_keys` that are valid for signing federation requests made by the
+homeserver and for signing events. It contains a list of
+`old_verify_keys` which are only valid for signing events.
+
+{{% http-api spec="server-server" api="keys_server" %}}
+
+#### Querying Keys Through Another Server
+
+Servers may query another server's keys through a notary server. The
+notary server may be another homeserver. The notary server will retrieve
+keys from the queried servers through use of the
+`/_matrix/key/v2/server/{keyId}` API. The notary server will
+additionally sign the response from the queried server before returning
+the results.
+
+Notary servers can return keys for servers that are offline or having
+issues serving their own keys by using cached responses. Keys can be
+queried from multiple servers to mitigate against DNS spoofing.
+
+{{% http-api spec="server-server" api="keys_query" %}}
+
+## Authentication
+
+### Request Authentication
+
+Every HTTP request made by a homeserver is authenticated using public
+key digital signatures. The request method, target and body are signed
+by wrapping them in a JSON object and signing it using the JSON signing
+algorithm. The resulting signatures are added as an Authorization header
+with an auth scheme of `X-Matrix`. Note that the target field should
+include the full path starting with `/_matrix/...`, including the `?`
+and any query parameters if present, but should not include the leading
+`https:`, nor the destination server's hostname.
+
+Step 1 sign JSON:
+
+```
+{
+    "method": "GET",
+    "uri": "/target",
+    "origin": "origin.hs.example.com",
+    "destination": "destination.hs.example.com",
+    "content": <request body>,
+    "signatures": {
+        "origin.hs.example.com": {
+            "ed25519:key1": "ABCDEF..."
+        }
+    }
+}
+```
+
+The server names in the JSON above are the server names for each
+homeserver involved. Delegation from the [server name resolution
+section](#resolving-server-names) above do not affect these - the server
+names from before delegation would take place are used. This same
+condition applies throughout the request signing process.
+
+Step 2 add Authorization header:
+
+    GET /target HTTP/1.1
+    Authorization: X-Matrix origin=origin.example.com,key="ed25519:key1",sig="ABCDEF..."
+    Content-Type: application/json
+
+    <JSON-encoded request body>
+
+Example python code:
+
+```py
+def authorization_headers(origin_name, origin_signing_key,
+                          destination_name, request_method, request_target,
+                          content=None):
+    request_json = {
+         "method": request_method,
+         "uri": request_target,
+         "origin": origin_name,
+         "destination": destination_name,
+    }
+
+    if content is not None:
+        request_json["content"] = content
+
+    signed_json = sign_json(request_json, origin_name, origin_signing_key)
+
+    authorization_headers = []
+
+    for key, sig in signed_json["signatures"][origin_name].items():
+        authorization_headers.append(bytes(
+            "X-Matrix origin=%s,key=\"%s\",sig=\"%s\"" % (
+                origin_name, key, sig,
+            )
+        ))
+
+    return ("Authorization", authorization_headers)
+```
+
+### Response Authentication
+
+Responses are authenticated by the TLS server certificate. A homeserver
+should not send a request until it has authenticated the connected
+server to avoid leaking messages to eavesdroppers.
+
+### Client TLS Certificates
+
+Requests are authenticated at the HTTP layer rather than at the TLS
+layer because HTTP services like Matrix are often deployed behind load
+balancers that handle the TLS and these load balancers make it difficult
+to check TLS client certificates.
+
+A homeserver may provide a TLS client certificate and the receiving
+homeserver may check that the client certificate matches the certificate
+of the origin homeserver.
+
+## Transactions
+
+The transfer of EDUs and PDUs between homeservers is performed by an
+exchange of Transaction messages, which are encoded as JSON objects,
+passed over an HTTP PUT request. A Transaction is meaningful only to the
+pair of homeservers that exchanged it; they are not globally-meaningful.
+
+Transactions are limited in size; they can have at most 50 PDUs and 100
+EDUs.
+
+{{% http-api spec="server-server" api="transactions" %}}
+
+## PDUs
+
+Each PDU contains a single Room Event which the origin server wants to
+send to the destination.
+
+The `prev_events` field of a PDU identifies the "parents" of the event,
+and thus establishes a partial ordering on events within the room by
+linking them into a Directed Acyclic Graph (DAG). The sending server
+should populate this field with all of the events in the room for which
+it has not yet seen a child - thus demonstrating that the event comes
+after all other known events.
+
+For example, consider a room whose events form the DAG shown below. A
+server creating a new event in this room should populate the new event's
+`prev_events` field with both `E4` and `E6`, since neither event yet has
+a child:
+
+    E1
+    ^
+    |
+    E2 <--- E5
+    ^       ^
+    |       |
+    E3      E6
+    ^
+    |
+    E4
+
+For a full schema of what a PDU looks like, see the [room version
+specification](../index.html#room-versions).
+
+### Checks performed on receipt of a PDU
+
+Whenever a server receives an event from a remote server, the receiving
+server must ensure that the event:
+
+1.  Is a valid event, otherwise it is dropped.
+2.  Passes signature checks, otherwise it is dropped.
+3.  Passes hash checks, otherwise it is redacted before being processed
+    further.
+4.  Passes authorization rules based on the event's auth events,
+    otherwise it is rejected.
+5.  Passes authorization rules based on the state at the event,
+    otherwise it is rejected.
+6.  Passes authorization rules based on the current state of the room,
+    otherwise it is "soft failed".
+
+Further details of these checks, and how to handle failures, are
+described below.
+
+The [Signing Events](#signing-events) section has more information on
+which hashes and signatures are expected on events, and how to calculate
+them.
+
+#### Definitions
+
+Required Power Level
+A given event type has an associated *required power level*. This is
+given by the current `m.room.power_levels` event. The event type is
+either listed explicitly in the `events` section or given by either
+`state_default` or `events_default` depending on if the event is a state
+event or not.
+
+Invite Level, Kick Level, Ban Level, Redact Level
+The levels given by the `invite`, `kick`, `ban`, and `redact` properties
+in the current `m.room.power_levels` state. Each defaults to 50 if
+unspecified.
+
+Target User
+For an `m.room.member` state event, the user given by the `state_key` of
+the event.
+
+#### Authorization rules
+
+The rules governing whether an event is authorized depends on a set of
+state. A given event is checked multiple times against different sets of
+state, as specified above. Each room version can have a different
+algorithm for how the rules work, and which rules are applied. For more
+detailed information, please see the [room version
+specification](../index.html#room-versions).
+
+##### Auth events selection
+
+The `auth_events` field of a PDU identifies the set of events which give
+the sender permission to send the event. The `auth_events` for the
+`m.room.create` event in a room is empty; for other events, it should be
+the following subset of the room state:
+
+-   The `m.room.create` event.
+
+-   The current `m.room.power_levels` event, if any.
+
+-   The sender's current `m.room.member` event, if any.
+
+-   If type is `m.room.member`:
+
+    -   The target's current `m.room.member` event, if any.
+    -   If `membership` is `join` or `invite`, the current
+        `m.room.join_rules` event, if any.
+    -   If membership is `invite` and `content` contains a
+        `third_party_invite` property, the current
+        `m.room.third_party_invite` event with `state_key` matching
+        `content.third_party_invite.signed.token`, if any.
+
+#### Rejection
+
+If an event is rejected it should neither be relayed to clients nor be
+included as a prev event in any new events generated by the server.
+Subsequent events from other servers that reference rejected events
+should be allowed if they still pass the auth rules. The state used in
+the checks should be calculated as normal, except not updating with the
+rejected event where it is a state event.
+
+If an event in an incoming transaction is rejected, this should not
+cause the transaction request to be responded to with an error response.
+
+{{% boxes/note %}}
+This means that events may be included in the room DAG even though they
+should be rejected.
+{{% /boxes/note %}}
+
+{{% boxes/note %}}
+This is in contrast to redacted events which can still affect the state
+of the room. For example, a redacted `join` event will still result in
+the user being considered joined.
+{{% /boxes/note %}}
+
+#### Soft failure
+
+{{% boxes/rationale %}}
+It is important that we prevent users from evading bans (or other power
+restrictions) by creating events which reference old parts of the DAG.
+For example, a banned user could continue to send messages to a room by
+having their server send events which reference the event before they
+were banned. Note that such events are entirely valid, and we cannot
+simply reject them, as it is impossible to distinguish such an event
+from a legitimate one which has been delayed. We must therefore accept
+such events and let them participate in state resolution and the
+federation protocol as normal. However, servers may choose not to send
+such events on to their clients, so that end users won't actually see
+the events.
+
+When this happens it is often fairly obvious to servers, as they can see
+that the new event doesn't actually pass auth based on the "current
+state" (i.e. the resolved state across all forward extremities). While
+the event is technically valid, the server can choose to not notify
+clients about the new event.
+
+This discourages servers from sending events that evade bans etc. in
+this way, as end users won't actually see the events.
+{{% /boxes/rationale %}}
+
+When the homeserver receives a new event over federation it should also
+check whether the event passes auth checks based on the current state of
+the room (as well as based on the state at the event). If the event does
+not pass the auth checks based on the *current state* of the room (but
+does pass the auth checks based on the state at that event) it should be
+"soft failed".
+
+When an event is "soft failed" it should not be relayed to the client
+nor be referenced by new events created by the homeserver (i.e. they
+should not be added to the server's list of forward extremities of the
+room). Soft failed events are otherwise handled as usual.
+
+{{% boxes/note %}}
+Soft failed events participate in state resolution as normal if further
+events are received which reference it. It is the job of the state
+resolution algorithm to ensure that malicious events cannot be injected
+into the room state via this mechanism.
+{{% /boxes/note %}}
+
+{{% boxes/note %}}
+Because soft failed state events participate in state resolution as
+normal, it is possible for such events to appear in the current state of
+the room. In that case the client should be told about the soft failed
+event in the usual way (e.g. by sending it down in the `state` section
+of a sync response).
+{{% /boxes/note %}}
+
+{{% boxes/note %}}
+A soft failed event should be returned in response to federation
+requests where appropriate (e.g. in `/event/<event_id>`). Note that soft
+failed events are returned in `/backfill` and `/get_missing_events`
+responses only if the requests include events referencing the soft
+failed events.
+{{% /boxes/note %}}
+
+Example
+
+As an example consider the event graph:
+
+      A
+     /
+    B
+
+where `B` is a ban of a user `X`. If the user `X` tries to set the topic
+by sending an event `C` while evading the ban:
+
+      A
+     / \
+    B   C
+
+servers that receive `C` after `B` should soft fail event `C`, and so
+will neither relay `C` to its clients nor send any events referencing
+`C`.
+
+If later another server sends an event `D` that references both `B` and
+`C` (this can happen if it received `C` before `B`):
+
+      A
+     / \
+    B   C
+     \ /
+      D
+
+then servers will handle `D` as normal. `D` is sent to the servers'
+clients (assuming `D` passes auth checks). The state at `D` may resolve
+to a state that includes `C`, in which case clients should also to be
+told that the state has changed to include `C`. (*Note*: This depends on
+the exact state resolution algorithm used. In the original version of
+the algorithm `C` would be in the resolved state, whereas in latter
+versions the algorithm tries to prioritise the ban over the topic
+change.)
+
+Note that this is essentially equivalent to the situation where one
+server doesn't receive `C` at all, and so asks another server for the
+state of the `C` branch.
+
+Let's go back to the graph before `D` was sent:
+
+      A
+     / \
+    B   C
+
+If all the servers in the room saw `B` before `C` and so soft fail `C`,
+then any new event `D'` will not reference `C`:
+
+      A
+     / \
+    B   C
+    |
+    D'
+
+#### Retrieving event authorization information
+
+The homeserver may be missing event authorization information, or wish
+to check with other servers to ensure it is receiving the correct auth
+chain. These APIs give the homeserver an avenue for getting the
+information it needs.
+
+{{% http-api spec="server-server" api="event_auth" %}}
+
+## EDUs
+
+EDUs, by comparison to PDUs, do not have an ID, a room ID, or a list of
+"previous" IDs. They are intended to be non-persistent data such as user
+presence, typing notifications, etc.
+
+{{% definition path="api/server-server/definitions/edu" %}}
+
+## Room State Resolution
+
+The *state* of a room is a map of `(event_type, state_key)` to
+`event_id`. Each room starts with an empty state, and each state event
+which is accepted into the room updates the state of that room.
+
+Where each event has a single `prev_event`, it is clear what the state
+of the room after each event should be. However, when two branches in
+the event graph merge, the state of those branches might differ, so a
+*state resolution* algorithm must be used to determine the resultant
+state.
+
+For example, consider the following event graph (where the oldest event,
+E0, is at the top):
+
+      E0
+      |
+      E1
+     /  \
+    E2  E4
+    |    |
+    E3   |
+     \  /
+      E5
+
+Suppose E3 and E4 are both `m.room.name` events which set the name of
+the room. What should the name of the room be at E5?
+
+The algorithm to be used for state resolution depends on the room
+version. For a description of each room version's algorithm, please see
+the [room version specification](/#room-versions).
+
+## Backfilling and retrieving missing events
+
+Once a homeserver has joined a room, it receives all the events emitted
+by other homeservers in that room, and is thus aware of the entire
+history of the room from that moment onwards. Since users in that room
+are able to request the history by the `/messages` client API endpoint,
+it's possible that they might step backwards far enough into history
+before the homeserver itself was a member of that room.
+
+To cover this case, the federation API provides a server-to-server
+analog of the `/messages` client API, allowing one homeserver to fetch
+history from another. This is the `/backfill` API.
+
+To request more history, the requesting homeserver picks another
+homeserver that it thinks may have more (most likely this should be a
+homeserver for some of the existing users in the room at the earliest
+point in history it has currently), and makes a `/backfill` request.
+
+Similar to backfilling a room's history, a server may not have all the
+events in the graph. That server may use the `/get_missing_events` API
+to acquire the events it is missing.
+
+{{% http-api spec="server-server" api="backfill" %}}
+
+## Retrieving events
+
+In some circumstances, a homeserver may be missing a particular event or
+information about the room which cannot be easily determined from
+backfilling. These APIs provide homeservers with the option of getting
+events and the state of the room at a given point in the timeline.
+
+{{% http-api spec="server-server" api="events" %}}
+
+## Joining Rooms
+
+When a new user wishes to join a room that the user's homeserver already
+knows about, the homeserver can immediately determine if this is
+allowable by inspecting the state of the room. If it is acceptable, it
+can generate, sign, and emit a new `m.room.member` state event adding
+the user into that room. When the homeserver does not yet know about the
+room it cannot do this directly. Instead, it must take a longer
+multi-stage handshaking process by which it first selects a remote
+homeserver which is already participating in that room, and use it to
+assist in the joining process. This is the remote join handshake.
+
+This handshake involves the homeserver of the new member wishing to join
+(referred to here as the "joining" server), the directory server hosting
+the room alias the user is requesting to join with, and a homeserver
+where existing room members are already present (referred to as the
+"resident" server).
+
+In summary, the remote join handshake consists of the joining server
+querying the directory server for information about the room alias;
+receiving a room ID and a list of join candidates. The joining server
+then requests information about the room from one of the residents. It
+uses this information to construct an `m.room.member` event which it
+finally sends to a resident server.
+
+Conceptually these are three different roles of homeserver. In practice
+the directory server is likely to be resident in the room, and so may be
+selected by the joining server to be the assisting resident. Likewise,
+it is likely that the joining server picks the same candidate resident
+for both phases of event construction, though in principle any valid
+candidate may be used at each time. Thus, any join handshake can
+potentially involve anywhere from two to four homeservers, though most
+in practice will use just two.
+
+```
+    Client         Joining                Directory       Resident
+                   Server                 Server          Server
+
+    join request -->
+                   |
+                   directory request ------->
+                   <---------- directory response
+                   |
+                   make_join request ----------------------->
+                   <------------------------------- make_join response
+                   |
+                   send_join request ----------------------->
+                   <------------------------------- send_join response
+                   |
+    <---------- join response
+```
+
+The first part of the handshake usually involves using the directory
+server to request the room ID and join candidates through the
+[`/query/directory`](/server-server-api/#get_matrixfederationv1querydirectory) API endpoint. In the case of a new user joining a
+room as a result of a received invite, the joining user's homeserver
+could optimise this step away by picking the origin server of that
+invite message as the join candidate. However, the joining server should
+be aware that the origin server of the invite might since have left the
+room, so should be prepared to fall back on the regular join flow if
+this optimisation fails.
+
+Once the joining server has the room ID and the join candidates, it then
+needs to obtain enough information about the room to fill in the
+required fields of the `m.room.member` event. It obtains this by
+selecting a resident from the candidate list, and using the
+`GET /make_join` endpoint. The resident server will then reply with
+enough information for the joining server to fill in the event.
+
+The joining server is expected to add or replace the `origin`,
+`origin_server_ts`, and `event_id` on the templated event received by
+the resident server. This event is then signed by the joining server.
+
+To complete the join handshake, the joining server must now submit this
+new event to a resident homeserver, by using the `PUT /send_join`
+endpoint.
+
+The resident homeserver then accepts this event into the room's event
+graph, and responds to the joining server with the full set of state for
+the newly-joined room. The resident server must also send the event to
+other servers participating in the room.
+
+{{% http-api spec="server-server" api="joins-v1" %}}
+
+{{% http-api spec="server-server" api="joins-v2" %}}
+
+## Knocking upon a room
+
+Rooms can permit knocking through the join rules, and if permitted this
+gives users a way to request to join (be invited) to the room. Users who
+knock on a room where the server is already a resident of the room can
+just send the knock event directly without using this process, however
+much like [joining rooms](/server-server-api/#joining-rooms) the server
+must handshake their way into having the knock sent on its behalf.
+
+The handshake is largely the same as the joining rooms handshake, where
+instead of a "joining server" there is a "knocking server", and the APIs
+to be called are different (`/make_knock` and `/send_knock`).
+
+Servers can retract knocks over federation by leaving the room, as described
+below for rejecting invites.
+
+{{% http-api spec="server-server" api="knocks" %}}
+
+## Inviting to a room
+
+When a user on a given homeserver invites another user on the same
+homeserver, the homeserver may sign the membership event itself and skip
+the process defined here. However, when a user invites another user on a
+different homeserver, a request to that homeserver to have the event
+signed and verified must be made.
+
+Note that invites are used to indicate that knocks were accepted. As such,
+receiving servers should be prepared to manually link up a previous knock
+to an invite if the invite event does not directly reference the knock.
+
+{{% http-api spec="server-server" api="invites-v1" %}}
+
+{{% http-api spec="server-server" api="invites-v2" %}}
+
+## Leaving Rooms (Rejecting Invites)
+
+Normally homeservers can send appropriate `m.room.member` events to have
+users leave the room, to reject local invites, or to retract a knock.
+Remote invites/knocks from other homeservers do not involve the server in the
+graph and therefore need another approach to reject the invite. Joining
+the room and promptly leaving is not recommended as clients and servers will
+interpret that as accepting the invite, then leaving the room rather
+than rejecting the invite.
+
+Similar to the [Joining Rooms](#joining-rooms) handshake, the server
+which wishes to leave the room starts with sending a `/make_leave`
+request to a resident server. In the case of rejecting invites, the
+resident server may be the server which sent the invite. After receiving
+a template event from `/make_leave`, the leaving server signs the event
+and replaces the `event_id` with its own. This is then sent to the
+resident server via `/send_leave`. The resident server will then send
+the event to other servers in the room.
+
+{{% http-api spec="server-server" api="leaving-v1" %}}
+
+{{% http-api spec="server-server" api="leaving-v2" %}}
+
+## Third-party invites
+
+{{% boxes/note %}}
+More information about third party invites is available in the
+[Client-Server API](/client-server-api) under
+the Third Party Invites module.
+{{% /boxes/note %}}
+
+When a user wants to invite another user in a room but doesn't know the
+Matrix ID to invite, they can do so using a third-party identifier (e.g.
+an e-mail or a phone number).
+
+This identifier and its bindings to Matrix IDs are verified by an
+identity server implementing the [Identity Service
+API](/identity-service-api).
+
+### Cases where an association exists for a third-party identifier
+
+If the third-party identifier is already bound to a Matrix ID, a lookup
+request on the identity server will return it. The invite is then
+processed by the inviting homeserver as a standard `m.room.member`
+invite event. This is the simplest case.
+
+### Cases where an association doesn't exist for a third-party identifier
+
+If the third-party identifier isn't bound to any Matrix ID, the inviting
+homeserver will request the identity server to store an invite for this
+identifier and to deliver it to whoever binds it to its Matrix ID. It
+will also send an `m.room.third_party_invite` event in the room to
+specify a display name, a token and public keys the identity server
+provided as a response to the invite storage request.
+
+When a third-party identifier with pending invites gets bound to a
+Matrix ID, the identity server will send a POST request to the ID's
+homeserver as described in the [Invitation
+Storage](/identity-service-api#invitation-storage)
+section of the Identity Service API.
+
+The following process applies for each invite sent by the identity
+server:
+
+The invited homeserver will create an `m.room.member` invite event
+containing a special `third_party_invite` section containing the token
+and a signed object, both provided by the identity server.
+
+If the invited homeserver is in the room the invite came from, it can
+auth the event and send it.
+
+However, if the invited homeserver isn't in the room the invite came
+from, it will need to request the room's homeserver to auth the event.
+
+{{% http-api spec="server-server" api="third_party_invite" %}}
+
+#### Verifying the invite
+
+When a homeserver receives an `m.room.member` invite event for a room
+it's in with a `third_party_invite` object, it must verify that the
+association between the third-party identifier initially invited to the
+room and the Matrix ID that claims to be bound to it has been verified
+without having to rely on a third-party server.
+
+To do so, it will fetch from the room's state events the
+`m.room.third_party_invite` event for which the state key matches with
+the value for the `token` key in the `third_party_invite` object from
+the `m.room.member` event's content to fetch the public keys initially
+delivered by the identity server that stored the invite.
+
+It will then use these keys to verify that the `signed` object (in the
+`third_party_invite` object from the `m.room.member` event's content)
+was signed by the same identity server.
+
+Since this `signed` object can only be delivered once in the POST
+request emitted by the identity server upon binding between the
+third-party identifier and the Matrix ID, and contains the invited
+user's Matrix ID and the token delivered when the invite was stored,
+this verification will prove that the `m.room.member` invite event comes
+from the user owning the invited third-party identifier.
+
+## Public Room Directory
+
+To complement the [Client-Server
+API](/client-server-api)'s room directory,
+homeservers need a way to query the public rooms for another server.
+This can be done by making a request to the `/publicRooms` endpoint for
+the server the room directory should be retrieved for.
+
+{{% http-api spec="server-server" api="public_rooms" %}}
+
+## Typing Notifications
+
+When a server's users send typing notifications, those notifications
+need to be sent to other servers in the room so their users are aware of
+the same state. Receiving servers should verify that the user is in the
+room, and is a user belonging to the sending server.
+
+{{% definition path="api/server-server/definitions/event-schemas/m.typing" %}}
+
+## Presence
+
+The server API for presence is based entirely on exchange of the
+following EDUs. There are no PDUs or Federation Queries involved.
+
+Servers should only send presence updates for users that the receiving
+server would be interested in. Such as the receiving server sharing a
+room with a given user.
+
+{{% definition path="api/server-server/definitions/event-schemas/m.presence" %}}
+
+## Receipts
+
+Receipts are EDUs used to communicate a marker for a given event.
+Currently the only kind of receipt supported is a "read receipt", or
+where in the event graph the user has read up to.
+
+Read receipts for events that a user sent do not need to be sent. It is
+implied that by sending the event the user has read up to the event.
+
+{{% definition path="api/server-server/definitions/event-schemas/m.receipt" %}}
+
+## Querying for information
+
+Queries are a way to retrieve information from a homeserver about a
+resource, such as a user or room. The endpoints here are often called in
+conjunction with a request from a client on the client-server API in
+order to complete the call.
+
+There are several types of queries that can be made. The generic
+endpoint to represent all queries is described first, followed by the
+more specific queries that can be made.
+
+{{% http-api spec="server-server" api="query" %}}
+
+## OpenID
+
+Third party services can exchange an access token previously generated
+by the <span class="title-ref">Client-Server API</span> for information
+about a user. This can help verify that a user is who they say they are
+without granting full access to the user's account.
+
+Access tokens generated by the OpenID API are only good for the OpenID
+API and nothing else.
+
+{{% http-api spec="server-server" api="openid" %}}
+
+## Device Management
+
+Details of a user's devices must be efficiently published to other users
+and kept up-to-date. This is critical for reliable end-to-end
+encryption, in order for users to know which devices are participating
+in a room. It's also required for to-device messaging to work. This
+section is intended to complement the [Device Management
+module](/client-server-api#device-management)
+of the Client-Server API.
+
+Matrix currently uses a custom pubsub system for synchronising
+information about the list of devices for a given user over federation.
+When a server wishes to determine a remote user's device list for the
+first time, it should populate a local cache from the result of a
+`/user/keys/query` API on the remote server. However, subsequent updates
+to the cache should be applied by consuming `m.device_list_update` EDUs.
+Each new `m.device_list_update` EDU describes an incremental change to
+one device for a given user which should replace any existing entry in
+the local server's cache of that device list. Servers must send
+`m.device_list_update` EDUs to all the servers who share a room with a
+given local user, and must be sent whenever that user's device list
+changes (i.e. for new or deleted devices, when that user joins a room
+which contains servers which are not already receiving updates for that
+user's device list, or changes in device information such as the
+device's human-readable name).
+
+Servers send `m.device_list_update` EDUs in a sequence per origin user,
+each with a unique `stream_id`. They also include a pointer to the most
+recent previous EDU(s) that this update is relative to in the `prev_id`
+field. To simplify implementation for clustered servers which could send
+multiple EDUs at the same time, the `prev_id` field should include all
+`m.device_list_update` EDUs which have not been yet been referenced in a
+EDU. If EDUs are emitted in series by a server, there should only ever
+be one `prev_id` in the EDU.
+
+This forms a simple directed acyclic graph of `m.device_list_update`
+EDUs, showing which EDUs a server needs to have received in order to
+apply an update to its local copy of the remote user's device list. If a
+server receives an EDU which refers to a `prev_id` it does not
+recognise, it must resynchronise its list by calling the
+`/user/keys/query API` and resume the process. The response contains a
+`stream_id` which should be used to correlate with subsequent
+`m.device_list_update` EDUs.
+
+{{% http-api spec="server-server" api="user_devices" %}}
+
+{{% definition path="api/server-server/definitions/event-schemas/m.device_list_update" %}}
+
+## End-to-End Encryption
+
+This section complements the [End-to-End Encryption
+module](/client-server-api#end-to-end-encryption)
+of the Client-Server API. For detailed information about end-to-end
+encryption, please see that module.
+
+The APIs defined here are designed to be able to proxy much of the
+client's request through to federation, and have the response also be
+proxied through to the client.
+
+{{% http-api spec="server-server" api="user_keys" %}}
+
+{{% definition path="api/server-server/definitions/event-schemas/m.signing_key_update" %}}
+
+## Send-to-device messaging
+
+The server API for send-to-device messaging is based on the
+`m.direct_to_device` EDU. There are no PDUs or Federation Queries
+involved.
+
+Each send-to-device message should be sent to the destination server
+using the following EDU:
+
+{{% definition path="api/server-server/definitions/event-schemas/m.direct_to_device" %}}
+
+## Content Repository
+
+Attachments to events (images, files, etc) are uploaded to a homeserver
+via the Content Repository described in the [Client-Server
+API](/client-server-api). When a server wishes
+to serve content originating from a remote server, it needs to ask the
+remote server for the media.
+
+Servers should use the server described in the Matrix Content URI, which
+has the format `mxc://{ServerName}/{MediaID}`. Servers should use the
+download endpoint described in the [Client-Server
+API](/client-server-api), being sure to use
+the `allow_remote` parameter (set to `false`).
+
+## Server Access Control Lists (ACLs)
+
+Server ACLs and their purpose are described in the [Server
+ACLs](/client-server-api#server-access-control-lists-acls-for-rooms)
+section of the Client-Server API.
+
+When a remote server makes a request, it MUST be verified to be allowed
+by the server ACLs. If the server is denied access to a room, the
+receiving server MUST reply with a 403 HTTP status code and an `errcode`
+of `M_FORBIDDEN`.
+
+The following endpoint prefixes MUST be protected:
+
+-   `/_matrix/federation/v1/send` (on a per-PDU basis)
+-   `/_matrix/federation/v1/make_join`
+-   `/_matrix/federation/v1/make_leave`
+-   `/_matrix/federation/v1/send_join`
+-   `/_matrix/federation/v2/send_join`
+-   `/_matrix/federation/v1/send_leave`
+-   `/_matrix/federation/v2/send_leave`
+-   `/_matrix/federation/v1/invite`
+-   `/_matrix/federation/v2/invite`
+-   `/_matrix/federation/v1/make_knock`
+-   `/_matrix/federation/v1/send_knock`
+-   `/_matrix/federation/v1/state`
+-   `/_matrix/federation/v1/state_ids`
+-   `/_matrix/federation/v1/backfill`
+-   `/_matrix/federation/v1/event_auth`
+-   `/_matrix/federation/v1/get_missing_events`
+
+## Signing Events
+
+Signing events is complicated by the fact that servers can choose to
+redact non-essential parts of an event.
+
+### Adding hashes and signatures to outgoing events
+
+Before signing the event, the *content hash* of the event is calculated
+as described below. The hash is encoded using [Unpadded
+Base64](/appendices#unpadded-base64) and stored in the event
+object, in a `hashes` object, under a `sha256` key.
+
+The event object is then *redacted*, following the [redaction
+algorithm](/client-server-api#redactions).
+Finally it is signed as described in [Signing
+JSON](/appendices#signing-json), using the server's signing key
+(see also [Retrieving server keys](#retrieving-server-keys)).
+
+The signature is then copied back to the original event object.
+
+See [Persistent Data Unit schema](#Persistent Data Unit schema) for an
+example of a signed event.
+
+### Validating hashes and signatures on received events
+
+When a server receives an event over federation from another server, the
+receiving server should check the hashes and signatures on that event.
+
+First the signature is checked. The event is redacted following the
+[redaction
+algorithm](/client-server-api#redactions), and
+the resultant object is checked for a signature from the originating
+server, following the algorithm described in [Checking for a
+signature](/appendices#checking-for-a-signature). Note that this
+step should succeed whether we have been sent the full event or a
+redacted copy.
+
+The signatures expected on an event are:
+
+-   The `sender`'s server, unless the invite was created as a result of
+    3rd party invite. The sender must already match the 3rd party
+    invite, and the server which actually sends the event may be a
+    different server.
+-   For room versions 1 and 2, the server which created the `event_id`.
+    Other room versions do not track the `event_id` over federation and
+    therefore do not need a signature from those servers.
+
+If the signature is found to be valid, the expected content hash is
+calculated as described below. The content hash in the `hashes` property
+of the received event is base64-decoded, and the two are compared for
+equality.
+
+If the hash check fails, then it is assumed that this is because we have
+only been given a redacted version of the event. To enforce this, the
+receiving server should use the redacted copy it calculated rather than
+the full copy it received.
+
+### Calculating the reference hash for an event
+
+The *reference hash* of an event covers the essential fields of an
+event, including content hashes. It is used for event identifiers in
+some room versions. See the [room version
+specification](/#room-versions) for more information. It is
+calculated as follows.
+
+1.  The event is put through the redaction algorithm.
+2.  The `signatures`, `age_ts`, and `unsigned` properties are removed
+    from the event, if present.
+3.  The event is converted into [Canonical
+    JSON](/appendices#canonical-json).
+4.  A sha256 hash is calculated on the resulting JSON object.
+
+### Calculating the content hash for an event
+
+The *content hash* of an event covers the complete event including the
+*unredacted* contents. It is calculated as follows.
+
+First, any existing `unsigned`, `signature`, and `hashes` members are
+removed. The resulting object is then encoded as [Canonical
+JSON](/appendices#canonical-json), and the JSON is hashed using
+SHA-256.
+
+### Example code
+
+```py
+def hash_and_sign_event(event_object, signing_key, signing_name):
+    # First we need to hash the event object.
+    content_hash = compute_content_hash(event_object)
+    event_object["hashes"] = {"sha256": encode_unpadded_base64(content_hash)}
+
+    # Strip all the keys that would be removed if the event was redacted.
+    # The hashes are not stripped and cover all the keys in the event.
+    # This means that we can tell if any of the non-essential keys are
+    # modified or removed.
+    stripped_object = strip_non_essential_keys(event_object)
+
+    # Sign the stripped JSON object. The signature only covers the
+    # essential keys and the hashes. This means that we can check the
+    # signature even if the event is redacted.
+    signed_object = sign_json(stripped_object, signing_key, signing_name)
+
+    # Copy the signatures from the stripped event to the original event.
+    event_object["signatures"] = signed_object["signatures"]
+
+def compute_content_hash(event_object):
+    # take a copy of the event before we remove any keys.
+    event_object = dict(event_object)
+
+    # Keys under "unsigned" can be modified by other servers.
+    # They are useful for conveying information like the age of an
+    # event that will change in transit.
+    # Since they can be modified we need to exclude them from the hash.
+    event_object.pop("unsigned", None)
+
+    # Signatures will depend on the current value of the "hashes" key.
+    # We cannot add new hashes without invalidating existing signatures.
+    event_object.pop("signatures", None)
+
+    # The "hashes" key might contain multiple algorithms if we decide to
+    # migrate away from SHA-2. We don't want to include an existing hash
+    # output in our hash so we exclude the "hashes" dict from the hash.
+    event_object.pop("hashes", None)
+
+    # Encode the JSON using a canonical encoding so that we get the same
+    # bytes on every server for the same JSON object.
+    event_json_bytes = encode_canonical_json(event_object)
+
+    return hashlib.sha256(event_json_bytes)
+```
+
+## Security considerations
+
+When a domain's ownership changes, the new controller of the domain can
+masquerade as the previous owner, receiving messages (similarly to
+email) and request past messages from other servers. In the future,
+proposals like
+[MSC1228](https://github.com/matrix-org/matrix-doc/issues/1228) will
+address this issue.
diff --git a/data-definitions/sas-emoji-v1-i18n/ar.json b/data-definitions/sas-emoji-v1-i18n/ar.json
new file mode 100644
index 00000000000..822d6f1cab2
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/ar.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "دَبُّوس",
+    "Folder": "مُجَلَّد",
+    "Headphones": "سَمّاعَة رَأس",
+    "Anchor": "مِرسَاة",
+    "Bell": "جَرَس",
+    "Trumpet": "بُوق",
+    "Guitar": "غيتار",
+    "Ball": "كُرَة",
+    "Trophy": "كَأسُ النَّصر",
+    "Rocket": "صَارُوخ",
+    "Aeroplane": "طَائِرة",
+    "Bicycle": "دَرّاجَة",
+    "Train": "قِطَار",
+    "Flag": "عَلَم",
+    "Telephone": "تِلِفُون",
+    "Hammer": "مِطرَقَة",
+    "Key": "مِفتَاح",
+    "Lock": "قُفل",
+    "Scissors": "مِقَصّ",
+    "Paperclip": "مِشبَكُ وَرَق",
+    "Pencil": "قَلَمُ رَصاص",
+    "Book": "كِتَاب",
+    "Light Bulb": "مِصبَاح",
+    "Gift": "هَدِيَّة",
+    "Clock": "سَاعَة",
+    "Hourglass": "سَاعَةٌ رَملِيَّة",
+    "Umbrella": "مِظَلَّة",
+    "Thumbs Up": "رَفعُ إِبهَام",
+    "Santa": "سانتا",
+    "Spanner": "مِفتَاحُ رَبط",
+    "Glasses": "نَظَّارَة",
+    "Hat": "قُبَّعَة",
+    "Robot": "رُوبُوت",
+    "Smiley": "اِبتِسَامَة",
+    "Heart": "قَلب",
+    "Cake": "كَعكَة",
+    "Pizza": "بِيتزا",
+    "Corn": "ذُرَة",
+    "Strawberry": "فَراوِلَة",
+    "Apple": "تُفَّاحَة",
+    "Banana": "مَوزَة",
+    "Fire": "نار",
+    "Cloud": "سَحابَة",
+    "Moon": "قَمَر",
+    "Globe": "كُرَةٌ أرضِيَّة",
+    "Mushroom": "فُطر",
+    "Cactus": "صبار",
+    "Tree": "شَجَرَة",
+    "Flower": "زَهرَة",
+    "Butterfly": "فَرَاشَة",
+    "Octopus": "أُخطُبُوط",
+    "Fish": "سَمَكَة",
+    "Turtle": "سُلحفاة",
+    "Penguin": "بِطريق",
+    "Rooster": "دِيك",
+    "Panda": "باندَا",
+    "Rabbit": "أَرنَب",
+    "Elephant": "فِيل",
+    "Pig": "خِنزِير",
+    "Unicorn": "حِصَانٌ بِقَرن",
+    "Horse": "حِصَان",
+    "Lion": "أَسَد",
+    "Cat": "هِرَّة",
+    "Dog": "كَلب"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/bg.json b/data-definitions/sas-emoji-v1-i18n/bg.json
new file mode 100644
index 00000000000..6727ee6fa49
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/bg.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "Кабърче",
+    "Folder": "Папка",
+    "Headphones": "Слушалки",
+    "Anchor": "Котва",
+    "Bell": "Звънец",
+    "Trumpet": "Тромпет",
+    "Guitar": "Китара",
+    "Ball": "Топка",
+    "Trophy": "Трофей",
+    "Rocket": "Ракета",
+    "Aeroplane": "Самолет",
+    "Bicycle": "Колело",
+    "Train": "Влак",
+    "Flag": "Флаг",
+    "Telephone": "Телефон",
+    "Hammer": "Чук",
+    "Key": "Ключ",
+    "Lock": "Катинар",
+    "Scissors": "Ножици",
+    "Paperclip": "Кламер",
+    "Pencil": "Молив",
+    "Book": "Книга",
+    "Light Bulb": "Лампа",
+    "Gift": "Подарък",
+    "Clock": "Часовник",
+    "Hourglass": "Пясъчен часовник",
+    "Umbrella": "Чадър",
+    "Thumbs Up": "Палец нагоре",
+    "Santa": "Дядо Коледа",
+    "Spanner": "Гаечен ключ",
+    "Glasses": "Очила",
+    "Hat": "Шапка",
+    "Robot": "Робот",
+    "Smiley": "Усмивка",
+    "Heart": "Сърце",
+    "Cake": "Торта",
+    "Pizza": "Пица",
+    "Corn": "Царевица",
+    "Strawberry": "Ягода",
+    "Apple": "Ябълка",
+    "Banana": "Банан",
+    "Fire": "Огън",
+    "Cloud": "Облак",
+    "Moon": "Луна",
+    "Globe": "Глобус",
+    "Mushroom": "Гъба",
+    "Cactus": "Кактус",
+    "Tree": "Дърво",
+    "Flower": "Цвете",
+    "Butterfly": "Пеперуда",
+    "Octopus": "Октопод",
+    "Fish": "Риба",
+    "Turtle": "Костенурка",
+    "Penguin": "Пингвин",
+    "Rooster": "Петел",
+    "Panda": "Панда",
+    "Rabbit": "Заек",
+    "Elephant": "Слон",
+    "Pig": "Прасе",
+    "Unicorn": "Еднорог",
+    "Horse": "Кон",
+    "Lion": "Лъв",
+    "Cat": "Котка",
+    "Dog": "Куче"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/ca.json b/data-definitions/sas-emoji-v1-i18n/ca.json
new file mode 100644
index 00000000000..adca06b3cad
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/ca.json
@@ -0,0 +1,66 @@
+{
+    "Cactus": "Cactus",
+    "Globe": "Globus terraqüi",
+    "Rooster": "Gall",
+    "Pin": "Xinxeta",
+    "Folder": "Carpeta",
+    "Headphones": "Auriculars",
+    "Anchor": "Àncora",
+    "Bell": "Campana",
+    "Trumpet": "Trompeta",
+    "Guitar": "Guitarra",
+    "Ball": "Pilota",
+    "Trophy": "Trofeu",
+    "Rocket": "Coet",
+    "Aeroplane": "Avió",
+    "Bicycle": "Bicicleta",
+    "Train": "Tren",
+    "Flag": "Bandera",
+    "Telephone": "Telèfon",
+    "Hammer": "Martell",
+    "Lock": "Cadenat",
+    "Key": "Clau",
+    "Scissors": "Tisores",
+    "Paperclip": "Clip",
+    "Pencil": "Llapis",
+    "Book": "Llibre",
+    "Light Bulb": "Bombeta",
+    "Gift": "Regal",
+    "Clock": "Rellotge",
+    "Hourglass": "Rellotge de sorra",
+    "Umbrella": "Paraigües",
+    "Thumbs Up": "Polzes amunt",
+    "Santa": "Pare Noél",
+    "Spanner": "Clau anglesa",
+    "Glasses": "Ulleres",
+    "Hat": "Barret",
+    "Robot": "Robot",
+    "Smiley": "Somrient",
+    "Heart": "Cor",
+    "Cake": "Pastís",
+    "Pizza": "Pizza",
+    "Corn": "Blat de moro",
+    "Strawberry": "Maduixa",
+    "Apple": "Poma",
+    "Banana": "Plàtan",
+    "Fire": "Foc",
+    "Cloud": "Núvol",
+    "Moon": "Lluna",
+    "Mushroom": "Bolet",
+    "Tree": "Arbre",
+    "Flower": "Flor",
+    "Butterfly": "Papallona",
+    "Octopus": "Pop",
+    "Fish": "Peix",
+    "Turtle": "Tortuga",
+    "Penguin": "Pingüí",
+    "Panda": "Panda",
+    "Rabbit": "Conill",
+    "Elephant": "Elefant",
+    "Unicorn": "Unicorn",
+    "Pig": "Porc",
+    "Horse": "Cavall",
+    "Lion": "Lleó",
+    "Cat": "Gat",
+    "Dog": "Gos"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/cs.json b/data-definitions/sas-emoji-v1-i18n/cs.json
new file mode 100644
index 00000000000..66d3a42ad7e
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/cs.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "Špendlík",
+    "Folder": "Složka",
+    "Headphones": "Sluchátka",
+    "Anchor": "Kotva",
+    "Bell": "Zvonek",
+    "Trumpet": "Trumpeta",
+    "Guitar": "Kytara",
+    "Ball": "Míč",
+    "Trophy": "Pohár",
+    "Rocket": "Raketa",
+    "Aeroplane": "Letadlo",
+    "Bicycle": "Kolo",
+    "Train": "Vlak",
+    "Flag": "Vlajka",
+    "Telephone": "Telefon",
+    "Hammer": "Kladivo",
+    "Key": "Klíč",
+    "Lock": "Zámek",
+    "Scissors": "Nůžky",
+    "Paperclip": "Sponka",
+    "Pencil": "Tužka",
+    "Book": "Kniha",
+    "Light Bulb": "Žárovka",
+    "Gift": "Dárek",
+    "Santa": "Mikuláš",
+    "Clock": "Hodiny",
+    "Hourglass": "Přesýpací hodiny",
+    "Umbrella": "Deštník",
+    "Thumbs Up": "Palec nahoru",
+    "Spanner": "Klíč",
+    "Glasses": "Brýle",
+    "Hat": "Klobouk",
+    "Robot": "Robot",
+    "Smiley": "Smajlík",
+    "Heart": "Srdce",
+    "Cake": "Dort",
+    "Pizza": "Pizza",
+    "Corn": "Kukuřice",
+    "Strawberry": "Jahoda",
+    "Apple": "Jablko",
+    "Banana": "Banán",
+    "Fire": "Oheň",
+    "Cloud": "Mrak",
+    "Moon": "Měsíc",
+    "Globe": "Zeměkoule",
+    "Mushroom": "Houba",
+    "Cactus": "Kaktus",
+    "Tree": "Strom",
+    "Flower": "Květina",
+    "Butterfly": "Motýl",
+    "Octopus": "Chobotnice",
+    "Fish": "Ryba",
+    "Turtle": "Želva",
+    "Penguin": "Tučňák",
+    "Rooster": "Kohout",
+    "Panda": "Panda",
+    "Rabbit": "Králík",
+    "Elephant": "Slon",
+    "Pig": "Prase",
+    "Unicorn": "Jednorožec",
+    "Horse": "Kůň",
+    "Lion": "Lev",
+    "Cat": "Kočka",
+    "Dog": "Pes"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/de.json b/data-definitions/sas-emoji-v1-i18n/de.json
index e2b497372a0..83719cf3d2a 100644
--- a/data-definitions/sas-emoji-v1-i18n/de.json
+++ b/data-definitions/sas-emoji-v1-i18n/de.json
@@ -25,20 +25,20 @@
     "Banana": "Banane",
     "Apple": "Apfel",
     "Strawberry": "Erdbeere",
-    "Corn": "Korn",
+    "Corn": "Mais",
     "Pizza": "Pizza",
     "Cake": "Kuchen",
     "Heart": "Herz",
-    "Smiley": "Smiley",
+    "Smiley": "Lächeln",
     "Robot": "Roboter",
     "Hat": "Hut",
     "Glasses": "Brille",
     "Spanner": "Schraubenschlüssel",
-    "Santa": "Nikolaus",
+    "Santa": "Weihnachtsmann",
     "Thumbs Up": "Daumen Hoch",
     "Umbrella": "Regenschirm",
     "Hourglass": "Sanduhr",
-    "Clock": "Wecker",
+    "Clock": "Uhr",
     "Gift": "Geschenk",
     "Light Bulb": "Glühbirne",
     "Book": "Buch",
@@ -54,7 +54,7 @@
     "Bicycle": "Fahrrad",
     "Aeroplane": "Flugzeug",
     "Rocket": "Rakete",
-    "Trophy": "Trophäe",
+    "Trophy": "Pokal",
     "Ball": "Ball",
     "Guitar": "Gitarre",
     "Trumpet": "Trompete",
diff --git a/data-definitions/sas-emoji-v1-i18n/es.json b/data-definitions/sas-emoji-v1-i18n/es.json
index 8b89994230b..83d75f576d8 100644
--- a/data-definitions/sas-emoji-v1-i18n/es.json
+++ b/data-definitions/sas-emoji-v1-i18n/es.json
@@ -47,5 +47,20 @@
     "Robot": "Robot",
     "Hat": "Sombrero",
     "Glasses": "Gafas",
-    "Spanner": "Llave inglesa"
+    "Spanner": "Llave inglesa",
+    "Folder": "Carpeta",
+    "Headphones": "Cascos",
+    "Anchor": "Ancla",
+    "Trophy": "Trofeo",
+    "Rocket": "Cohete",
+    "Aeroplane": "Avión",
+    "Flag": "Bandera",
+    "Lock": "Candado",
+    "Scissors": "Tijeras",
+    "Paperclip": "Clip",
+    "Light Bulb": "Bombilla",
+    "Hourglass": "Reloj de arena",
+    "Umbrella": "Paraguas",
+    "Thumbs Up": "Pulgar arriba",
+    "Santa": "Papá Noel"
 }
diff --git a/data-definitions/sas-emoji-v1-i18n/fi.json b/data-definitions/sas-emoji-v1-i18n/fi.json
index 0975b1e23c1..58817bb0c79 100644
--- a/data-definitions/sas-emoji-v1-i18n/fi.json
+++ b/data-definitions/sas-emoji-v1-i18n/fi.json
@@ -33,7 +33,7 @@
     "Robot": "Robotti",
     "Hat": "Hattu",
     "Glasses": "Silmälasit",
-    "Spanner": "Mutteriavain",
+    "Spanner": "Kiintoavain",
     "Santa": "Joulupukki",
     "Thumbs Up": "Peukalo ylös",
     "Umbrella": "Sateenvarjo",
diff --git a/data-definitions/sas-emoji-v1-i18n/fr.json b/data-definitions/sas-emoji-v1-i18n/fr.json
index 7996c108744..6d7540911e8 100644
--- a/data-definitions/sas-emoji-v1-i18n/fr.json
+++ b/data-definitions/sas-emoji-v1-i18n/fr.json
@@ -18,7 +18,7 @@
     "Pizza": "Pizza",
     "Cake": "Gâteau",
     "Heart": "Cœur",
-    "Hat": "Châpeau",
+    "Hat": "Chapeau",
     "Glasses": "Lunettes",
     "Hourglass": "Sablier",
     "Book": "Livre",
@@ -41,7 +41,7 @@
     "Robot": "Robot",
     "Spanner": "Clé à molette",
     "Santa": "Père Noël",
-    "Thumbs Up": "Pouce en l'air",
+    "Thumbs Up": "Pouce en l’air",
     "Umbrella": "Parapluie",
     "Clock": "Réveil",
     "Gift": "Cadeau",
diff --git a/data-definitions/sas-emoji-v1-i18n/hr.json b/data-definitions/sas-emoji-v1-i18n/hr.json
new file mode 100644
index 00000000000..2a4d1f12943
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/hr.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "pribadača",
+    "Folder": "mapu",
+    "Headphones": "slušalice",
+    "Anchor": "sidro",
+    "Bell": "zvono",
+    "Trumpet": "truba",
+    "Guitar": "gitara",
+    "Ball": "lopta",
+    "Trophy": "trofej",
+    "Rocket": "raketa",
+    "Aeroplane": "avion",
+    "Bicycle": "bicikl",
+    "Train": "vlak",
+    "Flag": "zastava",
+    "Telephone": "telefon",
+    "Hammer": "čekić",
+    "Key": "ključ",
+    "Lock": "zaključati",
+    "Scissors": "škare",
+    "Paperclip": "spajalica",
+    "Pencil": "olovka",
+    "Book": "knjiga",
+    "Light Bulb": "žarulja",
+    "Gift": "poklon",
+    "Clock": "sat",
+    "Hourglass": "pješčani sat",
+    "Umbrella": "kišobran",
+    "Thumbs Up": "palac gore",
+    "Santa": "deda Mraz",
+    "Spanner": "ključ",
+    "Glasses": "naočale",
+    "Hat": "kapa",
+    "Robot": "robot",
+    "Smiley": "smajlića",
+    "Heart": "srca",
+    "Cake": "torta",
+    "Pizza": "pizza",
+    "Corn": "kukuruza",
+    "Strawberry": "jagoda",
+    "Apple": "jabuka",
+    "Banana": "banana",
+    "Fire": "vatra",
+    "Cloud": "oblak",
+    "Moon": "mjesec",
+    "Globe": "Globus",
+    "Mushroom": "gljiva",
+    "Cactus": "kaktus",
+    "Tree": "drvo",
+    "Flower": "svijet",
+    "Butterfly": "leptir",
+    "Octopus": "hobotnica",
+    "Fish": "riba",
+    "Turtle": "kornjača",
+    "Penguin": "pingvin",
+    "Rooster": "kokot",
+    "Panda": "panda",
+    "Rabbit": "zec",
+    "Elephant": "slon",
+    "Pig": "svinja",
+    "Unicorn": "jednorog",
+    "Horse": "konj",
+    "Lion": "lav",
+    "Cat": "mačka",
+    "Dog": "pas"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/hu.json b/data-definitions/sas-emoji-v1-i18n/hu.json
new file mode 100644
index 00000000000..01d5673064e
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/hu.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "Rajszeg",
+    "Folder": "Mappa",
+    "Headphones": "Fejhallgató",
+    "Anchor": "Horgony",
+    "Bell": "Harang",
+    "Trumpet": "Trombita",
+    "Guitar": "Gitár",
+    "Ball": "Labda",
+    "Trophy": "Trófea",
+    "Rocket": "Rakáta",
+    "Aeroplane": "Repülő",
+    "Bicycle": "Kerékpár",
+    "Train": "Vonat",
+    "Flag": "Zászló",
+    "Telephone": "Telefon",
+    "Hammer": "Kalapács",
+    "Key": "Kulcs",
+    "Lock": "Lakat",
+    "Scissors": "Olló",
+    "Paperclip": "Gémkapocs",
+    "Pencil": "Ceruza",
+    "Book": "Könyv",
+    "Light Bulb": "Égő",
+    "Gift": "Ajándék",
+    "Clock": "Óra",
+    "Hourglass": "Homokóra",
+    "Umbrella": "Esernyő",
+    "Thumbs Up": "Hüvelykujj fel",
+    "Santa": "Télapó",
+    "Spanner": "Csavarkulcs",
+    "Glasses": "Szemüveg",
+    "Hat": "Kalap",
+    "Robot": "Robot",
+    "Smiley": "Mosoly",
+    "Heart": "Szív",
+    "Cake": "Süti",
+    "Pizza": "Pizza",
+    "Corn": "Kukorica",
+    "Strawberry": "Eper",
+    "Apple": "Alma",
+    "Banana": "Banán",
+    "Fire": "Tűz",
+    "Cloud": "Felhő",
+    "Moon": "Hold",
+    "Globe": "Földgömb",
+    "Mushroom": "Gomba",
+    "Cactus": "Kaktusz",
+    "Tree": "Fa",
+    "Flower": "Virág",
+    "Butterfly": "Pillangó",
+    "Octopus": "Polip",
+    "Fish": "Hal",
+    "Turtle": "Teknős",
+    "Penguin": "Pingvin",
+    "Rooster": "Kakas",
+    "Panda": "Panda",
+    "Rabbit": "Nyúl",
+    "Elephant": "Elefánt",
+    "Pig": "Malac",
+    "Unicorn": "Egyszarvú",
+    "Horse": "Ló",
+    "Lion": "Oroszlán",
+    "Cat": "Macska",
+    "Dog": "Kutya"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/it.json b/data-definitions/sas-emoji-v1-i18n/it.json
new file mode 100644
index 00000000000..062f7f599e4
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/it.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "Puntina",
+    "Folder": "Cartella",
+    "Headphones": "Cuffie",
+    "Anchor": "Ancora",
+    "Bell": "Campana",
+    "Trumpet": "Trombetta",
+    "Guitar": "Chitarra",
+    "Ball": "Palla",
+    "Trophy": "Trofeo",
+    "Rocket": "Razzo",
+    "Aeroplane": "Aeroplano",
+    "Bicycle": "Bicicletta",
+    "Train": "Treno",
+    "Flag": "Bandiera",
+    "Telephone": "Telefono",
+    "Hammer": "Martello",
+    "Key": "Chiave",
+    "Lock": "Lucchetto",
+    "Scissors": "Forbici",
+    "Paperclip": "Graffetta",
+    "Pencil": "Matita",
+    "Book": "Libro",
+    "Light Bulb": "Lampadina",
+    "Gift": "Regalo",
+    "Clock": "Orologio",
+    "Hourglass": "Clessidra",
+    "Umbrella": "Ombrello",
+    "Thumbs Up": "Pollice alzato",
+    "Santa": "Babbo Natale",
+    "Spanner": "Chiave inglese",
+    "Glasses": "Occhiali",
+    "Hat": "Cappello",
+    "Robot": "Robot",
+    "Smiley": "Faccina sorridente",
+    "Heart": "Cuore",
+    "Cake": "Torta",
+    "Pizza": "Pizza",
+    "Corn": "Mais",
+    "Strawberry": "Fragola",
+    "Apple": "Mela",
+    "Banana": "Banana",
+    "Fire": "Fuoco",
+    "Cloud": "Nuvola",
+    "Moon": "Luna",
+    "Globe": "Globo",
+    "Mushroom": "Fungo",
+    "Cactus": "Cactus",
+    "Tree": "Albero",
+    "Flower": "Fiore",
+    "Butterfly": "Farfalla",
+    "Octopus": "Polpo",
+    "Fish": "Pesce",
+    "Turtle": "Tartaruga",
+    "Penguin": "Pinguino",
+    "Rooster": "Gallo",
+    "Panda": "Panda",
+    "Rabbit": "Coniglio",
+    "Elephant": "Elefante",
+    "Pig": "Maiale",
+    "Unicorn": "Unicorno",
+    "Horse": "Cavallo",
+    "Lion": "Leone",
+    "Cat": "Gatto",
+    "Dog": "Cane"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/ja.json b/data-definitions/sas-emoji-v1-i18n/ja.json
index 4180e2ae784..1ad4cf14c5a 100644
--- a/data-definitions/sas-emoji-v1-i18n/ja.json
+++ b/data-definitions/sas-emoji-v1-i18n/ja.json
@@ -14,5 +14,53 @@
     "Book": "本",
     "Telephone": "電話機",
     "Train": "電車",
-    "Bicycle": "自転車"
+    "Bicycle": "自転車",
+    "Pin": "ピン",
+    "Folder": "フォルダ",
+    "Headphones": "ヘッドホン",
+    "Anchor": "いかり",
+    "Bell": "ベル",
+    "Trumpet": "トランペット",
+    "Guitar": "ギター",
+    "Ball": "ボール",
+    "Trophy": "トロフィー",
+    "Rocket": "ロケット",
+    "Aeroplane": "飛行機",
+    "Flag": "旗",
+    "Hammer": "金槌",
+    "Key": "鍵",
+    "Lock": "錠前",
+    "Scissors": "はさみ",
+    "Paperclip": "クリップ",
+    "Pencil": "鉛筆",
+    "Light Bulb": "電球",
+    "Gift": "ギフト",
+    "Clock": "時計",
+    "Hourglass": "砂時計",
+    "Umbrella": "傘",
+    "Thumbs Up": "いいね",
+    "Santa": "サンタ",
+    "Spanner": "スパナ",
+    "Hat": "帽子",
+    "Smiley": "スマイル",
+    "Heart": "ハート",
+    "Pizza": "ピザ",
+    "Corn": "とうもろこし",
+    "Strawberry": "いちご",
+    "Banana": "バナナ",
+    "Fire": "炎",
+    "Cloud": "雲",
+    "Globe": "地球",
+    "Cactus": "サボテン",
+    "Butterfly": "ちょうちょ",
+    "Fish": "魚",
+    "Turtle": "亀",
+    "Penguin": "ペンギン",
+    "Rooster": "ニワトリ",
+    "Panda": "パンダ",
+    "Rabbit": "うさぎ",
+    "Elephant": "ゾウ",
+    "Pig": "ブタ",
+    "Unicorn": "ユニコーン",
+    "Lion": "ライオン"
 }
diff --git a/data-definitions/sas-emoji-v1-i18n/si.json b/data-definitions/sas-emoji-v1-i18n/si.json
new file mode 100644
index 00000000000..aa84535f94b
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/si.json
@@ -0,0 +1,6 @@
+{
+    "Horse": "අශ්වයා",
+    "Lion": "සිංහයා",
+    "Cat": "පූසා",
+    "Dog": "බල්ලා"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/sr.json b/data-definitions/sas-emoji-v1-i18n/sr.json
new file mode 100644
index 00000000000..5baae6e677b
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/sr.json
@@ -0,0 +1,66 @@
+{
+    "Pin": "чиода",
+    "Folder": "фасцикла",
+    "Headphones": "слушалице",
+    "Anchor": "сидро",
+    "Bell": "звоно",
+    "Trumpet": "труба",
+    "Guitar": "гитара",
+    "Ball": "лопта",
+    "Trophy": "пехар",
+    "Rocket": "ракета",
+    "Aeroplane": "авион",
+    "Bicycle": "бицикл",
+    "Train": "воз",
+    "Flag": "застава",
+    "Telephone": "телефон",
+    "Hammer": "чекић",
+    "Key": "кључ",
+    "Lock": "катанац",
+    "Scissors": "маказе",
+    "Paperclip": "спајалица",
+    "Pencil": "оловка",
+    "Book": "књига",
+    "Light Bulb": "сијалица",
+    "Gift": "поклон",
+    "Clock": "сат",
+    "Hourglass": "пешчаник",
+    "Umbrella": "кишобран",
+    "Thumbs Up": "палчић горе",
+    "Santa": "деда Мраз",
+    "Spanner": "кључ",
+    "Glasses": "наочаре",
+    "Hat": "шешир",
+    "Robot": "робот",
+    "Smiley": "смајли",
+    "Heart": "срце",
+    "Cake": "торта",
+    "Pizza": "пица",
+    "Corn": "кукуруз",
+    "Strawberry": "јагода",
+    "Apple": "јабука",
+    "Banana": "банана",
+    "Fire": "ватра",
+    "Cloud": "облак",
+    "Moon": "месец",
+    "Globe": "глобус",
+    "Mushroom": "печурка",
+    "Cactus": "кактус",
+    "Tree": "дрво",
+    "Flower": "цвет",
+    "Butterfly": "лептир",
+    "Octopus": "октопод",
+    "Fish": "риба",
+    "Turtle": "корњача",
+    "Penguin": "пингвин",
+    "Rooster": "петао",
+    "Panda": "панда",
+    "Rabbit": "зец",
+    "Elephant": "слон",
+    "Pig": "прасе",
+    "Unicorn": "једнорог",
+    "Horse": "коњ",
+    "Lion": "лав",
+    "Cat": "мачка",
+    "Dog": "пас"
+}
diff --git a/data-definitions/sas-emoji-v1-i18n/szl.json b/data-definitions/sas-emoji-v1-i18n/szl.json
new file mode 100644
index 00000000000..0967ef424bc
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/szl.json
@@ -0,0 +1 @@
+{}
diff --git a/data-definitions/sas-emoji-v1-i18n/tzm.json b/data-definitions/sas-emoji-v1-i18n/tzm.json
new file mode 100644
index 00000000000..1045169c25c
--- /dev/null
+++ b/data-definitions/sas-emoji-v1-i18n/tzm.json
@@ -0,0 +1,28 @@
+{
+    "Folder": "Asdaw",
+    "Guitar": "Agiṭaṛ",
+    "Ball": "Tcama",
+    "Flag": "Acenyal",
+    "Telephone": "Atilifun",
+    "Key": "Tasarut",
+    "Book": "Adlis",
+    "Hat": "Taraza",
+    "Robot": "Aṛubu",
+    "Heart": "Ul",
+    "Apple": "Tadeffuyt",
+    "Banana": "Tabanant",
+    "Fire": "Timessi",
+    "Moon": "Ayyur",
+    "Mushroom": "Agursel",
+    "Tree": "Aseklu",
+    "Fish": "Aselm",
+    "Turtle": "Ifker",
+    "Rooster": "Ayaẓiḍ",
+    "Rabbit": "Agnin",
+    "Elephant": "Ilu",
+    "Pig": "Ilef",
+    "Horse": "Ayyis",
+    "Lion": "Izem",
+    "Cat": "Amuc",
+    "Dog": "Aydi"
+}
diff --git a/data-definitions/sas-emoji.json b/data-definitions/sas-emoji.json
index a18d77312e6..f0eb702cfd9 100644
--- a/data-definitions/sas-emoji.json
+++ b/data-definitions/sas-emoji.json
@@ -5,18 +5,30 @@
         "description": "Dog",
         "unicode": "U+1F436",
         "translated_descriptions": {
+            "ar": "كَلب",
+            "bg": "Куче",
+            "ca": "Gos",
+            "cs": "Pes",
             "de": "Hund",
             "eo": "Hundo",
             "es": "Perro",
             "et": "Koer",
             "fi": "Koira",
             "fr": "Chien",
+            "hr": "pas",
+            "hu": "Kutya",
+            "it": "Cane",
             "ja": "犬",
             "nb_NO": "Hund",
             "nl": "Hond",
+            "pt_BR": "Cachorro",
             "ru": "Собака",
+            "si": "බල්ලා",
             "sk": "Hlava psa",
+            "sr": "пас",
             "sv": "Hund",
+            "szl": null,
+            "tzm": "Aydi",
             "uk": "Пес",
             "zh_Hans": "狗"
         }
@@ -27,18 +39,30 @@
         "description": "Cat",
         "unicode": "U+1F431",
         "translated_descriptions": {
+            "ar": "هِرَّة",
+            "bg": "Котка",
+            "ca": "Gat",
+            "cs": "Kočka",
             "de": "Katze",
             "eo": "Kato",
             "es": "Gato",
             "et": "Kass",
             "fi": "Kissa",
             "fr": "Chat",
+            "hr": "mačka",
+            "hu": "Macska",
+            "it": "Gatto",
             "ja": "猫",
             "nb_NO": "Katt",
             "nl": "Kat",
+            "pt_BR": "Gato",
             "ru": "Кошка",
+            "si": "පූසා",
             "sk": "Hlava mačky",
+            "sr": "мачка",
             "sv": "Katt",
+            "szl": null,
+            "tzm": "Amuc",
             "uk": "Кіт",
             "zh_Hans": "猫"
         }
@@ -49,18 +73,30 @@
         "description": "Lion",
         "unicode": "U+1F981",
         "translated_descriptions": {
+            "ar": "أَسَد",
+            "bg": "Лъв",
+            "ca": "Lleó",
+            "cs": "Lev",
             "de": "Löwe",
             "eo": "Leono",
             "es": "León",
             "et": "Lõvi",
             "fi": "Leijona",
             "fr": "Lion",
-            "ja": null,
+            "hr": "lav",
+            "hu": "Oroszlán",
+            "it": "Leone",
+            "ja": "ライオン",
             "nb_NO": "Løve",
             "nl": "Leeuw",
+            "pt_BR": "Leão",
             "ru": "Лев",
+            "si": "සිංහයා",
             "sk": "Hlava leva",
+            "sr": "лав",
             "sv": "Lejon",
+            "szl": null,
+            "tzm": "Izem",
             "uk": "Лев",
             "zh_Hans": "狮子"
         }
@@ -71,18 +107,30 @@
         "description": "Horse",
         "unicode": "U+1F40E",
         "translated_descriptions": {
+            "ar": "حِصَان",
+            "bg": "Кон",
+            "ca": "Cavall",
+            "cs": "Kůň",
             "de": "Pferd",
             "eo": "Ĉevalo",
             "es": "Caballo",
             "et": "Hobune",
             "fi": "Hevonen",
             "fr": "Cheval",
+            "hr": "konj",
+            "hu": "Ló",
+            "it": "Cavallo",
             "ja": "馬",
             "nb_NO": "Hest",
             "nl": "Paard",
+            "pt_BR": "Cavalo",
             "ru": "Лошадь",
+            "si": "අශ්වයා",
             "sk": "Kôň",
+            "sr": "коњ",
             "sv": "Häst",
+            "szl": null,
+            "tzm": "Ayyis",
             "uk": "Кінь",
             "zh_Hans": "马"
         }
@@ -93,18 +141,30 @@
         "description": "Unicorn",
         "unicode": "U+1F984",
         "translated_descriptions": {
+            "ar": "حِصَانٌ بِقَرن",
+            "bg": "Еднорог",
+            "ca": "Unicorn",
+            "cs": "Jednorožec",
             "de": "Einhorn",
             "eo": "Unukorno",
             "es": "Unicornio",
             "et": "Ükssarvik",
             "fi": "Yksisarvinen",
             "fr": "Licorne",
-            "ja": null,
+            "hr": "jednorog",
+            "hu": "Egyszarvú",
+            "it": "Unicorno",
+            "ja": "ユニコーン",
             "nb_NO": "Enhjørning",
             "nl": "Eenhoorn",
+            "pt_BR": "Unicórnio",
             "ru": "Единорог",
+            "si": null,
             "sk": "Hlava jednorožca",
+            "sr": "једнорог",
             "sv": "Enhörning",
+            "szl": null,
+            "tzm": null,
             "uk": "Єдиноріг",
             "zh_Hans": "独角兽"
         }
@@ -115,18 +175,30 @@
         "description": "Pig",
         "unicode": "U+1F437",
         "translated_descriptions": {
+            "ar": "خِنزِير",
+            "bg": "Прасе",
+            "ca": "Porc",
+            "cs": "Prase",
             "de": "Schwein",
             "eo": "Porko",
             "es": "Cerdo",
             "et": "Siga",
             "fi": "Sika",
             "fr": "Cochon",
-            "ja": null,
+            "hr": "svinja",
+            "hu": "Malac",
+            "it": "Maiale",
+            "ja": "ブタ",
             "nb_NO": "Gris",
             "nl": "Varken",
+            "pt_BR": "Porco",
             "ru": "Свинья",
+            "si": null,
             "sk": "Hlava prasaťa",
+            "sr": "прасе",
             "sv": "Gris",
+            "szl": null,
+            "tzm": "Ilef",
             "uk": "Свиня",
             "zh_Hans": "猪"
         }
@@ -137,20 +209,32 @@
         "description": "Elephant",
         "unicode": "U+1F418",
         "translated_descriptions": {
+            "ar": "فِيل",
+            "bg": "Слон",
+            "ca": "Elefant",
+            "cs": "Slon",
             "de": "Elefant",
             "eo": "Elefanto",
             "es": "Elefante",
             "et": "Elevant",
             "fi": "Norsu",
             "fr": "Éléphant",
-            "ja": null,
+            "hr": "slon",
+            "hu": "Elefánt",
+            "it": "Elefante",
+            "ja": "ゾウ",
             "nb_NO": "Elefant",
             "nl": "Olifant",
+            "pt_BR": "Elefante",
             "ru": "Слон",
+            "si": null,
             "sk": "Slon",
+            "sr": "слон",
             "sv": "Elefant",
+            "szl": null,
+            "tzm": "Ilu",
             "uk": "Слон",
-            "zh_Hans": null
+            "zh_Hans": "大象"
         }
     },
     {
@@ -159,20 +243,32 @@
         "description": "Rabbit",
         "unicode": "U+1F430",
         "translated_descriptions": {
+            "ar": "أَرنَب",
+            "bg": "Заек",
+            "ca": "Conill",
+            "cs": "Králík",
             "de": "Hase",
             "eo": "Kuniklo",
             "es": "Conejo",
             "et": "Jänes",
             "fi": "Kani",
             "fr": "Lapin",
-            "ja": null,
+            "hr": "zec",
+            "hu": "Nyúl",
+            "it": "Coniglio",
+            "ja": "うさぎ",
             "nb_NO": "Kanin",
             "nl": "Konijn",
+            "pt_BR": "Coelho",
             "ru": "Кролик",
+            "si": null,
             "sk": "Hlava zajaca",
+            "sr": "зец",
             "sv": "Kanin",
+            "szl": null,
+            "tzm": "Agnin",
             "uk": "Кріль",
-            "zh_Hans": null
+            "zh_Hans": "兔子"
         }
     },
     {
@@ -181,20 +277,32 @@
         "description": "Panda",
         "unicode": "U+1F43C",
         "translated_descriptions": {
+            "ar": "باندَا",
+            "bg": "Панда",
+            "ca": "Panda",
+            "cs": "Panda",
             "de": "Panda",
             "eo": "Pando",
             "es": "Panda",
             "et": "Panda",
             "fi": "Panda",
             "fr": "Panda",
-            "ja": null,
+            "hr": "panda",
+            "hu": "Panda",
+            "it": "Panda",
+            "ja": "パンダ",
             "nb_NO": "Panda",
             "nl": "Panda",
+            "pt_BR": "Panda",
             "ru": "Панда",
+            "si": null,
             "sk": "Hlava pandy",
+            "sr": "панда",
             "sv": "Panda",
+            "szl": null,
+            "tzm": null,
             "uk": "Панда",
-            "zh_Hans": null
+            "zh_Hans": "熊猫"
         }
     },
     {
@@ -203,20 +311,32 @@
         "description": "Rooster",
         "unicode": "U+1F413",
         "translated_descriptions": {
+            "ar": "دِيك",
+            "bg": "Петел",
+            "ca": "Gall",
+            "cs": "Kohout",
             "de": "Hahn",
             "eo": "Virkoko",
             "es": "Gallo",
             "et": "Kukk",
             "fi": "Kukko",
             "fr": "Coq",
-            "ja": null,
+            "hr": "kokot",
+            "hu": "Kakas",
+            "it": "Gallo",
+            "ja": "ニワトリ",
             "nb_NO": "Hane",
             "nl": "Haan",
+            "pt_BR": "Galo",
             "ru": "Петух",
+            "si": null,
             "sk": "Kohút",
+            "sr": "петао",
             "sv": "Tupp",
+            "szl": null,
+            "tzm": "Ayaẓiḍ",
             "uk": "Когут",
-            "zh_Hans": null
+            "zh_Hans": "公鸡"
         }
     },
     {
@@ -225,20 +345,32 @@
         "description": "Penguin",
         "unicode": "U+1F427",
         "translated_descriptions": {
+            "ar": "بِطريق",
+            "bg": "Пингвин",
+            "ca": "Pingüí",
+            "cs": "Tučňák",
             "de": "Pinguin",
             "eo": "Pingveno",
             "es": "Pingüino",
             "et": "Pingviin",
             "fi": "Pingviini",
             "fr": "Manchot",
-            "ja": null,
+            "hr": "pingvin",
+            "hu": "Pingvin",
+            "it": "Pinguino",
+            "ja": "ペンギン",
             "nb_NO": "Pingvin",
             "nl": "Pinguïn",
+            "pt_BR": "Pinguim",
             "ru": "Пингвин",
+            "si": null,
             "sk": "Tučniak",
+            "sr": "пингвин",
             "sv": "Pingvin",
+            "szl": null,
+            "tzm": null,
             "uk": "Пінгвін",
-            "zh_Hans": null
+            "zh_Hans": "企鹅"
         }
     },
     {
@@ -247,20 +379,32 @@
         "description": "Turtle",
         "unicode": "U+1F422",
         "translated_descriptions": {
+            "ar": "سُلحفاة",
+            "bg": "Костенурка",
+            "ca": "Tortuga",
+            "cs": "Želva",
             "de": "Schildkröte",
             "eo": "Testudo",
             "es": "Tortuga",
             "et": "Kilpkonn",
             "fi": "Kilpikonna",
             "fr": "Tortue",
-            "ja": null,
+            "hr": "kornjača",
+            "hu": "Teknős",
+            "it": "Tartaruga",
+            "ja": "亀",
             "nb_NO": "Skilpadde",
             "nl": "Schildpad",
+            "pt_BR": "Tartaruga",
             "ru": "Черепаха",
+            "si": null,
             "sk": "Korytnačka",
+            "sr": "корњача",
             "sv": "Sköldpadda",
+            "szl": null,
+            "tzm": "Ifker",
             "uk": "Черепаха",
-            "zh_Hans": null
+            "zh_Hans": "乌龟"
         }
     },
     {
@@ -269,20 +413,32 @@
         "description": "Fish",
         "unicode": "U+1F41F",
         "translated_descriptions": {
+            "ar": "سَمَكَة",
+            "bg": "Риба",
+            "ca": "Peix",
+            "cs": "Ryba",
             "de": "Fisch",
             "eo": "Fiŝo",
             "es": "Pez",
             "et": "Kala",
             "fi": "Kala",
             "fr": "Poisson",
-            "ja": null,
+            "hr": "riba",
+            "hu": "Hal",
+            "it": "Pesce",
+            "ja": "魚",
             "nb_NO": "Fisk",
             "nl": "Vis",
+            "pt_BR": "Peixe",
             "ru": "Рыба",
+            "si": null,
             "sk": "Ryba",
+            "sr": "риба",
             "sv": "Fisk",
+            "szl": null,
+            "tzm": "Aselm",
             "uk": "Риба",
-            "zh_Hans": null
+            "zh_Hans": "鱼"
         }
     },
     {
@@ -291,20 +447,32 @@
         "description": "Octopus",
         "unicode": "U+1F419",
         "translated_descriptions": {
+            "ar": "أُخطُبُوط",
+            "bg": "Октопод",
+            "ca": "Pop",
+            "cs": "Chobotnice",
             "de": "Oktopus",
             "eo": "Polpo",
             "es": "Pulpo",
             "et": "Kaheksajalg",
             "fi": "Tursas",
             "fr": "Poulpe",
+            "hr": "hobotnica",
+            "hu": "Polip",
+            "it": "Polpo",
             "ja": "たこ",
             "nb_NO": "Blekksprut",
             "nl": "Octopus",
+            "pt_BR": "Polvo",
             "ru": "Осьминог",
+            "si": null,
             "sk": "Chobotnica",
+            "sr": "октопод",
             "sv": "Bläckfisk",
+            "szl": null,
+            "tzm": null,
             "uk": "Восьминіг",
-            "zh_Hans": null
+            "zh_Hans": "章鱼"
         }
     },
     {
@@ -313,20 +481,32 @@
         "description": "Butterfly",
         "unicode": "U+1F98B",
         "translated_descriptions": {
+            "ar": "فَرَاشَة",
+            "bg": "Пеперуда",
+            "ca": "Papallona",
+            "cs": "Motýl",
             "de": "Schmetterling",
             "eo": "Papilio",
             "es": "Mariposa",
             "et": "Liblikas",
             "fi": "Perhonen",
             "fr": "Papillon",
-            "ja": null,
+            "hr": "leptir",
+            "hu": "Pillangó",
+            "it": "Farfalla",
+            "ja": "ちょうちょ",
             "nb_NO": "Sommerfugl",
             "nl": "Vlinder",
+            "pt_BR": "Borboleta",
             "ru": "Бабочка",
+            "si": null,
             "sk": "Motýľ",
+            "sr": "лептир",
             "sv": "Fjäril",
+            "szl": null,
+            "tzm": null,
             "uk": "Метелик",
-            "zh_Hans": null
+            "zh_Hans": "蝴蝶"
         }
     },
     {
@@ -335,20 +515,32 @@
         "description": "Flower",
         "unicode": "U+1F337",
         "translated_descriptions": {
+            "ar": "زَهرَة",
+            "bg": "Цвете",
+            "ca": "Flor",
+            "cs": "Květina",
             "de": "Blume",
             "eo": "Floro",
             "es": "Flor",
             "et": "Lill",
             "fi": "Kukka",
             "fr": "Fleur",
+            "hr": "svijet",
+            "hu": "Virág",
+            "it": "Fiore",
             "ja": "花",
             "nb_NO": "Blomst",
             "nl": "Bloem",
+            "pt_BR": "Flor",
             "ru": "Цветок",
+            "si": null,
             "sk": "Tulipán",
+            "sr": "цвет",
             "sv": "Blomma",
+            "szl": null,
+            "tzm": null,
             "uk": "Квітка",
-            "zh_Hans": null
+            "zh_Hans": "花"
         }
     },
     {
@@ -357,20 +549,32 @@
         "description": "Tree",
         "unicode": "U+1F333",
         "translated_descriptions": {
+            "ar": "شَجَرَة",
+            "bg": "Дърво",
+            "ca": "Arbre",
+            "cs": "Strom",
             "de": "Baum",
             "eo": "Arbo",
             "es": "Árbol",
             "et": "Puu",
             "fi": "Puu",
             "fr": "Arbre",
+            "hr": "drvo",
+            "hu": "Fa",
+            "it": "Albero",
             "ja": "木",
             "nb_NO": "Tre",
             "nl": "Boom",
+            "pt_BR": "Árvore",
             "ru": "Дерево",
+            "si": null,
             "sk": "Listnatý strom",
+            "sr": "дрво",
             "sv": "Träd",
+            "szl": null,
+            "tzm": "Aseklu",
             "uk": "Дерево",
-            "zh_Hans": null
+            "zh_Hans": "树"
         }
     },
     {
@@ -379,20 +583,32 @@
         "description": "Cactus",
         "unicode": "U+1F335",
         "translated_descriptions": {
+            "ar": "صبار",
+            "bg": "Кактус",
+            "ca": "Cactus",
+            "cs": "Kaktus",
             "de": "Kaktus",
             "eo": "Kakto",
             "es": "Cactus",
             "et": "Kaktus",
             "fi": "Kaktus",
             "fr": "Cactus",
-            "ja": null,
+            "hr": "kaktus",
+            "hu": "Kaktusz",
+            "it": "Cactus",
+            "ja": "サボテン",
             "nb_NO": "Kaktus",
             "nl": "Cactus",
+            "pt_BR": "Cacto",
             "ru": "Кактус",
+            "si": null,
             "sk": "Kaktus",
+            "sr": "кактус",
             "sv": "Kaktus",
+            "szl": null,
+            "tzm": null,
             "uk": "Кактус",
-            "zh_Hans": null
+            "zh_Hans": "仙人掌"
         }
     },
     {
@@ -401,20 +617,32 @@
         "description": "Mushroom",
         "unicode": "U+1F344",
         "translated_descriptions": {
+            "ar": "فُطر",
+            "bg": "Гъба",
+            "ca": "Bolet",
+            "cs": "Houba",
             "de": "Pilz",
             "eo": "Fungo",
             "es": "Seta",
             "et": "Seen",
             "fi": "Sieni",
             "fr": "Champignon",
+            "hr": "gljiva",
+            "hu": "Gomba",
+            "it": "Fungo",
             "ja": "きのこ",
             "nb_NO": "Sopp",
             "nl": "Paddenstoel",
+            "pt_BR": "Cogumelo",
             "ru": "Гриб",
+            "si": null,
             "sk": "Huba",
+            "sr": "печурка",
             "sv": "Svamp",
+            "szl": null,
+            "tzm": "Agursel",
             "uk": "Гриб",
-            "zh_Hans": null
+            "zh_Hans": "蘑菇"
         }
     },
     {
@@ -423,20 +651,32 @@
         "description": "Globe",
         "unicode": "U+1F30F",
         "translated_descriptions": {
+            "ar": "كُرَةٌ أرضِيَّة",
+            "bg": "Глобус",
+            "ca": "Globus terraqüi",
+            "cs": "Zeměkoule",
             "de": "Globus",
             "eo": "Globo",
             "es": "Globo",
             "et": "Maakera",
             "fi": "Maapallo",
             "fr": "Globe",
-            "ja": null,
+            "hr": "Globus",
+            "hu": "Földgömb",
+            "it": "Globo",
+            "ja": "地球",
             "nb_NO": "Globus",
             "nl": "Wereldbol",
+            "pt_BR": "Globo",
             "ru": "Глобус",
+            "si": null,
             "sk": "Zemeguľa",
+            "sr": "глобус",
             "sv": "Jordklot",
+            "szl": null,
+            "tzm": null,
             "uk": "Глобус",
-            "zh_Hans": null
+            "zh_Hans": "地球"
         }
     },
     {
@@ -445,20 +685,32 @@
         "description": "Moon",
         "unicode": "U+1F319",
         "translated_descriptions": {
+            "ar": "قَمَر",
+            "bg": "Луна",
+            "ca": "Lluna",
+            "cs": "Měsíc",
             "de": "Mond",
             "eo": "Luno",
             "es": "Luna",
             "et": "Kuu",
             "fi": "Kuu",
             "fr": "Lune",
+            "hr": "mjesec",
+            "hu": "Hold",
+            "it": "Luna",
             "ja": "月",
             "nb_NO": "Måne",
             "nl": "Maan",
+            "pt_BR": "Lua",
             "ru": "Луна",
+            "si": null,
             "sk": "Polmesiac",
+            "sr": "месец",
             "sv": "Måne",
+            "szl": null,
+            "tzm": "Ayyur",
             "uk": "Місяць",
-            "zh_Hans": null
+            "zh_Hans": "月亮"
         }
     },
     {
@@ -467,20 +719,32 @@
         "description": "Cloud",
         "unicode": "U+2601U+FE0F",
         "translated_descriptions": {
+            "ar": "سَحابَة",
+            "bg": "Облак",
+            "ca": "Núvol",
+            "cs": "Mrak",
             "de": "Wolke",
             "eo": "Nubo",
             "es": "Nube",
             "et": "Pilv",
             "fi": "Pilvi",
             "fr": "Nuage",
-            "ja": null,
+            "hr": "oblak",
+            "hu": "Felhő",
+            "it": "Nuvola",
+            "ja": "雲",
             "nb_NO": "Sky",
             "nl": "Wolk",
+            "pt_BR": "Nuvem",
             "ru": "Облако",
+            "si": null,
             "sk": "Oblak",
+            "sr": "облак",
             "sv": "Moln",
+            "szl": null,
+            "tzm": null,
             "uk": "Хмара",
-            "zh_Hans": null
+            "zh_Hans": "云"
         }
     },
     {
@@ -489,20 +753,32 @@
         "description": "Fire",
         "unicode": "U+1F525",
         "translated_descriptions": {
+            "ar": "نار",
+            "bg": "Огън",
+            "ca": "Foc",
+            "cs": "Oheň",
             "de": "Feuer",
             "eo": "Fajro",
             "es": "Fuego",
             "et": "Tuli",
             "fi": "Tuli",
             "fr": "Feu",
-            "ja": null,
+            "hr": "vatra",
+            "hu": "Tűz",
+            "it": "Fuoco",
+            "ja": "炎",
             "nb_NO": "Flamme",
             "nl": "Vuur",
+            "pt_BR": "Fogo",
             "ru": "Огонь",
+            "si": null,
             "sk": "Oheň",
+            "sr": "ватра",
             "sv": "Eld",
+            "szl": null,
+            "tzm": "Timessi",
             "uk": "Вогонь",
-            "zh_Hans": null
+            "zh_Hans": "火"
         }
     },
     {
@@ -511,20 +787,32 @@
         "description": "Banana",
         "unicode": "U+1F34C",
         "translated_descriptions": {
+            "ar": "مَوزَة",
+            "bg": "Банан",
+            "ca": "Plàtan",
+            "cs": "Banán",
             "de": "Banane",
             "eo": "Banano",
             "es": "Plátano",
             "et": "Banaan",
             "fi": "Banaani",
             "fr": "Banane",
-            "ja": null,
+            "hr": "banana",
+            "hu": "Banán",
+            "it": "Banana",
+            "ja": "バナナ",
             "nb_NO": "Banan",
             "nl": "Banaan",
+            "pt_BR": "Banana",
             "ru": "Банан",
+            "si": null,
             "sk": "Banán",
+            "sr": "банана",
             "sv": "Banan",
+            "szl": null,
+            "tzm": "Tabanant",
             "uk": "Банан",
-            "zh_Hans": null
+            "zh_Hans": "香蕉"
         }
     },
     {
@@ -533,20 +821,32 @@
         "description": "Apple",
         "unicode": "U+1F34E",
         "translated_descriptions": {
+            "ar": "تُفَّاحَة",
+            "bg": "Ябълка",
+            "ca": "Poma",
+            "cs": "Jablko",
             "de": "Apfel",
             "eo": "Pomo",
             "es": "Manzana",
             "et": "Õun",
             "fi": "Omena",
             "fr": "Pomme",
+            "hr": "jabuka",
+            "hu": "Alma",
+            "it": "Mela",
             "ja": "リンゴ",
             "nb_NO": "Eple",
             "nl": "Appel",
+            "pt_BR": "Maçã",
             "ru": "Яблоко",
+            "si": null,
             "sk": "Červené jablko",
+            "sr": "јабука",
             "sv": "Äpple",
+            "szl": null,
+            "tzm": "Tadeffuyt",
             "uk": "Яблуко",
-            "zh_Hans": null
+            "zh_Hans": "苹果"
         }
     },
     {
@@ -555,20 +855,32 @@
         "description": "Strawberry",
         "unicode": "U+1F353",
         "translated_descriptions": {
+            "ar": "فَراوِلَة",
+            "bg": "Ягода",
+            "ca": "Maduixa",
+            "cs": "Jahoda",
             "de": "Erdbeere",
             "eo": "Frago",
             "es": "Fresa",
             "et": "Maasikas",
             "fi": "Mansikka",
             "fr": "Fraise",
-            "ja": null,
+            "hr": "jagoda",
+            "hu": "Eper",
+            "it": "Fragola",
+            "ja": "いちご",
             "nb_NO": "Jordbær",
             "nl": "Aardbei",
+            "pt_BR": "Morango",
             "ru": "Клубника",
+            "si": null,
             "sk": "Jahoda",
+            "sr": "јагода",
             "sv": "Jordgubbe",
+            "szl": null,
+            "tzm": null,
             "uk": "Полуниця",
-            "zh_Hans": null
+            "zh_Hans": "草莓"
         }
     },
     {
@@ -577,20 +889,32 @@
         "description": "Corn",
         "unicode": "U+1F33D",
         "translated_descriptions": {
-            "de": "Korn",
+            "ar": "ذُرَة",
+            "bg": "Царевица",
+            "ca": "Blat de moro",
+            "cs": "Kukuřice",
+            "de": "Mais",
             "eo": "Maizo",
             "es": "Maíz",
             "et": "Mais",
             "fi": "Maissi",
             "fr": "Maïs",
-            "ja": null,
+            "hr": "kukuruza",
+            "hu": "Kukorica",
+            "it": "Mais",
+            "ja": "とうもろこし",
             "nb_NO": "Mais",
             "nl": "Maïs",
+            "pt_BR": "Milho",
             "ru": "Кукуруза",
+            "si": null,
             "sk": "Kukuričný klas",
-            "sv": "Majskolv",
+            "sr": "кукуруз",
+            "sv": "Majs",
+            "szl": null,
+            "tzm": null,
             "uk": "Кукурудза",
-            "zh_Hans": null
+            "zh_Hans": "玉米"
         }
     },
     {
@@ -599,20 +923,32 @@
         "description": "Pizza",
         "unicode": "U+1F355",
         "translated_descriptions": {
+            "ar": "بِيتزا",
+            "bg": "Пица",
+            "ca": "Pizza",
+            "cs": "Pizza",
             "de": "Pizza",
             "eo": "Pico",
             "es": "Pizza",
             "et": "Pitsa",
             "fi": "Pizza",
             "fr": "Pizza",
-            "ja": null,
+            "hr": "pizza",
+            "hu": "Pizza",
+            "it": "Pizza",
+            "ja": "ピザ",
             "nb_NO": "Pizza",
             "nl": "Pizza",
+            "pt_BR": "Pizza",
             "ru": "Пицца",
+            "si": null,
             "sk": "Pizza",
+            "sr": "пица",
             "sv": "Pizza",
+            "szl": null,
+            "tzm": null,
             "uk": "Піца",
-            "zh_Hans": null
+            "zh_Hans": "披萨"
         }
     },
     {
@@ -621,20 +957,32 @@
         "description": "Cake",
         "unicode": "U+1F382",
         "translated_descriptions": {
+            "ar": "كَعكَة",
+            "bg": "Торта",
+            "ca": "Pastís",
+            "cs": "Dort",
             "de": "Kuchen",
             "eo": "Torto",
             "es": "Tarta",
             "et": "Kook",
             "fi": "Kakku",
             "fr": "Gâteau",
+            "hr": "torta",
+            "hu": "Süti",
+            "it": "Torta",
             "ja": "ケーキ",
             "nb_NO": "Kake",
             "nl": "Taart",
+            "pt_BR": "Bolo",
             "ru": "Торт",
+            "si": null,
             "sk": "Narodeninová torta",
+            "sr": "торта",
             "sv": "Tårta",
+            "szl": null,
+            "tzm": null,
             "uk": "Пиріг",
-            "zh_Hans": null
+            "zh_Hans": "蛋糕"
         }
     },
     {
@@ -643,20 +991,32 @@
         "description": "Heart",
         "unicode": "U+2764U+FE0F",
         "translated_descriptions": {
+            "ar": "قَلب",
+            "bg": "Сърце",
+            "ca": "Cor",
+            "cs": "Srdce",
             "de": "Herz",
             "eo": "Koro",
             "es": "Corazón",
             "et": "Süda",
             "fi": "Sydän",
             "fr": "Cœur",
-            "ja": null,
+            "hr": "srca",
+            "hu": "Szív",
+            "it": "Cuore",
+            "ja": "ハート",
             "nb_NO": "Hjerte",
             "nl": "Hart",
+            "pt_BR": "Coração",
             "ru": "Сердце",
+            "si": null,
             "sk": "červené srdce",
+            "sr": "срце",
             "sv": "Hjärta",
+            "szl": null,
+            "tzm": "Ul",
             "uk": "Серце",
-            "zh_Hans": null
+            "zh_Hans": "心"
         }
     },
     {
@@ -665,20 +1025,32 @@
         "description": "Smiley",
         "unicode": "U+1F600",
         "translated_descriptions": {
-            "de": "Smiley",
+            "ar": "اِبتِسَامَة",
+            "bg": "Усмивка",
+            "ca": "Somrient",
+            "cs": "Smajlík",
+            "de": "Lächeln",
             "eo": "Rideto",
             "es": "Emoticono",
             "et": "Smaili",
             "fi": "Hymynaama",
             "fr": "Sourire",
-            "ja": null,
+            "hr": "smajlića",
+            "hu": "Mosoly",
+            "it": "Faccina sorridente",
+            "ja": "スマイル",
             "nb_NO": "Smilefjes",
             "nl": "Smiley",
+            "pt_BR": "Sorriso",
             "ru": "Улыбка",
+            "si": null,
             "sk": "Škeriaca sa tvár",
+            "sr": "смајли",
             "sv": "Smiley",
+            "szl": null,
+            "tzm": null,
             "uk": "Посмішка",
-            "zh_Hans": null
+            "zh_Hans": "笑脸"
         }
     },
     {
@@ -687,20 +1059,32 @@
         "description": "Robot",
         "unicode": "U+1F916",
         "translated_descriptions": {
+            "ar": "رُوبُوت",
+            "bg": "Робот",
+            "ca": "Robot",
+            "cs": "Robot",
             "de": "Roboter",
             "eo": "Roboto",
             "es": "Robot",
             "et": "Robot",
             "fi": "Robotti",
             "fr": "Robot",
+            "hr": "robot",
+            "hu": "Robot",
+            "it": "Robot",
             "ja": "ロボと",
             "nb_NO": "Robot",
             "nl": "Robot",
+            "pt_BR": "Robô",
             "ru": "Робот",
+            "si": null,
             "sk": "Robot",
+            "sr": "робот",
             "sv": "Robot",
+            "szl": null,
+            "tzm": "Aṛubu",
             "uk": "Робот",
-            "zh_Hans": null
+            "zh_Hans": "机器人"
         }
     },
     {
@@ -709,20 +1093,32 @@
         "description": "Hat",
         "unicode": "U+1F3A9",
         "translated_descriptions": {
+            "ar": "قُبَّعَة",
+            "bg": "Шапка",
+            "ca": "Barret",
+            "cs": "Klobouk",
             "de": "Hut",
             "eo": "Ĉapelo",
             "es": "Sombrero",
             "et": "Kübar",
             "fi": "Hattu",
-            "fr": "Châpeau",
-            "ja": null,
+            "fr": "Chapeau",
+            "hr": "kapa",
+            "hu": "Kalap",
+            "it": "Cappello",
+            "ja": "帽子",
             "nb_NO": "Hatt",
             "nl": "Hoed",
+            "pt_BR": "Chapéu",
             "ru": "Шляпа",
+            "si": null,
             "sk": "Cilinder",
+            "sr": "шешир",
             "sv": "Hatt",
+            "szl": null,
+            "tzm": "Taraza",
             "uk": "Капелюх",
-            "zh_Hans": null
+            "zh_Hans": "帽子"
         }
     },
     {
@@ -731,20 +1127,32 @@
         "description": "Glasses",
         "unicode": "U+1F453",
         "translated_descriptions": {
+            "ar": "نَظَّارَة",
+            "bg": "Очила",
+            "ca": "Ulleres",
+            "cs": "Brýle",
             "de": "Brille",
             "eo": "Okulvitroj",
             "es": "Gafas",
             "et": "Prillid",
             "fi": "Silmälasit",
             "fr": "Lunettes",
+            "hr": "naočale",
+            "hu": "Szemüveg",
+            "it": "Occhiali",
             "ja": "めがね",
             "nb_NO": "Briller",
             "nl": "Bril",
+            "pt_BR": "Óculos",
             "ru": "Очки",
+            "si": null,
             "sk": "Okuliare",
+            "sr": "наочаре",
             "sv": "Glasögon",
+            "szl": null,
+            "tzm": null,
             "uk": "Окуляри",
-            "zh_Hans": null
+            "zh_Hans": "眼镜"
         }
     },
     {
@@ -753,20 +1161,32 @@
         "description": "Spanner",
         "unicode": "U+1F527",
         "translated_descriptions": {
+            "ar": "مِفتَاحُ رَبط",
+            "bg": "Гаечен ключ",
+            "ca": "Clau anglesa",
+            "cs": "Klíč",
             "de": "Schraubenschlüssel",
             "eo": "Ŝraŭbŝlosilo",
             "es": "Llave inglesa",
             "et": "Mutrivõti",
-            "fi": "Mutteriavain",
+            "fi": "Kiintoavain",
             "fr": "Clé à molette",
-            "ja": null,
+            "hr": "ključ",
+            "hu": "Csavarkulcs",
+            "it": "Chiave inglese",
+            "ja": "スパナ",
             "nb_NO": "Fastnøkkel",
             "nl": "Moersleutel",
+            "pt_BR": "Chave inglesa",
             "ru": "Ключ",
+            "si": null,
             "sk": "Francúzsky kľúč",
+            "sr": "кључ",
             "sv": "Skruvnyckel",
+            "szl": null,
+            "tzm": null,
             "uk": "Гайковий ключ",
-            "zh_Hans": null
+            "zh_Hans": "扳手"
         }
     },
     {
@@ -775,20 +1195,32 @@
         "description": "Santa",
         "unicode": "U+1F385",
         "translated_descriptions": {
-            "de": "Nikolaus",
+            "ar": "سانتا",
+            "bg": "Дядо Коледа",
+            "ca": "Pare Noél",
+            "cs": "Mikuláš",
+            "de": "Weihnachtsmann",
             "eo": "Kristnaska viro",
-            "es": null,
+            "es": "Papá Noel",
             "et": "Jõuluvana",
             "fi": "Joulupukki",
             "fr": "Père Noël",
-            "ja": null,
+            "hr": "deda Mraz",
+            "hu": "Télapó",
+            "it": "Babbo Natale",
+            "ja": "サンタ",
             "nb_NO": "Julenisse",
             "nl": "Kerstman",
+            "pt_BR": "Papai-noel",
             "ru": "Санта",
+            "si": null,
             "sk": "Santa Claus",
+            "sr": "деда Мраз",
             "sv": "Tomte",
+            "szl": null,
+            "tzm": null,
             "uk": "Санта Клаус",
-            "zh_Hans": null
+            "zh_Hans": "圣诞老人"
         }
     },
     {
@@ -797,20 +1229,32 @@
         "description": "Thumbs Up",
         "unicode": "U+1F44D",
         "translated_descriptions": {
+            "ar": "رَفعُ إِبهَام",
+            "bg": "Палец нагоре",
+            "ca": "Polzes amunt",
+            "cs": "Palec nahoru",
             "de": "Daumen Hoch",
             "eo": "Dikfingro supren",
-            "es": null,
+            "es": "Pulgar arriba",
             "et": "Pöidlad püsti",
             "fi": "Peukalo ylös",
-            "fr": "Pouce en l'air",
-            "ja": null,
+            "fr": "Pouce en l’air",
+            "hr": "palac gore",
+            "hu": "Hüvelykujj fel",
+            "it": "Pollice alzato",
+            "ja": "いいね",
             "nb_NO": "Tommel Opp",
             "nl": "Duim omhoog",
+            "pt_BR": "Joinha",
             "ru": "Большой палец вверх",
+            "si": null,
             "sk": "Palec nahor",
+            "sr": "палчић горе",
             "sv": "Tummen upp",
+            "szl": null,
+            "tzm": null,
             "uk": "Великий палець вгору",
-            "zh_Hans": null
+            "zh_Hans": "赞"
         }
     },
     {
@@ -819,20 +1263,32 @@
         "description": "Umbrella",
         "unicode": "U+2602U+FE0F",
         "translated_descriptions": {
+            "ar": "مِظَلَّة",
+            "bg": "Чадър",
+            "ca": "Paraigües",
+            "cs": "Deštník",
             "de": "Regenschirm",
             "eo": "Ombrelo",
-            "es": null,
+            "es": "Paraguas",
             "et": "Vihmavari",
             "fi": "Sateenvarjo",
             "fr": "Parapluie",
-            "ja": null,
+            "hr": "kišobran",
+            "hu": "Esernyő",
+            "it": "Ombrello",
+            "ja": "傘",
             "nb_NO": "Paraply",
             "nl": "Paraplu",
+            "pt_BR": "Guarda-chuva",
             "ru": "Зонт",
+            "si": null,
             "sk": "Dáždnik",
+            "sr": "кишобран",
             "sv": "Paraply",
+            "szl": null,
+            "tzm": null,
             "uk": "Парасолька",
-            "zh_Hans": null
+            "zh_Hans": "伞"
         }
     },
     {
@@ -841,20 +1297,32 @@
         "description": "Hourglass",
         "unicode": "U+231B",
         "translated_descriptions": {
+            "ar": "سَاعَةٌ رَملِيَّة",
+            "bg": "Пясъчен часовник",
+            "ca": "Rellotge de sorra",
+            "cs": "Přesýpací hodiny",
             "de": "Sanduhr",
             "eo": "Sablohorloĝo",
-            "es": null,
+            "es": "Reloj de arena",
             "et": "Liivakell",
             "fi": "Tiimalasi",
             "fr": "Sablier",
-            "ja": null,
+            "hr": "pješčani sat",
+            "hu": "Homokóra",
+            "it": "Clessidra",
+            "ja": "砂時計",
             "nb_NO": "Timeglass",
             "nl": "Zandloper",
+            "pt_BR": "Ampulheta",
             "ru": "Песочные часы",
+            "si": null,
             "sk": "Presýpacie hodiny",
+            "sr": "пешчаник",
             "sv": "Timglas",
+            "szl": null,
+            "tzm": null,
             "uk": "Пісковий годинник",
-            "zh_Hans": null
+            "zh_Hans": "沙漏"
         }
     },
     {
@@ -863,20 +1331,32 @@
         "description": "Clock",
         "unicode": "U+23F0",
         "translated_descriptions": {
-            "de": "Wecker",
+            "ar": "سَاعَة",
+            "bg": "Часовник",
+            "ca": "Rellotge",
+            "cs": "Hodiny",
+            "de": "Uhr",
             "eo": "Horloĝo",
             "es": "Reloj",
             "et": "Kell",
             "fi": "Pöytäkello",
             "fr": "Réveil",
-            "ja": null,
+            "hr": "sat",
+            "hu": "Óra",
+            "it": "Orologio",
+            "ja": "時計",
             "nb_NO": "Klokke",
             "nl": "Wekker",
+            "pt_BR": "Relógio",
             "ru": "Часы",
+            "si": null,
             "sk": "Budík",
+            "sr": "сат",
             "sv": "Klocka",
+            "szl": null,
+            "tzm": null,
             "uk": "Годинник",
-            "zh_Hans": null
+            "zh_Hans": "时钟"
         }
     },
     {
@@ -885,20 +1365,32 @@
         "description": "Gift",
         "unicode": "U+1F381",
         "translated_descriptions": {
+            "ar": "هَدِيَّة",
+            "bg": "Подарък",
+            "ca": "Regal",
+            "cs": "Dárek",
             "de": "Geschenk",
             "eo": "Donaco",
             "es": "Regalo",
             "et": "Kingitus",
             "fi": "Lahja",
             "fr": "Cadeau",
-            "ja": null,
+            "hr": "poklon",
+            "hu": "Ajándék",
+            "it": "Regalo",
+            "ja": "ギフト",
             "nb_NO": "Gave",
             "nl": "Geschenk",
+            "pt_BR": "Presente",
             "ru": "Подарок",
+            "si": null,
             "sk": "Zabalený darček",
-            "sv": "Paket",
+            "sr": "поклон",
+            "sv": "Present",
+            "szl": null,
+            "tzm": null,
             "uk": "Подарунок",
-            "zh_Hans": null
+            "zh_Hans": "礼物"
         }
     },
     {
@@ -907,20 +1399,32 @@
         "description": "Light Bulb",
         "unicode": "U+1F4A1",
         "translated_descriptions": {
+            "ar": "مِصبَاح",
+            "bg": "Лампа",
+            "ca": "Bombeta",
+            "cs": "Žárovka",
             "de": "Glühbirne",
             "eo": "Lampo",
-            "es": null,
+            "es": "Bombilla",
             "et": "Lambipirn",
             "fi": "Hehkulamppu",
             "fr": "Ampoule",
-            "ja": null,
+            "hr": "žarulja",
+            "hu": "Égő",
+            "it": "Lampadina",
+            "ja": "電球",
             "nb_NO": "Lyspære",
             "nl": "Gloeilamp",
+            "pt_BR": "Lâmpada",
             "ru": "Лампочка",
+            "si": null,
             "sk": "Žiarovka",
+            "sr": "сијалица",
             "sv": "Lampa",
+            "szl": null,
+            "tzm": null,
             "uk": "Лампочка",
-            "zh_Hans": null
+            "zh_Hans": "灯泡"
         }
     },
     {
@@ -929,20 +1433,32 @@
         "description": "Book",
         "unicode": "U+1F4D5",
         "translated_descriptions": {
+            "ar": "كِتَاب",
+            "bg": "Книга",
+            "ca": "Llibre",
+            "cs": "Kniha",
             "de": "Buch",
             "eo": "Libro",
             "es": "Libro",
             "et": "Raamat",
             "fi": "Kirja",
             "fr": "Livre",
+            "hr": "knjiga",
+            "hu": "Könyv",
+            "it": "Libro",
             "ja": "本",
             "nb_NO": "Bok",
             "nl": "Boek",
+            "pt_BR": "Livro",
             "ru": "Книга",
+            "si": null,
             "sk": "Zatvorená kniha",
+            "sr": "књига",
             "sv": "Bok",
+            "szl": null,
+            "tzm": "Adlis",
             "uk": "Книга",
-            "zh_Hans": null
+            "zh_Hans": "书"
         }
     },
     {
@@ -951,20 +1467,32 @@
         "description": "Pencil",
         "unicode": "U+270FU+FE0F",
         "translated_descriptions": {
+            "ar": "قَلَمُ رَصاص",
+            "bg": "Молив",
+            "ca": "Llapis",
+            "cs": "Tužka",
             "de": "Bleistift",
             "eo": "Krajono",
             "es": "Lápiz",
             "et": "Pliiats",
             "fi": "Lyijykynä",
             "fr": "Crayon",
-            "ja": null,
+            "hr": "olovka",
+            "hu": "Ceruza",
+            "it": "Matita",
+            "ja": "鉛筆",
             "nb_NO": "Blyant",
             "nl": "Potlood",
+            "pt_BR": "Lápis",
             "ru": "Карандаш",
+            "si": null,
             "sk": "Ceruzka",
+            "sr": "оловка",
             "sv": "Penna",
+            "szl": null,
+            "tzm": null,
             "uk": "Олівець",
-            "zh_Hans": null
+            "zh_Hans": "铅笔"
         }
     },
     {
@@ -973,20 +1501,32 @@
         "description": "Paperclip",
         "unicode": "U+1F4CE",
         "translated_descriptions": {
+            "ar": "مِشبَكُ وَرَق",
+            "bg": "Кламер",
+            "ca": "Clip",
+            "cs": "Sponka",
             "de": "Büroklammer",
             "eo": "Paperkuntenilo",
-            "es": null,
+            "es": "Clip",
             "et": "Kirjaklamber",
             "fi": "Paperiliitin",
             "fr": "Trombone",
-            "ja": null,
+            "hr": "spajalica",
+            "hu": "Gémkapocs",
+            "it": "Graffetta",
+            "ja": "クリップ",
             "nb_NO": "BInders",
             "nl": "Papierklemmetje",
+            "pt_BR": "Clipe de papel",
             "ru": "Скрепка",
+            "si": null,
             "sk": "Sponka na papier",
+            "sr": "спајалица",
             "sv": "Gem",
+            "szl": null,
+            "tzm": null,
             "uk": "Спиначка",
-            "zh_Hans": null
+            "zh_Hans": "回形针"
         }
     },
     {
@@ -995,20 +1535,32 @@
         "description": "Scissors",
         "unicode": "U+2702U+FE0F",
         "translated_descriptions": {
+            "ar": "مِقَصّ",
+            "bg": "Ножици",
+            "ca": "Tisores",
+            "cs": "Nůžky",
             "de": "Schere",
             "eo": "Tondilo",
-            "es": null,
+            "es": "Tijeras",
             "et": "Käärid",
             "fi": "Sakset",
             "fr": "Ciseaux",
-            "ja": null,
+            "hr": "škare",
+            "hu": "Olló",
+            "it": "Forbici",
+            "ja": "はさみ",
             "nb_NO": "Saks",
             "nl": "Schaar",
+            "pt_BR": "Tesoura",
             "ru": "Ножницы",
+            "si": null,
             "sk": "Nožnice",
+            "sr": "маказе",
             "sv": "Sax",
+            "szl": null,
+            "tzm": null,
             "uk": "Ножиці",
-            "zh_Hans": null
+            "zh_Hans": "剪刀"
         }
     },
     {
@@ -1017,20 +1569,32 @@
         "description": "Lock",
         "unicode": "U+1F512",
         "translated_descriptions": {
+            "ar": "قُفل",
+            "bg": "Катинар",
+            "ca": "Cadenat",
+            "cs": "Zámek",
             "de": "Schloss",
             "eo": "Seruro",
-            "es": null,
+            "es": "Candado",
             "et": "Lukk",
             "fi": "Lukko",
             "fr": "Cadenas",
-            "ja": null,
+            "hr": "zaključati",
+            "hu": "Lakat",
+            "it": "Lucchetto",
+            "ja": "錠前",
             "nb_NO": "Lås",
             "nl": "Slot",
+            "pt_BR": "Cadeado",
             "ru": "Замок",
+            "si": null,
             "sk": "Zatvorená zámka",
+            "sr": "катанац",
             "sv": "Lås",
+            "szl": null,
+            "tzm": null,
             "uk": "Замок",
-            "zh_Hans": null
+            "zh_Hans": "锁"
         }
     },
     {
@@ -1039,20 +1603,32 @@
         "description": "Key",
         "unicode": "U+1F511",
         "translated_descriptions": {
+            "ar": "مِفتَاح",
+            "bg": "Ключ",
+            "ca": "Clau",
+            "cs": "Klíč",
             "de": "Schlüssel",
             "eo": "Ŝlosilo",
             "es": "Llave",
             "et": "Võti",
             "fi": "Avain",
             "fr": "Clé",
-            "ja": null,
+            "hr": "ključ",
+            "hu": "Kulcs",
+            "it": "Chiave",
+            "ja": "鍵",
             "nb_NO": "Nøkkel",
             "nl": "Sleutel",
+            "pt_BR": "Chave",
             "ru": "Ключ",
+            "si": null,
             "sk": "Kľúč",
+            "sr": "кључ",
             "sv": "Nyckel",
+            "szl": null,
+            "tzm": "Tasarut",
             "uk": "Ключ",
-            "zh_Hans": null
+            "zh_Hans": "钥匙"
         }
     },
     {
@@ -1061,20 +1637,32 @@
         "description": "Hammer",
         "unicode": "U+1F528",
         "translated_descriptions": {
+            "ar": "مِطرَقَة",
+            "bg": "Чук",
+            "ca": "Martell",
+            "cs": "Kladivo",
             "de": "Hammer",
             "eo": "Martelo",
             "es": "Martillo",
             "et": "Haamer",
             "fi": "Vasara",
             "fr": "Marteau",
-            "ja": null,
+            "hr": "čekić",
+            "hu": "Kalapács",
+            "it": "Martello",
+            "ja": "金槌",
             "nb_NO": "Hammer",
             "nl": "Hamer",
+            "pt_BR": "Martelo",
             "ru": "Молоток",
+            "si": null,
             "sk": "Kladivo",
+            "sr": "чекић",
             "sv": "Hammare",
+            "szl": null,
+            "tzm": null,
             "uk": "Молоток",
-            "zh_Hans": null
+            "zh_Hans": "锤子"
         }
     },
     {
@@ -1083,20 +1671,32 @@
         "description": "Telephone",
         "unicode": "U+260EU+FE0F",
         "translated_descriptions": {
+            "ar": "تِلِفُون",
+            "bg": "Телефон",
+            "ca": "Telèfon",
+            "cs": "Telefon",
             "de": "Telefon",
             "eo": "Telefono",
             "es": "Telefono",
             "et": "Telefon",
             "fi": "Puhelin",
             "fr": "Téléphone",
+            "hr": "telefon",
+            "hu": "Telefon",
+            "it": "Telefono",
             "ja": "電話機",
             "nb_NO": "Telefon",
             "nl": "Telefoon",
+            "pt_BR": "Telefone",
             "ru": "Телефон",
+            "si": null,
             "sk": "Telefón",
+            "sr": "телефон",
             "sv": "Telefon",
+            "szl": null,
+            "tzm": "Atilifun",
             "uk": "Телефон",
-            "zh_Hans": null
+            "zh_Hans": "电话"
         }
     },
     {
@@ -1105,20 +1705,32 @@
         "description": "Flag",
         "unicode": "U+1F3C1",
         "translated_descriptions": {
+            "ar": "عَلَم",
+            "bg": "Флаг",
+            "ca": "Bandera",
+            "cs": "Vlajka",
             "de": "Flagge",
             "eo": "Flago",
-            "es": null,
+            "es": "Bandera",
             "et": "Lipp",
             "fi": "Lippu",
             "fr": "Drapeau",
-            "ja": null,
+            "hr": "zastava",
+            "hu": "Zászló",
+            "it": "Bandiera",
+            "ja": "旗",
             "nb_NO": "Flagg",
             "nl": "Vlag",
+            "pt_BR": "Bandeira",
             "ru": "Флаг",
+            "si": null,
             "sk": "Kockovaná zástava",
+            "sr": "застава",
             "sv": "Flagga",
+            "szl": null,
+            "tzm": "Acenyal",
             "uk": "Прапор",
-            "zh_Hans": null
+            "zh_Hans": "旗帜"
         }
     },
     {
@@ -1127,20 +1739,32 @@
         "description": "Train",
         "unicode": "U+1F682",
         "translated_descriptions": {
+            "ar": "قِطَار",
+            "bg": "Влак",
+            "ca": "Tren",
+            "cs": "Vlak",
             "de": "Zug",
             "eo": "Vagonaro",
             "es": "Tren",
             "et": "Rong",
             "fi": "Juna",
             "fr": "Train",
+            "hr": "vlak",
+            "hu": "Vonat",
+            "it": "Treno",
             "ja": "電車",
             "nb_NO": "Tog",
             "nl": "Trein",
+            "pt_BR": "Trem",
             "ru": "Поезд",
+            "si": null,
             "sk": "Rušeň",
-            "sv": "Ånglok",
+            "sr": "воз",
+            "sv": "Tåg",
+            "szl": null,
+            "tzm": null,
             "uk": "Потяг",
-            "zh_Hans": null
+            "zh_Hans": "火车"
         }
     },
     {
@@ -1149,20 +1773,32 @@
         "description": "Bicycle",
         "unicode": "U+1F6B2",
         "translated_descriptions": {
+            "ar": "دَرّاجَة",
+            "bg": "Колело",
+            "ca": "Bicicleta",
+            "cs": "Kolo",
             "de": "Fahrrad",
             "eo": "Biciklo",
             "es": "Bicicleta",
             "et": "Jalgratas",
             "fi": "Polkupyörä",
             "fr": "Vélo",
+            "hr": "bicikl",
+            "hu": "Kerékpár",
+            "it": "Bicicletta",
             "ja": "自転車",
             "nb_NO": "Sykkel",
             "nl": "Fiets",
+            "pt_BR": "Bicicleta",
             "ru": "Велосипед",
+            "si": null,
             "sk": "Bicykel",
+            "sr": "бицикл",
             "sv": "Cykel",
+            "szl": null,
+            "tzm": null,
             "uk": "Велосипед",
-            "zh_Hans": null
+            "zh_Hans": "自行车"
         }
     },
     {
@@ -1171,20 +1807,32 @@
         "description": "Aeroplane",
         "unicode": "U+2708U+FE0F",
         "translated_descriptions": {
+            "ar": "طَائِرة",
+            "bg": "Самолет",
+            "ca": "Avió",
+            "cs": "Letadlo",
             "de": "Flugzeug",
             "eo": "Aviadilo",
-            "es": null,
+            "es": "Avión",
             "et": "Lennuk",
             "fi": "Lentokone",
             "fr": "Avion",
-            "ja": null,
+            "hr": "avion",
+            "hu": "Repülő",
+            "it": "Aeroplano",
+            "ja": "飛行機",
             "nb_NO": "Fly",
             "nl": "Vliegtuig",
+            "pt_BR": "Avião",
             "ru": "Самолет",
+            "si": null,
             "sk": "Lietadlo",
+            "sr": "авион",
             "sv": "Flygplan",
+            "szl": null,
+            "tzm": null,
             "uk": "Літак",
-            "zh_Hans": null
+            "zh_Hans": "飞机"
         }
     },
     {
@@ -1193,20 +1841,32 @@
         "description": "Rocket",
         "unicode": "U+1F680",
         "translated_descriptions": {
+            "ar": "صَارُوخ",
+            "bg": "Ракета",
+            "ca": "Coet",
+            "cs": "Raketa",
             "de": "Rakete",
             "eo": "Raketo",
-            "es": null,
+            "es": "Cohete",
             "et": "Rakett",
             "fi": "Raketti",
             "fr": "Fusée",
-            "ja": null,
+            "hr": "raketa",
+            "hu": "Rakáta",
+            "it": "Razzo",
+            "ja": "ロケット",
             "nb_NO": "Rakett",
             "nl": "Raket",
+            "pt_BR": "Foguete",
             "ru": "Ракета",
+            "si": null,
             "sk": "Raketa",
+            "sr": "ракета",
             "sv": "Raket",
+            "szl": null,
+            "tzm": null,
             "uk": "Ракета",
-            "zh_Hans": null
+            "zh_Hans": "火箭"
         }
     },
     {
@@ -1215,20 +1875,32 @@
         "description": "Trophy",
         "unicode": "U+1F3C6",
         "translated_descriptions": {
-            "de": "Trophäe",
+            "ar": "كَأسُ النَّصر",
+            "bg": "Трофей",
+            "ca": "Trofeu",
+            "cs": "Pohár",
+            "de": "Pokal",
             "eo": "Trofeo",
-            "es": null,
+            "es": "Trofeo",
             "et": "Auhind",
             "fi": "Palkinto",
             "fr": "Trophée",
-            "ja": null,
+            "hr": "trofej",
+            "hu": "Trófea",
+            "it": "Trofeo",
+            "ja": "トロフィー",
             "nb_NO": "Pokal",
             "nl": "Trofee",
+            "pt_BR": "Troféu",
             "ru": "Кубок",
+            "si": null,
             "sk": "Trofej",
+            "sr": "пехар",
             "sv": "Trofé",
+            "szl": null,
+            "tzm": null,
             "uk": "Приз",
-            "zh_Hans": null
+            "zh_Hans": "奖杯"
         }
     },
     {
@@ -1237,20 +1909,32 @@
         "description": "Ball",
         "unicode": "U+26BD",
         "translated_descriptions": {
+            "ar": "كُرَة",
+            "bg": "Топка",
+            "ca": "Pilota",
+            "cs": "Míč",
             "de": "Ball",
             "eo": "Pilko",
             "es": "Bola",
             "et": "Pall",
             "fi": "Pallo",
             "fr": "Ballon",
-            "ja": null,
+            "hr": "lopta",
+            "hu": "Labda",
+            "it": "Palla",
+            "ja": "ボール",
             "nb_NO": "Ball",
             "nl": "Bal",
+            "pt_BR": "Bola",
             "ru": "Мяч",
+            "si": null,
             "sk": "Futbal",
+            "sr": "лопта",
             "sv": "Boll",
+            "szl": null,
+            "tzm": "Tcama",
             "uk": "М'яч",
-            "zh_Hans": null
+            "zh_Hans": "球"
         }
     },
     {
@@ -1259,20 +1943,32 @@
         "description": "Guitar",
         "unicode": "U+1F3B8",
         "translated_descriptions": {
+            "ar": "غيتار",
+            "bg": "Китара",
+            "ca": "Guitarra",
+            "cs": "Kytara",
             "de": "Gitarre",
             "eo": "Gitaro",
             "es": "Guitarra",
             "et": "Kitarr",
             "fi": "Kitara",
             "fr": "Guitare",
-            "ja": null,
+            "hr": "gitara",
+            "hu": "Gitár",
+            "it": "Chitarra",
+            "ja": "ギター",
             "nb_NO": "Gitar",
             "nl": "Gitaar",
+            "pt_BR": "Guitarra",
             "ru": "Гитара",
+            "si": null,
             "sk": "Gitara",
+            "sr": "гитара",
             "sv": "Gitarr",
+            "szl": null,
+            "tzm": "Agiṭaṛ",
             "uk": "Гітара",
-            "zh_Hans": null
+            "zh_Hans": "吉他"
         }
     },
     {
@@ -1281,20 +1977,32 @@
         "description": "Trumpet",
         "unicode": "U+1F3BA",
         "translated_descriptions": {
+            "ar": "بُوق",
+            "bg": "Тромпет",
+            "ca": "Trompeta",
+            "cs": "Trumpeta",
             "de": "Trompete",
             "eo": "Trumpeto",
             "es": "Trompeta",
             "et": "Trompet",
             "fi": "Trumpetti",
             "fr": "Trompette",
-            "ja": null,
+            "hr": "truba",
+            "hu": "Trombita",
+            "it": "Trombetta",
+            "ja": "トランペット",
             "nb_NO": "Trompet",
             "nl": "Trompet",
+            "pt_BR": "Trombeta",
             "ru": "Труба",
+            "si": null,
             "sk": "Trúbka",
+            "sr": "труба",
             "sv": "Trumpet",
+            "szl": null,
+            "tzm": null,
             "uk": "Труба",
-            "zh_Hans": null
+            "zh_Hans": "喇叭"
         }
     },
     {
@@ -1303,20 +2011,32 @@
         "description": "Bell",
         "unicode": "U+1F514",
         "translated_descriptions": {
+            "ar": "جَرَس",
+            "bg": "Звънец",
+            "ca": "Campana",
+            "cs": "Zvonek",
             "de": "Glocke",
             "eo": "Sonorilo",
             "es": "Campana",
             "et": "Kelluke",
             "fi": "Soittokello",
             "fr": "Cloche",
-            "ja": null,
+            "hr": "zvono",
+            "hu": "Harang",
+            "it": "Campana",
+            "ja": "ベル",
             "nb_NO": "Bjelle",
             "nl": "Bel",
+            "pt_BR": "Sino",
             "ru": "Колокол",
+            "si": null,
             "sk": "Zvon",
+            "sr": "звоно",
             "sv": "Bjällra",
+            "szl": null,
+            "tzm": null,
             "uk": "Дзвін",
-            "zh_Hans": null
+            "zh_Hans": "铃铛"
         }
     },
     {
@@ -1325,20 +2045,32 @@
         "description": "Anchor",
         "unicode": "U+2693",
         "translated_descriptions": {
+            "ar": "مِرسَاة",
+            "bg": "Котва",
+            "ca": "Àncora",
+            "cs": "Kotva",
             "de": "Anker",
             "eo": "Ankro",
-            "es": null,
+            "es": "Ancla",
             "et": "Ankur",
             "fi": "Ankkuri",
             "fr": "Ancre",
-            "ja": null,
+            "hr": "sidro",
+            "hu": "Horgony",
+            "it": "Ancora",
+            "ja": "いかり",
             "nb_NO": "Anker",
             "nl": "Anker",
+            "pt_BR": "Âncora",
             "ru": "Якорь",
+            "si": null,
             "sk": "Kotva",
+            "sr": "сидро",
             "sv": "Ankare",
+            "szl": null,
+            "tzm": null,
             "uk": "Якір",
-            "zh_Hans": null
+            "zh_Hans": "锚"
         }
     },
     {
@@ -1347,20 +2079,32 @@
         "description": "Headphones",
         "unicode": "U+1F3A7",
         "translated_descriptions": {
+            "ar": "سَمّاعَة رَأس",
+            "bg": "Слушалки",
+            "ca": "Auriculars",
+            "cs": "Sluchátka",
             "de": "Kopfhörer",
             "eo": "Kapaŭdilo",
-            "es": null,
+            "es": "Cascos",
             "et": "Kõrvaklapid",
             "fi": "Kuulokkeet",
             "fr": "Casque audio",
-            "ja": null,
+            "hr": "slušalice",
+            "hu": "Fejhallgató",
+            "it": "Cuffie",
+            "ja": "ヘッドホン",
             "nb_NO": "Hodetelefoner",
             "nl": "Koptelefoon",
+            "pt_BR": "Fones de ouvido",
             "ru": "Наушники",
+            "si": null,
             "sk": "Slúchadlá",
+            "sr": "слушалице",
             "sv": "Hörlurar",
+            "szl": null,
+            "tzm": null,
             "uk": "Навушники",
-            "zh_Hans": null
+            "zh_Hans": "耳机"
         }
     },
     {
@@ -1369,20 +2113,32 @@
         "description": "Folder",
         "unicode": "U+1F4C1",
         "translated_descriptions": {
+            "ar": "مُجَلَّد",
+            "bg": "Папка",
+            "ca": "Carpeta",
+            "cs": "Složka",
             "de": "Ordner",
             "eo": "Dosierujo",
-            "es": null,
+            "es": "Carpeta",
             "et": "Kaust",
             "fi": "Kansio",
             "fr": "Dossier",
-            "ja": null,
+            "hr": "mapu",
+            "hu": "Mappa",
+            "it": "Cartella",
+            "ja": "フォルダ",
             "nb_NO": "Mappe",
             "nl": "Map",
+            "pt_BR": "Pasta",
             "ru": "Папка",
+            "si": null,
             "sk": "Fascikel",
+            "sr": "фасцикла",
             "sv": "Mapp",
+            "szl": null,
+            "tzm": "Asdaw",
             "uk": "Тека",
-            "zh_Hans": null
+            "zh_Hans": "文件夹"
         }
     },
     {
@@ -1391,20 +2147,32 @@
         "description": "Pin",
         "unicode": "U+1F4CC",
         "translated_descriptions": {
+            "ar": "دَبُّوس",
+            "bg": "Кабърче",
+            "ca": "Xinxeta",
+            "cs": "Špendlík",
             "de": "Stecknadel",
             "eo": "Pinglo",
             "es": "Alfiler",
             "et": "Nööpnõel",
             "fi": "Nuppineula",
             "fr": "Punaise",
-            "ja": null,
+            "hr": "pribadača",
+            "hu": "Rajszeg",
+            "it": "Puntina",
+            "ja": "ピン",
             "nb_NO": "Tegnestift",
             "nl": "Duimspijker",
+            "pt_BR": "Alfinete",
             "ru": "Булавка",
+            "si": null,
             "sk": "Špendlík",
+            "sr": "чиода",
             "sv": "Häftstift",
+            "szl": null,
+            "tzm": null,
             "uk": "Кнопка",
-            "zh_Hans": null
+            "zh_Hans": "图钉"
         }
     }
 ]
\ No newline at end of file
diff --git a/api/application-service/definitions/location.yaml b/data/api/application-service/definitions/location.yaml
similarity index 100%
rename from api/application-service/definitions/location.yaml
rename to data/api/application-service/definitions/location.yaml
diff --git a/api/application-service/definitions/location_batch.yaml b/data/api/application-service/definitions/location_batch.yaml
similarity index 100%
rename from api/application-service/definitions/location_batch.yaml
rename to data/api/application-service/definitions/location_batch.yaml
diff --git a/api/application-service/definitions/protocol.yaml b/data/api/application-service/definitions/protocol.yaml
similarity index 92%
rename from api/application-service/definitions/protocol.yaml
rename to data/api/application-service/definitions/protocol.yaml
index 851091d6965..b16eedfcfd8 100644
--- a/api/application-service/definitions/protocol.yaml
+++ b/data/api/application-service/definitions/protocol.yaml
@@ -43,9 +43,9 @@ properties:
   field_types:
     title: Field Types
     description: |-
-      The type definitions for the fields defined in the ``user_fields`` and 
-      ``location_fields``. Each entry in those arrays MUST have an entry here. The
-      ``string`` key for this object is field name itself.
+      The type definitions for the fields defined in the `user_fields` and
+      `location_fields`. Each entry in those arrays MUST have an entry here. The
+      `string` key for this object is field name itself.
 
       May be an empty object if no fields are defined.
     type: object
@@ -101,7 +101,7 @@ properties:
           example: "mxc://example.org/JkLmNoPq"
         fields:
           type: object
-          description: Preset values for ``fields`` the client may use to search by.
+          description: Preset values for `fields` the client may use to search by.
           example: {
             "network": "freenode"
           }
diff --git a/api/application-service/definitions/protocol_metadata.yaml b/data/api/application-service/definitions/protocol_metadata.yaml
similarity index 100%
rename from api/application-service/definitions/protocol_metadata.yaml
rename to data/api/application-service/definitions/protocol_metadata.yaml
diff --git a/api/application-service/definitions/security.yaml b/data/api/application-service/definitions/security.yaml
similarity index 88%
rename from api/application-service/definitions/security.yaml
rename to data/api/application-service/definitions/security.yaml
index bcfc69c06ee..6d7edd3a45a 100644
--- a/api/application-service/definitions/security.yaml
+++ b/data/api/application-service/definitions/security.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 homeserverAccessToken:
   type: apiKey
-  description: The ``hs_token`` provided by the application service's registration.
+  description: The `hs_token` provided by the application service's registration.
   name: access_token
   in: query
diff --git a/api/application-service/definitions/user.yaml b/data/api/application-service/definitions/user.yaml
similarity index 100%
rename from api/application-service/definitions/user.yaml
rename to data/api/application-service/definitions/user.yaml
diff --git a/api/application-service/definitions/user_batch.yaml b/data/api/application-service/definitions/user_batch.yaml
similarity index 100%
rename from api/application-service/definitions/user_batch.yaml
rename to data/api/application-service/definitions/user_batch.yaml
diff --git a/api/application-service/protocols.yaml b/data/api/application-service/protocols.yaml
similarity index 100%
rename from api/application-service/protocols.yaml
rename to data/api/application-service/protocols.yaml
diff --git a/api/application-service/query_room.yaml b/data/api/application-service/query_room.yaml
similarity index 97%
rename from api/application-service/query_room.yaml
rename to data/api/application-service/query_room.yaml
index 2fbc87d1000..6ddc6234dce 100644
--- a/api/application-service/query_room.yaml
+++ b/data/api/application-service/query_room.yaml
@@ -34,7 +34,7 @@ paths:
       description: |-
         This endpoint is invoked by the homeserver on an application service to query
         the existence of a given room alias. The homeserver will only query room
-        aliases inside the application service's ``aliases`` namespace. The
+        aliases inside the application service's `aliases` namespace. The
         homeserver will send this request when it receives a request to join a
         room alias within the application service's namespace.
       operationId: queryRoomByAlias
diff --git a/api/application-service/query_user.yaml b/data/api/application-service/query_user.yaml
similarity index 97%
rename from api/application-service/query_user.yaml
rename to data/api/application-service/query_user.yaml
index da3633823e5..f8fc4ef1c6d 100644
--- a/api/application-service/query_user.yaml
+++ b/data/api/application-service/query_user.yaml
@@ -34,7 +34,7 @@ paths:
       description: |-
         This endpoint is invoked by the homeserver on an application service to query
         the existence of a given user ID. The homeserver will only query user IDs
-        inside the application service's ``users`` namespace. The homeserver will
+        inside the application service's `users` namespace. The homeserver will
         send this request when it receives an event for an unknown user ID in
         the application service's namespace, such as a room invite.
       operationId: queryUserById
diff --git a/api/application-service/transactions.yaml b/data/api/application-service/transactions.yaml
similarity index 95%
rename from api/application-service/transactions.yaml
rename to data/api/application-service/transactions.yaml
index a557325c571..e4b62e01f11 100644
--- a/api/application-service/transactions.yaml
+++ b/data/api/application-service/transactions.yaml
@@ -34,7 +34,7 @@ paths:
         (or batch of events) to the application service.
 
         Note that the application service should distinguish state events
-        from message events via the presence of a ``state_key``, rather than
+        from message events via the presence of a `state_key`, rather than
         via the event type.
       operationId: sendTransaction
       security:
@@ -55,8 +55,8 @@ paths:
             type: object
             example: {
               "events": [
-                {"$ref": "../../event-schemas/examples/m.room.member"},
-                {"$ref": "../../event-schemas/examples/m.room.message$m.text"}
+                {"$ref": "../../event-schemas/examples/m.room.member.yaml"},
+                {"$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"}
               ]
             }
             properties:
diff --git a/api/client-server/account-data.yaml b/data/api/client-server/account-data.yaml
similarity index 98%
rename from api/client-server/account-data.yaml
rename to data/api/client-server/account-data.yaml
index ae845b251b7..ec0d017f5c6 100644
--- a/api/client-server/account-data.yaml
+++ b/data/api/client-server/account-data.yaml
@@ -33,7 +33,7 @@ paths:
       description: |-
         Set some account_data for the client. This config is only visible to the user
         that set the account_data. The config will be synced to clients in the
-        top-level ``account_data``.
+        top-level `account_data`.
       operationId: setAccountData
       security:
         - accessToken: []
@@ -110,7 +110,7 @@ paths:
       description: |-
         Set some account_data for the client on a given room. This config is only
         visible to the user that set the account_data. The config will be synced to
-        clients in the per-room ``account_data``.
+        clients in the per-room `account_data`.
       operationId: setAccountDataPerRoom
       security:
         - accessToken: []
diff --git a/api/client-server/admin.yaml b/data/api/client-server/admin.yaml
similarity index 100%
rename from api/client-server/admin.yaml
rename to data/api/client-server/admin.yaml
diff --git a/api/client-server/administrative_contact.yaml b/data/api/client-server/administrative_contact.yaml
similarity index 88%
rename from api/client-server/administrative_contact.yaml
rename to data/api/client-server/administrative_contact.yaml
index f8cdf5a0f00..e6e1267b81f 100644
--- a/api/client-server/administrative_contact.yaml
+++ b/data/api/client-server/administrative_contact.yaml
@@ -87,20 +87,20 @@ paths:
                         associated the third party identifier with the user.
                   required: ['medium', 'address', 'validated_at', 'added_at']
       tags:
-        - User data
+        - Account management
     post:
       summary: Adds contact information to the user's account.
       description: |-
         Adds contact information to the user's account.
 
-        This endpoint is deprecated in favour of the more specific ``/3pid/add``
-        and ``/3pid/bind`` endpoints.
+        This endpoint is deprecated in favour of the more specific `/3pid/add`
+        and `/3pid/bind` endpoints.
 
-        .. Note::
-           Previously this endpoint supported a ``bind`` parameter. This parameter
-           has been removed, making this endpoint behave as though it was ``false``.
-           This results in this endpoint being an equivalent to ``/3pid/bind`` rather
-           than dual-purpose.
+        **Note:**
+        Previously this endpoint supported a `bind` parameter. This parameter
+        has been removed, making this endpoint behave as though it was `false`.
+        This results in this endpoint being an equivalent to `/3pid/bind` rather
+        than dual-purpose.
       operationId: post3PIDs
       deprecated: true
       security:
@@ -139,7 +139,7 @@ paths:
                   "id_server": "matrix.org",
                   "id_access_token": "abc123_OpaqueString",
                   "sid": "abc123987",
-                  "client_secret": "d0n'tT3ll"
+                  "client_secret": "d0nt-T3ll"
                 }
               }
       responses:
@@ -154,11 +154,12 @@ paths:
               properties:
                 submit_url:
                   type: string
+                  format: uri
                   description: |-
                     An optional field containing a URL where the client must
                     submit the validation token to, with identical parameters
-                    to the Identity Service API's ``POST
-                    /validate/email/submitToken`` endpoint (without the requirement
+                    to the Identity Service API's `POST
+                    /validate/email/submitToken` endpoint (without the requirement
                     for an access token). The homeserver must send this token to the
                     user (if applicable), who should then be prompted to provide it
                     to the client.
@@ -166,7 +167,7 @@ paths:
                     If this field is not present, the client can assume that
                     verification will happen without the client's involvement
                     provided the homeserver advertises this specification version
-                    in the ``/versions`` response (ie: r0.5.0).
+                    in the `/versions` response (ie: r0.5.0).
                   example: "https://example.org/path/to/submitToken"
         403:
           description: The credentials could not be verified with the identity server.
@@ -178,12 +179,12 @@ paths:
           schema:
             "$ref": "definitions/errors/error.yaml"
       tags:
-        - User data
+        - Account management
   "/account/3pid/add":
     post:
       summary: Adds contact information to the user's account.
       description: |-
-        This API endpoint uses the `User-Interactive Authentication API`_.
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
 
         Adds contact information to the user's account. Homeservers should use 3PIDs added
         through this endpoint for password resets instead of relying on the identity server.
@@ -215,7 +216,7 @@ paths:
             required: ["client_secret",  "sid"]
             example: {
               "sid": "abc123987",
-              "client_secret": "d0n'tT3ll"
+              "client_secret": "d0nt-T3ll"
             }
       responses:
         200:
@@ -233,6 +234,8 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - Account management
   "/account/3pid/bind":
     post:
       summary: Binds a 3PID to the user's account through an Identity Service.
@@ -272,7 +275,7 @@ paths:
               "id_server": "example.org",
               "id_access_token": "abc123_OpaqueString",
               "sid": "abc123987",
-              "client_secret": "d0n'tT3ll"
+              "client_secret": "d0nt-T3ll"
             }
       responses:
         200:
@@ -286,7 +289,7 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - Account management
   "/account/3pid/delete":
     post:
       summary: Deletes a third party identifier from the user's account
@@ -294,7 +297,7 @@ paths:
         Removes a third party identifier from the user's account. This might not
         cause an unbind of the identifier from the identity server.
 
-        Unlike other endpoints, this endpoint does not take an ``id_access_token``
+        Unlike other endpoints, this endpoint does not take an `id_access_token`
         parameter because the homeserver is expected to sign the request to the
         identity server instead.
       operationId: delete3pidFromAccount
@@ -311,9 +314,9 @@ paths:
                 type: string
                 description: |-
                     The identity server to unbind from. If not provided, the homeserver
-                    MUST use the ``id_server`` the identifier was added through. If the
-                    homeserver does not know the original ``id_server``, it MUST return
-                    a ``id_server_unbind_result`` of ``no-support``.
+                    MUST use the `id_server` the identifier was added through. If the
+                    homeserver does not know the original `id_server`, it MUST return
+                    a `id_server_unbind_result` of `no-support`.
                 example: "example.org"
               medium:
                 type: string
@@ -342,8 +345,8 @@ paths:
                   - "success"
                 description: |-
                   An indicator as to whether or not the homeserver was able to unbind
-                  the 3PID from the identity server. ``success`` indicates that the
-                  indentity server has unbound the identifier whereas ``no-support``
+                  the 3PID from the identity server. `success` indicates that the
+                  identity server has unbound the identifier whereas `no-support`
                   indicates that the identity server refuses to support the request
                   or the homeserver was not able to determine an identity server to
                   unbind from.
@@ -351,7 +354,7 @@ paths:
             required:
               - id_server_unbind_result
       tags:
-        - User data
+        - Account management
   "/account/3pid/unbind":
     post:
       summary: Removes a user's third party identifier from an identity server.
@@ -359,7 +362,7 @@ paths:
         Removes a user's third party identifier from the provided identity server
         without removing it from the homeserver.
 
-        Unlike other endpoints, this endpoint does not take an ``id_access_token``
+        Unlike other endpoints, this endpoint does not take an `id_access_token`
         parameter because the homeserver is expected to sign the request to the
         identity server instead.
       operationId: unbind3pidFromAccount
@@ -376,9 +379,9 @@ paths:
                 type: string
                 description: |-
                     The identity server to unbind from. If not provided, the homeserver
-                    MUST use the ``id_server`` the identifier was added through. If the
-                    homeserver does not know the original ``id_server``, it MUST return
-                    a ``id_server_unbind_result`` of ``no-support``.
+                    MUST use the `id_server` the identifier was added through. If the
+                    homeserver does not know the original `id_server`, it MUST return
+                    a `id_server_unbind_result` of `no-support`.
                 example: "example.org"
               medium:
                 type: string
@@ -407,15 +410,15 @@ paths:
                   - "success"
                 description: |-
                   An indicator as to whether or not the identity server was able to unbind
-                  the 3PID. ``success`` indicates that the identity server has unbound the
-                  identifier whereas ``no-support`` indicates that the identity server
+                  the 3PID. `success` indicates that the identity server has unbound the
+                  identifier whereas `no-support` indicates that the identity server
                   refuses to support the request or the homeserver was not able to determine
                   an identity server to unbind from.
                 example: "success"
             required:
               - id_server_unbind_result
       tags:
-        - User data
+        - Account management
   "/account/3pid/email/requestToken":
     post:
       summary: Begins the validation process for an email address for association with the user's account.
@@ -424,7 +427,8 @@ paths:
         already associated with an account on this homeserver. This API should
         be used to request validation tokens when adding an email address to an
         account. This API's parameters and response are identical to that of
-        the |/register/email/requestToken|_ endpoint. The homeserver should validate
+        the [`/register/email/requestToken`](/client-server-api/#post_matrixclientr0registeremailrequesttoken)
+        endpoint. The homeserver should validate
         the email itself, either by sending a validation email itself or by using
         a service it has control over.
       operationId: requestTokenTo3PIDEmail
@@ -456,7 +460,7 @@ paths:
         400:
           description: |-
             The third party identifier is already in use on the homeserver, or
-            the request was invalid. The error code ``M_SERVER_NOT_TRUSTED``
+            the request was invalid. The error code `M_SERVER_NOT_TRUSTED`
             can be returned if the server does not trust/support the identity server
             provided in the request.
           schema:
@@ -466,6 +470,8 @@ paths:
               "errcode": "M_THREEPID_IN_USE",
               "error": "Third party identifier already in use"
             }
+      tags:
+        - Account management
   "/account/3pid/msisdn/requestToken":
     post:
       summary: Begins the validation process for a phone number for association with the user's account.
@@ -474,7 +480,8 @@ paths:
         already associated with an account on this homeserver. This API should
         be used to request validation tokens when adding a phone number to an
         account. This API's parameters and response are identical to that of
-        the |/register/msisdn/requestToken|_ endpoint. The homeserver should validate
+        the [`/register/msisdn/requestToken`](/client-server-api/#post_matrixclientr0registermsisdnrequesttoken)
+        endpoint. The homeserver should validate
         the phone number itself, either by sending a validation message itself or by using
         a service it has control over.
       operationId: requestTokenTo3PIDMSISDN
@@ -503,7 +510,7 @@ paths:
         400:
           description: |-
             The third party identifier is already in use on the homeserver, or
-            the request was invalid. The error code ``M_SERVER_NOT_TRUSTED``
+            the request was invalid. The error code `M_SERVER_NOT_TRUSTED`
             can be returned if the server does not trust/support the identity server
             provided in the request.
           schema:
@@ -513,3 +520,5 @@ paths:
               "errcode": "M_THREEPID_IN_USE",
               "error": "Third party identifier already in use"
             }
+      tags:
+        - Account management
diff --git a/api/client-server/appservice_room_directory.yaml b/data/api/client-server/appservice_room_directory.yaml
similarity index 97%
rename from api/client-server/appservice_room_directory.yaml
rename to data/api/client-server/appservice_room_directory.yaml
index 63783cfddd5..ab66bdd9b4b 100644
--- a/api/client-server/appservice_room_directory.yaml
+++ b/data/api/client-server/appservice_room_directory.yaml
@@ -40,10 +40,10 @@ paths:
         This API is similar to the room directory visibility API used by clients
         to update the homeserver's more general room directory.
 
-        This API requires the use of an application service access token (``as_token``)
+        This API requires the use of an application service access token (`as_token`)
         instead of a typical client's access_token. This API cannot be invoked by
         users who are not identified as application services.
-      operationId: updateAppserviceRoomDirectoryVsibility
+      operationId: updateAppserviceRoomDirectoryVisibility
       parameters:
         - in: path
           type: string
diff --git a/api/client-server/banning.yaml b/data/api/client-server/banning.yaml
similarity index 87%
rename from api/client-server/banning.yaml
rename to data/api/client-server/banning.yaml
index 6ef430df681..5c6e7ee32c1 100644
--- a/api/client-server/banning.yaml
+++ b/data/api/client-server/banning.yaml
@@ -61,8 +61,8 @@ paths:
                 description: The fully qualified user ID of the user being banned.
               reason:
                 type: string
-                description: The reason the user has been banned. This will be supplied as the 
-                  ``reason`` on the target's updated `m.room.member`_ event.
+                description: The reason the user has been banned. This will be supplied as the
+                  `reason` on the target's updated [`m.room.member`](/client-server-api/#mroommember) event.
             required: ["user_id"]
       responses:
         200:
@@ -74,7 +74,7 @@ paths:
             type: object
         403:
           description: |-
-            You do not have permission to ban the user from the room. A meaningful ``errcode`` and description error text will be returned. Example reasons for rejections are:
+            You do not have permission to ban the user from the room. A meaningful `errcode` and description error text will be returned. Example reasons for rejections are:
 
             - The banner is not currently in the room.
             - The banner's power level is insufficient to ban users from the room.
@@ -111,12 +111,18 @@ paths:
           schema:
             type: object
             example: {
-                "user_id": "@cheeky_monkey:matrix.org"
-              }
+              "user_id": "@cheeky_monkey:matrix.org",
+              "reason": "They've been banned long enough"
+            }
             properties:
               user_id:
                 type: string
                 description: The fully qualified user ID of the user being unbanned.
+              reason:
+                type: string
+                description: |-
+                  Optional reason to be included as the `reason` on the subsequent
+                  membership event.
             required: ["user_id"]
       responses:
         200:
@@ -128,7 +134,7 @@ paths:
             type: object
         403:
           description: |-
-            You do not have permission to unban the user from the room. A meaningful ``errcode`` and description error text will be returned. Example reasons for rejections are:
+            You do not have permission to unban the user from the room. A meaningful `errcode` and description error text will be returned. Example reasons for rejections are:
 
             - The unbanner's power level is insufficient to unban users from the room.
           examples:
diff --git a/api/client-server/capabilities.yaml b/data/api/client-server/capabilities.yaml
similarity index 98%
rename from api/client-server/capabilities.yaml
rename to data/api/client-server/capabilities.yaml
index a50908f752e..ece0d9adb81 100644
--- a/api/client-server/capabilities.yaml
+++ b/data/api/client-server/capabilities.yaml
@@ -13,7 +13,7 @@
 # limitations under the License.
 swagger: '2.0'
 info:
-  title: "Matrix Client-Server Capabiltiies API"
+  title: "Matrix Client-Server Capabilities API"
   version: "1.0.0"
 host: localhost:8008
 schemes:
diff --git a/api/client-server/content-repo.yaml b/data/api/client-server/content-repo.yaml
similarity index 90%
rename from api/client-server/content-repo.yaml
rename to data/api/client-server/content-repo.yaml
index 71c35f016c0..fb91c7c53d8 100644
--- a/api/client-server/content-repo.yaml
+++ b/data/api/client-server/content-repo.yaml
@@ -42,7 +42,7 @@ paths:
           name: Content-Type
           type: string
           description: The content type of the file being uploaded
-          x-example: "Content-Type: application/pdf"
+          x-example: "application/pdf"
         - in: query
           type: string
           x-example: "War and Peace.pdf"
@@ -59,14 +59,15 @@ paths:
             format: byte
       responses:
         200:
-          description: The `MXC URI`_ for the uploaded content.
+          description: The [MXC URI](/client-server-api/#matrix-content-mxc-uris) for the uploaded content.
           schema:
             type: object
             required: ["content_uri"]
             properties:
               content_uri:
                 type: string
-                description: "The `MXC URI`_ to the uploaded content."
+                format: uri
+                description: "The [MXC URI](/client-server-api/#matrix-content-mxc-uris) to the uploaded content."
           examples:
             application/json: {
               "content_uri": "mxc://example.com/AQwafuaFswefuhsfAFAgsw"
@@ -112,14 +113,14 @@ paths:
           x-example: matrix.org
           required: true
           description: |
-            The server name from the ``mxc://`` URI (the authoritory component)
+            The server name from the `mxc://` URI (the authoritory component)
         - in: path
           type: string
           name: mediaId
           x-example: ascERGshawAWawugaAcauga
           required: true
           description: |
-            The media ID from the ``mxc://`` URI (the path component)
+            The media ID from the `mxc://` URI (the path component)
         - in: query
           type: boolean
           name: allow_remote
@@ -177,20 +178,20 @@ paths:
           x-example: matrix.org
           required: true
           description: |
-            The server name from the ``mxc://`` URI (the authoritory component)
+            The server name from the `mxc://` URI (the authoritory component)
         - in: path
           type: string
           name: mediaId
           x-example: ascERGshawAWawugaAcauga
           required: true
           description: |
-            The media ID from the ``mxc://`` URI (the path component)
+            The media ID from the `mxc://` URI (the path component)
         - in: path
           type: string
           name: fileName
           x-example: filename.jpg
           required: true
-          description: A filename to give in the ``Content-Disposition`` header.
+          description: A filename to give in the `Content-Disposition` header.
         - in: query
           type: boolean
           name: allow_remote
@@ -210,7 +211,7 @@ paths:
               type: "string"
             Content-Disposition:
               description: |-
-                The ``fileName`` requested or the name of the file that was previously
+                The `fileName` requested or the name of the file that was previously
                 uploaded, if set.
               type: "string"
           schema:
@@ -238,7 +239,7 @@ paths:
       summary: Download a thumbnail of content from the content repository
       description: |-
         Download a thumbnail of content from the content repository.
-        See the `thumbnailing <#thumbnails>`_ section for more information.
+        See the [Thumbnails](/client-server-api/#thumbnails) section for more information.
       operationId: getContentThumbnail
       produces: ["image/jpeg", "image/png"]
       parameters:
@@ -248,14 +249,14 @@ paths:
           required: true
           x-example: example.org
           description: |
-            The server name from the ``mxc://`` URI (the authoritory component)
+            The server name from the `mxc://` URI (the authoritory component)
         - in: path
           type: string
           name: mediaId
           x-example: ascERGshawAWawugaAcauga
           required: true
           description: |
-            The media ID from the ``mxc://`` URI (the path component)
+            The media ID from the `mxc://` URI (the path component)
         - in: query
           type: integer
           x-example: 64
@@ -278,7 +279,7 @@ paths:
           name: method
           x-example: "scale"
           description: |-
-            The desired resizing method. See the `thumbnailing <#thumbnails>`_
+            The desired resizing method. See the [Thumbnails](/client-server-api/#thumbnails)
             section for more information.
         - in: query
           type: boolean
@@ -347,11 +348,11 @@ paths:
         Get information about a URL for the client. Typically this is called when a
         client sees a URL in a message and wants to render a preview for the user.
 
-        .. Note::
-          Clients should consider avoiding this endpoint for URLs posted in encrypted
-          rooms. Encrypted rooms often contain more sensitive information the users
-          do not want to share with the homeserver, and this can mean that the URLs
-          being shared should also not be shared with the homeserver.
+        **Note:**
+        Clients should consider avoiding this endpoint for URLs posted in encrypted
+        rooms. Encrypted rooms often contain more sensitive information the users
+        do not want to share with the homeserver, and this can mean that the URLs
+        being shared should also not be shared with the homeserver.
 
       operationId: getUrlPreview
       produces: ["application/json"]
@@ -360,6 +361,7 @@ paths:
       parameters:
         - in: query
           type: string
+          format: uri
           x-example: "https://matrix.org"
           name: url
           description: "The URL to get a preview of."
@@ -389,8 +391,9 @@ paths:
                   The byte-size of the image. Omitted if there is no image attached.
               "og:image":
                 type: string
+                format: uri
                 description: |-
-                  An `MXC URI`_ to the image. Omitted if there is no image.
+                  An [MXC URI](/client-server-api/#matrix-content-mxc-uris) to the image. Omitted if there is no image.
           examples:
             application/json: {
                 "og:title": "Matrix Blog Post",
diff --git a/api/client-server/create_room.yaml b/data/api/client-server/create_room.yaml
similarity index 67%
rename from api/client-server/create_room.yaml
rename to data/api/client-server/create_room.yaml
index 8b4cf9e9da3..207c862024b 100644
--- a/api/client-server/create_room.yaml
+++ b/data/api/client-server/create_room.yaml
@@ -38,41 +38,41 @@ paths:
         the new room, including checking power levels for each event. It MUST
         apply the events implied by the request in the following order:
 
-        1. The ``m.room.create`` event itself. Must be the first event in the
+        1. The `m.room.create` event itself. Must be the first event in the
            room.
 
-        2. An ``m.room.member`` event for the creator to join the room. This is
+        2. An `m.room.member` event for the creator to join the room. This is
            needed so the remaining events can be sent.
 
-        3. A default ``m.room.power_levels`` event, giving the room creator
+        3. A default `m.room.power_levels` event, giving the room creator
            (and not other members) permission to send state events. Overridden
-           by the ``power_level_content_override`` parameter.
+           by the `power_level_content_override` parameter.
 
-        4. Events set by the ``preset``. Currently these are the ``m.room.join_rules``,
-           ``m.room.history_visibility``, and ``m.room.guest_access`` state events.
+        4. An `m.room.canonical_alias` event if `room_alias_name` is given.
 
-        5. Events listed in ``initial_state``, in the order that they are
+        5. Events set by the `preset`. Currently these are the `m.room.join_rules`,
+           `m.room.history_visibility`, and `m.room.guest_access` state events.
+
+        6. Events listed in `initial_state`, in the order that they are
            listed.
 
-        6. Events implied by ``name`` and ``topic`` (``m.room.name`` and ``m.room.topic``
+        7. Events implied by `name` and `topic` (`m.room.name` and `m.room.topic`
            state events).
 
-        7. Invite events implied by ``invite`` and ``invite_3pid`` (``m.room.member`` with
-           ``membership: invite`` and ``m.room.third_party_invite``).
+        8. Invite events implied by `invite` and `invite_3pid` (`m.room.member` with
+           `membership: invite` and `m.room.third_party_invite`).
 
         The available presets do the following with respect to room state:
 
-        ========================  ==============  ======================  ================  =========
-                 Preset           ``join_rules``  ``history_visibility``  ``guest_access``  Other
-        ========================  ==============  ======================  ================  =========
-        ``private_chat``          ``invite``      ``shared``              ``can_join``
-        ``trusted_private_chat``  ``invite``      ``shared``              ``can_join``      All invitees are given the same power level as the room creator.
-        ``public_chat``           ``public``      ``shared``              ``forbidden``
-        ========================  ==============  ======================  ================  =========
+        | Preset                 | `join_rules` | `history_visibility` | `guest_access` | Other |
+        |------------------------|--------------|----------------------|----------------|-------|
+        | `private_chat`         | `invite`     | `shared`             | `can_join`     |       |
+        | `trusted_private_chat` | `invite`     | `shared`             | `can_join`     | All invitees are given the same power level as the room creator. |
+        | `public_chat`          | `public`     | `shared`             | `forbidden`    |       |
 
-        The server will create a ``m.room.create`` event in the room with the
+        The server will create a `m.room.create` event in the room with the
         requesting user as the creator, alongside other keys provided in the
-        ``creation_content``.
+        `creation_content`.
       operationId: createRoom
       security:
         - accessToken: []
@@ -97,12 +97,12 @@ paths:
                 type: string
                 enum: ["public", "private"]
                 description: |-
-                  A ``public`` visibility indicates that the room will be shown
-                  in the published room list. A ``private`` visibility will hide
+                  A `public` visibility indicates that the room will be shown
+                  in the published room list. A `private` visibility will hide
                   the room from the published room list. Rooms default to
-                  ``private`` visibility if this key is not included. NB: This
-                  should not be confused with ``join_rules`` which also uses the
-                  word ``public``.
+                  `private` visibility if this key is not included. NB: This
+                  should not be confused with `join_rules` which also uses the
+                  word `public`.
               room_alias_name:
                 type: string
                 description: |-
@@ -111,22 +111,23 @@ paths:
                   room. The alias will belong on the *same* homeserver which
                   created the room. For example, if this was set to "foo" and
                   sent to the homeserver "example.com" the complete room alias
-                  would be ``#foo:example.com``.
+                  would be `#foo:example.com`.
 
                   The complete room alias will become the canonical alias for
-                  the room.
+                  the room and an `m.room.canonical_alias` event will be sent
+                  into the room.
               name:
                 type: string
                 description: |-
-                  If this is included, an ``m.room.name`` event will be sent
+                  If this is included, an `m.room.name` event will be sent
                   into the room to indicate the name of the room. See Room
-                  Events for more information on ``m.room.name``.
+                  Events for more information on `m.room.name`.
               topic:
                 type: string
                 description: |-
-                  If this is included, an ``m.room.topic`` event will be sent
+                  If this is included, an `m.room.topic` event will be sent
                   into the room to indicate the topic for the room. See Room
-                  Events for more information on ``m.room.topic``.
+                  Events for more information on `m.room.topic`.
               invite:
                 type: array
                 description: |-
@@ -155,7 +156,7 @@ paths:
                     medium:
                       type: string
                       # TODO: Link to Identity Service spec when it eixsts
-                      description: The kind of address being passed in the address field, for example ``email``.
+                      description: The kind of address being passed in the address field, for example `email`.
                     address:
                       type: string
                       description: The invitee's third party identifier.
@@ -165,16 +166,16 @@ paths:
                 description: |-
                   The room version to set for the room. If not provided, the homeserver is
                   to use its configured default. If provided, the homeserver will return a
-                  400 error with the errcode ``M_UNSUPPORTED_ROOM_VERSION`` if it does not
+                  400 error with the errcode `M_UNSUPPORTED_ROOM_VERSION` if it does not
                   support the room version.
                 example: "1"
               creation_content:
                 title: CreationContent
                 type: object
                 description: |-
-                  Extra keys, such as ``m.federate``, to be added to the content
-                  of the `m.room.create`_ event. The server will clobber the following
-                  keys: ``creator``, ``room_version``. Future versions of the specification
+                  Extra keys, such as `m.federate`, to be added to the content
+                  of the [`m.room.create`](/client-server-api/#mroomcreate) event. The server will clobber the following
+                  keys: `creator`, `room_version`. Future versions of the specification
                   may allow the server to clobber other keys.
               initial_state:
                 type: array
@@ -184,8 +185,8 @@ paths:
                   room. The expected format of the state events are an object
                   with type, state_key and content keys set.
 
-                  Takes precedence over events set by ``preset``, but gets
-                  overriden by ``name`` and ``topic`` keys.
+                  Takes precedence over events set by `preset`, but gets
+                  overriden by `name` and `topic` keys.
                 items:
                   type: object
                   title: StateEvent
@@ -207,22 +208,23 @@ paths:
                   Convenience parameter for setting various default state events
                   based on a preset.
 
-                  If unspecified, the server should use the ``visibility`` to determine
-                  which preset to use. A visbility of ``public`` equates to a preset of
-                  ``public_chat`` and ``private`` visibility equates to a preset of
-                  ``private_chat``.
+                  If unspecified, the server should use the `visibility` to determine
+                  which preset to use. A visbility of `public` equates to a preset of
+                  `public_chat` and `private` visibility equates to a preset of
+                  `private_chat`.
               is_direct:
                 type: boolean
                 description: |-
-                  This flag makes the server set the ``is_direct`` flag on the
-                  ``m.room.member`` events sent to the users in ``invite`` and
-                  ``invite_3pid``. See `Direct Messaging`_ for more information.
+                  This flag makes the server set the `is_direct` flag on the
+                  `m.room.member` events sent to the users in `invite` and
+                  `invite_3pid`. See [Direct Messaging](/client-server-api/#direct-messaging) for more information.
               power_level_content_override:
                 title: Power Level Event Content
                 type: object
                 description: |-
                   The power level content to override in the default power level
-                  event. This object is applied on top of the generated `m.room.power_levels`_
+                  event. This object is applied on top of the generated
+                  [`m.room.power_levels`](/client-server-api/#mroompower_levels)
                   event content prior to it being sent to the room. Defaults to
                   overriding nothing.
       responses:
@@ -244,24 +246,24 @@ paths:
         400:
           description: |-
 
-            The request is invalid. A meaningful ``errcode`` and description
+            The request is invalid. A meaningful `errcode` and description
             error text will be returned. Example reasons for rejection include:
 
-            - The request body is malformed (``errcode`` set to ``M_BAD_JSON``
-              or ``M_NOT_JSON``).
+            - The request body is malformed (`errcode` set to `M_BAD_JSON`
+              or `M_NOT_JSON`).
 
-            - The room alias specified is already taken (``errcode`` set to
-              ``M_ROOM_IN_USE``).
+            - The room alias specified is already taken (`errcode` set to
+              `M_ROOM_IN_USE`).
 
             - The initial state implied by the parameters to the request is
-              invalid: for example, the user's ``power_level`` is set below
-              that necessary to set the room name (``errcode`` set to
-              ``M_INVALID_ROOM_STATE``).
+              invalid: for example, the user's `power_level` is set below
+              that necessary to set the room name (`errcode` set to
+              `M_INVALID_ROOM_STATE`).
 
             - The homeserver doesn't support the requested room version, or
               one or more users being invited to the new room are residents
               of a homeserver which does not support the requested room version.
-              The ``errcode`` will be ``M_UNSUPPORTED_ROOM_VERSION`` in these
+              The `errcode` will be `M_UNSUPPORTED_ROOM_VERSION` in these
               cases.
           schema:
             "$ref": "definitions/errors/error.yaml"
diff --git a/data/api/client-server/cross_signing.yaml b/data/api/client-server/cross_signing.yaml
new file mode 100644
index 00000000000..3c17cd116f6
--- /dev/null
+++ b/data/api/client-server/cross_signing.yaml
@@ -0,0 +1,236 @@
+# Copyright 2020 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+swagger: '2.0'
+info:
+  title: "Matrix Client-Server Cross Signing API"
+  version: "1.0.0"
+host: localhost:8008
+schemes:
+  - https
+  - http
+basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%
+consumes:
+  - application/json
+produces:
+  - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
+paths:
+  "/keys/device_signing/upload":
+    post:
+      summary: Upload cross-signing keys.
+      description: |-
+        Publishes cross-signing keys for the user.
+
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
+      operationId: uploadCrossSigningKeys
+      security:
+        - accessToken: []
+      parameters:
+        - in: body
+          name: keys
+          description: |-
+            The keys to be published.
+          required: true
+          schema:
+            type: object
+            properties:
+              master_key:
+                description: |-
+                  Optional. The user\'s master key.
+                allOf:
+                  - $ref: definitions/cross_signing_key.yaml
+              self_signing_key:
+                description: |-
+                  Optional. The user\'s self-signing key. Must be signed by
+                  the accompanying master key, or by the user\'s most recently
+                  uploaded master key if no master key is included in the
+                  request.
+                allOf:
+                  - $ref: definitions/cross_signing_key.yaml
+              user_signing_key:
+                description: |-
+                  Optional. The user\'s user-signing key. Must be signed by
+                  the accompanying master key, or by the user\'s most recently
+                  uploaded master key if no master key is included in the
+                  request.
+                allOf:
+                  - $ref: definitions/cross_signing_key.yaml
+              auth:
+                description: |-
+                  Additional authentication information for the
+                  user-interactive authentication API.
+                allOf:
+                - $ref: "definitions/auth_data.yaml"
+            example: {
+              "master_key": {
+                "user_id": "@alice:example.com",
+                "usage": ["master"],
+                "keys": {
+                  "ed25519:base64+master+public+key": "base64+master+public+key",
+                }
+              },
+              "self_signing_key": {
+                "user_id": "@alice:example.com",
+                "usage": ["self_signing"],
+                "keys": {
+                  "ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
+                },
+                "signatures": {
+                  "@alice:example.com": {
+                    "ed25519:base64+master+public+key": "signature+of+self+signing+key"
+                  }
+                }
+              },
+              "user_signing_key": {
+                "user_id": "@alice:example.com",
+                "usage": ["user_signing"],
+                "keys": {
+                  "ed25519:base64+user+signing+public+key": "base64+user+signing+master+public+key",
+                },
+                "signatures": {
+                  "@alice:example.com": {
+                    "ed25519:base64+master+public+key": "signature+of+user+signing+key"
+                  }
+                }
+              }
+            }
+      responses:
+        200:
+          description: The provided keys were successfully uploaded.
+          schema:
+            type: object
+            example: {}
+        400:
+          description: |-
+            The input was invalid in some way. This can include one of the
+            following error codes:
+
+            * `M_INVALID_SIGNATURE`: For example, the self-signing or
+              user-signing key had an incorrect signature.
+            * `M_MISSING_PARAM`: No master key is available.
+          schema:
+            type: object
+            example: {
+              "errcode": "M_INVALID_SIGNATURE",
+              "error": "Invalid signature"
+            }
+        403:
+          description: |-
+            The public key of one of the keys is the same as one of the user\'s
+            device IDs, or the request is not authorized for any other reason.
+          schema:
+            type: object
+            example: {
+              "errcode": "M_FORBIDDEN",
+              "error": "Key ID in use"
+            }
+      tags:
+        - End-to-end encryption
+  "/keys/signatures/upload":
+    post:
+      summary: Upload cross-signing signatures.
+      description: |-
+        Publishes cross-signing signatures for the user.  The request body is a
+        map from user ID to key ID to signed JSON object.
+      operationId: uploadCrossSigningSignatures
+      security:
+        - accessToken: []
+      parameters:
+        - in: body
+          name: signatures
+          description: |-
+            The signatures to be published.
+          required: true
+          schema:
+            type: object
+            title: Signatures
+            additionalProperties:
+              type: object
+              additionalProperties:
+                type: object
+            example: {
+              "@alice:example.com": {
+                "HIJKLMN": {
+                  "user_id": "@alice:example.com",
+                  "device_id": "HIJKLMN",
+                  "algorithms": [
+                    "m.olm.curve25519-aes-sha256",
+                    "m.megolm.v1.aes-sha"
+                  ],
+                  "keys": {
+                    "curve25519:HIJKLMN": "base64+curve25519+key",
+                    "ed25519:HIJKLMN": "base64+ed25519+key"
+                  },
+                  "signatures": {
+                    "@alice:example.com": {
+                      "ed25519:base64+self+signing+public+key": "base64+signature+of+HIJKLMN"
+                    }
+                  }
+                },
+                "base64+master+public+key": {
+                  "user_id": "@alice:example.com",
+                  "usage": ["master"],
+                  "keys": {
+                    "ed25519:base64+master+public+key": "base64+master+public+key"
+                  },
+                  "signatures": {
+                    "@alice:example.com": {
+                      "ed25519:HIJKLMN": "base64+signature+of+master+key"
+                    }
+                  }
+                }
+              },
+              "@bob:example.com": {
+                "bobs+base64+master+public+key": {
+                  "user_id": "@bob:example.com",
+                  "keys": {
+                    "ed25519:bobs+base64+master+public+key": "bobs+base64+master+public+key"
+                  },
+                  "usage": ["master"],
+                  "signatures": {
+                    "@alice:example.com": {
+                      "ed25519:base64+user+signing+public+key": "base64+signature+of+bobs+master+key"
+                    }
+                  }
+                }
+              }
+            }
+      responses:
+        200:
+          description: The provided signatures were processed.
+          schema:
+            type: object
+            properties:
+              failures:
+                type: object
+                description: |-
+                  A map from user ID to key ID to an error for any signatures
+                  that failed.  If a signature was invalid, the `errcode` will
+                  be set to `M_INVALID_SIGNATURE`.
+                additionalProperties:
+                  type: object
+                  additionalProperties:
+                    type: object
+                    title: Error
+                example: {
+                  "@alice:example.com": {
+                    "HIJKLMN": {
+                      "errcode": "M_INVALID_SIGNATURE",
+                      "error": "Invalid signature"
+                    }
+                  }
+                }
+      tags:
+        - End-to-end encryption
diff --git a/api/client-server/definitions/auth_data.yaml b/data/api/client-server/definitions/auth_data.yaml
similarity index 100%
rename from api/client-server/definitions/auth_data.yaml
rename to data/api/client-server/definitions/auth_data.yaml
diff --git a/api/client-server/definitions/auth_response.yaml b/data/api/client-server/definitions/auth_response.yaml
similarity index 100%
rename from api/client-server/definitions/auth_response.yaml
rename to data/api/client-server/definitions/auth_response.yaml
diff --git a/api/client-server/definitions/client_device.yaml b/data/api/client-server/definitions/client_device.yaml
similarity index 100%
rename from api/client-server/definitions/client_device.yaml
rename to data/api/client-server/definitions/client_device.yaml
diff --git a/data/api/client-server/definitions/cross_signing_key.yaml b/data/api/client-server/definitions/cross_signing_key.yaml
new file mode 100644
index 00000000000..cebc5ecd3c7
--- /dev/null
+++ b/data/api/client-server/definitions/cross_signing_key.yaml
@@ -0,0 +1,55 @@
+# Copyright 2020 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+type: object
+title: CrossSigningKey
+description: Cross signing key
+properties:
+  user_id:
+    type: string
+    description: |-
+      The ID of the user the key belongs to.
+    example: "@alice:example.com"
+  usage:
+    type: array
+    description: |-
+      What the key is used for.
+    items:
+      type: string
+      enum: ["master", "self_signing", "user_signing"]
+  keys:
+    type: object
+    additionalProperties:
+      type: string
+    description: |-
+      The public key.  The object must have exactly one property, whose name is
+      in the form `<algorithm>:<unpadded_base64_public_key>`, and whose value
+      is the unpadded base64 public key.
+    example:
+      "ed25519:alice+base64+public+key": "alice+base64+public+key"
+  signatures:
+    type: object
+    title: Signatures
+    description: |-
+      Signatures of the key, calculated using the process described at [Signing JSON](/appendices/#signing-json).
+      Optional for the master key. Other keys must be signed by the
+      user\'s master key.
+    example: {
+        "@alice:example.com": {
+            "ed25519:alice+base64+master+key": "signature+of+key"
+          }
+      }
+required:
+  - user_id
+  - usage
+  - keys
diff --git a/api/client-server/definitions/device_keys.yaml b/data/api/client-server/definitions/device_keys.yaml
similarity index 92%
rename from api/client-server/definitions/device_keys.yaml
rename to data/api/client-server/definitions/device_keys.yaml
index 4f7cffe73c1..ab033941d97 100644
--- a/api/client-server/definitions/device_keys.yaml
+++ b/data/api/client-server/definitions/device_keys.yaml
@@ -38,7 +38,7 @@ properties:
     type: object
     description: |-
        Public identity keys. The names of the properties should be in the
-       format ``<algorithm>:<device_id>``. The keys themselves should be
+       format `<algorithm>:<device_id>`. The keys themselves should be
        encoded as specified by the key algorithm.
     additionalProperties:
        type: string
@@ -50,10 +50,9 @@ properties:
     title: Signatures
     description: |-
        Signatures for the device key object. A map from user ID, to a map from
-       ``<algorithm>:<device_id>`` to the signature.
+       `<algorithm>:<device_id>` to the signature.
 
-       The signature is calculated using the process described at `Signing
-       JSON`_.
+       The signature is calculated using the process described at [Signing JSON](/appendices/#signing-json).
     additionalProperties:
       type: object
       additionalProperties:
diff --git a/api/client-server/definitions/errors/error.yaml b/data/api/client-server/definitions/errors/error.yaml
similarity index 95%
rename from api/client-server/definitions/errors/error.yaml
rename to data/api/client-server/definitions/errors/error.yaml
index 7471da6f609..89a0d44f91f 100644
--- a/api/client-server/definitions/errors/error.yaml
+++ b/data/api/client-server/definitions/errors/error.yaml
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 type: object
+title: Error
 description: A Matrix-level Error
 properties:
   errcode:
@@ -22,4 +23,4 @@ properties:
     type: string
     description: A human-readable error message.
     example: An unknown error occurred
-required: ["errcode"]
\ No newline at end of file
+required: ["errcode"]
diff --git a/api/client-server/definitions/errors/rate_limited.yaml b/data/api/client-server/definitions/errors/rate_limited.yaml
similarity index 96%
rename from api/client-server/definitions/errors/rate_limited.yaml
rename to data/api/client-server/definitions/errors/rate_limited.yaml
index aca82ce7bd9..1530458ba02 100644
--- a/api/client-server/definitions/errors/rate_limited.yaml
+++ b/data/api/client-server/definitions/errors/rate_limited.yaml
@@ -13,6 +13,7 @@
 # limitations under the License.
 $ref: error.yaml
 type: object
+title: RateLimitError
 description: The rate limit was reached for this request
 properties:
   errcode:
@@ -29,4 +30,4 @@ properties:
       The amount of time in milliseconds the client should wait
       before trying the request again.
     example: 2000
-required: ["errcode"]
\ No newline at end of file
+required: ["errcode"]
diff --git a/api/client-server/definitions/event.yaml b/data/api/client-server/definitions/event.yaml
similarity index 93%
rename from api/client-server/definitions/event.yaml
rename to data/api/client-server/definitions/event.yaml
index 7d5808b13c8..54af96f514f 100644
--- a/api/client-server/definitions/event.yaml
+++ b/data/api/client-server/definitions/event.yaml
@@ -44,8 +44,8 @@ properties:
         format: int64
         type: integer
       prev_content:
-        description: Optional. The previous ``content`` for this state. This will
-          be present only for state events appearing in the ``timeline``. If this
+        description: Optional. The previous `content` for this state. This will
+          be present only for state events appearing in the `timeline`. If this
           is not a state event, or there is no previous content, this key will be
           missing.
         title: EventContent
diff --git a/api/client-server/definitions/event_batch.yaml b/data/api/client-server/definitions/event_batch.yaml
similarity index 89%
rename from api/client-server/definitions/event_batch.yaml
rename to data/api/client-server/definitions/event_batch.yaml
index d169c355554..e326184c56d 100644
--- a/api/client-server/definitions/event_batch.yaml
+++ b/data/api/client-server/definitions/event_batch.yaml
@@ -17,7 +17,8 @@ properties:
     description: List of events.
     items:
       allOf:
-      - $ref: event-schemas/schema/core-event-schema/event.yaml
+      - $ref: ../../../event-schemas/schema/core-event-schema/event.yaml
       type: object
     type: array
 type: object
+title: EventBatch
diff --git a/api/client-server/definitions/event_filter.yaml b/data/api/client-server/definitions/event_filter.yaml
similarity index 88%
rename from api/client-server/definitions/event_filter.yaml
rename to data/api/client-server/definitions/event_filter.yaml
index 8c96917fda5..b68886931e6 100644
--- a/api/client-server/definitions/event_filter.yaml
+++ b/data/api/client-server/definitions/event_filter.yaml
@@ -19,14 +19,14 @@ properties:
   not_senders:
     description: A list of sender IDs to exclude. If this list is absent then no senders
       are excluded. A matching sender will be excluded even if it is listed in the
-      ``'senders'`` filter.
+      `'senders'` filter.
     items:
       type: string
     type: array
   not_types:
     description: A list of event types to exclude. If this list is absent then no
       event types are excluded. A matching type will be excluded even if it is listed
-      in the ``'types'`` filter. A '*' can be used as a wildcard to match any sequence
+      in the `'types'` filter. A '*' can be used as a wildcard to match any sequence
       of characters.
     items:
       type: string
@@ -39,7 +39,7 @@ properties:
     type: array
   types:
     description: A list of event types to include. If this list is absent then all
-      event types are included. A ``'*'`` can be used as a wildcard to match any sequence
+      event types are included. A `'*'` can be used as a wildcard to match any sequence
       of characters.
     items:
       type: string
diff --git a/api/client-server/definitions/key_backup_data.yaml b/data/api/client-server/definitions/key_backup_data.yaml
similarity index 92%
rename from api/client-server/definitions/key_backup_data.yaml
rename to data/api/client-server/definitions/key_backup_data.yaml
index 6a3b40423d4..c6e6b29e0ae 100644
--- a/api/client-server/definitions/key_backup_data.yaml
+++ b/data/api/client-server/definitions/key_backup_data.yaml
@@ -35,7 +35,7 @@ properties:
   session_data:
     description: |-
       Algorithm-dependent data.  See the documentation for the backup
-      algorithms in `Server-side key backups`_ for more information on the
+      algorithms in [Server-side key backups](/client-server-api/#server-side-key-backups) for more information on the
       expected format of the data.
     type: object
     example: {
diff --git a/api/client-server/definitions/openid_token.yaml b/data/api/client-server/definitions/openid_token.yaml
similarity index 90%
rename from api/client-server/definitions/openid_token.yaml
rename to data/api/client-server/definitions/openid_token.yaml
index b50fcd54c59..e74ddfff510 100644
--- a/api/client-server/definitions/openid_token.yaml
+++ b/data/api/client-server/definitions/openid_token.yaml
@@ -13,16 +13,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 type: object
+title: OpenIdCredentials
 properties:
   access_token:
     type: string
     description: |-
       An access token the consumer may use to verify the identity of
       the person who generated the token. This is given to the federation
-      API ``GET /openid/userinfo`` to verify the user's identity.
+      API `GET /openid/userinfo` to verify the user's identity.
   token_type:
     type: string
-    description: The string ``Bearer``.
+    description: The string `Bearer`.
   matrix_server_name:
     type: string
     description: |-
diff --git a/api/client-server/definitions/public_rooms_response.yaml b/data/api/client-server/definitions/public_rooms_response.yaml
similarity index 85%
rename from api/client-server/definitions/public_rooms_response.yaml
rename to data/api/client-server/definitions/public_rooms_response.yaml
index ab701051686..406f83b0e29 100644
--- a/api/client-server/definitions/public_rooms_response.yaml
+++ b/data/api/client-server/definitions/public_rooms_response.yaml
@@ -1,4 +1,4 @@
-# Copyright 2018 New Vector Ltd
+# Copyright 2018, 2021 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -68,7 +68,15 @@ properties:
             rules like any other user.
         avatar_url:
           type: string
+          format: uri
           description: The URL for the room's avatar, if one is set.
+        join_rule:
+          type: string
+          description: |-
+            The room's join rule. When not present, the room is assumed to
+            be `public`. Note that rooms with `invite` join rules are not
+            expected here, but rooms with `knock` rules are given their
+            near-public nature.
   next_batch:
     type: string
     description: |-
@@ -90,16 +98,17 @@ example: {
   "chunk": [
     {
       "aliases": ["#murrays:cheese.bar"],
-      "avatar_url": "mxc://bleeker.street/CHEDDARandBRIE",
+      "avatar_url": "mxc://bleecker.street/CHEDDARandBRIE",
       "guest_can_join": false,
       "name": "CHEESE",
       "num_joined_members": 37,
       "room_id": "!ol19s:bleecker.street",
       "topic": "Tasty tasty cheese",
-      "world_readable": true
+      "world_readable": true,
+      "join_rule": "public"
     }
   ],
   "next_batch": "p190q",
   "prev_batch": "p1902",
   "total_room_count_estimate": 115
-}
\ No newline at end of file
+}
diff --git a/api/client-server/definitions/push_condition.yaml b/data/api/client-server/definitions/push_condition.yaml
similarity index 74%
rename from api/client-server/definitions/push_condition.yaml
rename to data/api/client-server/definitions/push_condition.yaml
index 8752274e220..64d975ff21b 100644
--- a/api/client-server/definitions/push_condition.yaml
+++ b/data/api/client-server/definitions/push_condition.yaml
@@ -18,30 +18,30 @@ properties:
   kind:
     type: string
     description: |-
-      The kind of condition to apply. See `conditions <#conditions>`_ for
+      The kind of condition to apply. See [conditions](/client-server-api/#conditions) for
       more information on the allowed kinds and how they work.
   key:
     type: string
     description: |-
-      Required for ``event_match`` conditions. The dot-separated field of the
+      Required for `event_match` conditions. The dot-separated field of the
       event to match.
 
-      Required for ``sender_notification_permission`` conditions. The field in
+      Required for `sender_notification_permission` conditions. The field in
       the power level event the user needs a minimum power level for. Fields
-      must be specified under the ``notifications`` property in the power level
-      event's ``content``.
+      must be specified under the `notifications` property in the power level
+      event's `content`.
     x-example: content.body
   pattern:
     type: string
     description: |-
-      Required for ``event_match`` conditions. The glob-style pattern to
+      Required for `event_match` conditions. The glob-style pattern to
       match against. Patterns with no special glob characters should be
       treated as having asterisks prepended and appended when testing the
       condition.
   is:
     type: string
     description: |-
-      Required for ``room_member_count`` conditions. A decimal integer
+      Required for `room_member_count` conditions. A decimal integer
       optionally prefixed by one of, ==, <, >, >= or <=. A prefix of < matches
       rooms where the member count is strictly less than the given number and
       so forth. If no prefix is present, this parameter defaults to ==.
diff --git a/api/client-server/definitions/push_rule.yaml b/data/api/client-server/definitions/push_rule.yaml
similarity index 95%
rename from api/client-server/definitions/push_rule.yaml
rename to data/api/client-server/definitions/push_rule.yaml
index 14a9b7d41b3..06efad744b4 100644
--- a/api/client-server/definitions/push_rule.yaml
+++ b/data/api/client-server/definitions/push_rule.yaml
@@ -43,11 +43,11 @@ properties:
     description: |-
       The conditions that must hold true for an event in order for a rule to be
       applied to an event. A rule with no conditions always matches. Only
-      applicable to ``underride`` and ``override`` rules.
+      applicable to `underride` and `override` rules.
   pattern:
     type: string
     description: |-
-      The glob-style pattern to match against.  Only applicable to ``content``
+      The glob-style pattern to match against.  Only applicable to `content`
       rules.
 required:
   - actions
diff --git a/api/client-server/definitions/push_ruleset.yaml b/data/api/client-server/definitions/push_ruleset.yaml
similarity index 100%
rename from api/client-server/definitions/push_ruleset.yaml
rename to data/api/client-server/definitions/push_ruleset.yaml
diff --git a/api/client-server/definitions/request_email_validation.yaml b/data/api/client-server/definitions/request_email_validation.yaml
similarity index 91%
rename from api/client-server/definitions/request_email_validation.yaml
rename to data/api/client-server/definitions/request_email_validation.yaml
index d24c42b5d1f..d52ea18e9b6 100644
--- a/api/client-server/definitions/request_email_validation.yaml
+++ b/data/api/client-server/definitions/request_email_validation.yaml
@@ -24,7 +24,7 @@ allOf:
         3PID verification.
 
         This parameter is deprecated with a plan to be removed in a future specification
-        version for ``/account/password`` and ``/register`` requests.
+        version for `/account/password` and `/register` requests.
       example: "id.example.com"
     id_access_token:
       type: string
@@ -33,4 +33,4 @@ allOf:
         can treat this as optional to distinguish between r0.5-compatible clients
         and this specification version.
 
-        Required if an ``id_server`` is supplied.
+        Required if an `id_server` is supplied.
diff --git a/api/client-server/definitions/request_msisdn_validation.yaml b/data/api/client-server/definitions/request_msisdn_validation.yaml
similarity index 91%
rename from api/client-server/definitions/request_msisdn_validation.yaml
rename to data/api/client-server/definitions/request_msisdn_validation.yaml
index 54897e6388f..fba3a615d3f 100644
--- a/api/client-server/definitions/request_msisdn_validation.yaml
+++ b/data/api/client-server/definitions/request_msisdn_validation.yaml
@@ -24,7 +24,7 @@ allOf:
         3PID verification.
 
         This parameter is deprecated with a plan to be removed in a future specification
-        version for ``/account/password`` and ``/register`` requests.
+        version for `/account/password` and `/register` requests.
       example: "id.example.com"
     id_access_token:
       type: string
@@ -33,4 +33,4 @@ allOf:
         can treat this as optional to distinguish between r0.5-compatible clients
         and this specification version.
 
-        Required if an ``id_server`` is supplied.
+        Required if an `id_server` is supplied.
diff --git a/api/client-server/definitions/request_token_response.yaml b/data/api/client-server/definitions/request_token_response.yaml
similarity index 83%
rename from api/client-server/definitions/request_token_response.yaml
rename to data/api/client-server/definitions/request_token_response.yaml
index 45201a204d7..0f8c8cab9a7 100644
--- a/api/client-server/definitions/request_token_response.yaml
+++ b/data/api/client-server/definitions/request_token_response.yaml
@@ -12,26 +12,28 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 type: object
+title: RequestTokenResponse
 properties:
   sid:
     type: string
     description: |-
       The session ID. Session IDs are opaque strings that must consist entirely
-      of the characters ``[0-9a-zA-Z.=_-]``. Their length must not exceed 255
+      of the characters `[0-9a-zA-Z.=_-]`. Their length must not exceed 255
       characters and they must not be empty.
     example: "123abc"
   submit_url:
     type: string
+    format: uri
     description: |-
       An optional field containing a URL where the client must submit the
       validation token to, with identical parameters to the Identity Service
-      API's ``POST /validate/email/submitToken`` endpoint (without the requirement
+      API's `POST /validate/email/submitToken` endpoint (without the requirement
       for an access token). The homeserver must send this token to the user (if
       applicable), who should then be prompted to provide it to the client.
 
       If this field is not present, the client can assume that verification
       will happen without the client's involvement provided the homeserver
-      advertises this specification version in the ``/versions`` response
+      advertises this specification version in the `/versions` response
       (ie: r0.5.0).
     example: "https://example.org/path/to/submitToken"
 required: ['sid']
diff --git a/api/client-server/definitions/room_event_batch.yaml b/data/api/client-server/definitions/room_event_batch.yaml
similarity index 88%
rename from api/client-server/definitions/room_event_batch.yaml
rename to data/api/client-server/definitions/room_event_batch.yaml
index 7367198fe64..4a7dab193c1 100644
--- a/api/client-server/definitions/room_event_batch.yaml
+++ b/data/api/client-server/definitions/room_event_batch.yaml
@@ -16,7 +16,7 @@ properties:
     description: List of events.
     items:
       allOf:
-      - $ref: event-schemas/schema/core-event-schema/sync_room_event.yaml
+      - $ref: ../../../event-schemas/schema/core-event-schema/sync_room_event.yaml
       type: object
       required:
       - event_id
@@ -25,3 +25,4 @@ properties:
       - origin_server_ts
     type: array
 type: object
+title: RoomEventBatch
diff --git a/api/client-server/definitions/room_event_filter.yaml b/data/api/client-server/definitions/room_event_filter.yaml
similarity index 65%
rename from api/client-server/definitions/room_event_filter.yaml
rename to data/api/client-server/definitions/room_event_filter.yaml
index 880cb173bd7..8d96a165836 100644
--- a/api/client-server/definitions/room_event_filter.yaml
+++ b/data/api/client-server/definitions/room_event_filter.yaml
@@ -19,20 +19,20 @@ allOf:
     lazy_load_members:
       type: boolean
       description: |-
-        If ``true``, enables lazy-loading of membership events. See
-        `Lazy-loading room members <#lazy-loading-room-members>`_
-        for more information. Defaults to ``false``.
+        If `true`, enables lazy-loading of membership events. See
+        [Lazy-loading room members](/client-server-api/#lazy-loading-room-members)
+        for more information. Defaults to `false`.
     include_redundant_members:
       type: boolean
       description: |-
-        If ``true``, sends all membership events for all events, even if they have already
+        If `true`, sends all membership events for all events, even if they have already
         been sent to the client. Does not
-        apply unless ``lazy_load_members`` is ``true``. See
-        `Lazy-loading room members <#lazy-loading-room-members>`_
-        for more information. Defaults to ``false``.
+        apply unless `lazy_load_members` is `true`. See
+        [Lazy-loading room members](/client-server-api/#lazy-loading-room-members)
+        for more information. Defaults to `false`.
     not_rooms:
       description: A list of room IDs to exclude. If this list is absent then no rooms
-        are excluded. A matching room will be excluded even if it is listed in the ``'rooms'``
+        are excluded. A matching room will be excluded even if it is listed in the `'rooms'`
         filter.
       items:
         type: string
@@ -45,5 +45,5 @@ allOf:
       type: array
     contains_url:
       type: boolean
-      description: If ``true``, includes only events with a ``url`` key in their content. If
-        ``false``, excludes those events. If omitted, ``url`` key is not considered for filtering.
+      description: If `true`, includes only events with a `url` key in their content. If
+        `false`, excludes those events. If omitted, `url` key is not considered for filtering.
diff --git a/api/client-server/definitions/room_key_backup.yaml b/data/api/client-server/definitions/room_key_backup.yaml
similarity index 100%
rename from api/client-server/definitions/room_key_backup.yaml
rename to data/api/client-server/definitions/room_key_backup.yaml
diff --git a/api/client-server/definitions/security.yaml b/data/api/client-server/definitions/security.yaml
similarity index 88%
rename from api/client-server/definitions/security.yaml
rename to data/api/client-server/definitions/security.yaml
index bb78f0e334d..963e1d43535 100644
--- a/api/client-server/definitions/security.yaml
+++ b/data/api/client-server/definitions/security.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 accessToken:
   type: apiKey
-  description: The access_token returned by a call to ``/login`` or ``/register``
+  description: The access_token returned by a call to `/login` or `/register`
   name: access_token
   in: query
diff --git a/data/api/client-server/definitions/sso_login_flow.yaml b/data/api/client-server/definitions/sso_login_flow.yaml
new file mode 100644
index 00000000000..0dd011b3a7d
--- /dev/null
+++ b/data/api/client-server/definitions/sso_login_flow.yaml
@@ -0,0 +1,82 @@
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+type: object
+title: m.login.sso flow schema
+properties:
+  type:
+    type: enum
+    enum: ["m.login.sso"]
+    description: The string `m.login.sso`
+    example: "m.login.sso"
+  identity_providers:
+    type: array
+    description: |-
+      Optional identity providers (IdPs) to present to the user. These would
+      appear (typically) as distinct buttons for the user to interact with,
+      and would map to the appropriate IdP-dependent redirect endpoint for that
+      IdP.
+    example: [
+      {"id": "com.example.idp.github", "name": "GitHub", "brand": "github"},
+      {"id": "com.example.idp.gitlab", "name": "GitLab", "icon": "mxc://example.com/abc123"},
+    ]
+    items:
+      type: object
+      title: IdP
+      description: An identity provider.
+      properties:
+        id:
+          type: string
+          description: |-
+            Opaque string chosen by the homeserver, uniquely identifying
+            the IdP from other IdPs the homeserver might support. Should
+            be between 1 and 255 characters in length, containing unreserved
+            characters under [RFC 3986](http://www.ietf.org/rfc/rfc3986.txt)
+            (`ALPHA  DIGIT  "-" / "." / "_" / "~"`). Clients are not intended
+            to parse or infer meaning from opaque strings.
+          example: "com.example.idp.github"
+        name:
+          type: string
+          description: |-
+            Human readable description for the IdP, intended to be shown to
+            the user.
+          example: "Github"
+        icon:
+          type: string
+          description: |-
+            Optional MXC URI to provide an image/icon representing the IdP.
+            Intended to be shown alongside the `name` if provided.
+          example: "mxc://example.org/abc123"
+        brand:
+          type: string
+          # TODO @@TR: Actually link to "common identifier format" section when it exists.
+          description: |-
+            Optional UI hint for what kind of common SSO provider is being
+            described in this IdP. Matrix maintains a registry of identifiers
+            [in the matrix-doc repo](https://github.com/matrix-org/matrix-doc/blob/master/informal/idp-brands.md)
+            to ensure clients and servers are aligned on major/common brands.
+
+            Clients should prefer the `brand` over the `icon`, when both are
+            provided. Clients are not required to support any particular `brand`,
+            including those in the registry, though are expected to be able to
+            present any IdP based off the `name`/`icon` to the user regardless.
+
+            Unregistered brands are permitted using the Standard Identifier Format,
+            though excluding the namespace requirements. For example, `examplesso`
+            is a valid brand which is not in the registry but still permitted.
+            Servers should be mindful that clients might not support their unregistered
+            brand usage as intended by the server.
+          example: "github"
+      required: ['id', 'name']
+
+required: ['type']
diff --git a/api/client-server/definitions/state_event_batch.yaml b/data/api/client-server/definitions/state_event_batch.yaml
similarity index 88%
rename from api/client-server/definitions/state_event_batch.yaml
rename to data/api/client-server/definitions/state_event_batch.yaml
index db01ecb104f..f3966dcda73 100644
--- a/api/client-server/definitions/state_event_batch.yaml
+++ b/data/api/client-server/definitions/state_event_batch.yaml
@@ -16,7 +16,7 @@ properties:
     description: List of events.
     items:
       allOf:
-      - $ref: event-schemas/schema/core-event-schema/sync_state_event.yaml
+      - $ref: ../../../event-schemas/schema/core-event-schema/sync_state_event.yaml
       type: object
       required:
       - event_id
@@ -26,3 +26,4 @@ properties:
       - state_key
     type: array
 type: object
+title: StateEventBatch
diff --git a/api/client-server/definitions/sync_filter.yaml b/data/api/client-server/definitions/sync_filter.yaml
similarity index 94%
rename from api/client-server/definitions/sync_filter.yaml
rename to data/api/client-server/definitions/sync_filter.yaml
index fc37fb48b7b..0b4a8dca264 100644
--- a/api/client-server/definitions/sync_filter.yaml
+++ b/data/api/client-server/definitions/sync_filter.yaml
@@ -46,16 +46,16 @@ properties:
     properties:
       not_rooms:
         description: A list of room IDs to exclude. If this list is absent then no rooms
-          are excluded. A matching room will be excluded even if it is listed in the ``'rooms'``
-          filter. This filter is applied before the filters in ``ephemeral``,
-          ``state``, ``timeline`` or ``account_data``
+          are excluded. A matching room will be excluded even if it is listed in the `'rooms'`
+          filter. This filter is applied before the filters in `ephemeral`,
+          `state`, `timeline` or `account_data`
         items:
           type: string
         type: array
       rooms:
         description: A list of room IDs to include. If this list is absent then all rooms
-          are included. This filter is applied before the filters in ``ephemeral``,
-          ``state``, ``timeline`` or ``account_data``
+          are included. This filter is applied before the filters in `ephemeral`,
+          `state`, `timeline` or `account_data`
         items:
           type: string
         type: array
diff --git a/api/client-server/definitions/third_party_signed.yaml b/data/api/client-server/definitions/third_party_signed.yaml
similarity index 95%
rename from api/client-server/definitions/third_party_signed.yaml
rename to data/api/client-server/definitions/third_party_signed.yaml
index 7ce1a1d1a55..4af422b4bb8 100644
--- a/api/client-server/definitions/third_party_signed.yaml
+++ b/data/api/client-server/definitions/third_party_signed.yaml
@@ -14,7 +14,7 @@
 type: object
 title: Third Party Signed
 description: |-
-  A signature of an ``m.third_party_invite`` token to prove that this user
+  A signature of an `m.third_party_invite` token to prove that this user
   owns a third party identity which has been invited to the room.
 properties:
   sender:
diff --git a/api/client-server/definitions/timeline_batch.yaml b/data/api/client-server/definitions/timeline_batch.yaml
similarity index 70%
rename from api/client-server/definitions/timeline_batch.yaml
rename to data/api/client-server/definitions/timeline_batch.yaml
index abf93830dac..35632562895 100644
--- a/api/client-server/definitions/timeline_batch.yaml
+++ b/data/api/client-server/definitions/timeline_batch.yaml
@@ -16,11 +16,16 @@ allOf:
 - $ref: room_event_batch.yaml
 properties:
   limited:
-    description: True if the number of events returned was limited by the ``limit``
+    description: True if the number of events returned was limited by the `limit`
       on the filter.
     type: boolean
   prev_batch:
-    description: A token that can be supplied to the ``from`` parameter of the
-      rooms/{roomId}/messages endpoint.
+    description: A token that can be supplied to the `from` parameter of the
+      [`/rooms/<room_id>/messages`](#get_matrixclientr0roomsroomidmessages)
+      endpoint in order to retrieve earlier events.
+
+      If no earlier events are available, this property may be omitted from
+      the response.
     type: string
 type: object
+title: TimelineBatch
diff --git a/api/client-server/definitions/user_identifier.yaml b/data/api/client-server/definitions/user_identifier.yaml
similarity index 81%
rename from api/client-server/definitions/user_identifier.yaml
rename to data/api/client-server/definitions/user_identifier.yaml
index ce65053d7a4..7e6eca9c607 100644
--- a/api/client-server/definitions/user_identifier.yaml
+++ b/data/api/client-server/definitions/user_identifier.yaml
@@ -18,7 +18,7 @@ type: object
 properties:
   type:
     type: string
-    description: The type of identification.  See `Identifier types`_ for supported values and additional property descriptions.
+    description: The type of identification.  See [Identifier types](/client-server-api/#identifier-types) for supported values and additional property descriptions.
 required:
   - type
 additionalProperties: true
diff --git a/api/client-server/definitions/wellknown/full.yaml b/data/api/client-server/definitions/wellknown/full.yaml
similarity index 100%
rename from api/client-server/definitions/wellknown/full.yaml
rename to data/api/client-server/definitions/wellknown/full.yaml
diff --git a/api/client-server/definitions/wellknown/homeserver.yaml b/data/api/client-server/definitions/wellknown/homeserver.yaml
similarity index 98%
rename from api/client-server/definitions/wellknown/homeserver.yaml
rename to data/api/client-server/definitions/wellknown/homeserver.yaml
index 92ff34ed3c3..6f6d3cb9ae4 100644
--- a/api/client-server/definitions/wellknown/homeserver.yaml
+++ b/data/api/client-server/definitions/wellknown/homeserver.yaml
@@ -18,6 +18,7 @@ type: object
 properties:
   base_url:
     type: string
+    format: uri
     description: The base URL for the homeserver for client-server connections.
     example: https://matrix.example.com
 required:
diff --git a/api/client-server/definitions/wellknown/identity_server.yaml b/data/api/client-server/definitions/wellknown/identity_server.yaml
similarity index 98%
rename from api/client-server/definitions/wellknown/identity_server.yaml
rename to data/api/client-server/definitions/wellknown/identity_server.yaml
index a8f7c31cff0..a86ad8b1b95 100644
--- a/api/client-server/definitions/wellknown/identity_server.yaml
+++ b/data/api/client-server/definitions/wellknown/identity_server.yaml
@@ -18,6 +18,7 @@ type: object
 properties:
   base_url:
     type: string
+    format: uri
     description: The base URL for the identity server for client-server connections.
     example: https://identity.example.com
 required:
diff --git a/api/client-server/device_management.yaml b/data/api/client-server/device_management.yaml
similarity index 96%
rename from api/client-server/device_management.yaml
rename to data/api/client-server/device_management.yaml
index c42ebbd7c12..aeb1346adb4 100644
--- a/api/client-server/device_management.yaml
+++ b/data/api/client-server/device_management.yaml
@@ -137,7 +137,7 @@ paths:
     delete:
       summary: Delete a device
       description: |-
-        This API endpoint uses the `User-Interactive Authentication API`_.
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
 
         Deletes the given device, and invalidates any access token associated with it.
       operationId: deleteDevice
@@ -183,7 +183,7 @@ paths:
     post:
       summary: Bulk deletion of devices
       description: |-
-        This API endpoint uses the `User-Interactive Authentication API`_.
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
 
         Deletes the given devices, and invalidates any access token associated with them.
       operationId: deleteDevices
diff --git a/api/client-server/directory.yaml b/data/api/client-server/directory.yaml
similarity index 89%
rename from api/client-server/directory.yaml
rename to data/api/client-server/directory.yaml
index 7a08faf263d..1b01242d28c 100644
--- a/api/client-server/directory.yaml
+++ b/data/api/client-server/directory.yaml
@@ -132,12 +132,12 @@ paths:
         Servers may choose to implement additional access control checks here, for instance that
         room aliases can only be deleted by their creator or a server administrator.
 
-        .. Note::
-           Servers may choose to update the ``alt_aliases`` for the ``m.room.canonical_alias``
-           state event in the room when an alias is removed. Servers which choose to update the
-           canonical alias event are recommended to, in addition to their other relevant permission
-           checks, delete the alias and return a successful response even if the user does not
-           have permission to update the ``m.room.canonical_alias`` event.
+        **Note:**
+        Servers may choose to update the `alt_aliases` for the `m.room.canonical_alias`
+        state event in the room when an alias is removed. Servers which choose to update the
+        canonical alias event are recommended to, in addition to their other relevant permission
+        checks, delete the alias and return a successful response even if the user does not
+        have permission to update the `m.room.canonical_alias` event.
 
       operationId: deleteRoomAlias
       security:
@@ -176,18 +176,18 @@ paths:
         given room.
 
         This endpoint can be called by users who are in the room (external
-        users receive an ``M_FORBIDDEN`` error response). If the room's
-        ``m.room.history_visibility`` maps to ``world_readable``, any
+        users receive an `M_FORBIDDEN` error response). If the room's
+        `m.room.history_visibility` maps to `world_readable`, any
         user can call this endpoint.
 
         Servers may choose to implement additional access control checks here,
         such as allowing server administrators to view aliases regardless of
         membership.
 
-        .. Note::
-           Clients are recommended not to display this list of aliases prominently
-           as they are not curated, unlike those listed in the ``m.room.canonical_alias``
-           state event.
+        **Note:**
+        Clients are recommended not to display this list of aliases prominently
+        as they are not curated, unlike those listed in the `m.room.canonical_alias`
+        state event.
 
       operationId: getLocalAliases
       security:
diff --git a/api/client-server/event_context.yaml b/data/api/client-server/event_context.yaml
similarity index 77%
rename from api/client-server/event_context.yaml
rename to data/api/client-server/event_context.yaml
index 5fbfc19899a..03e38fe14ae 100644
--- a/api/client-server/event_context.yaml
+++ b/data/api/client-server/event_context.yaml
@@ -36,7 +36,7 @@ paths:
         surrounding an event.
 
         *Note*: This endpoint supports lazy-loading of room member events. See
-        `Lazy-loading room members <#lazy-loading-room-members>`_ for more information.
+        [Lazy-loading room members](/client-server-api/#lazy-loading-room-members) for more information.
       operationId: getEventContext
       security:
         - accessToken: []
@@ -63,13 +63,13 @@ paths:
           name: filter
           type: string
           description: |-
-            A JSON ``RoomEventFilter`` to filter the returned events with. The
-            filter is only applied to ``events_before``, ``events_after``, and
-            ``state``. It is not applied to the ``event`` itself. The filter may 
-            be applied before or/and after the ``limit`` parameter - whichever the 
+            A JSON `RoomEventFilter` to filter the returned events with. The
+            filter is only applied to `events_before`, `events_after`, and
+            `state`. It is not applied to the `event` itself. The filter may
+            be applied before or/and after the `limit` parameter - whichever the
             homeserver prefers.
 
-            See `Filtering <#filtering>`_ for more information.
+            See [Filtering](/client-server-api/#filtering) for more information.
           x-example: "66696p746572"
       responses:
         200:
@@ -93,12 +93,12 @@ paths:
                   requested event, in reverse-chronological order.
                 items:
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
               event:
                 description: |-
                   Details of the requested event.
                 allOf:
-                  - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                  - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
               events_after:
                 type: array
                 description: |-
@@ -106,43 +106,43 @@ paths:
                   requested event, in chronological order.
                 items:
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
               state:
                 type: array
                 description: |-
                   The state of the room at the last event returned.
                 items:
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/state_event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/state_event.yaml"
           examples:
             application/json: {
               "end": "t29-57_2_0_2",
               "events_after": [
                 {
                   "room_id": "!636q39766251:example.com",
-                  "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                  "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                 }
               ],
               "event": {
                 "event_id": "$f3h4d129462ha:example.com",
                 "room_id": "!636q39766251:example.com",
-                "$ref": "definitions/event-schemas/examples/m.room.message$m.image"
+                "$ref": "../../event-schemas/examples/m.room.message$m.image.yaml"
               },
               "events_before": [
                 {
                   "room_id": "!636q39766251:example.com",
-                  "$ref": "definitions/event-schemas/examples/m.room.message$m.file"
+                  "$ref": "../../event-schemas/examples/m.room.message$m.file.yaml"
                 }
               ],
               "start": "t27-54_2_0_2",
               "state": [
                 {
                   "room_id": "!636q39766251:example.com",
-                  "$ref": "definitions/event-schemas/examples/m.room.create"
+                  "$ref": "../../event-schemas/examples/m.room.create.yaml"
                 },
                 {
                   "room_id": "!636q39766251:example.com",
-                  "$ref": "definitions/event-schemas/examples/m.room.member"
+                  "$ref": "../../event-schemas/examples/m.room.member.yaml"
                 }
               ]
             }
diff --git a/api/client-server/filter.yaml b/data/api/client-server/filter.yaml
similarity index 98%
rename from api/client-server/filter.yaml
rename to data/api/client-server/filter.yaml
index bf9396e2f68..0a12e2bbb73 100644
--- a/api/client-server/filter.yaml
+++ b/data/api/client-server/filter.yaml
@@ -88,7 +88,7 @@ paths:
                 type: string
                 description: |-
                   The ID of the filter that was created. Cannot start
-                  with a ``{`` as this character is used to determine
+                  with a `{` as this character is used to determine
                   if the filter provided is inline JSON or a previously
                   declared filter by homeservers on some APIs.
                 example: "66696p746572"
diff --git a/api/client-server/inviting.yaml b/data/api/client-server/inviting.yaml
similarity index 81%
rename from api/client-server/inviting.yaml
rename to data/api/client-server/inviting.yaml
index dfa66b9b0da..b099b3ef26b 100644
--- a/api/client-server/inviting.yaml
+++ b/data/api/client-server/inviting.yaml
@@ -33,12 +33,10 @@ paths:
     post:
       summary: Invite a user to participate in a particular room.
       description: |-
-        .. _invite-by-user-id-endpoint:
-
         *Note that there are two forms of this API, which are documented separately.
         This version of the API requires that the inviter knows the Matrix
         identifier of the invitee. The other is documented in the*
-        `third party invites section`_.
+        [third party invites section](/client-server-api/#post_matrixclientr0roomsroomidinvite-1).
 
         This API invites a user to participate in a particular room.
         They do not start participating in the room until they actually join the
@@ -48,9 +46,8 @@ paths:
         join that room.
 
         If the user was invited to the room, the homeserver will append a
-        ``m.room.member`` event to the room.
+        `m.room.member` event to the room.
 
-        .. _third party invites section: `invite-by-third-party-id-endpoint`_
       operationId: inviteUser
       security:
         - accessToken: []
@@ -67,12 +64,18 @@ paths:
           schema:
             type: object
             example: {
-                "user_id": "@cheeky_monkey:matrix.org"
-              }
+              "user_id": "@cheeky_monkey:matrix.org",
+              "reason": "Welcome to the team!"
+            }
             properties:
               user_id:
                 type: string
                 description: The fully qualified user ID of the invitee.
+              reason:
+                type: string
+                description: |-
+                  Optional reason to be included as the `reason` on the subsequent
+                  membership event.
             required: ["user_id"]
       responses:
         200:
@@ -85,20 +88,20 @@ paths:
         400:
           description: |-
 
-            The request is invalid. A meaningful ``errcode`` and description
+            The request is invalid. A meaningful `errcode` and description
             error text will be returned. Example reasons for rejection include:
 
-            - The request body is malformed (``errcode`` set to ``M_BAD_JSON``
-              or ``M_NOT_JSON``).
+            - The request body is malformed (`errcode` set to `M_BAD_JSON`
+              or `M_NOT_JSON`).
 
             - One or more users being invited to the room are residents of a
               homeserver which does not support the requested room version. The
-              ``errcode`` will be ``M_UNSUPPORTED_ROOM_VERSION`` in these cases.
+              `errcode` will be `M_UNSUPPORTED_ROOM_VERSION` in these cases.
           schema:
             "$ref": "definitions/errors/error.yaml"
         403:
           description: |-
-            You do not have permission to invite the user to the room. A meaningful ``errcode`` and description error text will be returned. Example reasons for rejections are:
+            You do not have permission to invite the user to the room. A meaningful `errcode` and description error text will be returned. Example reasons for rejections are:
 
             - The invitee has been banned from the room.
             - The invitee is already a member of the room.
diff --git a/api/client-server/joining.yaml b/data/api/client-server/joining.yaml
similarity index 81%
rename from api/client-server/joining.yaml
rename to data/api/client-server/joining.yaml
index 5f14f52834e..e56d6adac70 100644
--- a/api/client-server/joining.yaml
+++ b/data/api/client-server/joining.yaml
@@ -32,7 +32,7 @@ paths:
       summary: Start the requesting user participating in a particular room.
       description: |-
         *Note that this API requires a room ID, not alias.*
-        ``/join/{roomIdOrAlias}`` *exists if you have a room alias.*
+        `/join/{roomIdOrAlias}` *exists if you have a room alias.*
 
         This API starts a user participating in a particular room, if that user
         is allowed to participate in that room. After this call, the client is
@@ -40,7 +40,8 @@ paths:
         events associated with the room until the user leaves the room.
 
         After a user has joined a room, the room will appear as an entry in the
-        response of the |/initialSync|_ and |/sync|_ APIs.
+        response of the [`/initialSync`](/client-server-api/#get_matrixclientr0initialsync)
+        and [`/sync`](/client-server-api/#get_matrixclientr0sync) APIs.
       operationId: joinRoomById
       security:
         - accessToken: []
@@ -52,7 +53,7 @@ paths:
           required: true
           x-example: "!d41d8cd:matrix.org"
         - in: body
-          name: third_party_signed
+          name: body
           required: true
           schema:
             type: object
@@ -62,14 +63,20 @@ paths:
                 - $ref: "definitions/third_party_signed.yaml"
                 description: |-
                   If supplied, the homeserver must verify that it matches a pending
-                  ``m.room.third_party_invite`` event in the room, and perform
+                  `m.room.third_party_invite` event in the room, and perform
                   key validity checking if required by the event.
+              reason:
+                type: string
+                description: |-
+                  Optional reason to be included as the `reason` on the subsequent
+                  membership event.
+                example: "Looking for support"
       responses:
         200:
           description: |-
             The room has been joined.
 
-            The joined room ID must be returned in the ``room_id`` field.
+            The joined room ID must be returned in the `room_id` field.
           examples:
             application/json: {
               "room_id": "!d41d8cd:matrix.org"}
@@ -82,7 +89,7 @@ paths:
             required: ["room_id"]
         403:
           description: |-
-            You do not have permission to join the room. A meaningful ``errcode``
+            You do not have permission to join the room. A meaningful `errcode`
             and description error text will be returned. Example reasons for rejection are:
 
             - The room is invite-only and the user was not invited.
@@ -102,7 +109,7 @@ paths:
     post:
       summary: Start the requesting user participating in a particular room.
       description: |-
-        *Note that this API takes either a room ID or alias, unlike* ``/room/{roomId}/join``.
+        *Note that this API takes either a room ID or alias, unlike* `/room/{roomId}/join`.
 
         This API starts a user participating in a particular room, if that user
         is allowed to participate in that room. After this call, the client is
@@ -110,7 +117,8 @@ paths:
         events associated with the room until the user leaves the room.
 
         After a user has joined a room, the room will appear as an entry in the
-        response of the |/initialSync|_ and |/sync|_ APIs.
+        response of the [`/initialSync`](/client-server-api/#get_matrixclientr0initialsync)
+        and [`/sync`](/client-server-api/#get_matrixclientr0sync) APIs.
       operationId: joinRoom
       security:
         - accessToken: []
@@ -131,7 +139,7 @@ paths:
             must be participating in the room.
           x-example: ["matrix.org", "elsewhere.ca"]
         - in: body
-          name: third_party_signed
+          name: body
           required: true
           schema:
             type: object
@@ -140,15 +148,21 @@ paths:
                 allOf:
                   - $ref: "definitions/third_party_signed.yaml"
                 description: |-
-                  If a ``third_party_signed`` was supplied, the homeserver must verify
-                  that it matches a pending ``m.room.third_party_invite`` event in the
+                  If a `third_party_signed` was supplied, the homeserver must verify
+                  that it matches a pending `m.room.third_party_invite` event in the
                   room, and perform key validity checking if required by the event.
+              reason:
+                type: string
+                description: |-
+                  Optional reason to be included as the `reason` on the subsequent
+                  membership event.
+                example: "Looking for support"
       responses:
         200:
           description: |-
             The room has been joined.
 
-            The joined room ID must be returned in the ``room_id`` field.
+            The joined room ID must be returned in the `room_id` field.
           examples:
             application/json: {
               "room_id": "!d41d8cd:matrix.org"}
@@ -161,7 +175,7 @@ paths:
             required: ["room_id"]
         403:
           description: |-
-            You do not have permission to join the room. A meaningful ``errcode``
+            You do not have permission to join the room. A meaningful `errcode`
             and description error text will be returned. Example reasons for rejection are:
 
             - The room is invite-only and the user was not invited.
diff --git a/api/client-server/key_backup.yaml b/data/api/client-server/key_backup.yaml
similarity index 87%
rename from api/client-server/key_backup.yaml
rename to data/api/client-server/key_backup.yaml
index 682372d7939..4385179130c 100644
--- a/api/client-server/key_backup.yaml
+++ b/data/api/client-server/key_backup.yaml
@@ -51,7 +51,7 @@ paths:
               auth_data:
                 description: |-
                   Algorithm-dependent data. See the documentation for the backup
-                  algorithms in `Server-side key backups`_ for more information on the
+                  algorithms in [Server-side key backups](/client-server-api/#server-side-key-backups) for more information on the
                   expected format of the data.
                 type: object
                 example: {
@@ -106,7 +106,7 @@ paths:
               auth_data:
                 description: |-
                   Algorithm-dependent data. See the documentation for the backup
-                  algorithms in `Server-side key backups`_ for more information on the
+                  algorithms in [Server-side key backups](/client-server-api/#server-side-key-backups) for more information on the
                   expected format of the data.
                 type: object
                 example: {
@@ -124,7 +124,7 @@ paths:
               etag:
                 description: |-
                   An opaque string representing stored keys in the backup.
-                  Clients can compare it with the ``etag`` value they received
+                  Clients can compare it with the `etag` value they received
                   in the request of their last key storage request.  If not
                   equal, another client has modified the backup.
                 type: string
@@ -168,9 +168,10 @@ paths:
           type: string
           name: version
           description: |-
-            The backup version to get, as returned in the ``version`` parameter
-            of the response in `POST /_matrix/client/r0/room_keys/version`_ or
-            this endpoint.
+            The backup version to get, as returned in the `version` parameter
+            of the response in
+            [`POST /_matrix/client/r0/room_keys/version`](/client-server/#post_matrixclientr0room_keysversion)
+            or this endpoint.
           required: true
           x-example: "1"
       responses:
@@ -188,7 +189,7 @@ paths:
               auth_data:
                 description: |-
                   Algorithm-dependent data. See the documentation for the backup
-                  algorithms in `Server-side key backups`_ for more information on the
+                  algorithms in [Server-side key backups](/client-server-api/#server-side-key-backups) for more information on the
                   expected format of the data.
                 type: object
                 example: {
@@ -206,7 +207,7 @@ paths:
               etag:
                 description: |-
                   An opaque string representing stored keys in the backup.
-                  Clients can compare it with the ``etag`` value they received
+                  Clients can compare it with the `etag` value they received
                   in the request of their last key storage request.  If not
                   equal, another client has modified the backup.
                 type: string
@@ -240,7 +241,7 @@ paths:
     put:
       summary: Update information about an existing backup.
       description: |-
-        Update information about an existing backup.  Only ``auth_data`` can be modified.
+        Update information about an existing backup.  Only `auth_data` can be modified.
       operationId: putRoomKeysVersion
       security:
         - accessToken: []
@@ -249,10 +250,10 @@ paths:
           type: string
           name: version
           description: |-
-            The backup version to update, as returned in the ``version``
-            parameter in the response of `POST
-            /_matrix/client/r0/room_keys/version`_ or `GET
-            /_matrix/client/r0/room_keys/version/{version}`_.
+            The backup version to update, as returned in the `version`
+            parameter in the response of
+            [`POST /_matrix/client/r0/room_keys/version`](/client-server-api/#post_matrixclientr0room_keysversion)
+            or [`GET /_matrix/client/r0/room_keys/version/{version}`](/client-server-api/#get_matrixclientr0room_keysversionversion).
           required: true
           x-example: "1"
         - in: body
@@ -272,7 +273,7 @@ paths:
               auth_data:
                 description: |-
                   Algorithm-dependent data. See the documentation for the backup
-                  algorithms in `Server-side key backups`_ for more information on the
+                  algorithms in [Server-side key backups](/client-server-api/#server-side-key-backups) for more information on the
                   expected format of the data.
                 type: object
                 example: {
@@ -300,9 +301,9 @@ paths:
             properties: {}
         400:
           description: |-
-            A parameter was incorrect.  For example, the ``algorithm`` does not
-            match the current backup algorithm, or the ``version`` in the body
-            does not match the ``version`` in the path.
+            A parameter was incorrect.  For example, the `algorithm` does not
+            match the current backup algorithm, or the `version` in the body
+            does not match the `version` in the path.
           examples:
             application/json: {
               "errcode": "M_INVALID_PARAM",
@@ -338,10 +339,10 @@ paths:
           type: string
           name: version
           description: |-
-            The backup version to delete, as returned in the ``version``
-            parameter in the response of `POST
-            /_matrix/client/r0/room_keys/version`_ or `GET
-            /_matrix/client/r0/room_keys/version/{version}`_.
+            The backup version to delete, as returned in the `version`
+            parameter in the response of
+            [`POST /_matrix/client/r0/room_keys/version`](/client-server-api/#post_matrixclientr0room_keysversion)
+            or [`GET /_matrix/client/r0/room_keys/version/{version}`](/client-server-api/#get_matrixclientr0room_keysversionversion).
           required: true
           x-example: "1"
       responses:
@@ -374,7 +375,7 @@ paths:
       summary: Store a key in the backup.
       description: |-
         Store a key in the backup.
-      operationId: postRoomKeysKeyRoomIdSessionId
+      operationId: putRoomKeysBySessionId
       security:
         - accessToken: []
       parameters:
@@ -408,11 +409,12 @@ paths:
           description: The update succeeded.
           schema:
             type: object
+            title: RoomKeysUpdateResponse
             properties:
               etag:
                 description: |-
                   The new etag value representing stored keys in the backup.
-                  See ``GET /room_keys/version/{version}`` for more details.
+                  See `GET /room_keys/version/{version}` for more details.
                 type: string
                 example: "abcdefg"
               count:
@@ -425,7 +427,7 @@ paths:
         403:
           description: |-
             The version specified does not match the current backup version.
-            The current version will be included in the ``current_version``
+            The current version will be included in the `current_version`
             field.
           examples:
             application/json: {
@@ -442,10 +444,10 @@ paths:
       tags:
         - End-to-end encryption
     get:
-      summary: Retrieve a key from the backup
+      summary: Retrieve a key from the backup.
       description: |-
         Retrieve a key from the backup.
-      operationId: getRoomKeysKeyRoomIdSessionId
+      operationId: getRoomKeysBySessionId
       security:
         - accessToken: []
       parameters:
@@ -486,11 +488,13 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - End-to-end encryption
     delete:
-      summary: Delete a key from the backup
+      summary: Delete a key from the backup.
       description: |-
         Delete a key from the backup.
-      operationId: deleteRoomKeysKeyRoomIdSessionId
+      operationId: deleteRoomKeysBySessionId
       security:
         - accessToken: []
       parameters:
@@ -518,11 +522,12 @@ paths:
           description: The update succeeded
           schema:
             type: object
+            title: RoomKeysUpdateResponse
             properties:
               etag:
                 description: |-
                   The new etag value representing stored keys in the backup.
-                  See ``GET /room_keys/version/{version}`` for more details.
+                  See `GET /room_keys/version/{version}` for more details.
                 type: string
                 example: "abcdefg"
               count:
@@ -546,12 +551,14 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - End-to-end encryption
   "/room_keys/keys/{roomId}":
     put:
       summary: Store several keys in the backup for a given room.
       description: |-
-        Store a key in the backup.
-      operationId: postRoomKeysKeyRoomId
+        Store several keys in the backup for a given room.
+      operationId: putRoomKeysByRoomId
       security:
         - accessToken: []
       parameters:
@@ -579,11 +586,12 @@ paths:
           description: The update succeeded
           schema:
             type: object
+            title: RoomKeysUpdateResponse
             properties:
               etag:
                 description: |-
                   The new etag value representing stored keys in the backup.
-                  See ``GET /room_keys/version/{version}`` for more details.
+                  See `GET /room_keys/version/{version}` for more details.
                 type: string
                 example: "abcdefg"
               count:
@@ -596,7 +604,7 @@ paths:
         403:
           description: |-
             The version specified does not match the current backup version.
-            The current version will be included in the ``current_version``
+            The current version will be included in the `current_version`
             field.
           examples:
             application/json: {
@@ -623,10 +631,10 @@ paths:
       tags:
         - End-to-end encryption
     get:
-      summary: Retrieve the keys from the backup for a given room
+      summary: Retrieve the keys from the backup for a given room.
       description: |-
-        Retrieve the keys from the backup for a given room
-      operationId: getRoomKeysKeyRoomId
+        Retrieve the keys from the backup for a given room.
+      operationId: getRoomKeysByRoomId
       security:
         - accessToken: []
       parameters:
@@ -647,7 +655,7 @@ paths:
         200:
           description: |-
             The key data.  If no keys are found, then an object with an empty
-            ``sessions`` property will be returned (``{"sessions": {}}``).
+            `sessions` property will be returned (`{"sessions": {}}`).
           schema:
             type: object
             $ref: "definitions/room_key_backup.yaml"
@@ -665,11 +673,13 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - End-to-end encryption
     delete:
-      summary: Delete a key from the backup
+      summary: Delete the keys from the backup for a given room.
       description: |-
-        Delete a key from the backup.
-      operationId: deleteRoomKeysKeyRoomId
+        Delete the keys from the backup for a given room.
+      operationId: deleteRoomKeysByRoomId
       security:
         - accessToken: []
       parameters:
@@ -691,11 +701,12 @@ paths:
           description: The update succeeded
           schema:
             type: object
+            title: RoomKeysUpdateResponse
             properties:
               etag:
                 description: |-
                   The new etag value representing stored keys in the backup.
-                  See ``GET /room_keys/version/{version}`` for more details.
+                  See `GET /room_keys/version/{version}` for more details.
                 type: string
                 example: "abcdefg"
               count:
@@ -719,12 +730,14 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - End-to-end encryption
   "/room_keys/keys":
     put:
       summary: Store several keys in the backup.
       description: |-
         Store several keys in the backup.
-      operationId: postRoomKeysKey
+      operationId: putRoomKeys
       security:
         - accessToken: []
       parameters:
@@ -772,11 +785,12 @@ paths:
           description: The update succeeded
           schema:
             type: object
+            title: RoomKeysUpdateResponse
             properties:
               etag:
                 description: |-
                   The new etag value representing stored keys in the backup.
-                  See ``GET /room_keys/version/{version}`` for more details.
+                  See `GET /room_keys/version/{version}` for more details.
                 type: string
                 example: "abcdefg"
               count:
@@ -789,7 +803,7 @@ paths:
         403:
           description: |-
             The version specified does not match the current backup version.
-            The current version will be included in the ``current_version``
+            The current version will be included in the `current_version`
             field.
           examples:
             application/json: {
@@ -816,10 +830,10 @@ paths:
       tags:
         - End-to-end encryption
     get:
-      summary: Retrieve the keys from the backup for a given room
+      summary: Retrieve the keys from the backup.
       description: |-
-        Retrieve the keys from the backup for a given room
-      operationId: getRoomKeysKeyRoomId
+        Retrieve the keys from the backup.
+      operationId: getRoomKeys
       security:
         - accessToken: []
       parameters:
@@ -834,7 +848,7 @@ paths:
         200:
           description: |-
             The key data.  If no keys are found, then an object with an empty
-            ``rooms`` property will be returned (``{"rooms": {}}``).
+            `rooms` property will be returned (`{"rooms": {}}`).
           schema:
             type: object
             properties:
@@ -874,11 +888,13 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - End-to-end encryption
     delete:
-      summary: Delete a key from the backup
+      summary: Delete the keys from the backup.
       description: |-
-        Delete a key from the backup.
-      operationId: deleteRoomKeysKeyRoomId
+        Delete the keys from the backup.
+      operationId: deleteRoomKeys
       security:
         - accessToken: []
       parameters:
@@ -894,11 +910,12 @@ paths:
           description: The update succeeded
           schema:
             type: object
+            title: RoomKeysUpdateResponse
             properties:
               etag:
                 description: |-
                   The new etag value representing stored keys in the backup.
-                  See ``GET /room_keys/version/{version}`` for more details.
+                  See `GET /room_keys/version/{version}` for more details.
                 type: string
                 example: "abcdefg"
               count:
@@ -922,3 +939,5 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - End-to-end encryption
diff --git a/api/client-server/keys.yaml b/data/api/client-server/keys.yaml
similarity index 78%
rename from api/client-server/keys.yaml
rename to data/api/client-server/keys.yaml
index d92dff03315..e0788b6ba90 100644
--- a/api/client-server/keys.yaml
+++ b/data/api/client-server/keys.yaml
@@ -1,5 +1,6 @@
 # Copyright 2016 OpenMarket Ltd
 # Copyright 2018 New Vector Ltd
+# Copyright 2020 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -56,8 +57,8 @@ paths:
                 description: |-
                   One-time public keys for "pre-key" messages.  The names of
                   the properties should be in the format
-                  ``<algorithm>:<key_id>``. The format of the key is determined
-                  by the `key algorithm <#key-algorithms>`_.
+                  `<algorithm>:<key_id>`. The format of the key is determined
+                  by the [key algorithm](/client-server-api/#key-algorithms).
 
                   May be absent if no new one-time keys are required.
                 additionalProperties:
@@ -183,7 +184,7 @@ paths:
 
                   If the homeserver could be reached, but the user or device
                   was unknown, no failure is recorded. Instead, the corresponding
-                  user or device is missing from the ``device_keys`` result.
+                  user or device is missing from the `device_keys` result.
                 additionalProperties:
                   type: object
                 example: {}
@@ -193,7 +194,7 @@ paths:
                   Information on the queried devices. A map from user ID, to a
                   map from device ID to device information.  For each device,
                   the information returned will be the same as uploaded via
-                  ``/keys/upload``, with the addition of an ``unsigned``
+                  `/keys/upload`, with the addition of an `unsigned`
                   property.
                 additionalProperties:
                   type: object
@@ -236,7 +237,76 @@ paths:
                         "device_display_name": "Alice's mobile phone"
                       }
                     }
-
+              master_keys:
+                type: object
+                description: |-
+                  Information on the master cross-signing keys of the queried users.
+                  A map from user ID, to master key information.  For each key, the
+                  information returned will be the same as uploaded via
+                  `/keys/device_signing/upload`, along with the signatures
+                  uploaded via `/keys/signatures/upload` that the requesting user
+                  is allowed to see.
+                additionalProperties:
+                  allOf:
+                    - $ref: definitions/cross_signing_key.yaml
+                example: {
+                  "@alice:example.com": {
+                    "user_id": "@alice:example.com",
+                    "usage": ["master"],
+                    "keys": {
+                      "ed25519:base64+master+public+key": "base64+master+public+key",
+                    }
+                  }
+                }
+              self_signing_keys:
+                type: object
+                description: |-
+                  Information on the self-signing keys of the queried users. A map
+                  from user ID, to self-signing key information.  For each key, the
+                  information returned will be the same as uploaded via
+                  `/keys/device_signing/upload`.
+                additionalProperties:
+                  allOf:
+                    - $ref: definitions/cross_signing_key.yaml
+                example: {
+                  "@alice:example.com": {
+                    "user_id": "@alice:example.com",
+                    "usage": ["self_signing"],
+                    "keys": {
+                      "ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
+                    },
+                    "signatures": {
+                      "@alice:example.com": {
+                        "ed25519:base64+master+public+key": "signature+of+self+signing+key"
+                      }
+                    }
+                  }
+                }
+              user_signing_keys:
+                type: object
+                description: |-
+                  Information on the user-signing key of the user making the
+                  request, if they queried their own device information. A map
+                  from user ID, to user-signing key information.  The
+                  information returned will be the same as uploaded via
+                  `/keys/device_signing/upload`.
+                additionalProperties:
+                  allOf:
+                    - $ref: definitions/cross_signing_key.yaml
+                example: {
+                  "@alice:example.com": {
+                    "user_id": "@alice:example.com",
+                    "usage": ["user_signing"],
+                    "keys": {
+                      "ed25519:base64+user+signing+public+key": "base64+user+signing+master+public+key",
+                    },
+                    "signatures": {
+                      "@alice:example.com": {
+                        "ed25519:base64+master+public+key": "signature+of+user+signing+key"
+                      }
+                    }
+                  }
+                }
       tags:
         - End-to-end encryption
   "/keys/claim":
@@ -294,7 +364,7 @@ paths:
 
                   If the homeserver could be reached, but the user or device
                   was unknown, no failure is recorded. Instead, the corresponding
-                  user or device is missing from the ``one_time_keys`` result.
+                  user or device is missing from the `one_time_keys` result.
                 additionalProperties:
                   type: object
                 example: {}
@@ -302,9 +372,9 @@ paths:
                 type: object
                 description: |-
                   One-time keys for the queried devices. A map from user ID, to a
-                  map from devices to a map from ``<algorithm>:<key_id>`` to the key object.
+                  map from devices to a map from `<algorithm>:<key_id>` to the key object.
 
-                  See the `key algorithms <#key-algorithms>`_ section for information
+                  See the [key algorithms](/client-server-api/#key-algorithms) section for information
                   on the Key Object format.
                 additionalProperties:
                   type: object
@@ -355,9 +425,9 @@ paths:
         The server should include in the results any users who:
 
         * currently share a room with the calling user (ie, both users have
-          membership state ``join``); *and*
+          membership state `join`); *and*
         * added new device identity keys or removed an existing device with
-          identity keys, between ``from`` and ``to``.
+          identity keys, between `from` and `to`.
       operationId: getKeysChanges
       security:
         - accessToken: []
@@ -366,8 +436,8 @@ paths:
           name: from
           type: string
           description: |-
-             The desired start point of the list. Should be the ``next_batch`` field
-             from a response to an earlier call to |/sync|. Users who have not
+             The desired start point of the list. Should be the `next_batch` field
+             from a response to an earlier call to [`/sync`](/client-server-api/#get_matrixclientr0sync). Users who have not
              uploaded new device identity keys since this point, nor deleted
              existing devices with identity keys since then, will be excluded
              from the results.
@@ -377,8 +447,8 @@ paths:
           name: to
           type: string
           description: |-
-             The desired end point of the list. Should be the ``next_batch``
-             field from a recent call to |/sync| - typically the most recent
+             The desired end point of the list. Should be the `next_batch`
+             field from a recent call to [`/sync`](/client-server-api/#get_matrixclientr0sync) - typically the most recent
              such call. This may be used by the server as a hint to check its
              caches are up to date.
           required: true
diff --git a/api/client-server/kicking.yaml b/data/api/client-server/kicking.yaml
similarity index 88%
rename from api/client-server/kicking.yaml
rename to data/api/client-server/kicking.yaml
index fd3f16986af..bf6738e1f95 100644
--- a/api/client-server/kicking.yaml
+++ b/data/api/client-server/kicking.yaml
@@ -34,10 +34,10 @@ paths:
         Kick a user from the room.
 
         The caller must have the required power level in order to perform this operation.
-        
-        Kicking a user adjusts the target member's membership state to be ``leave`` with an
-        optional ``reason``. Like with other membership changes, a user can directly adjust
-        the target member's state by making a request to ``/rooms/<room id>/state/m.room.member/<user id>``.
+
+        Kicking a user adjusts the target member's membership state to be `leave` with an
+        optional `reason`. Like with other membership changes, a user can directly adjust
+        the target member's state by making a request to `/rooms/<room id>/state/m.room.member/<user id>`.
       operationId: kick
       security:
         - accessToken: []
@@ -64,8 +64,8 @@ paths:
               reason:
                 type: string
                 description: |-
-                  The reason the user has been kicked. This will be supplied as the 
-                  ``reason`` on the target's updated `m.room.member`_ event.
+                  The reason the user has been kicked. This will be supplied as the
+                  `reason` on the target's updated [`m.room.member`](/client-server-api/#mroommember) event.
             required: ["user_id"]
       responses:
         200:
@@ -77,7 +77,7 @@ paths:
             type: object
         403:
           description: |-
-            You do not have permission to kick the user from the room. A meaningful ``errcode`` and
+            You do not have permission to kick the user from the room. A meaningful `errcode` and
             description error text will be returned. Example reasons for rejections are:
 
             - The kicker is not currently in the room.
diff --git a/data/api/client-server/knocking.yaml b/data/api/client-server/knocking.yaml
new file mode 100644
index 00000000000..0db92d5e767
--- /dev/null
+++ b/data/api/client-server/knocking.yaml
@@ -0,0 +1,124 @@
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+swagger: '2.0'
+info:
+  title: "Matrix Client-Server Room Knocking API"
+  version: "1.0.0"
+host: localhost:8008
+schemes:
+  - https
+  - http
+basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%
+consumes:
+  - application/json
+produces:
+  - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
+paths:
+  "/knock/{roomIdOrAlias}":
+    post:
+      summary: Knock on a room, requesting permission to join.
+      description: |-
+        *Note that this API takes either a room ID or alias, unlike other membership APIs.*
+
+        This API "knocks" on the room to ask for permission to join, if the user
+        is allowed to knock on the room. Acceptance of the knock happens out of
+        band from this API, meaning that the client will have to watch for updates
+        regarding the acceptance/rejection of the knock.
+
+        If the room history settings allow, the user will still be able to see
+        history of the room while being in the "knock" state. The user will have
+        to accept the invitation to join the room (acceptance of knock) to see
+        messages reliably. See the `/join` endpoints for more information about
+        history visibility to the user.
+
+        The knock will appear as an entry in the response of the
+        [`/sync`](/client-server-api/#get_matrixclientr0sync) API.
+      operationId: knockRoom
+      security:
+        - accessToken: []
+      parameters:
+        - in: path
+          type: string
+          name: roomIdOrAlias
+          description: The room identifier or alias to knock upon.
+          required: true
+          x-example: "#monkeys:matrix.org"
+        - in: query
+          type: array
+          items:
+            type: string
+          name: server_name
+          description: |-
+            The servers to attempt to knock on the room through. One of the servers
+            must be participating in the room.
+          x-example: ["matrix.org", "elsewhere.ca"]
+        - in: body
+          name: body
+          required: true
+          schema:
+            type: object
+            properties:
+              reason:
+                type: string
+                description: |-
+                  Optional reason to be included as the `reason` on the subsequent
+                  membership event.
+                example: "Looking for support"
+      responses:
+        200:
+          description: |-
+            The room has been knocked upon.
+
+            The knocked room ID must be returned in the `room_id` field.
+          examples:
+            application/json: {
+              "room_id": "!d41d8cd:matrix.org"
+            }
+          schema:
+            type: object
+            properties:
+              room_id:
+                type: string
+                description: The knocked room ID.
+            required: ["room_id"]
+        403:
+          description: |-
+            You do not have permission to knock on the room. A meaningful `errcode`
+            and description error text will be returned. Example reasons for rejection are:
+
+            - The room is not set up for knocking.
+            - The user has been banned from the room.
+          examples:
+            application/json: {
+              "errcode": "M_FORBIDDEN", "error": "You are not allowed to knock on this room."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
+        404:
+          description: |-
+            The room could not be found or resolved to a room ID.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND", "error": "That room does not appear to exist."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
+        429:
+          description: This request was rate-limited.
+          schema:
+            "$ref": "definitions/errors/rate_limited.yaml"
+      tags:
+        - Room membership
diff --git a/api/client-server/leaving.yaml b/data/api/client-server/leaving.yaml
similarity index 89%
rename from api/client-server/leaving.yaml
rename to data/api/client-server/leaving.yaml
index 513b5b4d143..f3d3b486057 100644
--- a/api/client-server/leaving.yaml
+++ b/data/api/client-server/leaving.yaml
@@ -52,6 +52,20 @@ paths:
           description: The room identifier to leave.
           required: true
           x-example: "!nkl290a:matrix.org"
+        - in: body
+          name: body
+          required: true
+          schema:
+            type: object
+            example: {
+              "reason": "Saying farewell - thanks for the support!"
+            }
+            properties:
+              reason:
+                type: string
+                description: |-
+                  Optional reason to be included as the `reason` on the subsequent
+                  membership event.
       responses:
         200:
           description: |-
diff --git a/api/client-server/list_joined_rooms.yaml b/data/api/client-server/list_joined_rooms.yaml
similarity index 95%
rename from api/client-server/list_joined_rooms.yaml
rename to data/api/client-server/list_joined_rooms.yaml
index 19ad8649994..b34f3d5d28b 100644
--- a/api/client-server/list_joined_rooms.yaml
+++ b/data/api/client-server/list_joined_rooms.yaml
@@ -45,7 +45,7 @@ paths:
               joined_rooms:
                 type: array
                 description: |-
-                  The ID of each room in which the user has ``joined`` membership.
+                  The ID of each room in which the user has `joined` membership.
                 items:
                   type: string
           examples:
diff --git a/api/client-server/list_public_rooms.yaml b/data/api/client-server/list_public_rooms.yaml
similarity index 96%
rename from api/client-server/list_public_rooms.yaml
rename to data/api/client-server/list_public_rooms.yaml
index 222b412a46a..87806e04a98 100644
--- a/api/client-server/list_public_rooms.yaml
+++ b/data/api/client-server/list_public_rooms.yaml
@@ -48,7 +48,7 @@ paths:
                 type: string
                 enum: ['private', 'public']
                 description: The visibility of the room in the directory.
-          examples: 
+          examples:
             application/json: {
               "visibility": "public"
             }
@@ -61,6 +61,8 @@ paths:
             }
           schema:
             "$ref": "definitions/errors/error.yaml"
+      tags:
+        - Room discovery
     put:
       summary: Sets the visibility of a room in the room directory
       description: |-
@@ -68,7 +70,7 @@ paths:
         directory.
 
         Servers may choose to implement additional access control checks
-        here, for instance that room visibility can only be changed by 
+        here, for instance that room visibility can only be changed by
         the room creator or a server administrator.
       operationId: setRoomVisibilityOnDirectory
       security:
@@ -92,7 +94,7 @@ paths:
                 type: string
                 enum: ["private", "public"]
                 description: |-
-                  The new visibility setting for the room. 
+                  The new visibility setting for the room.
                   Defaults to 'public'.
             example: {
                "visibility": "public"
@@ -100,7 +102,7 @@ paths:
       responses:
         200:
           description: The visibility was updated, or no change was needed.
-          examples: 
+          examples:
             application/json: {}
         404:
           description: The room is not known to the server
@@ -111,6 +113,8 @@ paths:
             }
           schema:
             "$ref": "definitions/errors/error.yaml"
+      tags:
+        - Room discovery
   "/publicRooms":
     get:
       summary: Lists the public rooms on the server.
@@ -204,10 +208,10 @@ paths:
                 type: string
                 description: |-
                   The specific third party network/protocol to request from the
-                  homeserver. Can only be used if ``include_all_networks`` is false.
+                  homeserver. Can only be used if `include_all_networks` is false.
                 example: "irc"
             example: {
-              "limit": 10, 
+              "limit": 10,
               "filter": {
                 "generic_search_term": "foo"
               },
diff --git a/api/client-server/login.yaml b/data/api/client-server/login.yaml
similarity index 84%
rename from api/client-server/login.yaml
rename to data/api/client-server/login.yaml
index 7844172f356..14aa3aafce7 100644
--- a/api/client-server/login.yaml
+++ b/data/api/client-server/login.yaml
@@ -33,7 +33,7 @@ paths:
       summary: Get the supported login types to authenticate users
       description: |-
         Gets the homeserver's supported login types to authenticate users. Clients
-        should pick one of these and supply it as the ``type`` when logging in.
+        should pick one of these and supply it as the `type` when logging in.
       operationId: getLoginFlows
       responses:
         200:
@@ -56,7 +56,7 @@ paths:
                   properties:
                     type:
                       description: |-
-                        The login type. This is supplied as the ``type`` when
+                        The login type. This is supplied as the `type` when
                         logging in.
                       type: string
         429:
@@ -71,13 +71,13 @@ paths:
         Authenticates the user, and issues an access token they can
         use to authorize themself in subsequent requests.
 
-        If the client does not supply a ``device_id``, the server must
+        If the client does not supply a `device_id`, the server must
         auto-generate one.
 
-        The returned access token must be associated with the ``device_id``
+        The returned access token must be associated with the `device_id`
         supplied by the client or generated by the server. The server may
         invalidate any access token previously associated with that device. See
-        `Relationship between access tokens and devices`_.
+        [Relationship between access tokens and devices](/client-server-api/#relationship-between-access-tokens-and-devices).
       operationId: login
       parameters:
         - in: body
@@ -103,33 +103,36 @@ paths:
                 "$ref": "definitions/user_identifier.yaml"
               user:
                 type: string
-                description: The fully qualified user ID or just local part of the user ID, to log in.  Deprecated in favour of ``identifier``.
+                description: The fully qualified user ID or just local part of the user ID, to log in.  Deprecated in favour of `identifier`.
               medium:
                 type: string
-                description: When logging in using a third party identifier, the medium of the identifier. Must be 'email'.  Deprecated in favour of ``identifier``.
+                description: When logging in using a third party identifier, the medium of the identifier. Must be 'email'.  Deprecated in favour of `identifier`.
               address:
                 type: string
-                description: Third party identifier for the user.  Deprecated in favour of ``identifier``.
+                description: Third party identifier for the user.  Deprecated in favour of `identifier`.
               password:
                 type: string
                 description: |-
-                  Required when ``type`` is ``m.login.password``. The user's
+                  Required when `type` is `m.login.password`. The user's
                   password.
               token:
                 type: string
                 description: |-
-                  Required when ``type`` is ``m.login.token``. Part of `Token-based`_ login.
+                  Required when `type` is `m.login.token`. Part of Token-based login.
               device_id:
                 type: string
                 description: |-
                   ID of the client device. If this does not correspond to a
-                  known client device, a new device will be created. The server
-                  will auto-generate a device_id if this is not specified.
+                  known client device, a new device will be created. The given
+                  device ID must not be the same as a
+                  [cross-signing](/client-server-api/#cross-signing) key ID.
+                  The server will auto-generate a device_id
+                  if this is not specified.
               initial_device_display_name:
                 type: string
                 description: |-
                   A display name to assign to the newly-created device. Ignored
-                  if ``device_id`` corresponds to a known device.
+                  if `device_id` corresponds to a known device.
             required: ["type"]
 
       responses:
@@ -167,8 +170,8 @@ paths:
                   been registered.
 
                   **Deprecated**. Clients should extract the server_name from
-                  ``user_id`` (by splitting at the first colon) if they require
-                  it. Note also that ``homeserver`` is not spelt this way.
+                  `user_id` (by splitting at the first colon) if they require
+                  it. Note also that `homeserver` is not spelt this way.
               device_id:
                 type: string
                 description: |-
@@ -195,8 +198,10 @@ paths:
         403:
           description: |-
             The login attempt failed. This can include one of the following error codes:
-              * ``M_FORBIDDEN``: The provided authentication data was incorrect.
-              * ``M_USER_DEACTIVATED``: The user has been deactivated.
+              * `M_FORBIDDEN`: The provided authentication data was incorrect
+                or the requested device ID is the same as a cross-signing key
+                ID.
+              * `M_USER_DEACTIVATED`: The user has been deactivated.
           examples:
             application/json: {
               "errcode": "M_FORBIDDEN"
diff --git a/api/client-server/logout.yaml b/data/api/client-server/logout.yaml
similarity index 87%
rename from api/client-server/logout.yaml
rename to data/api/client-server/logout.yaml
index 747a57b9f20..7be4f51c3f5 100644
--- a/api/client-server/logout.yaml
+++ b/data/api/client-server/logout.yaml
@@ -33,7 +33,7 @@ paths:
       description: |-
         Invalidates an existing access token, so that it can no longer be used for
         authorization. The device associated with the access token is also deleted.
-        `Device keys <#device-keys>`_ for the device are deleted alongside the device.
+        [Device keys](/client-server-api/#device-keys) for the device are deleted alongside the device.
       operationId: logout
       security:
         - accessToken: []
@@ -51,10 +51,10 @@ paths:
       description: |-
         Invalidates all access tokens for a user, so that they can no longer be used for
         authorization. This includes the access token that made this request. All devices
-        for the user are also deleted. `Device keys <#device-keys>`_ for the device are
+        for the user are also deleted. [Device keys](/client-server-api/#device-keys) for the device are
         deleted alongside the device.
 
-        This endpoint does not use the `User-Interactive Authentication API`_ because
+        This endpoint does not use the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api) because
         User-Interactive Authentication is designed to protect against attacks where the
         someone gets hold of a single access token then takes over the account. This
         endpoint invalidates all access tokens for the user, including the token used in
diff --git a/api/client-server/message_pagination.yaml b/data/api/client-server/message_pagination.yaml
similarity index 61%
rename from api/client-server/message_pagination.yaml
rename to data/api/client-server/message_pagination.yaml
index 425240e3cb2..c3c8d8882b1 100644
--- a/api/client-server/message_pagination.yaml
+++ b/data/api/client-server/message_pagination.yaml
@@ -35,7 +35,7 @@ paths:
         pagination query parameters to paginate history in the room.
 
         *Note*: This endpoint supports lazy-loading of room member events. See
-        `Lazy-loading room members <#lazy-loading-room-members>`_ for more information.
+        [Lazy-loading room members](/client-server-api/#lazy-loading-room-members) for more information.
       operationId: getRoomEvents
       security:
         - accessToken: []
@@ -51,9 +51,12 @@ paths:
           name: from
           description: |-
             The token to start returning events from. This token can be obtained
-            from a ``prev_batch`` token returned for each room by the sync API,
-            or from a ``start`` or ``end`` token returned by a previous request
-            to this endpoint.
+            from a `prev_batch` or `next_batch` token returned by the `/sync` endpoint,
+            or from an `end` token returned by a previous request to this endpoint.
+
+            This endpoint can also accept a value returned as a `start` token
+            by a previous request to this endpoint, though servers are not 
+            required to support this. Clients should not rely on the behaviour.
           required: true
           x-example: "s345_678_333"
         - in: query
@@ -61,16 +64,18 @@ paths:
           name: to
           description: |-
             The token to stop returning events at. This token can be obtained from
-            a ``prev_batch`` token returned for each room by the sync endpoint,
-            or from a ``start`` or ``end`` token returned by a previous request to
-            this endpoint.
+            a `prev_batch` or `next_batch` token returned by the `/sync` endpoint,
+            or from an `end` token returned by a previous request to this endpoint.
           required: false
         - in: query
           type: string
           enum: ["b", "f"]
           name: dir
           description: |-
-            The direction to return events from.
+            The direction to return events from. If this is set to `f`, events
+            will be returned in chronological order starting at `from`. If it
+            is set to `b`, events will be returned in *reverse* chronolgical
+            order, again starting at `from`.
           required: true
           x-example: "b"
         - in: query
@@ -96,35 +101,45 @@ paths:
               start:
                 type: string
                 description: |-
-                  The token the pagination starts from. If ``dir=b`` this will be
-                  the token supplied in ``from``.
+                  A token corresponding to the start of `chunk`. This will be the same as
+                  the value given in `from`.
               end:
                 type: string
                 description: |-
-                  The token the pagination ends at. If ``dir=b`` this token should
-                  be used again to request even earlier events.
+                  A token corresponding to the end of `chunk`. This token can be passed
+                  back to this endpoint to request further events.
+
+                  If no further events are available (either because we have
+                  reached the start of the timeline, or because the user does
+                  not have permission to see any more events), this property
+                  is omitted from the response.
               chunk:
                 type: array
                 description: |-
-                  A list of room events. The order depends on the ``dir`` parameter.
-                  For ``dir=b`` events will be in reverse-chronological order,
-                  for ``dir=f`` in chronological order, so that events start
-                  at the ``from`` point.
+                  A list of room events. The order depends on the `dir` parameter.
+                  For `dir=b` events will be in reverse-chronological order,
+                  for `dir=f` in chronological order. (The exact definition of `chronological`
+                  is dependent on the server implementation.)
+
+                  Note that an empty `chunk` does not *necessarily* imply that no more events
+                  are available. Clients should continue to paginate until no `end` property
+                  is returned.
                 items:
-                  "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                  "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
               state:
                 type: array
                 description: |-
-                  A list of state events relevant to showing the ``chunk``. For example, if
-                  ``lazy_load_members`` is enabled in the filter then this may contain
-                  the membership events for the senders of events in the ``chunk``.
+                  A list of state events relevant to showing the `chunk`. For example, if
+                  `lazy_load_members` is enabled in the filter then this may contain
+                  the membership events for the senders of events in the `chunk`.
 
-                  Unless ``include_redundant_members`` is ``true``, the server
+                  Unless `include_redundant_members` is `true`, the server
                   may remove membership events which would have already been
                   sent to the client in prior calls to this endpoint, assuming
                   the membership of those members has not changed.
                 items:
-                  $ref: "definitions/event-schemas/schema/core-event-schema/state_event.yaml"
+                  $ref: "../../event-schemas/schema/core-event-schema/state_event.yaml"
+            required: [start, chunk]
           examples:
             application/json: {
                 "start": "t47429-4392820_219380_26003_2265",
@@ -132,15 +147,15 @@ paths:
                 "chunk": [
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                    "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                   },
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.name"
+                    "$ref": "../../event-schemas/examples/m.room.name.yaml"
                   },
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.message$m.video"
+                    "$ref": "../../event-schemas/examples/m.room.message$m.video.yaml"
                   }
                 ]
               }
diff --git a/api/client-server/notifications.yaml b/data/api/client-server/notifications.yaml
similarity index 88%
rename from api/client-server/notifications.yaml
rename to data/api/client-server/notifications.yaml
index 8679cb91805..0176a9b4d00 100644
--- a/api/client-server/notifications.yaml
+++ b/data/api/client-server/notifications.yaml
@@ -41,7 +41,9 @@ paths:
         - in: query
           type: string
           name: from
-          description: Pagination token given to retrieve the next set of events.
+          description: |-
+            Pagination token to continue from. This should be the `next_token`
+            returned from an earlier call to this endpoint.
           required: false
           x-example: "xxxxx"
         - in: query
@@ -54,7 +56,7 @@ paths:
           name: only
           type: string
           description: |-
-            Allows basic filtering of events returned. Supply ``highlight``
+            Allows basic filtering of events returned. Supply `highlight`
             to return only events where the notification had the highlight
             tweak set.
           required: false
@@ -75,7 +77,7 @@ paths:
                     "room_id": "!abcdefg:example.com",
                     "ts": 1475508881945,
                     "event": {
-                      "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                      "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                     }
                   }
                 ]
@@ -87,8 +89,8 @@ paths:
               next_token:
                 type: string
                 description: |-
-                  The token to supply in the ``from`` param of the next
-                  ``/notifications`` request in order to request more
+                  The token to supply in the `from` param of the next
+                  `/notifications` request in order to request more
                   events. If this is absent, there are no more results.
               notifications:
                 type: array
@@ -101,7 +103,7 @@ paths:
                       type: array
                       description: |-
                         The action(s) to perform when the conditions for this rule are met.
-                        See `Push Rules: API`_.
+                        See [Push Rules: API](/client-server-api/#push-rules-api).
                       items:
                         type:
                         - object
diff --git a/api/client-server/old_sync.yaml b/data/api/client-server/old_sync.yaml
similarity index 71%
rename from api/client-server/old_sync.yaml
rename to data/api/client-server/old_sync.yaml
index a79c3b322be..d961077be5a 100644
--- a/api/client-server/old_sync.yaml
+++ b/data/api/client-server/old_sync.yaml
@@ -32,12 +32,12 @@ paths:
       summary: Listen on the event stream.
       description: |-
         This will listen for new events and return them to the caller. This will
-        block until an event is received, or until the ``timeout`` is reached.
+        block until an event is received, or until the `timeout` is reached.
 
         This endpoint was deprecated in r0 of this specification. Clients
-        should instead call the |/sync|_ API with a ``since`` parameter. See
-        the `migration guide
-        <https://matrix.org/docs/guides/client-server-migrating-from-v1.html#deprecated-endpoints>`_.
+        should instead call the [`/sync`](/client-server-api/#get_matrixclientr0sync)
+        endpoint with a `since` parameter. See
+        the [migration guide](https://matrix.org/docs/guides/migrating-from-client-server-api-v-1#deprecated-endpoints).
       operationId: getEvents
       security:
         - accessToken: []
@@ -64,7 +64,7 @@ paths:
                 "start": "s3456_9_0",
                 "end": "s3457_9_0",
                 "chunk": [
-                  {"$ref": "definitions/event-schemas/examples/m.room.message$m.text"}
+                  {"$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"}
                 ]
               }
           schema:
@@ -73,13 +73,13 @@ paths:
               start:
                 type: string
                 description: |-
-                  A token which correlates to the first value in ``chunk``. This
-                  is usually the same token supplied to ``from=``.
+                  A token which correlates to the start of `chunk`. This
+                  is usually the same token supplied to `from=`.
               end:
                 type: string
                 description: |-
-                  A token which correlates to the last value in ``chunk``. This
-                  token should be used in the next request to ``/events``.
+                  A token which correlates to the end of `chunk`. This
+                  token should be used in the next request to `/events`.
               chunk:
                 type: array
                 description: "An array of events."
@@ -87,9 +87,9 @@ paths:
                   type: object
                   title: Event
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
         400:
-          description: "Bad pagination ``from`` parameter."
+          description: "Bad pagination `from` parameter."
       tags:
         - Room participation
       deprecated: true
@@ -101,9 +101,9 @@ paths:
         number of messages per room to return.
 
         This endpoint was deprecated in r0 of this specification. Clients
-        should instead call the |/sync|_ API with no ``since`` parameter. See
-        the `migration guide
-        <https://matrix.org/docs/guides/client-server-migrating-from-v1.html#deprecated-endpoints>`_.
+        should instead call the [`/sync`](/client-server-api/#get_matrixclientr0sync)
+        endpoint with no `since` parameter. See
+        the [migration guide](https://matrix.org/docs/guides/migrating-from-client-server-api-v-1#deprecated-endpoints).
       operationId: initialSync
       security:
         - accessToken: []
@@ -118,10 +118,10 @@ paths:
           type: boolean
           name: archived
           description: |-
-            Whether to include rooms that the user has left. If ``false`` then
+            Whether to include rooms that the user has left. If `false` then
             only rooms that the user has been invited to or has joined are
-            included. If set to ``true`` then rooms that the user has left are
-            included as well. By default this is ``false``.
+            included. If set to `true` then rooms that the user has left are
+            included as well. By default this is `false`.
           required: false
           x-example: "true"
       responses:
@@ -131,7 +131,7 @@ paths:
             application/json: {
                   "end": "s3456_9_0",
                   "presence": [
-                      {"$ref": "definitions/event-schemas/examples/m.presence"}
+                      {"$ref": "../../event-schemas/examples/m.presence.yaml"}
                   ],
                   "account_data": [
                     {
@@ -148,11 +148,11 @@ paths:
                               "chunk": [
                                   {
                                     "room_id": "!TmaZBKYIFrIPVGoUYp:localhost",
-                                    "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                                    "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                                   },
                                   {
                                     "room_id": "!TmaZBKYIFrIPVGoUYp:localhost",
-                                    "$ref": "definitions/event-schemas/examples/m.room.message$m.video"
+                                    "$ref": "../../event-schemas/examples/m.room.message$m.video.yaml"
                                   }
                               ],
                               "end": "s3456_9_0",
@@ -162,19 +162,19 @@ paths:
                           "state": [
                               {
                                 "room_id": "!TmaZBKYIFrIPVGoUYp:localhost",
-                                "$ref": "definitions/event-schemas/examples/m.room.join_rules"
+                                "$ref": "../../event-schemas/examples/m.room.join_rules.yaml"
                               },
                               {
                                 "room_id": "!TmaZBKYIFrIPVGoUYp:localhost",
-                                "$ref": "definitions/event-schemas/examples/m.room.member"
+                                "$ref": "../../event-schemas/examples/m.room.member.yaml"
                               },
                               {
                                 "room_id": "!TmaZBKYIFrIPVGoUYp:localhost",
-                                "$ref": "definitions/event-schemas/examples/m.room.create"
+                                "$ref": "../../event-schemas/examples/m.room.create.yaml"
                               },
                               {
                                 "room_id": "!TmaZBKYIFrIPVGoUYp:localhost",
-                                "$ref": "definitions/event-schemas/examples/m.room.power_levels"
+                                "$ref": "../../event-schemas/examples/m.room.power_levels.yaml"
                               }
                           ],
                           "visibility": "private",
@@ -199,8 +199,8 @@ paths:
               end:
                 type: string
                 description: |-
-                  A token which correlates to the last value in ``chunk``. This
-                  token should be used with the ``/events`` API to listen for new
+                  A token which correlates to the end of the timelines returned. This
+                  token should be used with the `/events` endpoint to listen for new
                   events.
               presence:
                 type: array
@@ -209,7 +209,7 @@ paths:
                   type: object
                   title: Event
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/event.yaml"
               rooms:
                 type: array
                 items:
@@ -226,9 +226,9 @@ paths:
                     invite:
                         type: object
                         title: "InviteEvent"
-                        description: "The invite event if ``membership`` is ``invite``"
+                        description: "The invite event if `membership` is `invite`"
                         allOf:
-                          - "$ref": "definitions/event-schemas/schema/m.room.member"
+                          - "$ref": "../../event-schemas/schema/m.room.member.yaml"
                     messages:
                       type: object
                       title: PaginationChunk
@@ -237,13 +237,20 @@ paths:
                         start:
                           type: string
                           description: |-
-                            A token which correlates to the first value in ``chunk``.
-                            Used for pagination.
+                            A token which correlates to the start of `chunk`.
+                            Can be passed to
+                            [`/rooms/<room_id>/messages`](#get_matrixclientr0roomsroomidmessages)
+                            to retrieve earlier events.
+
+                            If no earlier events are available, this property may be omitted from
+                            the response.
                         end:
                           type: string
                           description: |-
-                            A token which correlates to the last value in ``chunk``.
-                            Used for pagination.
+                            A token which correlates to the end of `chunk`.
+                            Can be passed to
+                            [`/rooms/<room_id>/messages`](#get_matrixclientr0roomsroomidmessages)
+                            to retrieve later events.
                         chunk:
                           type: array
                           description: |-
@@ -251,13 +258,13 @@ paths:
                             list of the most recent messages for this room. If
                             the user has left the room this will be the
                             messages that preceeded them leaving. This array
-                            will consist of at most ``limit`` elements.
+                            will consist of at most `limit` elements.
                           items:
                             type: object
                             title: RoomEvent
                             allOf:
-                              - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
-                      required: ["start", "end", "chunk"]
+                              - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
+                      required: ["end", "chunk"]
                     state:
                       type: array
                       description: |-
@@ -269,12 +276,12 @@ paths:
                         title: StateEvent
                         type: object
                         allOf:
-                          - "$ref": "definitions/event-schemas/schema/core-event-schema/state_event.yaml"
+                          - "$ref": "../../event-schemas/schema/core-event-schema/state_event.yaml"
                     visibility:
                       type: string
                       enum: ["private", "public"]
                       description: |-
-                        Whether this room is visible to the ``/publicRooms`` API
+                        Whether this room is visible to the `/publicRooms` API
                         or not."
                     account_data:
                       type: array
@@ -285,7 +292,7 @@ paths:
                         title: Event
                         type: object
                         allOf:
-                          - "$ref": "definitions/event-schemas/schema/core-event-schema/event.yaml"
+                          - "$ref": "../../event-schemas/schema/core-event-schema/event.yaml"
                   required: ["room_id", "membership"]
               account_data:
                 type: array
@@ -295,7 +302,7 @@ paths:
                   title: Event
                   type: object
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/event.yaml"
             required: ["end", "rooms", "presence"]
         404:
           description: There is no avatar URL for this user or this user does not exist.
@@ -306,12 +313,13 @@ paths:
     get:
       summary: Get a single event by event ID.
       description: |-
-        Get a single event based on ``event_id``. You must have permission to
+        Get a single event based on `event_id`. You must have permission to
         retrieve this event e.g. by being a member in the room for this event.
 
         This endpoint was deprecated in r0 of this specification. Clients
-        should instead call the |/rooms/{roomId}/event/{eventId}|_ API
-        or the |/rooms/{roomId}/context/{eventId}|_ API.
+        should instead call the
+        [/rooms/{roomId}/event/{eventId}](/client-server-api/#get_matrixclientr0roomsroomideventeventid) API
+        or the [/rooms/{roomId}/context/{eventId](/client-server-api/#get_matrixclientr0roomsroomidcontexteventid) API.
       operationId: getOneEvent
       security:
         - accessToken: []
@@ -326,10 +334,10 @@ paths:
         200:
           description: The full event.
           examples:
-            application/json: {"$ref": "definitions/event-schemas/examples/m.room.message$m.text"}
+            application/json: {"$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"}
           schema:
             allOf:
-              - "$ref": "definitions/event-schemas/schema/core-event-schema/event.yaml"
+              - "$ref": "../../event-schemas/schema/core-event-schema/event.yaml"
         404:
           description: The event was not found or you do not have permission to read this event.
       tags:
diff --git a/api/client-server/openid.yaml b/data/api/client-server/openid.yaml
similarity index 91%
rename from api/client-server/openid.yaml
rename to data/api/client-server/openid.yaml
index 98a2449e644..ef76e3d09f2 100644
--- a/api/client-server/openid.yaml
+++ b/data/api/client-server/openid.yaml
@@ -37,7 +37,7 @@ paths:
         OpenID.
 
         The access token generated is only valid for the OpenID API. It cannot
-        be used to request another OpenID access token or call ``/sync``, for
+        be used to request another OpenID access token or call `/sync`, for
         example.
       operationId: requestOpenIdToken
       security:
@@ -62,8 +62,9 @@ paths:
         200:
           description: |-
             OpenID token information. This response is nearly compatible with the
-            response documented in the `OpenID Connect 1.0 Specification <http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse>`_
-            with the only difference being the lack of an ``id_token``. Instead,
+            response documented in the
+            [OpenID Connect 1.0 Specification](http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse)
+            with the only difference being the lack of an `id_token`. Instead,
             the Matrix homeserver's name is provided.
           examples:
             application/json: {
diff --git a/api/client-server/peeking_events.yaml b/data/api/client-server/peeking_events.yaml
similarity index 77%
rename from api/client-server/peeking_events.yaml
rename to data/api/client-server/peeking_events.yaml
index feac36f4b9e..0bf303ef1b0 100644
--- a/api/client-server/peeking_events.yaml
+++ b/data/api/client-server/peeking_events.yaml
@@ -27,18 +27,20 @@ produces:
 securityDefinitions:
   $ref: definitions/security.yaml
 paths:
-  "/events":
+  # With an extra " " to disambiguate from the getEvents endpoint
+  # The extra space makes it sort first for what I'm sure is a good reason.
+  "/events ":
     get:
-      summary: Listen on the event stream.
+      summary: Listen on the event stream of a particular room.
       description: |-
         This will listen for new events related to a particular room and return
         them to the caller. This will block until an event is received, or until
-        the ``timeout`` is reached.
+        the `timeout` is reached.
 
-        This API is the same as the normal ``/events`` endpoint, but can be
+        This API is the same as the normal `/events` endpoint, but can be
         called by users who have not joined the room.
 
-        Note that the normal ``/events`` endpoint has been deprecated. This
+        Note that the normal `/events` endpoint has been deprecated. This
         API will also be deprecated at some point, but its replacement is not
         yet known.
       operationId: peekEvents
@@ -76,7 +78,7 @@ paths:
                 "chunk": [
                   {
                     "room_id": "!somewhere:over.the.rainbow",
-                    "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                    "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                   }
                 ]
               }
@@ -86,13 +88,13 @@ paths:
               start:
                 type: string
                 description: |-
-                  A token which correlates to the first value in ``chunk``. This
-                  is usually the same token supplied to ``from=``.
+                  A token which correlates to the first value in `chunk`. This
+                  is usually the same token supplied to `from=`.
               end:
                 type: string
                 description: |-
-                  A token which correlates to the last value in ``chunk``. This
-                  token should be used in the next request to ``/events``.
+                  A token which correlates to the last value in `chunk`. This
+                  token should be used in the next request to `/events`.
               chunk:
                 type: array
                 description: "An array of events."
@@ -100,7 +102,8 @@ paths:
                   type: object
                   title: Event
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
         400:
-          description: "Bad pagination ``from`` parameter."
-        # No tags to exclude this from the swagger UI - use the normal version instead.
+          description: "Bad pagination `from` parameter."
+      tags:
+        - Room participation
diff --git a/api/client-server/presence.yaml b/data/api/client-server/presence.yaml
similarity index 98%
rename from api/client-server/presence.yaml
rename to data/api/client-server/presence.yaml
index b3a8bb02919..003de8ca61f 100644
--- a/api/client-server/presence.yaml
+++ b/data/api/client-server/presence.yaml
@@ -33,7 +33,7 @@ paths:
       description: |-
         This API sets the given user's presence state. When setting the status,
         the activity time is updated to reflect that activity; the client does
-        not need to specify the ``last_active_ago`` field. You cannot set the
+        not need to specify the `last_active_ago` field. You cannot set the
         presence state of another user.
       operationId: setPresence
       security:
diff --git a/api/client-server/profile.yaml b/data/api/client-server/profile.yaml
similarity index 97%
rename from api/client-server/profile.yaml
rename to data/api/client-server/profile.yaml
index db998e6c7dd..d1d4306cf82 100644
--- a/api/client-server/profile.yaml
+++ b/data/api/client-server/profile.yaml
@@ -32,7 +32,7 @@ paths:
       summary: Set the user's display name.
       description: |-
         This API sets the given user's display name. You must have permission to
-        set this user's display name, e.g. you need to have their ``access_token``.
+        set this user's display name, e.g. you need to have their `access_token`.
       operationId: setDisplayName
       security:
         - accessToken: []
@@ -106,7 +106,7 @@ paths:
       summary: Set the user's avatar URL.
       description: |-
         This API sets the given user's avatar URL. You must have permission to
-        set this user's avatar URL, e.g. you need to have their ``access_token``.
+        set this user's avatar URL, e.g. you need to have their `access_token`.
       operationId: setAvatarUrl
       security:
         - accessToken: []
@@ -129,6 +129,7 @@ paths:
             properties:
               avatar_url:
                 type: string
+                format: uri
                 description: The new avatar URL for this user.
       responses:
         200:
@@ -170,6 +171,7 @@ paths:
             properties:
               avatar_url:
                 type: string
+                format: uri
                 description: The user's avatar URL if they have set one, otherwise not present.
         404:
           description: There is no avatar URL for this user or this user does not exist.
@@ -182,7 +184,7 @@ paths:
         Get the combined profile information for this user. This API may be used
         to fetch the user's own profile information or other users; either
         locally or on remote homeservers. This API may return keys which are not
-        limited to ``displayname`` or ``avatar_url``.
+        limited to `displayname` or `avatar_url`.
       operationId: getUserProfile
       parameters:
         - in: path
@@ -204,6 +206,7 @@ paths:
             properties:
               avatar_url:
                 type: string
+                format: uri
                 description: The user's avatar URL if they have set one, otherwise not present.
               displayname:
                 type: string
diff --git a/api/client-server/pusher.yaml b/data/api/client-server/pusher.yaml
similarity index 89%
rename from api/client-server/pusher.yaml
rename to data/api/client-server/pusher.yaml
index d232baf9f18..9feccb4f0ae 100644
--- a/api/client-server/pusher.yaml
+++ b/data/api/client-server/pusher.yaml
@@ -71,13 +71,13 @@ paths:
                     pushkey:
                       type: string
                       description: |-
-                        This is a unique identifier for this pusher. See ``/set`` for
+                        This is a unique identifier for this pusher. See `/set` for
                         more detail.
                         Max length, 512 bytes.
                     kind:
                       type: string
                       description: |-
-                        The kind of pusher. ``"http"`` is a pusher that
+                        The kind of pusher. `"http"` is a pusher that
                         sends HTTP pokes.
                     app_id:
                       type: string
@@ -113,8 +113,9 @@ paths:
                       properties:
                         url:
                           type: string
+                          format: uri
                           description: |-
-                            Required if ``kind`` is ``http``. The URL to use to send
+                            Required if `kind` is `http`. The URL to use to send
                             notifications to.
                         format:
                           type: string
@@ -135,7 +136,7 @@ paths:
     post:
       summary: Modify a pusher for this user on the homeserver.
       description: |-
-        This endpoint allows the creation, modification and deletion of `pushers`_
+        This endpoint allows the creation, modification and deletion of [pushers](/client-server-api/#push-notifications)
         for this user ID. The behaviour of this endpoint varies depending on the
         values in the JSON body.
       operationId: postPusher
@@ -173,14 +174,14 @@ paths:
                   client has no such concept, use any unique identifier.
                   Max length, 512 bytes.
 
-                  If the ``kind`` is ``"email"``, this is the email address to
+                  If the `kind` is `"email"`, this is the email address to
                   send notifications to.
               kind:
                 type: string
                 description: |-
-                  The kind of pusher to configure. ``"http"`` makes a pusher that
-                  sends HTTP pokes. ``"email"`` makes a pusher that emails the
-                  user with unread notifications. ``null`` deletes the pusher.
+                  The kind of pusher to configure. `"http"` makes a pusher that
+                  sends HTTP pokes. `"email"` makes a pusher that emails the
+                  user with unread notifications. `null` deletes the pusher.
               app_id:
                 type: string
                 description: |-
@@ -189,7 +190,7 @@ paths:
                   different platform versions get different app identifiers.
                   Max length, 64 chars.
 
-                  If the ``kind`` is ``"email"``, this is ``"m.email"``.
+                  If the `kind` is `"email"`, this is `"m.email"`.
               app_display_name:
                 type: string
                 description: |-
@@ -214,24 +215,25 @@ paths:
                 type: object
                 description: |-
                   A dictionary of information for the pusher implementation
-                  itself. If ``kind`` is ``http``, this should contain ``url``
+                  itself. If `kind` is `http`, this should contain `url`
                   which is the URL to use to send notifications to.
                 title: PusherData
                 properties:
                   url:
                     type: string
+                    format: uri
                     description: |-
-                      Required if ``kind`` is ``http``. The URL to use to send
-                      notifications to. MUST be an HTTPS URL with a path of 
-                      ``/_matrix/push/v1/notify``.
+                      Required if `kind` is `http`. The URL to use to send
+                      notifications to. MUST be an HTTPS URL with a path of
+                      `/_matrix/push/v1/notify`.
                     example: "https://push-gateway.location.here/_matrix/push/v1/notify"
                   format:
                     type: string
                     description: |-
                       The format to send notifications in to Push Gateways if the
-                      ``kind`` is ``http``. The details about what fields the
+                      `kind` is `http`. The details about what fields the
                       homeserver should send to the push gateway are defined in the
-                      `Push Gateway Specification`_. Currently the only format
+                      [Push Gateway Specification](/push-gateway-api/). Currently the only format
                       available is 'event_id_only'.
               append:
                 type: boolean
@@ -240,7 +242,7 @@ paths:
                   given pushkey and App ID in addition to any others with
                   different user IDs. Otherwise, the homeserver must remove any
                   other pushers with the same App ID and pushkey for different
-                  users. The default is ``false``.
+                  users. The default is `false`.
             required: ['kind', 'app_id', 'app_display_name',
                 'device_display_name', 'pushkey', 'lang', 'data']
       responses:
diff --git a/api/client-server/pushrules.yaml b/data/api/client-server/pushrules.yaml
similarity index 86%
rename from api/client-server/pushrules.yaml
rename to data/api/client-server/pushrules.yaml
index 47580f3a3a8..9a5952715fe 100644
--- a/api/client-server/pushrules.yaml
+++ b/data/api/client-server/pushrules.yaml
@@ -32,9 +32,9 @@ paths:
       summary: Retrieve all push rulesets.
       description: |-
         Retrieve all push rulesets for this user. Clients can "drill-down" on
-        the rulesets by suffixing a ``scope`` to this path e.g.
-        ``/pushrules/global/``. This will return a subset of this data under the
-        specified key e.g. the ``global`` key.
+        the rulesets by suffixing a `scope` to this path e.g.
+        `/pushrules/global/`. This will return a subset of this data under the
+        specified key e.g. the `global` key.
       operationId: getPushRules
       security:
         - accessToken: []
@@ -263,7 +263,7 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            ``global`` to specify global rules.
+            `global` to specify global rules.
         - in: path
           type: string
           name: kind
@@ -283,7 +283,7 @@ paths:
         200:
           description: |-
             The specific push rule. This will also include keys specific to the
-            rule itself such as the rule's ``actions`` and ``conditions`` if set.
+            rule itself such as the rule's `actions` and `conditions` if set.
           examples:
             application/json: {
                 "actions": [
@@ -300,6 +300,16 @@ paths:
             allOf: [
               "$ref": "definitions/push_rule.yaml"
             ]
+        404:
+          description: |-
+            The push rule does not exist.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
       tags:
         - Push notifications
     delete:
@@ -316,7 +326,7 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            ``global`` to specify global rules.
+            `global` to specify global rules.
         - in: path
           type: string
           name: kind
@@ -340,6 +350,16 @@ paths:
               }
           schema:
             type: object  # empty json object
+        404:
+          description: |-
+            The push rule does not exist.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
       tags:
         - Push notifications
     put:
@@ -360,7 +380,7 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            ``global`` to specify global rules.
+            `global` to specify global rules.
         - in: path
           type: string
           name: kind
@@ -382,7 +402,7 @@ paths:
           required: false
           x-example: someRuleId
           description: |-
-            Use 'before' with a ``rule_id`` as its value to make the new rule the
+            Use 'before' with a `rule_id` as its value to make the new rule the
             next-most important rule with respect to the given user defined rule.
             It is not possible to add a rule relative to a predefined server rule.
         - in: query
@@ -398,7 +418,7 @@ paths:
           name: pushrule
           description: |-
             The push rule data. Additional top-level keys may be present depending
-            on the parameters for the rule ``kind``.
+            on the parameters for the rule `kind`.
           required: true
           schema:
             type: object
@@ -420,14 +440,14 @@ paths:
                 description: |-
                   The conditions that must hold true for an event in order for a
                   rule to be applied to an event. A rule with no conditions
-                  always matches. Only applicable to ``underride`` and ``override`` rules.
+                  always matches. Only applicable to `underride` and `override` rules.
                 items:
                   type: object
                   allOf: [ "$ref": "definitions/push_condition.yaml" ]
               pattern:
                 type: string
                 description: |-
-                  Only applicable to ``content`` rules. The glob-style pattern to match against.
+                  Only applicable to `content` rules. The glob-style pattern to match against.
             required: ["actions"]
       responses:
         200:
@@ -446,6 +466,16 @@ paths:
               }
           schema:
             "$ref": "definitions/errors/error.yaml"
+        404:
+          description: |-
+            The push rule does not exist (when updating a push rule).
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
         429:
           description: This request was rate-limited.
           schema:
@@ -467,8 +497,8 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            Either ``global`` or ``device/<profile_tag>`` to specify global
-            rules or device rules for the given ``profile_tag``.
+            Either `global` or `device/<profile_tag>` to specify global
+            rules or device rules for the given `profile_tag`.
         - in: path
           type: string
           name: kind
@@ -498,6 +528,16 @@ paths:
                 type: boolean
                 description: Whether the push rule is enabled or not.
             required: ["enabled"]
+        404:
+          description: |-
+            The push rule does not exist.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
       tags:
         - Push notifications
     put:
@@ -514,7 +554,7 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            ``global`` to specify global rules.
+            `global` to specify global rules.
         - in: path
           type: string
           name: kind
@@ -553,6 +593,16 @@ paths:
               }
           schema:
             type: object
+        404:
+          description: |-
+            The push rule does not exist.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
       tags:
         - Push notifications
   "/pushrules/{scope}/{kind}/{ruleId}/actions":
@@ -570,8 +620,8 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            Either ``global`` or ``device/<profile_tag>`` to specify global
-            rules or device rules for the given ``profile_tag``.
+            Either `global` or `device/<profile_tag>` to specify global
+            rules or device rules for the given `profile_tag`.
         - in: path
           type: string
           name: kind
@@ -608,6 +658,16 @@ paths:
                     - string
                     - object
             required: ["actions"]
+        404:
+          description: |-
+            The push rule does not exist.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
       tags:
         - Push notifications
     put:
@@ -625,7 +685,7 @@ paths:
           required: true
           x-example: "global"
           description: |-
-            ``global`` to specify global rules.
+            `global` to specify global rules.
         - in: path
           type: string
           name: kind
@@ -671,5 +731,15 @@ paths:
               }
           schema:
             type: object
+        404:
+          description: |-
+            The push rule does not exist.
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "The push rule was not found."
+            }
+          schema:
+            "$ref": "definitions/errors/error.yaml"
       tags:
         - Push notifications
diff --git a/api/client-server/read_markers.yaml b/data/api/client-server/read_markers.yaml
similarity index 96%
rename from api/client-server/read_markers.yaml
rename to data/api/client-server/read_markers.yaml
index 4f5d43ce8b5..aa9d0ecbf01 100644
--- a/api/client-server/read_markers.yaml
+++ b/data/api/client-server/read_markers.yaml
@@ -60,7 +60,7 @@ paths:
                 type: string
                 description: |-
                   The event ID to set the read receipt location at. This is
-                  equivalent to calling ``/receipt/m.read/$elsewhere:example.org``
+                  equivalent to calling `/receipt/m.read/$elsewhere:example.org`
                   and is provided here to save that extra call.
                 example: "$elsewhere:example.org"
             required: ['m.fully_read']
diff --git a/api/client-server/receipts.yaml b/data/api/client-server/receipts.yaml
similarity index 93%
rename from api/client-server/receipts.yaml
rename to data/api/client-server/receipts.yaml
index a3e9789e93f..66610092bfc 100644
--- a/api/client-server/receipts.yaml
+++ b/data/api/client-server/receipts.yaml
@@ -59,8 +59,9 @@ paths:
         - in: body
           name: receipt
           description: |-
-            Extra receipt information to attach to ``content`` if any. The
-            server will automatically set the ``ts`` field.
+            Extra receipt information to attach to `content` if any. The
+            server will automatically set the `ts` field.
+          required: true
           schema:
             type: object
             example: {
diff --git a/api/client-server/redaction.yaml b/data/api/client-server/redaction.yaml
similarity index 87%
rename from api/client-server/redaction.yaml
rename to data/api/client-server/redaction.yaml
index 811773d651e..aeef07a5b07 100644
--- a/api/client-server/redaction.yaml
+++ b/data/api/client-server/redaction.yaml
@@ -36,9 +36,12 @@ paths:
 
         This cannot be undone.
 
-        Users may redact their own events, and any user with a power level
-        greater than or equal to the ``redact`` power level of the room may
-        redact events there.
+        Any user with a power level greater than or equal to the `m.room.redaction`
+        event power level may send redaction events in the room. If the user's power
+        level greater is also greater than or equal to the `redact` power level
+        of the room, the user may redact events sent by other users.
+
+        Server administrators may redact events sent by users on their server.
       operationId: redactEvent
       security:
         - accessToken: []
diff --git a/api/client-server/registration.yaml b/data/api/client-server/registration.yaml
similarity index 84%
rename from api/client-server/registration.yaml
rename to data/api/client-server/registration.yaml
index 69316b8f5ea..526233fa4f2 100644
--- a/api/client-server/registration.yaml
+++ b/data/api/client-server/registration.yaml
@@ -29,7 +29,7 @@ paths:
     post:
       summary: Register for an account on this homeserver.
       description: |-
-        This API endpoint uses the `User-Interactive Authentication API`_, except in
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api), except in
         the cases where a guest account is being registered.
 
         Register for an account on this homeserver.
@@ -43,31 +43,31 @@ paths:
         If registration is successful, this endpoint will issue an access token
         the client can use to authorize itself in subsequent requests.
 
-        If the client does not supply a ``device_id``, the server must
+        If the client does not supply a `device_id`, the server must
         auto-generate one.
 
         The server SHOULD register an account with a User ID based on the
-        ``username`` provided, if any. Note that the grammar of Matrix User ID
+        `username` provided, if any. Note that the grammar of Matrix User ID
         localparts is restricted, so the server MUST either map the provided
-        ``username`` onto a ``user_id`` in a logical manner, or reject
-        ``username``\s which do not comply to the grammar, with
-        ``M_INVALID_USERNAME``.
+        `username` onto a `user_id` in a logical manner, or reject
+        `username`\s which do not comply to the grammar, with
+        `M_INVALID_USERNAME`.
 
         Matrix clients MUST NOT assume that localpart of the registered
-        ``user_id`` matches the provided ``username``.
+        `user_id` matches the provided `username`.
 
-        The returned access token must be associated with the ``device_id``
+        The returned access token must be associated with the `device_id`
         supplied by the client or generated by the server. The server may
         invalidate any access token previously associated with that device. See
-        `Relationship between access tokens and devices`_.
+        [Relationship between access tokens and devices](/client-server-api/#relationship-between-access-tokens-and-devices).
 
         When registering a guest account, all parameters in the request body
-        with the exception of ``initial_device_display_name`` MUST BE ignored
-        by the server. The server MUST pick a ``device_id`` for the account
+        with the exception of `initial_device_display_name` MUST BE ignored
+        by the server. The server MUST pick a `device_id` for the account
         regardless of input.
 
         Any user ID returned by this API must conform to the grammar given in the
-        `Matrix specification <../appendices.html#user-identifiers>`_.
+        [Matrix specification](/appendices/#user-identifiers).
       operationId: register
       parameters:
         - in: query
@@ -81,7 +81,7 @@ paths:
           enum:
             - guest
             - user
-          description: The kind of account to register. Defaults to ``user``.
+          description: The kind of account to register. Defaults to `user`.
         - in: body
           name: body
           required: true
@@ -94,7 +94,7 @@ paths:
                     user-interactive authentication API. Note that this
                     information is *not* used to define how the registered user
                     should be authenticated, but is instead used to
-                    authenticate the ``register`` call itself.
+                    authenticate the `register` call itself.
                 allOf:
                 - "$ref": "definitions/auth_data.yaml"
               username:
@@ -118,12 +118,12 @@ paths:
                 type: string
                 description: |-
                   A display name to assign to the newly-created device. Ignored
-                  if ``device_id`` corresponds to a known device.
+                  if `device_id` corresponds to a known device.
                 example: Jungle Phone
               inhibit_login:
                 type: boolean
                 description: |-
-                  If true, an ``access_token`` and ``device_id`` should not be
+                  If true, an `access_token` and `device_id` should not be
                   returned from this call, therefore preventing an automatic
                   login. Defaults to false.
                 example: false
@@ -145,13 +145,13 @@ paths:
                   The fully-qualified Matrix user ID (MXID) that has been registered.
 
                   Any user ID returned by this API must conform to the grammar given in the
-                  `Matrix specification <../appendices.html#user-identifiers>`_.
+                  [Matrix specification](/appendices/#user-identifiers).
               access_token:
                 type: string
                 description: |-
                   An access token for the account.
                   This access token can then be used to authorize other requests.
-                  Required if the ``inhibit_login`` option is false.
+                  Required if the `inhibit_login` option is false.
               home_server:
                 type: string
                 description: |-
@@ -159,22 +159,22 @@ paths:
                   been registered.
 
                   **Deprecated**. Clients should extract the server_name from
-                  ``user_id`` (by splitting at the first colon) if they require
-                  it. Note also that ``homeserver`` is not spelt this way.
+                  `user_id` (by splitting at the first colon) if they require
+                  it. Note also that `homeserver` is not spelt this way.
               device_id:
                 type: string
                 description: |-
                   ID of the registered device. Will be the same as the
                   corresponding parameter in the request, if one was specified.
-                  Required if the ``inhibit_login`` option is false.
+                  Required if the `inhibit_login` option is false.
             required: ['user_id']
         400:
           description: |-
             Part of the request was invalid. This may include one of the following error codes:
 
-            * ``M_USER_IN_USE`` : The desired user ID is already taken.
-            * ``M_INVALID_USERNAME`` : The desired user ID is not a valid user name.
-            * ``M_EXCLUSIVE`` : The desired user ID is in the exclusive namespace
+            * `M_USER_IN_USE` : The desired user ID is already taken.
+            * `M_INVALID_USERNAME` : The desired user ID is not a valid user name.
+            * `M_EXCLUSIVE` : The desired user ID is in the exclusive namespace
               claimed by an application service.
 
             These errors may be returned at any stage of the registration process,
@@ -200,7 +200,7 @@ paths:
         403:
           description: |-
             The homeserver does not permit registering the account. This response
-            can be used to identify that a particular ``kind`` of account is not
+            can be used to identify that a particular `kind` of account is not
             allowed, or that registration is generally not supported by the homeserver.
           examples:
             application/json: {
@@ -214,7 +214,7 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - Account management
   "/register/email/requestToken":
     post:
       summary: Begins the validation process for an email to be used during registration.
@@ -251,12 +251,12 @@ paths:
           description: |-
             Part of the request was invalid. This may include one of the following error codes:
 
-            * ``M_THREEPID_IN_USE`` : The email address is already registered to an account on this server.
+            * `M_THREEPID_IN_USE` : The email address is already registered to an account on this server.
               However, if the homeserver has the ability to send email, it is recommended that the server
               instead send an email to the user with instructions on how to reset their password.
               This prevents malicious parties from being able to determine if a given email address
               has an account on the homeserver in question.
-            * ``M_SERVER_NOT_TRUSTED`` : The ``id_server`` parameter refers to an identity server
+            * `M_SERVER_NOT_TRUSTED` : The `id_server` parameter refers to an identity server
               that is not trusted by this homeserver.
           examples:
             application/json: {
@@ -265,6 +265,8 @@ paths:
             }
           schema:
             "$ref": "definitions/errors/error.yaml"
+      tags:
+        - Account management
   "/register/msisdn/requestToken":
     post:
       summary: Requests a validation token be sent to the given phone number for the purpose of registering an account
@@ -301,12 +303,12 @@ paths:
           description: |-
             Part of the request was invalid. This may include one of the following error codes:
 
-            * ``M_THREEPID_IN_USE`` : The phone number is already registered to an account on this server.
+            * `M_THREEPID_IN_USE` : The phone number is already registered to an account on this server.
               However, if the homeserver has the ability to send SMS message, it is recommended that the server
               instead send an SMS message to the user with instructions on how to reset their password.
               This prevents malicious parties from being able to determine if a given phone number
               has an account on the homeserver in question.
-            * ``M_SERVER_NOT_TRUSTED`` : The ``id_server`` parameter refers to an identity server
+            * `M_SERVER_NOT_TRUSTED` : The `id_server` parameter refers to an identity server
               that is not trusted by this homeserver.
           examples:
             application/json: {
@@ -315,13 +317,15 @@ paths:
             }
           schema:
             "$ref": "definitions/errors/error.yaml"
+      tags:
+        - Account management
   "/account/password":
     post:
       summary: "Changes a user's password."
       description: |-
         Changes the password for an account on this homeserver.
 
-        This API endpoint uses the `User-Interactive Authentication API`_ to
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api) to
         ensure the user changing the password is actually the owner of the
         account.
 
@@ -352,7 +356,7 @@ paths:
                   Whether the user's other access tokens, and their associated devices, should be
                   revoked if the request succeeds. Defaults to true.
 
-                  When ``false``, the server can still take advantage of `the soft logout method <#soft-logout>`_
+                  When `false`, the server can still take advantage of the [soft logout method](/client-server-api/#soft-logout)
                   for the user's remaining devices.
                 example: true
               auth:
@@ -378,7 +382,7 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - Account management
   "/account/password/email/requestToken":
     post:
       summary: Requests a validation token be sent to the given email address for the purpose of resetting a user's password
@@ -386,22 +390,18 @@ paths:
         The homeserver must check that the given email address **is
         associated** with an account on this homeserver. This API should be
         used to request validation tokens when authenticating for the
-        ``/account/password`` endpoint.
+        `/account/password` endpoint.
 
         This API's parameters and response are identical to that of the
-        |/register/email/requestToken|_ endpoint, except that
-        ``M_THREEPID_NOT_FOUND`` may be returned if no account matching the
+        [`/register/email/requestToken`](/client-server-api/#post_matrixclientr0registeremailrequesttoken)
+        endpoint, except that
+        `M_THREEPID_NOT_FOUND` may be returned if no account matching the
         given email address could be found. The server may instead send an
         email to the given address prompting the user to create an account.
-        ``M_THREEPID_IN_USE`` may not be returned.
+        `M_THREEPID_IN_USE` may not be returned.
 
         The homeserver should validate the email itself, either by sending a
         validation email itself or by using a service it has control over.
-
-
-        .. |/register/email/requestToken| replace:: ``/register/email/requestToken``
-
-        .. _/register/email/requestToken: #post-matrix-client-%CLIENT_MAJOR_VERSION%-register-email-requesttoken
       operationId: requestTokenToResetPasswordEmail
       parameters:
         - in: body
@@ -428,7 +428,7 @@ paths:
         400:
           description: |-
             The referenced third party identifier is not recognised by the
-            homeserver, or the request was invalid. The error code ``M_SERVER_NOT_TRUSTED``
+            homeserver, or the request was invalid. The error code `M_SERVER_NOT_TRUSTED`
             can be returned if the server does not trust/support the identity server
             provided in the request.
           schema:
@@ -438,6 +438,8 @@ paths:
               "errcode": "M_THREEPID_NOT_FOUND",
               "error": "Email not found"
             }
+      tags:
+        - Account management
   "/account/password/msisdn/requestToken":
     post:
       summary: Requests a validation token be sent to the given phone number for the purpose of resetting a user's password.
@@ -445,21 +447,18 @@ paths:
         The homeserver must check that the given phone number **is
         associated** with an account on this homeserver. This API should be
         used to request validation tokens when authenticating for the
-        ``/account/password`` endpoint.
+        `/account/password` endpoint.
 
         This API's parameters and response are identical to that of the
-        |/register/msisdn/requestToken|_ endpoint, except that
-        ``M_THREEPID_NOT_FOUND`` may be returned if no account matching the
+        [`/register/msisdn/requestToken`](/client-server-api/#post_matrixclientr0registermsisdnrequesttoken)
+        endpoint, except that
+        `M_THREEPID_NOT_FOUND` may be returned if no account matching the
         given phone number could be found. The server may instead send the SMS
         to the given phone number prompting the user to create an account.
-        ``M_THREEPID_IN_USE`` may not be returned.
+        `M_THREEPID_IN_USE` may not be returned.
 
         The homeserver should validate the phone number itself, either by sending a
         validation message itself or by using a service it has control over.
-
-        .. |/register/msisdn/requestToken| replace:: ``/register/msisdn/requestToken``
-
-        .. _/register/msisdn/requestToken: #post-matrix-client-%CLIENT_MAJOR_VERSION%-register-email-requesttoken
       operationId: requestTokenToResetPasswordMSISDN
       parameters:
         - in: body
@@ -486,7 +485,7 @@ paths:
         400:
           description: |-
             The referenced third party identifier is not recognised by the
-            homeserver, or the request was invalid. The error code ``M_SERVER_NOT_TRUSTED``
+            homeserver, or the request was invalid. The error code `M_SERVER_NOT_TRUSTED`
             can be returned if the server does not trust/support the identity server
             provided in the request.
           schema:
@@ -496,6 +495,8 @@ paths:
               "errcode": "M_THREEPID_NOT_FOUND",
               "error": "Phone number not found"
             }
+      tags:
+        - Account management
   "/account/deactivate":
     post:
       summary: "Deactivate a user's account."
@@ -503,7 +504,7 @@ paths:
         Deactivate the user's account, removing all ability for the user to
         login again.
 
-        This API endpoint uses the `User-Interactive Authentication API`_.
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
 
         An access token should be submitted to this endpoint if the client has
         an active session.
@@ -511,7 +512,7 @@ paths:
         The homeserver may change the flows available depending on whether a
         valid access token is provided.
 
-        Unlike other endpoints, this endpoint does not take an ``id_access_token``
+        Unlike other endpoints, this endpoint does not take an `id_access_token`
         parameter because the homeserver is expected to sign the request to the
         identity server instead.
       security:
@@ -533,11 +534,11 @@ paths:
                 type: string
                 description: |-
                   The identity server to unbind all of the user's 3PIDs from.
-                  If not provided, the homeserver MUST use the ``id_server``
+                  If not provided, the homeserver MUST use the `id_server`
                   that was originally use to bind each identifier. If the
-                  homeserver does not know which ``id_server`` that was,
-                  it must return an ``id_server_unbind_result`` of
-                  ``no-support``.
+                  homeserver does not know which `id_server` that was,
+                  it must return an `id_server_unbind_result` of
+                  `no-support`.
                 example: "example.org"
       responses:
         200:
@@ -552,12 +553,12 @@ paths:
                   - "no-support"
                 description: |-
                   An indicator as to whether or not the homeserver was able to unbind
-                  the user's 3PIDs from the identity server(s). ``success`` indicates
+                  the user's 3PIDs from the identity server(s). `success` indicates
                   that all identifiers have been unbound from the identity server while
-                  ``no-support`` indicates that one or more identifiers failed to unbind
+                  `no-support` indicates that one or more identifiers failed to unbind
                   due to the identity server refusing the request or the homeserver
                   being unable to determine an identity server to unbind from. This
-                  must be ``success`` if the homeserver has no identifiers to unbind
+                  must be `success` if the homeserver has no identifiers to unbind
                   for the user.
                 example: "success"
             required:
@@ -572,7 +573,7 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - Account management
   "/register/available":
     get:
       summary: Checks to see if a username is available on the server.
@@ -612,15 +613,15 @@ paths:
                 type: boolean
                 description: |-
                   A flag to indicate that the username is available. This should always
-                  be ``true`` when the server replies with 200 OK.
+                  be `true` when the server replies with 200 OK.
         400:
           description: |-
             Part of the request was invalid or the username is not available. This may
             include one of the following error codes:
 
-            * ``M_USER_IN_USE`` : The desired username is already taken.
-            * ``M_INVALID_USERNAME`` : The desired username is not a valid user name.
-            * ``M_EXCLUSIVE`` : The desired username is in the exclusive namespace
+            * `M_USER_IN_USE` : The desired username is already taken.
+            * `M_INVALID_USERNAME` : The desired username is not a valid user name.
+            * `M_EXCLUSIVE` : The desired username is in the exclusive namespace
               claimed by an application service.
           examples:
             application/json: {
@@ -634,4 +635,4 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - Account management
diff --git a/api/client-server/report_content.yaml b/data/api/client-server/report_content.yaml
similarity index 98%
rename from api/client-server/report_content.yaml
rename to data/api/client-server/report_content.yaml
index 42a64b8e8a5..19d6b6d0ce5 100644
--- a/api/client-server/report_content.yaml
+++ b/data/api/client-server/report_content.yaml
@@ -49,13 +49,13 @@ paths:
           x-example: "$something:example.org"
         - in: body
           name: body
+          required: true
           schema:
             type: object
             example: {
               "score": -100,
               "reason": "this makes me sad"
             }
-            required: ['score', 'reason']
             properties:
               score:
                 type: integer
diff --git a/api/client-server/room_initial_sync.yaml b/data/api/client-server/room_initial_sync.yaml
similarity index 72%
rename from api/client-server/room_initial_sync.yaml
rename to data/api/client-server/room_initial_sync.yaml
index 72e56ba9f5d..f8660e69f32 100644
--- a/api/client-server/room_initial_sync.yaml
+++ b/data/api/client-server/room_initial_sync.yaml
@@ -22,8 +22,8 @@ paths:
 
         This endpoint was deprecated in r0 of this specification. There is no
         direct replacement; the relevant information is returned by the
-        |/sync|_ API. See the `migration guide
-        <https://matrix.org/docs/guides/client-server-migrating-from-v1.html#deprecated-endpoints>`_.
+        [`/sync`](/client-server-api/#get_matrixclientr0sync) API. See the
+        [migration guide](https://matrix.org/docs/guides/migrating-from-client-server-api-v-1#deprecated-endpoints).
       operationId: roomInitialSync
       security:
         - accessToken: []
@@ -44,11 +44,11 @@ paths:
                   "chunk": [
                     {
                       "room_id": "!636q39766251:example.com",
-                      "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                      "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                     },
                     {
                       "room_id": "!636q39766251:example.com",
-                      "$ref": "definitions/event-schemas/examples/m.room.message$m.file"
+                      "$ref": "../../event-schemas/examples/m.room.message$m.file.yaml"
                     }
                   ],
                   "end": "s3456_9_0",
@@ -58,19 +58,19 @@ paths:
                 "state": [
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.join_rules"
+                    "$ref": "../../event-schemas/examples/m.room.join_rules.yaml"
                   },
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.member"
+                    "$ref": "../../event-schemas/examples/m.room.member.yaml"
                   },
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.create"
+                    "$ref": "../../event-schemas/examples/m.room.create.yaml"
                   },
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.power_levels"
+                    "$ref": "../../event-schemas/examples/m.room.power_levels.yaml"
                   }
                 ],
                 "visibility": "private",
@@ -98,13 +98,18 @@ paths:
                   start:
                     type: string
                     description: |-
-                      A token which correlates to the first value in ``chunk``.
-                      Used for pagination.
+                      A token which correlates to the start of `chunk`. Can be passed to
+                      [`/rooms/<room_id>/messages`](#get_matrixclientr0roomsroomidmessages)
+                      to retrieve earlier events.
+
+                      If no earlier events are available, this property may be omitted from
+                      the response.
                   end:
                     type: string
                     description: |-
-                      A token which correlates to the last value in ``chunk``.
-                      Used for pagination.
+                      A token which correlates to the end of `chunk`. Can be passed to
+                      [`/rooms/<room_id>/messages`](#get_matrixclientr0roomsroomidmessages)
+                      to retrieve later events.
                   chunk:
                     type: array
                     description: |-
@@ -112,13 +117,13 @@ paths:
                       list of the most recent messages for this room. If
                       the user has left the room this will be the
                       messages that preceeded them leaving. This array
-                      will consist of at most ``limit`` elements.
+                      will consist of at most `limit` elements.
                     items:
                       type: object
                       title: RoomEvent
                       allOf:
-                        - "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
-                required: ["start", "end", "chunk"]
+                        - "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
+                required: ["end", "chunk"]
               state:
                 type: array
                 description: |-
@@ -130,12 +135,12 @@ paths:
                   title: StateEvent
                   type: object
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/state_event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/state_event.yaml"
               visibility:
                 type: string
                 enum: ["private", "public"]
                 description: |-
-                  Whether this room is visible to the ``/publicRooms`` API
+                  Whether this room is visible to the `/publicRooms` API
                   or not."
               account_data:
                 type: array
@@ -145,7 +150,7 @@ paths:
                   title: Event
                   type: object
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/core-event-schema/event.yaml"
+                    - "$ref": "../../event-schemas/schema/core-event-schema/event.yaml"
             required: ["room_id"]
         403:
           description: >
diff --git a/api/client-server/room_send.yaml b/data/api/client-server/room_send.yaml
similarity index 96%
rename from api/client-server/room_send.yaml
rename to data/api/client-server/room_send.yaml
index fc8f33397ba..18658f61242 100644
--- a/api/client-server/room_send.yaml
+++ b/data/api/client-server/room_send.yaml
@@ -37,7 +37,7 @@ paths:
 
         The body of the request should be the content object of the event; the
         fields in this object will vary depending on the type of event. See
-        `Room Events`_ for the m. event specification.
+        [Room Events](/client-server-api/#room-events) for the m. event specification.
       operationId: sendMessage
       security:
         - accessToken: []
@@ -65,6 +65,7 @@ paths:
           x-example: "35"
         - in: body
           name: body
+          required: true
           schema:
             type: object
             example: {
diff --git a/api/client-server/room_state.yaml b/data/api/client-server/room_state.yaml
similarity index 85%
rename from api/client-server/room_state.yaml
rename to data/api/client-server/room_state.yaml
index 20b9c1fd666..016a8273600 100644
--- a/api/client-server/room_state.yaml
+++ b/data/api/client-server/room_state.yaml
@@ -31,22 +31,19 @@ paths:
     put:
       summary: Send a state event to the given room.
       description: |
-        .. For backwards compatibility with older links...
-        .. _`put-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-state-eventtype`:
-
         State events can be sent using this endpoint.  These events will be
-        overwritten if ``<room id>``, ``<event type>`` and ``<state key>`` all
+        overwritten if `<room id>`, `<event type>` and `<state key>` all
         match.
 
         Requests to this endpoint **cannot use transaction IDs**
-        like other ``PUT`` paths because they cannot be differentiated from the
-        ``state_key``. Furthermore, ``POST`` is unsupported on state paths.
+        like other `PUT` paths because they cannot be differentiated from the
+        `state_key`. Furthermore, `POST` is unsupported on state paths.
 
         The body of the request should be the content object of the event; the
         fields in this object will vary depending on the type of event. See
-        `Room Events`_ for the ``m.`` event specification.
+        [Room Events](/client-server-api/#room-events) for the `m.` event specification.
 
-        If the event type being sent is ``m.room.canonical_alias`` servers
+        If the event type being sent is `m.room.canonical_alias` servers
         SHOULD ensure that any new aliases being listed in the event are valid
         per their grammar/syntax and that they point to the room ID where the
         state event is to be sent. Servers do not validate aliases which are
@@ -77,6 +74,7 @@ paths:
           x-example: "@alice:example.com"
         - in: body
           name: body
+          required: true
           schema:
             type: object
             example: {
@@ -116,10 +114,10 @@ paths:
 
             Some example error codes include:
 
-            * ``M_INVALID_PARAMETER``: One or more aliases within the ``m.room.canonical_alias``
+            * `M_INVALID_PARAMETER`: One or more aliases within the `m.room.canonical_alias`
               event have invalid syntax.
 
-            * ``M_BAD_ALIAS``: One or more aliases within the ``m.room.canonical_alias`` event
+            * `M_BAD_ALIAS`: One or more aliases within the `m.room.canonical_alias` event
               do not point to the room ID for which the state event is to be sent to.
           schema:
             $ref: "definitions/errors/error.yaml"
diff --git a/api/client-server/room_upgrades.yaml b/data/api/client-server/room_upgrades.yaml
similarity index 100%
rename from api/client-server/room_upgrades.yaml
rename to data/api/client-server/room_upgrades.yaml
diff --git a/api/client-server/rooms.yaml b/data/api/client-server/rooms.yaml
similarity index 88%
rename from api/client-server/rooms.yaml
rename to data/api/client-server/rooms.yaml
index 566e695a57d..2f161e2bf74 100644
--- a/api/client-server/rooms.yaml
+++ b/data/api/client-server/rooms.yaml
@@ -31,7 +31,7 @@ paths:
     get:
       summary: Get a single event by event ID.
       description: |-
-        Get a single event based on ``roomId/eventId``. You must have permission to
+        Get a single event based on `roomId/eventId`. You must have permission to
         retrieve this event e.g. by being a member in the room for this event.
       operationId: getOneRoomEvent
       security:
@@ -55,11 +55,11 @@ paths:
           examples:
             application/json: {
               "room_id": "!636q39766251:matrix.org",
-              "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+              "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
             }
           schema:
             allOf:
-              - "$ref": "definitions/event-schemas/schema/core-event-schema/event.yaml"
+              - "$ref": "../../event-schemas/schema/core-event-schema/event.yaml"
         404:
           description: The event was not found or you do not have permission to read this event.
           examples:
@@ -75,9 +75,6 @@ paths:
     get:
       summary: Get the state identified by the type and key.
       description: |-
-        .. For backwards compatibility with older links...
-        .. _`get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-state-eventtype`:
-
         Looks up the contents of a state event in a room. If the user is
         joined to the room then the state is taken from the current
         state of the room. If the user has left the room then the state is
@@ -144,19 +141,19 @@ paths:
             application/json: [
               {
                 "room_id": "!636q39766251:example.com",
-                "$ref": "definitions/event-schemas/examples/m.room.join_rules"
+                "$ref": "../../event-schemas/examples/m.room.join_rules.yaml"
               },
               {
                 "room_id": "!636q39766251:example.com",
-                "$ref": "definitions/event-schemas/examples/m.room.member"
+                "$ref": "../../event-schemas/examples/m.room.member.yaml"
               },
               {
                 "room_id": "!636q39766251:example.com",
-                "$ref": "definitions/event-schemas/examples/m.room.create"
+                "$ref": "../../event-schemas/examples/m.room.create.yaml"
               },
               {
                 "room_id": "!636q39766251:example.com",
-                "$ref": "definitions/event-schemas/examples/m.room.power_levels"
+                "$ref": "../../event-schemas/examples/m.room.power_levels.yaml"
               }
             ]
           schema:
@@ -171,7 +168,7 @@ paths:
               title: StateEvent
               type: object
               allOf:
-                - "$ref": "definitions/event-schemas/schema/core-event-schema/state_event.yaml"
+                - "$ref": "../../event-schemas/schema/core-event-schema/state_event.yaml"
         403:
           description: >
             You aren't a member of the room and weren't previously a
@@ -196,7 +193,7 @@ paths:
           type: string
           description: |-
             The point in time (pagination token) to return members for in the room.
-            This token can be obtained from a ``prev_batch`` token returned for
+            This token can be obtained from a `prev_batch` token returned for
             each room by the sync API. Defaults to the current state of the room,
             as determined by the server.
           x-example: "YWxsCgpOb25lLDM1ODcwOA"
@@ -209,13 +206,14 @@ paths:
           enum:
             - join
             - invite
+            - knock
             - leave
             - ban
           description: |-
             The kind of membership to filter for. Defaults to no filtering if
-            unspecified. When specified alongside ``not_membership``, the two
+            unspecified. When specified alongside `not_membership`, the two
             parameters create an 'or' condition: either the membership *is*
-            the same as ``membership`` **or** *is not* the same as ``not_membership``.
+            the same as `membership` **or** *is not* the same as `not_membership`.
           x-example: "join"
         - in: query
           name: not_membership
@@ -223,6 +221,7 @@ paths:
           enum:
             - join
             - invite
+            - knock
             - leave
             - ban
           description: |-
@@ -242,7 +241,7 @@ paths:
                 "chunk": [
                   {
                     "room_id": "!636q39766251:example.com",
-                    "$ref": "definitions/event-schemas/examples/m.room.member"
+                    "$ref": "../../event-schemas/examples/m.room.member.yaml"
                   }
                 ]
               }
@@ -255,7 +254,7 @@ paths:
                   title: MemberEvent
                   type: object
                   allOf:
-                    - "$ref": "definitions/event-schemas/schema/m.room.member"
+                    - "$ref": "../../event-schemas/schema/m.room.member.yaml"
         403:
           description: >
             You aren't a member of the room and weren't previously a
@@ -267,7 +266,7 @@ paths:
       summary: Gets the list of currently joined users and their profile data.
       description:
         This API returns a map of MXIDs to member info objects for members of the room. The current user must be in the room for it to work, unless it is an Application Service in which case any of the AS's users must be in the room.
-        This API is primarily for Application Services and should be faster to respond than ``/members`` as it can be implemented more efficiently on the server.
+        This API is primarily for Application Services and should be faster to respond than `/members` as it can be implemented more efficiently on the server.
       operationId: getJoinedMembersByRoom
       parameters:
         - in: path
@@ -304,6 +303,7 @@ paths:
                       description: The display name of the user this object is representing.
                     avatar_url:
                       type: string
+                      format: uri
                       description: The mxc avatar url of the user this object is representing.
                 description: A map from user ID to a RoomMember object.
                 type: object
diff --git a/api/client-server/search.yaml b/data/api/client-server/search.yaml
similarity index 90%
rename from api/client-server/search.yaml
rename to data/api/client-server/search.yaml
index 27e06727ff6..8bc2552869e 100644
--- a/api/client-server/search.yaml
+++ b/data/api/client-server/search.yaml
@@ -41,7 +41,7 @@ paths:
           type: string
           description: |-
             The point to return events from. If given, this should be a
-            ``next_batch`` result from a previous call to this endpoint.
+            `next_batch` result from a previous call to this endpoint.
           x-example: "YWxsCgpOb25lLDM1ODcwOA"
         - in: body
           name: body
@@ -90,12 +90,8 @@ paths:
                       filter:
                         type: object
                         title: Filter
-                        # Within the C-S spec document, `filter`_ is picked up
-                        # as a link to the filtering section. In OpenAPI 3.0,
-                        # we could use the link feature, but we're still on 2.0
-                        # for now :/
                         description: |-
-                          This takes a `filter`_.
+                          This takes a [filter](/client-server-api/#filtering).
                         allOf:
                           - $ref: "definitions/room_event_filter.yaml"
                       order_by:
@@ -104,7 +100,7 @@ paths:
                         enum: ["recent", "rank"]
                         description: |-
                           The order in which to search for results.
-                          By default, this is ``"rank"``.
+                          By default, this is `"rank"`.
                       event_context:
                         title: Include Event Context
                         type: object
@@ -117,13 +113,13 @@ paths:
                                 title: "Before limit"
                                 description: |-
                                   How many events before the result are
-                                  returned. By default, this is ``5``.
+                                  returned. By default, this is `5`.
                             after_limit:
                                 type: integer
                                 title: "After limit"
                                 description: |-
                                   How many events after the result are
-                                  returned. By default, this is ``5``.
+                                  returned. By default, this is `5`.
                             include_profile:
                                 type: boolean
                                 title: "Return profile information"
@@ -131,7 +127,7 @@ paths:
                                   Requests that the server returns the
                                   historic profile information for the users
                                   that sent the events that were returned.
-                                  By default, this is ``false``.
+                                  By default, this is `false`.
                       include_state:
                         type: boolean
                         title: Include current state
@@ -208,7 +204,7 @@ paths:
                               type: object
                               title: Event
                               description: The event that matched.
-                              "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                              "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
                             context:
                               type: object
                               title: Event Context
@@ -231,7 +227,7 @@ paths:
                                     The historic profile information of the
                                     users that sent the events returned.
 
-                                    The ``string`` key is the user ID for which
+                                    The `string` key is the user ID for which
                                     the profile belongs to.
                                   additionalProperties:
                                     type: object
@@ -242,6 +238,7 @@ paths:
                                         title: Display name
                                       avatar_url:
                                         type: string
+                                        format: uri
                                         title: Avatar Url
                                 events_before:
                                   type: array
@@ -250,7 +247,7 @@ paths:
                                   items:
                                     title: Event
                                     type: object
-                                    "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                                    "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
                                 events_after:
                                   type: array
                                   title: Events After
@@ -258,31 +255,31 @@ paths:
                                   items:
                                     title: Event
                                     type: object
-                                    "$ref": "definitions/event-schemas/schema/core-event-schema/room_event.yaml"
+                                    "$ref": "../../event-schemas/schema/core-event-schema/room_event.yaml"
                       state:
                         type: object
                         title: Current state
                         description: |-
                           The current state for every room in the results.
                           This is included if the request had the
-                          ``include_state`` key set with a value of ``true``.
+                          `include_state` key set with a value of `true`.
 
-                          The ``string`` key is the room ID for which the ``State
-                          Event`` array belongs to.
+                          The `string` key is the room ID for which the `State
+                          Event` array belongs to.
                         additionalProperties:
                           type: array
                           title: Room State
                           items:
                             type: object
-                            "$ref": "definitions/event-schemas/schema/core-event-schema/state_event.yaml"
+                            "$ref": "../../event-schemas/schema/core-event-schema/state_event.yaml"
                       groups:
                         type: object
                         title: Groups
                         description: |-
                           Any groups that were requested.
 
-                          The outer ``string`` key is the group key requested (eg: ``room_id``
-                          or ``sender``). The inner ``string`` key is the grouped value (eg:
+                          The outer `string` key is the group key requested (eg: `room_id`
+                          or `sender`). The inner `string` key is the grouped value (eg:
                           a room's ID or a user's ID).
                         additionalProperties:
                           type: object
@@ -351,7 +348,7 @@ paths:
                           "result": {
                             "room_id": "!qPewotXpIctQySfjSy:localhost",
                             "event_id": "$144429830826TWwbB:localhost",
-                            "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                            "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                           }
                         }
                       ]
diff --git a/data/api/client-server/sso_login_redirect.yaml b/data/api/client-server/sso_login_redirect.yaml
new file mode 100644
index 00000000000..b58d88fe48c
--- /dev/null
+++ b/data/api/client-server/sso_login_redirect.yaml
@@ -0,0 +1,89 @@
+# Copyright 2019 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+swagger: '2.0'
+info:
+  title: "Matrix Client-Server SSO Login API"
+  version: "1.0.0"
+host: localhost:8008
+schemes:
+  - https
+  - http
+basePath: /_matrix/client/%CLIENT_MAJOR_VERSION%
+paths:
+  "/login/sso/redirect":
+    get:
+      summary: Redirect the user's browser to the SSO interface.
+      description: |-
+        A web-based Matrix client should instruct the user's browser to
+        navigate to this endpoint in order to log in via SSO.
+
+        The server MUST respond with an HTTP redirect to the SSO interface,
+        or present a page which lets the user select an IdP to continue
+        with in the event multiple are supported by the server.
+      operationId: redirectToSSO
+      parameters:
+        - in: query
+          type: string
+          name: redirectUrl
+          description: |-
+            URI to which the user will be redirected after the homeserver has
+            authenticated the user with SSO.
+          required: true
+      responses:
+        302:
+          description: A redirect to the SSO interface.
+          headers:
+            Location:
+              type: "string"
+      tags:
+       - Session management
+  "/login/sso/redirect/{idpId}":
+    get:
+      summary: Redirect the user's browser to the SSO interface for an IdP.
+      description: |-
+        This endpoint is the same as `/login/sso/redirect`, though with an
+        IdP ID from the original `identity_providers` array to inform the
+        server of which IdP the client/user would like to continue with.
+
+        The server MUST respond with an HTTP redirect to the SSO interface
+        for that IdP.
+      operationId: redirectToIdP
+      parameters:
+        - in: path
+          type: string
+          name: idpId
+          required: true
+          description: |-
+            The `id` of the IdP from the `m.login.sso` `identity_providers`
+            array denoting the user's selection.
+        - in: query
+          type: string
+          name: redirectUrl
+          description: |-
+            URI to which the user will be redirected after the homeserver has
+            authenticated the user with SSO.
+          required: true
+      responses:
+        302:
+          description: A redirect to the SSO interface.
+          headers:
+            Location:
+              type: "string"
+        404:
+          description: |-
+            The IdP ID was not recognized by the server. The server is encouraged
+            to provide a user-friendly page explaining the error given the user
+            will be navigated to it.
+      tags:
+       - Session management
diff --git a/api/client-server/sync.yaml b/data/api/client-server/sync.yaml
similarity index 76%
rename from api/client-server/sync.yaml
rename to data/api/client-server/sync.yaml
index 35134fad8b0..53c521737ca 100644
--- a/api/client-server/sync.yaml
+++ b/data/api/client-server/sync.yaml
@@ -1,4 +1,4 @@
-# Copyright 2016 OpenMarket Ltd
+# Copyright 2016, 2021 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -35,21 +35,21 @@ paths:
         of the state on the server, and then continue to call this API to get
         incremental deltas to the state, and to receive new messages.
 
-        *Note*: This endpoint supports lazy-loading. See `Filtering <#filtering>`_
-        for more information. Lazy-loading members is only supported on a ``StateFilter``
+        *Note*: This endpoint supports lazy-loading. See [Filtering](/client-server-api/#filtering)
+        for more information. Lazy-loading members is only supported on a `StateFilter`
         for this endpoint. When lazy-loading is enabled, servers MUST include the
         syncing user's own membership event when they join a room, or when the
         full state of rooms is requested, to aid discovering the user's avatar &
         displayname.
 
         Further, like other members, the user's own membership event is eligible
-        for being considered redundant by the server. When a sync is ``limited``,
+        for being considered redundant by the server. When a sync is `limited`,
         the server MUST return membership events for events in the gap
-        (between ``since`` and the start of the returned timeline), regardless
+        (between `since` and the start of the returned timeline), regardless
         as to whether or not they are redundant. This ensures that joins/leaves
         and profile changes which occur during the gap are not lost.
 
-        Note that the default behaviour of ``state`` is to include all membership
+        Note that the default behaviour of `state` is to include all membership
         events, alongside other state, when lazy-loading is not enabled.
       operationId: sync
       security:
@@ -61,19 +61,20 @@ paths:
           description: |-
             The ID of a filter created using the filter API or a filter JSON
             object encoded as a string. The server will detect whether it is
-            an ID or a JSON object by whether the first character is a ``"{"``
+            an ID or a JSON object by whether the first character is a `"{"`
             open brace. Passing the JSON inline is best suited to one off
             requests. Creating a filter using the filter API is recommended for
             clients that reuse the same filter multiple times, for example in
             long poll requests.
 
-            See `Filtering <#filtering>`_ for more information.
+            See [Filtering](/client-server-api/#filtering) for more information.
           x-example: "66696p746572"
         - in: query
           name: since
           type: string
           description: |-
-            A point in time to continue a sync from.
+            A point in time to continue a sync from. This should be the
+            `next_batch` token returned by an earlier call to this endpoint.
           x-example: "s72594_4483_1934"
         - in: query
           name: full_state
@@ -82,16 +83,16 @@ paths:
             Controls whether to include the full state for all rooms the user
             is a member of.
 
-            If this is set to ``true``, then all state events will be returned,
-            even if ``since`` is non-empty. The timeline will still be limited
-            by the ``since`` parameter. In this case, the ``timeout`` parameter
+            If this is set to `true`, then all state events will be returned,
+            even if `since` is non-empty. The timeline will still be limited
+            by the `since` parameter. In this case, the `timeout` parameter
             will be ignored and the query will return immediately, possibly with
             an empty timeline.
 
-            If ``false``, and ``since`` is non-empty, only state which has
-            changed since the point indicated by ``since`` will be returned.
+            If `false`, and `since` is non-empty, only state which has
+            changed since the point indicated by `since` will be returned.
 
-            By default, this is ``false``.
+            By default, this is `false`.
           x-example: "false"
         - in: query
           name: set_presence
@@ -113,7 +114,7 @@ paths:
             request. If no events (or other data) become available before this
             time elapses, the server will return a response with empty fields.
 
-            By default, this is ``0``, so the server will return immediately
+            By default, this is `0`, so the server will return immediately
             even if the response is empty.
           x-example: 30000
       responses:
@@ -127,8 +128,8 @@ paths:
               next_batch:
                 type: string
                 description: |-
-                  The batch token to supply in the ``since`` param of the next
-                  ``/sync`` request.
+                  The batch token to supply in the `since` param of the next
+                  `/sync` request.
               rooms:
                 title: Rooms
                 type: object
@@ -157,7 +158,7 @@ paths:
                               description: |-
                                 The users which can be used to generate a room name
                                 if the room does not have one. Required if the room's
-                                ``m.room.name`` or ``m.room.canonical_alias`` state events
+                                `m.room.name` or `m.room.canonical_alias` state events
                                 are unset or empty.
 
                                 This should be the first 5 members of the room, ordered
@@ -169,7 +170,7 @@ paths:
                                 when there are less than 5 members to represent.
 
                                 When lazy-loading room members is enabled, the membership
-                                events for the heroes MUST be included in the ``state``,
+                                events for the heroes MUST be included in the `state`,
                                 unless they are redundant. When the list of users changes,
                                 the server notifies the client by sending a fresh list of
                                 heroes. If there are no changes since the last sync, this
@@ -179,14 +180,14 @@ paths:
                             "m.joined_member_count":
                               type: integer
                               description: |-
-                                 The number of users with ``membership`` of ``join``,
+                                 The number of users with `membership` of `join`,
                                  including the client's own user ID. If this field has
                                  not changed since the last sync, it may be omitted.
                                  Required otherwise.
                             "m.invited_member_count":
                               type: integer
                               description: |-
-                                 The number of users with ``membership`` of ``invite``.
+                                 The number of users with `membership` of `invite`.
                                  If this field has not changed since the last sync, it
                                  may be omitted. Required otherwise.
                         state:
@@ -194,14 +195,14 @@ paths:
                           type: object
                           description: |-
                             Updates to the state, between the time indicated by
-                            the ``since`` parameter, and the start of the
-                            ``timeline`` (or all state up to the start of the
-                            ``timeline``, if ``since`` is not given, or
-                            ``full_state`` is true).
+                            the `since` parameter, and the start of the
+                            `timeline` (or all state up to the start of the
+                            `timeline`, if `since` is not given, or
+                            `full_state` is true).
 
-                            N.B. state updates for ``m.room.member`` events will
-                            be incomplete if ``lazy_load_members`` is enabled in
-                            the ``/sync`` filter, and only return the member events
+                            N.B. state updates for `m.room.member` events will
+                            be incomplete if `lazy_load_members` is enabled in
+                            the `/sync` filter, and only return the member events
                             required to display the senders of the timeline events
                             in this response.
                           allOf:
@@ -236,7 +237,7 @@ paths:
                           type: object
                           description: |-
                             Counts of unread notifications for this room. See the
-                            `Receiving notifications section <#receiving-notifications>`_
+                            [Receiving notifications](/client-server-api/#receiving-notifications) section
                             for more information on how these are calculated.
                           properties:
                             highlight_count:
@@ -264,22 +265,44 @@ paths:
                           type: object
                           description: |-
                             The state of a room that the user has been invited
-                            to. These state events may only have the ``sender``,
-                            ``type``, ``state_key`` and ``content`` keys
+                            to. These state events may only have the `sender`,
+                            `type`, `state_key` and `content` keys
                             present. These events do not replace any state that
                             the client already has for the room, for example if
                             the client has archived the room. Instead the
                             client should keep two separate copies of the
-                            state: the one from the ``invite_state`` and one
-                            from the archived ``state``. If the client joins
+                            state: the one from the `invite_state` and one
+                            from the archived `state`. If the client joins
                             the room then the current state will be given as a
-                            delta against the archived ``state`` not the
-                            ``invite_state``.
+                            delta against the archived `state` not the
+                            `invite_state`.
                           properties:
                             events:
                               description: The StrippedState events that form the invite state.
                               items:
-                                $ref: "definitions/event-schemas/schema/stripped_state.yaml"
+                                $ref: "../../event-schemas/schema/stripped_state.yaml"
+                              type: array
+                  knock:
+                    title: Knocked rooms
+                    type: object
+                    description: |-
+                      The rooms that the user has knocked upon, mapped as room ID to room information.
+                    additionalProperties:
+                      title: Knocked Room
+                      type: object
+                      properties:
+                        knock_state:
+                          title: KnockState
+                          type: object
+                          description: |-
+                            The state of a room that the user has knocked upon. The state
+                            events contained here have the same restrictions as `InviteState`
+                            above.
+                          properties:
+                            events:
+                              description: The StrippedState events that form the knock state.
+                              items:
+                                $ref: "../../event-schemas/schema/stripped_state.yaml"
                               type: array
                   leave:
                     title: Left rooms
@@ -333,13 +356,13 @@ paths:
                 type: object
                 description: |-
                   Information on the send-to-device messages for the client
-                  device, as defined in |send_to_device_sync|_.
+                  device, as defined in [Send-to-Device messaging](/client-server-api/#extensions-to-sync).
               device_lists:
                 title: DeviceLists
                 type: object
                 description: |-
                   Information on end-to-end device updates, as specified in
-                  |device_lists_sync|_.
+                  [End-to-end encryption](/client-server-api/#extensions-to-sync-1).
               device_one_time_keys_count:
                 title: One-time keys count
                 type: object
@@ -347,7 +370,7 @@ paths:
                   type: integer
                 description: |-
                   Information on end-to-end encryption keys, as specified
-                  in |device_lists_sync|_.
+                  in [End-to-end encryption](/client-server-api/#extensions-to-sync-1).
             required:
               - next_batch
           examples:
@@ -355,7 +378,7 @@ paths:
                 "next_batch": "s72595_4483_1934",
                 "presence": {
                   "events": [
-                    {"$ref": "definitions/event-schemas/examples/m.presence"}
+                    {"$ref": "../../event-schemas/examples/m.presence.yaml"}
                   ]
                 },
                 "account_data": {
@@ -382,17 +405,17 @@ paths:
                       "state": {
                         "events": [
                           {
-                            "$ref": "definitions/event-schemas/examples/m.room.member"
+                            "$ref": "../../event-schemas/examples/m.room.member.yaml"
                           }
                         ]
                       },
                       "timeline": {
                         "events": [
                           {
-                            "$ref": "definitions/event-schemas/examples/m.room.member"
+                            "$ref": "../../event-schemas/examples/m.room.member.yaml"
                           },
                           {
-                            "$ref": "definitions/event-schemas/examples/m.room.message$m.text"
+                            "$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
                           }
                         ],
                         "limited": true,
@@ -400,12 +423,12 @@ paths:
                       },
                       "ephemeral": {
                         "events": [
-                          {"$ref": "definitions/event-schemas/examples/m.typing"}
+                          {"$ref": "../../event-schemas/examples/m.typing.yaml"}
                         ]
                       },
                       "account_data": {
                         "events": [
-                          {"$ref": "definitions/event-schemas/examples/m.tag"},
+                          {"$ref": "../../event-schemas/examples/m.tag.yaml"},
                           {
                             "type": "org.example.custom.room.config",
                             "content": {
@@ -436,6 +459,26 @@ paths:
                       }
                     }
                   },
+                  "knock": {
+                    "!223asd456:example.com": {
+                      "invite_state": {
+                        "events": [
+                          {
+                            "sender": "@alice:example.com",
+                            "type": "m.room.name",
+                            "state_key": "",
+                            "content": {"name": "My Room Name"}
+                          },
+                          {
+                            "sender": "@bob:example.com",
+                            "type": "m.room.member",
+                            "state_key": "@bob:example.com",
+                            "content": {"membership": "knock"}
+                          }
+                        ]
+                      }
+                    }
+                  },
                   "leave": {}
                 }
               }
diff --git a/api/client-server/tags.yaml b/data/api/client-server/tags.yaml
similarity index 97%
rename from api/client-server/tags.yaml
rename to data/api/client-server/tags.yaml
index 081d8a848a3..94e7be076fb 100644
--- a/api/client-server/tags.yaml
+++ b/data/api/client-server/tags.yaml
@@ -69,7 +69,7 @@ paths:
                       type: number
                       format: float
                       description: |-
-                        A number in a range ``[0,1]`` describing a relative
+                        A number in a range `[0,1]` describing a relative
                         position of the room under the given tag.
                   additionalProperties: true
           examples:
@@ -125,7 +125,7 @@ paths:
                 type: number
                 format: float
                 description: |-
-                  A number in a range ``[0,1]`` describing a relative
+                  A number in a range `[0,1]` describing a relative
                   position of the room under the given tag.
             additionalProperties: true
             example: {
diff --git a/api/client-server/third_party_lookup.yaml b/data/api/client-server/third_party_lookup.yaml
similarity index 96%
rename from api/client-server/third_party_lookup.yaml
rename to data/api/client-server/third_party_lookup.yaml
index 3d348df2f99..6f8829655b3 100644
--- a/api/client-server/third_party_lookup.yaml
+++ b/data/api/client-server/third_party_lookup.yaml
@@ -42,6 +42,8 @@ paths:
           description: The protocols supported by the homeserver.
           schema:
             $ref: ../application-service/definitions/protocol_metadata.yaml
+      tags:
+        - Third Party Lookup
   "/thirdparty/protocol/{protocol}":
     get:
       summary: Retrieve metadata about a specific protocol that the homeserver supports.
@@ -71,6 +73,8 @@ paths:
             }
           schema:
             $ref: definitions/errors/error.yaml
+      tags:
+        - Third Party Lookup
   "/thirdparty/location/{protocol}":
     get:
       summary: Retrieve Matrix-side portals rooms leading to a third party location.
@@ -112,6 +116,8 @@ paths:
             }
           schema:
             $ref: definitions/errors/error.yaml
+      tags:
+        - Third Party Lookup
   "/thirdparty/user/{protocol}":
     get:
       summary: Retrieve the Matrix User ID of a corresponding third party user.
@@ -147,6 +153,8 @@ paths:
             }
           schema:
             $ref: definitions/errors/error.yaml
+      tags:
+        - Third Party Lookup
   "/thirdparty/location":
     get:
       summary: Reverse-lookup third party locations given a Matrix room alias.
@@ -177,6 +185,8 @@ paths:
             }
           schema:
             $ref: definitions/errors/error.yaml
+      tags:
+        - Third Party Lookup
   "/thirdparty/user":
     get:
       summary: Reverse-lookup third party users given a Matrix User ID.
@@ -206,3 +216,5 @@ paths:
             }
           schema:
             $ref: definitions/errors/error.yaml
+      tags:
+        - Third Party Lookup
diff --git a/api/client-server/third_party_membership.yaml b/data/api/client-server/third_party_membership.yaml
similarity index 90%
rename from api/client-server/third_party_membership.yaml
rename to data/api/client-server/third_party_membership.yaml
index 4c5890d1bc6..c48b4697acc 100644
--- a/api/client-server/third_party_membership.yaml
+++ b/data/api/client-server/third_party_membership.yaml
@@ -31,14 +31,12 @@ paths:
     post:
       summary: Invite a user to participate in a particular room.
       description: |-
-        .. _invite-by-third-party-id-endpoint:
-
         *Note that there are two forms of this API, which are documented separately.
         This version of the API does not require that the inviter know the Matrix
         identifier of the invitee, and instead relies on third party identifiers.
         The homeserver uses an identity server to perform the mapping from
         third party identifier to a Matrix identifier. The other is documented in the*
-        `joining rooms section`_.
+        [joining rooms section](/client-server-api/#post_matrixclientr0roomsroomidinvite).
 
         This API invites a user to participate in a particular room.
         They do not start participating in the room until they actually join the
@@ -48,7 +46,7 @@ paths:
         join that room.
 
         If the identity server did know the Matrix user identifier for the
-        third party identifier, the homeserver will append a ``m.room.member``
+        third party identifier, the homeserver will append a `m.room.member`
         event to the room.
 
         If the identity server does not know a Matrix user identifier for the
@@ -56,7 +54,7 @@ paths:
         which can be accepted upon providing proof of ownership of the third
         party identifier. This is achieved by the identity server generating a
         token, which it gives to the inviting homeserver. The homeserver will
-        add an ``m.room.third_party_invite`` event into the graph for the room,
+        add an `m.room.third_party_invite` event into the graph for the room,
         containing that token.
 
         When the invitee binds the invited third party identifier to a Matrix
@@ -72,9 +70,8 @@ paths:
         - The matrix user ID who invited them to the room
 
         If a token is requested from the identity server, the homeserver will
-        append a ``m.room.third_party_invite`` event to the room.
+        append a `m.room.third_party_invite` event to the room.
 
-        .. _joining rooms section: `invite-by-user-id-endpoint`_
       operationId: inviteBy3PID
       security:
         - accessToken: []
@@ -109,7 +106,7 @@ paths:
               medium:
                 type: string
                 # TODO: Link to Identity Service spec when it eixsts
-                description: The kind of address being passed in the address field, for example ``email``.
+                description: The kind of address being passed in the address field, for example `email`.
               address:
                 type: string
                 description: The invitee's third party identifier.
@@ -124,7 +121,7 @@ paths:
             type: object
         403:
           description: |-
-            You do not have permission to invite the user to the room. A meaningful ``errcode`` and description error text will be returned. Example reasons for rejections are:
+            You do not have permission to invite the user to the room. A meaningful `errcode` and description error text will be returned. Example reasons for rejections are:
 
             - The invitee has been banned from the room.
             - The invitee is already a member of the room.
diff --git a/api/client-server/to_device.yaml b/data/api/client-server/to_device.yaml
similarity index 98%
rename from api/client-server/to_device.yaml
rename to data/api/client-server/to_device.yaml
index 739d9a4fae5..a4d2f6dd742 100644
--- a/api/client-server/to_device.yaml
+++ b/data/api/client-server/to_device.yaml
@@ -79,6 +79,7 @@ paths:
                       }
                     }
                   }
+            required: ["messages"]
       responses:
         200:
           description:
diff --git a/api/client-server/typing.yaml b/data/api/client-server/typing.yaml
similarity index 91%
rename from api/client-server/typing.yaml
rename to data/api/client-server/typing.yaml
index e7cbe2d7da4..c7138950d14 100644
--- a/api/client-server/typing.yaml
+++ b/data/api/client-server/typing.yaml
@@ -32,8 +32,8 @@ paths:
       summary: Informs the server that the user has started or stopped typing.
       description: |-
         This tells the server that the user is typing for the next N
-        milliseconds where N is the value specified in the ``timeout`` key.
-        Alternatively, if ``typing`` is ``false``, it tells the server that the
+        milliseconds where N is the value specified in the `timeout` key.
+        Alternatively, if `typing` is `false`, it tells the server that the
         user has stopped typing.
       operationId: setTyping
       security:
@@ -65,7 +65,7 @@ paths:
               typing:
                 type: boolean
                 description: |-
-                  Whether the user is typing or not. If ``false``, the ``timeout``
+                  Whether the user is typing or not. If `false`, the `timeout`
                   key can be omitted.
               timeout:
                 type: integer
diff --git a/api/client-server/users.yaml b/data/api/client-server/users.yaml
similarity index 95%
rename from api/client-server/users.yaml
rename to data/api/client-server/users.yaml
index da8cf03fc14..ae015e7a5a7 100644
--- a/api/client-server/users.yaml
+++ b/data/api/client-server/users.yaml
@@ -39,14 +39,15 @@ paths:
         query remote users as part of the search.
 
         The search is performed case-insensitively on user IDs and display
-        names preferably using a collation determined based upon the 
-        ``Accept-Language`` header provided in the request, if present.
+        names preferably using a collation determined based upon the
+        `Accept-Language` header provided in the request, if present.
       operationId: searchUserDirectory
       security:
         - accessToken: []
       parameters:
         - in: body
           name: body
+          required: true
           schema:
             type: object
             properties:
@@ -95,6 +96,7 @@ paths:
                       description: The display name of the user, if one exists.
                     avatar_url:
                       type: string
+                      format: uri
                       example: "mxc://bar.com/foo"
                       description: The avatar url, as an MXC, if one exists.
               limited:
@@ -105,4 +107,4 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - User directory
diff --git a/api/client-server/versions.yaml b/data/api/client-server/versions.yaml
similarity index 89%
rename from api/client-server/versions.yaml
rename to data/api/client-server/versions.yaml
index 2464af1dced..e359de3c984 100644
--- a/api/client-server/versions.yaml
+++ b/data/api/client-server/versions.yaml
@@ -29,13 +29,13 @@ paths:
       description: |-
         Gets the versions of the specification supported by the server.
 
-        Values will take the form ``rX.Y.Z``.
+        Values will take the form `rX.Y.Z`.
 
-        Only the latest ``Z`` value will be reported for each supported ``X.Y`` value.
-        i.e. if the server implements ``r0.0.0``, ``r0.0.1``, and ``r1.2.0``, it will report ``r0.0.1`` and ``r1.2.0``.
+        Only the latest `Z` value will be reported for each supported `X.Y` value.
+        i.e. if the server implements `r0.0.0`, `r0.0.1`, and `r1.2.0`, it will report `r0.0.1` and `r1.2.0`.
 
         The server may additionally advertise experimental features it supports
-        through ``unstable_features``. These features should be namespaced and
+        through `unstable_features`. These features should be namespaced and
         may optionally include version information within their name if desired.
         Features listed here are not for optionally toggling parts of the Matrix
         specification and should only be used to advertise support for a feature
diff --git a/api/client-server/voip.yaml b/data/api/client-server/voip.yaml
similarity index 100%
rename from api/client-server/voip.yaml
rename to data/api/client-server/voip.yaml
diff --git a/api/client-server/wellknown.yaml b/data/api/client-server/wellknown.yaml
similarity index 95%
rename from api/client-server/wellknown.yaml
rename to data/api/client-server/wellknown.yaml
index 3d1c0ae03f0..9fff7ea7875 100644
--- a/api/client-server/wellknown.yaml
+++ b/data/api/client-server/wellknown.yaml
@@ -28,7 +28,7 @@ paths:
       description: |-
         Gets discovery information about the domain. The file may include
         additional keys, which MUST follow the Java package naming convention,
-        e.g. ``com.example.myapp.property``. This ensures property names are
+        e.g. `com.example.myapp.property`. This ensures property names are
         suitably namespaced for each application and reduces the risk of
         clashes.
 
diff --git a/api/client-server/whoami.yaml b/data/api/client-server/whoami.yaml
similarity index 76%
rename from api/client-server/whoami.yaml
rename to data/api/client-server/whoami.yaml
index ad40eb8691a..54d9cde901b 100644
--- a/api/client-server/whoami.yaml
+++ b/data/api/client-server/whoami.yaml
@@ -29,13 +29,13 @@ paths:
     get:
       summary: Gets information about the owner of an access token.
       description: |-
-        Gets information about the owner of a given access token. 
-        
-        Note that, as with the rest of the Client-Server API, 
-        Application Services may masquerade as users within their 
-        namespace by giving a ``user_id`` query parameter. In this 
-        situation, the server should verify that the given ``user_id``
-        is registered by the appservice, and return it in the response 
+        Gets information about the owner of a given access token.
+
+        Note that, as with the rest of the Client-Server API,
+        Application Services may masquerade as users within their
+        namespace by giving a `user_id` query parameter. In this
+        situation, the server should verify that the given `user_id`
+        is registered by the appservice, and return it in the response
         body.
       operationId: getTokenOwner
       security:
@@ -47,7 +47,8 @@ paths:
             The token belongs to a known user.
           examples:
             application/json: {
-              "user_id": "@joe:example.org"
+              "user_id": "@joe:example.org",
+              "device_id": "ABC1234"
             }
           schema:
             type: object
@@ -55,7 +56,14 @@ paths:
             properties:
               user_id:
                 type: string
-                description: The user id that owns the access token.
+                description: The user ID that owns the access token.
+              device_id:
+                type: string
+                description: |-
+                  Device ID associated with the access token. If no device
+                  is associated with the access token (such as in the case
+                  of application services) then this field can be omitted.
+                  Otherwise this is required.
         401:
           description:
             The token is not recognised
@@ -81,4 +89,4 @@ paths:
           schema:
             "$ref": "definitions/errors/rate_limited.yaml"
       tags:
-        - User data
+        - Session management
diff --git a/api/identity/definitions/request_email_validation.yaml b/data/api/identity/definitions/request_email_validation.yaml
similarity index 90%
rename from api/identity/definitions/request_email_validation.yaml
rename to data/api/identity/definitions/request_email_validation.yaml
index 1a7502c7cc5..c8a3af6a387 100644
--- a/api/identity/definitions/request_email_validation.yaml
+++ b/data/api/identity/definitions/request_email_validation.yaml
@@ -23,7 +23,7 @@ properties:
     description: |
       A unique string generated by the client, and used to identify the
       validation attempt. It must be a string consisting of the characters
-      ``[0-9a-zA-Z.=_-]``. Its length must not exceed 255 characters and it
+      `[0-9a-zA-Z.=_-]`. Its length must not exceed 255 characters and it
       must not be empty.
     example: "monkeys_are_GREAT"
   email:
@@ -33,9 +33,9 @@ properties:
   send_attempt:
     type: integer
     description: |-
-      The server will only send an email if the ``send_attempt``
+      The server will only send an email if the `send_attempt`
       is a number greater than the most recent one which it has seen,
-      scoped to that ``email`` + ``client_secret`` pair. This is to
+      scoped to that `email` + `client_secret` pair. This is to
       avoid repeatedly sending the same email in the case of request
       retries between the POSTing user and the identity server.
       The client should increment this value if they desire a new
diff --git a/api/identity/definitions/request_msisdn_validation.yaml b/data/api/identity/definitions/request_msisdn_validation.yaml
similarity index 87%
rename from api/identity/definitions/request_msisdn_validation.yaml
rename to data/api/identity/definitions/request_msisdn_validation.yaml
index 93cea2ed521..2b1c87080d5 100644
--- a/api/identity/definitions/request_msisdn_validation.yaml
+++ b/data/api/identity/definitions/request_msisdn_validation.yaml
@@ -24,14 +24,14 @@ properties:
     description: |
       A unique string generated by the client, and used to identify the
       validation attempt. It must be a string consisting of the characters
-      ``[0-9a-zA-Z.=_-]``. Its length must not exceed 255 characters and it
+      `[0-9a-zA-Z.=_-]`. Its length must not exceed 255 characters and it
       must not be empty.
     example: "monkeys_are_GREAT"
   country:
     type: string
     description: |-
       The two-letter uppercase ISO-3166-1 alpha-2 country code that the
-      number in ``phone_number`` should be parsed as if it were dialled from.
+      number in `phone_number` should be parsed as if it were dialled from.
     example: "GB"
   phone_number:
     type: string
@@ -40,9 +40,9 @@ properties:
   send_attempt:
     type: integer
     description: |-
-      The server will only send an SMS if the ``send_attempt`` is a
+      The server will only send an SMS if the `send_attempt` is a
       number greater than the most recent one which it has seen,
-      scoped to that ``country`` + ``phone_number`` + ``client_secret``
+      scoped to that `country` + `phone_number` + `client_secret`
       triple. This is to avoid repeatedly sending the same SMS in
       the case of request retries between the POSTing user and the
       identity server. The client should increment this value if
diff --git a/api/identity/definitions/security.yaml b/data/api/identity/definitions/security.yaml
similarity index 90%
rename from api/identity/definitions/security.yaml
rename to data/api/identity/definitions/security.yaml
index ef49ff5c623..64225ec4406 100644
--- a/api/identity/definitions/security.yaml
+++ b/data/api/identity/definitions/security.yaml
@@ -13,6 +13,6 @@
 # limitations under the License.
 accessToken:
   type: apiKey
-  description: The access_token returned by a call to ``/register``.
+  description: The access_token returned by a call to `/register`.
   name: access_token
   in: query
diff --git a/api/identity/definitions/sid.yaml b/data/api/identity/definitions/sid.yaml
similarity index 91%
rename from api/identity/definitions/sid.yaml
rename to data/api/identity/definitions/sid.yaml
index c1f1ae6463f..904f79e120d 100644
--- a/api/identity/definitions/sid.yaml
+++ b/data/api/identity/definitions/sid.yaml
@@ -18,7 +18,7 @@ properties:
     description: |
       The session ID. Session IDs are opaque strings generated by the identity
       server. They must consist entirely of the characters
-      ``[0-9a-zA-Z.=_-]``. Their length must not exceed 255 characters and they
+      `[0-9a-zA-Z.=_-]`. Their length must not exceed 255 characters and they
       must not be empty.
     example: "123abc"
 required: ['sid']
diff --git a/api/identity/v2_associations.yaml b/data/api/identity/v2_associations.yaml
similarity index 85%
rename from api/identity/v2_associations.yaml
rename to data/api/identity/v2_associations.yaml
index b9039a18e2a..e08ac1dab18 100644
--- a/api/identity/v2_associations.yaml
+++ b/data/api/identity/v2_associations.yaml
@@ -39,13 +39,13 @@ paths:
         - in: query
           type: string
           name: sid
-          description: The Session ID generated by the ``requestToken`` call.
+          description: The Session ID generated by the `requestToken` call.
           required: true
           x-example: 1234
         - in: query
           type: string
           name: client_secret
-          description: The client secret passed to the ``requestToken`` call.
+          description: The client secret passed to the `requestToken` call.
           required: true
           x-example: monkeys_are_GREAT
       responses:
@@ -76,9 +76,9 @@ paths:
           description: |-
             The session has not been validated.
 
-            If the session has not been validated, then ``errcode`` will be
-            ``M_SESSION_NOT_VALIDATED``.  If the session has timed out, then
-            ``errcode`` will be ``M_SESSION_EXPIRED``.
+            If the session has not been validated, then `errcode` will be
+            `M_SESSION_NOT_VALIDATED`.  If the session has timed out, then
+            `errcode` will be `M_SESSION_EXPIRED`.
           examples:
             application/json: {
               "errcode": "M_SESSION_NOT_VALIDATED",
@@ -98,7 +98,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -112,12 +112,12 @@ paths:
       description: |-
         Publish an association between a session and a Matrix user ID.
 
-        Future calls to ``/lookup`` for any of the session\'s 3pids will return
+        Future calls to `/lookup` for any of the session\'s 3pids will return
         this association.
 
         Note: for backwards compatibility with previous drafts of this
         specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data.  However, this usage is
+        `application/x-form-www-urlencoded` data.  However, this usage is
         deprecated.
       operationId: bindV2
       security:
@@ -135,10 +135,10 @@ paths:
             properties:
               sid:
                 type: string
-                description: The Session ID generated by the ``requestToken`` call.
+                description: The Session ID generated by the `requestToken` call.
               client_secret:
                 type: string
-                description: The client secret passed to the ``requestToken`` call.
+                description: The client secret passed to the `requestToken` call.
               mxid:
                 type: string
                 description: The Matrix user ID to associate with the 3pids.
@@ -200,9 +200,9 @@ paths:
           description: |-
             The association was not published.
 
-            If the session has not been validated, then ``errcode`` will be
-            ``M_SESSION_NOT_VALIDATED``.  If the session has timed out, then
-            ``errcode`` will be ``M_SESSION_EXPIRED``.
+            If the session has not been validated, then `errcode` will be
+            `M_SESSION_NOT_VALIDATED`.  If the session has timed out, then
+            `errcode` will be `M_SESSION_EXPIRED`.
           examples:
             application/json: {
               "errcode": "M_SESSION_NOT_VALIDATED",
@@ -222,7 +222,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -236,15 +236,15 @@ paths:
       description: |-
         Remove an association between a session and a Matrix user ID.
 
-        Future calls to ``/lookup`` for any of the session's 3pids will not
+        Future calls to `/lookup` for any of the session's 3pids will not
         return the removed association.
 
         The identity server should authenticate the request in one of two
         ways:
 
-        1. The request is signed by the homeserver which controls the ``user_id``.
-        2. The request includes the ``sid`` and ``client_secret`` parameters,
-           as per ``/3pid/bind``, which proves ownership of the 3PID.
+        1. The request is signed by the homeserver which controls the `user_id`.
+        2. The request includes the `sid` and `client_secret` parameters,
+           as per `/3pid/bind`, which proves ownership of the 3PID.
 
         If this endpoint returns a JSON Matrix error, that error should be passed
         through to the client requesting an unbind through a homeserver, if the
@@ -269,10 +269,10 @@ paths:
             properties:
               sid:
                 type: string
-                description: The Session ID generated by the ``requestToken`` call.
+                description: The Session ID generated by the `requestToken` call.
               client_secret:
                 type: string
-                description: The client secret passed to the ``requestToken`` call.
+                description: The client secret passed to the `requestToken` call.
               mxid:
                 type: string
                 description: The Matrix user ID to remove from the 3pids.
@@ -281,12 +281,12 @@ paths:
                 title: 3PID
                 description: |-
                   The 3PID to remove. Must match the 3PID used to generate the session
-                  if using ``sid`` and ``client_secret`` to authenticate this request.
+                  if using `sid` and `client_secret` to authenticate this request.
                 properties:
                   medium:
                     type: string
                     description: |-
-                      A medium from the `3PID Types`_ Appendix, matching the medium
+                      A medium from the [3PID Types](/appendices/#3pid-types) Appendix, matching the medium
                       of the identifier to unbind.
                   address:
                     type: string
@@ -317,8 +317,8 @@ paths:
             the chosen authentication method (such as blocking homeservers from
             unbinding identifiers).
 
-            Another common error code is ``M_TERMS_NOT_SIGNED`` where the user
-            needs to `agree to more terms`_ in order to continue.
+            Another common error code is `M_TERMS_NOT_SIGNED` where the user
+            needs to [agree to more terms](/identity-service-api/#terms-of-service) in order to continue.
           examples:
             application/json: {
               "errcode": "M_FORBIDDEN",
diff --git a/api/identity/v2_auth.yaml b/data/api/identity/v2_auth.yaml
similarity index 92%
rename from api/identity/v2_auth.yaml
rename to data/api/identity/v2_auth.yaml
index a34f679c7e1..b5d1a41ccbd 100644
--- a/api/identity/v2_auth.yaml
+++ b/data/api/identity/v2_auth.yaml
@@ -32,7 +32,7 @@ paths:
       description: |-
         Exchanges an OpenID token from the homeserver for an access token to
         access the identity server. The request body is the same as the values
-        returned by ``/openid/request_token`` in the Client-Server API.
+        returned by `/openid/request_token` in the Client-Server API.
       operationId: registerAccount
       parameters:
         - in: body
@@ -83,7 +83,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -121,7 +121,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
diff --git a/api/identity/v2_email_associations.yaml b/data/api/identity/v2_email_associations.yaml
similarity index 80%
rename from api/identity/v2_email_associations.yaml
rename to data/api/identity/v2_email_associations.yaml
index 76c3747ec4e..08e8c9fa198 100644
--- a/api/identity/v2_email_associations.yaml
+++ b/data/api/identity/v2_email_associations.yaml
@@ -40,13 +40,13 @@ paths:
 
         Note that homeservers offer APIs that proxy this API, adding
         additional behaviour on top, for example,
-        ``/register/email/requestToken`` is designed specifically for use when
+        `/register/email/requestToken` is designed specifically for use when
         registering an account and therefore will inform the user if the email
         address given is already registered on the server.
 
         Note: for backwards compatibility with previous drafts of this
         specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data.  However, this usage is
+        `application/x-form-www-urlencoded` data.  However, this usage is
         deprecated.
       operationId: emailRequestTokenV2
       security:
@@ -65,8 +65,8 @@ paths:
           description: |
             An error ocurred.  Some possible errors are:
 
-            - ``M_INVALID_EMAIL``: The email address provided was invalid.
-            - ``M_EMAIL_SEND_ERROR``: The validation email could not be sent.
+            - `M_INVALID_EMAIL`: The email address provided was invalid.
+            - `M_EMAIL_SEND_ERROR`: The validation email could not be sent.
           examples:
             application/json: {
               "errcode": "M_INVALID_EMAIL",
@@ -77,7 +77,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -92,10 +92,10 @@ paths:
         Validate ownership of an email address.
 
         If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the email address is considered to
+        `requestToken` call, ownership of the email address is considered to
         have been validated. This does not publish any information publicly, or
         associate the email address with any Matrix user ID. Specifically,
-        calls to ``/lookup`` will not show a binding.
+        calls to `/lookup` will not show a binding.
 
         The identity server is free to match the token case-insensitively, or
         carry out other mapping operations such as unicode
@@ -105,7 +105,7 @@ paths:
 
         Note: for backwards compatibility with previous drafts of this
         specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data.  However, this usage is
+        `application/x-form-www-urlencoded` data.  However, this usage is
         deprecated.
       operationId: emailSubmitTokenPostV2
       security:
@@ -123,13 +123,13 @@ paths:
             properties:
               sid:
                 type: string
-                description: The session ID, generated by the ``requestToken`` call.
+                description: The session ID, generated by the `requestToken` call.
               client_secret:
                 type: string
-                description: The client secret that was supplied to the ``requestToken`` call.
+                description: The client secret that was supplied to the `requestToken` call.
               token:
                 type: string
-                description: The token generated by the ``requestToken`` call and emailed to the user.
+                description: The token generated by the `requestToken` call and emailed to the user.
             required: ["sid", "client_secret", "token"]
       responses:
         200:
@@ -149,7 +149,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -163,10 +163,10 @@ paths:
         Validate ownership of an email address.
 
         If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the email address is considered to
+        `requestToken` call, ownership of the email address is considered to
         have been validated. This does not publish any information publicly, or
         associate the email address with any Matrix user ID. Specifically,
-        calls to ``/lookup`` will not show a binding.
+        calls to `/lookup` will not show a binding.
 
         Note that, in contrast with the POST version, this endpoint will be
         used by end-users, and so the response should be human-readable.
@@ -178,35 +178,35 @@ paths:
           type: string
           name: sid
           required: true
-          description: The session ID, generated by the ``requestToken`` call.
+          description: The session ID, generated by the `requestToken` call.
           x-example: 1234
         - in: query
           type: string
           name: client_secret
           required: true
-          description: The client secret that was supplied to the ``requestToken`` call.
+          description: The client secret that was supplied to the `requestToken` call.
           x-example: monkeys_are_GREAT
         - in: query
           type: string
           name: token
           required: true
-          description: The token generated by the ``requestToken`` call and emailed to the user.
+          description: The token generated by the `requestToken` call and emailed to the user.
           x-example: atoken
       responses:
         200:
           description: Email address is validated.
         "3xx":
           description: |-
-            Email address is validated, and the ``next_link`` parameter was
-            provided to the ``requestToken`` call.  The user must be redirected
-            to the URL provided by the ``next_link`` parameter.
+            Email address is validated, and the `next_link` parameter was
+            provided to the `requestToken` call.  The user must be redirected
+            to the URL provided by the `next_link` parameter.
         "4xx":
           description:
             Validation failed.
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
diff --git a/api/identity/v2_invitation_signing.yaml b/data/api/identity/v2_invitation_signing.yaml
similarity index 88%
rename from api/identity/v2_invitation_signing.yaml
rename to data/api/identity/v2_invitation_signing.yaml
index 0431233ac9a..d81b973dde5 100644
--- a/api/identity/v2_invitation_signing.yaml
+++ b/data/api/identity/v2_invitation_signing.yaml
@@ -33,8 +33,8 @@ paths:
       description: |-
         Sign invitation details.
 
-        The identity server will look up ``token`` which was stored in a call
-        to ``store-invite``, and fetch the sender of the invite.
+        The identity server will look up `token` which was stored in a call
+        to `store-invite`, and fetch the sender of the invite.
       operationId: blindlySignStuffV2
       security:
         - accessToken: []
@@ -54,10 +54,10 @@ paths:
                 description: The Matrix user ID of the user accepting the invitation.
               token:
                 type: string
-                description: The token from the call to ``store-invite``.
+                description: The token from the call to `store-invite`.
               private_key:
                 type: string
-                description: The private key, encoded as `Unpadded base64`_.
+                description: The private key, encoded as [Unpadded base64](/appendices/#unpadded-base64).
             required: ["mxid", "token", "private_key"]
       responses:
         200:
@@ -102,7 +102,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
diff --git a/api/identity/v2_lookup.yaml b/data/api/identity/v2_lookup.yaml
similarity index 79%
rename from api/identity/v2_lookup.yaml
rename to data/api/identity/v2_lookup.yaml
index 8acafd753ec..66ac1a0a312 100644
--- a/api/identity/v2_lookup.yaml
+++ b/data/api/identity/v2_lookup.yaml
@@ -55,7 +55,7 @@ paths:
                 type: string
                 description: |-
                   The pepper the client MUST use in hashing identifiers, and MUST
-                  supply to the ``/lookup`` endpoint when performing lookups.
+                  supply to the `/lookup` endpoint when performing lookups.
 
                   Servers SHOULD rotate this string often.
               algorithms:
@@ -63,7 +63,7 @@ paths:
                 items:
                   type: string
                 description: |-
-                  The algorithms the server supports. Must contain at least ``sha256``.
+                  The algorithms the server supports. Must contain at least `sha256`.
             required: ['lookup_pepper', 'algorithms']
   "/lookup":
     post:
@@ -84,14 +84,14 @@ paths:
               algorithm:
                 type: string
                 description: |-
-                  The algorithm the client is using to encode the ``addresses``. This
-                  should be one of the available options from ``/hash_details``.
+                  The algorithm the client is using to encode the `addresses`. This
+                  should be one of the available options from `/hash_details`.
                 example: "sha256"
               pepper:
                 type: string
                 description: |-
-                  The pepper from ``/hash_details``. This is required even when the
-                  ``algorithm`` does not make use of it.
+                  The pepper from `/hash_details`. This is required even when the
+                  `algorithm` does not make use of it.
                 example: "matrixrocks"
               addresses:
                 type: array
@@ -99,8 +99,12 @@ paths:
                   type: string
                 description: |-
                   The addresses to look up. The format of the entries here depend on
-                  the ``algorithm`` used. Note that queries which have been incorrectly
+                  the `algorithm` used. Note that queries which have been incorrectly
                   hashed or formatted will lead to no matches.
+
+                  Note that addresses are case sensitive: review the
+                  [3PID Types](/appendices#pid-types) to verify the intended case an
+                  identifier should be prior to submission/hashing.
                 example: [
                   "4kenr7N9drpCJ4AfalmlGQVsOn3o2RHjkADUpXJWZUc",
                   "nlo35_T5fzSGZzJApqu8lgIudJvmOQtDaHtr-I4rU7I"
@@ -109,7 +113,7 @@ paths:
       responses:
         200:
           description:
-            The associations for any matched ``addresses``.
+            The associations for any matched `addresses`.
           examples:
             application/json: {
               "mappings": {
@@ -122,7 +126,7 @@ paths:
               mappings:
                 type: object
                 description: |-
-                  Any applicable mappings of ``addresses`` to Matrix User IDs. Addresses
+                  Any applicable mappings of `addresses` to Matrix User IDs. Addresses
                   which do not have associations will not be included, which can make
                   this property be an empty object.
                 title: AssociatedMappings
@@ -132,13 +136,13 @@ paths:
         400:
           description:
             The client's request was invalid in some way. One possible problem could
-            be the ``pepper`` being invalid after the server has rotated it - this is
-            presented with the ``M_INVALID_PEPPER`` error code. Clients SHOULD make
-            a call to ``/hash_details`` to get a new pepper in this scenario, being
+            be the `pepper` being invalid after the server has rotated it - this is
+            presented with the `M_INVALID_PEPPER` error code. Clients SHOULD make
+            a call to `/hash_details` to get a new pepper in this scenario, being
             careful to avoid retry loops.
 
-            ``M_INVALID_PARAM`` can also be returned to indicate the client supplied
-            an ``algorithm`` that is unknown to the server.
+            `M_INVALID_PARAM` can also be returned to indicate the client supplied
+            an `algorithm` that is unknown to the server.
           examples:
             application/json: {
               "errcode": "M_INVALID_PEPPER",
diff --git a/api/identity/v2_phone_associations.yaml b/data/api/identity/v2_phone_associations.yaml
similarity index 79%
rename from api/identity/v2_phone_associations.yaml
rename to data/api/identity/v2_phone_associations.yaml
index 6d4ad79bdf8..72680064b6f 100644
--- a/api/identity/v2_phone_associations.yaml
+++ b/data/api/identity/v2_phone_associations.yaml
@@ -40,13 +40,13 @@ paths:
 
         Note that homeservers offer APIs that proxy this API, adding
         additional behaviour on top, for example,
-        ``/register/msisdn/requestToken`` is designed specifically for use when
+        `/register/msisdn/requestToken` is designed specifically for use when
         registering an account and therefore will inform the user if the phone
         number given is already registered on the server.
 
         Note: for backwards compatibility with previous drafts of this
         specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data. However, this usage is
+        `application/x-form-www-urlencoded` data. However, this usage is
         deprecated.
       operationId: msisdnRequestTokenV2
       security:
@@ -65,9 +65,9 @@ paths:
           description: |
             An error ocurred. Some possible errors are:
 
-            - ``M_INVALID_ADDRESS``: The phone number provided was invalid.
-            - ``M_SEND_ERROR``: The validation SMS could not be sent.
-            - ``M_DESTINATION_REJECTED``: The identity server cannot deliver an
+            - `M_INVALID_ADDRESS`: The phone number provided was invalid.
+            - `M_SEND_ERROR`: The validation SMS could not be sent.
+            - `M_DESTINATION_REJECTED`: The identity server cannot deliver an
               SMS to the provided country or region.
           examples:
             application/json: {
@@ -79,7 +79,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -94,10 +94,10 @@ paths:
         Validate ownership of a phone number.
 
         If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the phone number is considered to
+        `requestToken` call, ownership of the phone number is considered to
         have been validated. This does not publish any information publicly, or
         associate the phone number address with any Matrix user
-        ID. Specifically, calls to ``/lookup`` will not show a binding.
+        ID. Specifically, calls to `/lookup` will not show a binding.
 
         The identity server is free to match the token case-insensitively, or
         carry out other mapping operations such as unicode
@@ -107,7 +107,7 @@ paths:
 
         Note: for backwards compatibility with previous drafts of this
         specification, the parameters may also be specified as
-        ``application/x-form-www-urlencoded`` data. However, this usage is
+        `application/x-form-www-urlencoded` data. However, this usage is
         deprecated.
       operationId: msisdnSubmitTokenPostV2
       security:
@@ -125,13 +125,13 @@ paths:
             properties:
               sid:
                 type: string
-                description: The session ID, generated by the ``requestToken`` call.
+                description: The session ID, generated by the `requestToken` call.
               client_secret:
                 type: string
-                description: The client secret that was supplied to the ``requestToken`` call.
+                description: The client secret that was supplied to the `requestToken` call.
               token:
                 type: string
-                description: The token generated by the ``requestToken`` call and sent to the user.
+                description: The token generated by the `requestToken` call and sent to the user.
             required: ["sid", "client_secret", "token"]
       responses:
         200:
@@ -151,7 +151,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
@@ -165,10 +165,10 @@ paths:
         Validate ownership of a phone number.
 
         If the three parameters are consistent with a set generated by a
-        ``requestToken`` call, ownership of the phone number address is
+        `requestToken` call, ownership of the phone number address is
         considered to have been validated. This does not publish any
         information publicly, or associate the phone number with any Matrix
-        user ID. Specifically, calls to ``/lookup`` will not show a binding.
+        user ID. Specifically, calls to `/lookup` will not show a binding.
 
         Note that, in contrast with the POST version, this endpoint will be
         used by end-users, and so the response should be human-readable.
@@ -180,35 +180,35 @@ paths:
           type: string
           name: sid
           required: true
-          description: The session ID, generated by the ``requestToken`` call.
+          description: The session ID, generated by the `requestToken` call.
           x-example: 1234
         - in: query
           type: string
           name: client_secret
           required: true
-          description: The client secret that was supplied to the ``requestToken`` call.
+          description: The client secret that was supplied to the `requestToken` call.
           x-example: monkeys_are_GREAT
         - in: query
           type: string
           name: token
           required: true
-          description: The token generated by the ``requestToken`` call and sent to the user.
+          description: The token generated by the `requestToken` call and sent to the user.
           x-example: atoken
       responses:
         200:
           description: Phone number is validated.
         "3xx":
           description: |-
-            Phone number address is validated, and the ``next_link`` parameter
-            was provided to the ``requestToken`` call. The user must be
-            redirected to the URL provided by the ``next_link`` parameter.
+            Phone number address is validated, and the `next_link` parameter
+            was provided to the `requestToken` call. The user must be
+            redirected to the URL provided by the `next_link` parameter.
         "4xx":
           description:
             Validation failed.
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
diff --git a/api/identity/v2_ping.yaml b/data/api/identity/v2_ping.yaml
similarity index 100%
rename from api/identity/v2_ping.yaml
rename to data/api/identity/v2_ping.yaml
diff --git a/api/identity/v2_pubkey.yaml b/data/api/identity/v2_pubkey.yaml
similarity index 100%
rename from api/identity/v2_pubkey.yaml
rename to data/api/identity/v2_pubkey.yaml
diff --git a/api/identity/v2_store_invite.yaml b/data/api/identity/v2_store_invite.yaml
similarity index 83%
rename from api/identity/v2_store_invite.yaml
rename to data/api/identity/v2_store_invite.yaml
index 9b7a653ca9e..c3fbc7ca00e 100644
--- a/api/identity/v2_store_invite.yaml
+++ b/data/api/identity/v2_store_invite.yaml
@@ -40,23 +40,23 @@ paths:
         The service will generate a random token and an ephemeral key used for
         accepting the invite.
 
-        The service also generates a ``display_name`` for the inviter, which is
-        a redacted version of ``address`` which does not leak the full contents
-        of the ``address``.
+        The service also generates a `display_name` for the inviter, which is
+        a redacted version of `address` which does not leak the full contents
+        of the `address`.
 
         The service records persistently all of the above information.
 
         It also generates an email containing all of this data, sent to the
-        ``address`` parameter, notifying them of the invitation.
+        `address` parameter, notifying them of the invitation.
 
         Also, the generated ephemeral public key will be listed as valid on
-        requests to ``/_matrix/identity/v2/pubkey/ephemeral/isvalid``.
+        requests to `/_matrix/identity/v2/pubkey/ephemeral/isvalid`.
 
-        Currently, invites may only be issued for 3pids of the ``email`` medium.
+        Currently, invites may only be issued for 3pids of the `email` medium.
 
         Optional fields in the request should be populated to the best of the
         server's ability. Identity servers may use these variables when notifying
-        the ``address`` of the pending invite for display purposes.
+        the `address` of the pending invite for display purposes.
       operationId: storeInviteV2
       security:
         - accessToken: []
@@ -68,7 +68,7 @@ paths:
             properties:
               medium:
                 type: string
-                description: The literal string ``email``.
+                description: The literal string `email`.
                 example: "email"
               address:
                 type: string
@@ -86,26 +86,26 @@ paths:
                 type: string
                 description: |-
                   The Matrix room alias for the room to which the user is
-                  invited. This should be retrieved from the ``m.room.canonical_alias``
+                  invited. This should be retrieved from the `m.room.canonical_alias`
                   state event.
                 example: "#somewhere:exmaple.org"
               room_avatar_url:
                 type: string
                 description: |-
                   The Content URI for the room to which the user is invited. This should
-                  be retrieved from the ``m.room.avatar`` state event.
+                  be retrieved from the `m.room.avatar` state event.
                 example: "mxc://example.org/s0meM3dia"
               room_join_rules:
                 type: string
                 description: |-
-                  The ``join_rule`` for the room to which the user is invited. This should
-                  be retrieved from the ``m.room.join_rules`` state event.
+                  The `join_rule` for the room to which the user is invited. This should
+                  be retrieved from the `m.room.join_rules` state event.
                 example: "public"
               room_name:
                 type: string
                 description: |-
                   The name of the room to which the user is invited. This should be retrieved
-                  from the ``m.room.name`` state event.
+                  from the `m.room.name` state event.
                 example: "Bob's Emporium of Messages"
               sender_display_name:
                 type: string
@@ -126,7 +126,7 @@ paths:
                 type: string
                 description: |
                   The generated token. Must be a string consisting of the
-                  characters ``[0-9a-zA-Z.=_-]``. Its length must not exceed
+                  characters `[0-9a-zA-Z.=_-]`. Its length must not exceed
                   255 characters and it must not be empty.
               public_keys:
                 type: array
@@ -153,8 +153,8 @@ paths:
             An error has occured.
 
             If the 3pid is already bound to a Matrix user ID, the error code
-            will be ``M_THREEPID_IN_USE``.  If the medium is unsupported, the
-            error code will be ``M_UNRECOGNIZED``.
+            will be `M_THREEPID_IN_USE`.  If the medium is unsupported, the
+            error code will be `M_UNRECOGNIZED`.
           examples:
             application/json: {
               "errcode": "M_THREEPID_IN_USE",
@@ -166,7 +166,7 @@ paths:
         403:
           description: |
             The user must do something in order to use this endpoint. One example
-            is an ``M_TERMS_NOT_SIGNED`` error where the user must `agree to more terms`_.
+            is an `M_TERMS_NOT_SIGNED` error where the user must [agree to more terms](/identity-service-api/#terms-of-service).
           examples:
             application/json: {
               "errcode": "M_TERMS_NOT_SIGNED",
diff --git a/api/identity/v2_terms.yaml b/data/api/identity/v2_terms.yaml
similarity index 97%
rename from api/identity/v2_terms.yaml
rename to data/api/identity/v2_terms.yaml
index 9b831fbaa8e..fcab28b7d67 100644
--- a/api/identity/v2_terms.yaml
+++ b/data/api/identity/v2_terms.yaml
@@ -106,7 +106,7 @@ paths:
                           all three criteria to avoid conflicts when the policy is updated
                           in the future: for example, if this was "https://example.org/terms.html"
                           then the server would be unable to update it because the client would
-                          have already added that URL to the ``m.accepted_terms`` collection.
+                          have already added that URL to the `m.accepted_terms` collection.
                     required: ['name', 'url']
             required: ['policies']
     post:
@@ -121,7 +121,7 @@ paths:
         to the user. Servers SHOULD consider acceptance of any one language's URL as
         acceptance for all other languages of that policy.
 
-        The server should avoid returning ``M_TERMS_NOT_SIGNED`` because the client
+        The server should avoid returning `M_TERMS_NOT_SIGNED` because the client
         may not be accepting all terms at once.
       operationId: agreeToTerms
       security:
diff --git a/data/api/identity/versions.yaml b/data/api/identity/versions.yaml
new file mode 100644
index 00000000000..5d0a01c4248
--- /dev/null
+++ b/data/api/identity/versions.yaml
@@ -0,0 +1,51 @@
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+swagger: '2.0'
+info:
+  title: "Matrix Identity Service Versions API"
+  version: "1.0.0"
+host: localhost:8090
+schemes:
+  - https
+basePath: /_matrix/identity
+produces:
+  - application/json
+paths:
+  "/versions":
+    get:
+      summary: Gets the versions of the specification supported by the server.
+      description: |-
+        Gets the versions of the specification supported by the server.
+
+        Values will take the form `rX.Y.Z`. <!-- TODO: TravisR: Global versioning spec -->
+
+        All supported versions, including patch versions, are reported by the server.
+      operationId: getVersions
+      responses:
+        200:
+          description: The versions supported by the server.
+          examples:
+            application/json: {
+              "versions": ["r0.1.0", "r0.2.0", "r0.2.1"]
+            }
+          schema:
+            type: object
+            properties:
+              versions:
+                type: array
+                description: The supported versions.
+                items:
+                  type: string
+                  description: The supported versions.
+            required: ['versions']
diff --git a/api/push-gateway/push_notifier.yaml b/data/api/push-gateway/push_notifier.yaml
similarity index 94%
rename from api/push-gateway/push_notifier.yaml
rename to data/api/push-gateway/push_notifier.yaml
index 754c325a3cf..2f03433bd86 100644
--- a/api/push-gateway/push_notifier.yaml
+++ b/data/api/push-gateway/push_notifier.yaml
@@ -39,7 +39,7 @@ paths:
 
         Notifications about a particular event will normally cause the user to be
         alerted in some way. It is therefore necessary to perform duplicate
-        suppression for such notifications using the ``event_id`` field to avoid
+        suppression for such notifications using the `event_id` field to avoid
         retries of this HTTP API causing duplicate alerts. The operation of
         updating counts of unread notifications should be idempotent and
         therefore do not require duplicate suppression.
@@ -111,7 +111,7 @@ paths:
                   type:
                     type: string
                     description: |-
-                      The type of the event as in the event's ``type`` field.
+                      The type of the event as in the event's `type` field.
                   sender:
                     type: string
                     description: |-
@@ -131,13 +131,13 @@ paths:
                     type: boolean
                     description: |-
                       This is true if the user receiving the notification is the
-                      subject of a member event (i.e. the ``state_key`` of the
+                      subject of a member event (i.e. the `state_key` of the
                       member event is equal to the user's Matrix ID).
                   prio:
                     type: string
                     enum: ["high", "low"]
                     description: |-
-                      The priority of the notification. If omitted, ``high`` is
+                      The priority of the notification. If omitted, `high` is
                       assumed. This may be used by push gateways to deliver less
                       time-sensitive notifications in a way that will preserve
                       battery power on mobile devices.
@@ -145,7 +145,7 @@ paths:
                     type: object
                     title: EventContent
                     description: |-
-                      The ``content`` field from the event, if present. The pusher
+                      The `content` field from the event, if present. The pusher
                       may omit this if the event had no content or for any other
                       reason.
                   counts:
@@ -178,10 +178,10 @@ paths:
                         app_id:
                           type: string
                           description: |-
-                            The ``app_id`` given when the pusher was created.
+                            The `app_id` given when the pusher was created.
                         pushkey:
                           type: string
-                          description: The ``pushkey`` given when the pusher was created.
+                          description: The `pushkey` given when the pusher was created.
                         pushkey_ts:
                           type: integer
                           description: |-
@@ -193,7 +193,7 @@ paths:
                           description: |-
                             A dictionary of additional pusher-specific data. For
                             'http' pushers, this is the data dictionary passed in at
-                            pusher creation minus the ``url`` key.
+                            pusher creation minus the `url` key.
                         tweaks:
                           type: object
                           title: Tweaks
diff --git a/api/server-server/backfill.yaml b/data/api/server-server/backfill.yaml
similarity index 80%
rename from api/server-server/backfill.yaml
rename to data/api/server-server/backfill.yaml
index 4bf62663b60..42a0e3bd4f7 100644
--- a/api/server-server/backfill.yaml
+++ b/data/api/server-server/backfill.yaml
@@ -32,8 +32,8 @@ paths:
       summary: Retrieves the events which precede the given event
       description: |-
         Retrieves a sliding-window history of previous PDUs that occurred in the given room.
-        Starting from the PDU ID(s) given in the ``v`` argument, the PDUs given in ``v`` and
-        the PDUs that preceded them are retrieved, up to the total number given by the ``limit``.
+        Starting from the PDU ID(s) given in the `v` argument, the PDUs given in `v` and
+        the PDUs that preceded them are retrieved, up to the total number given by the `limit`.
       operationId: backfillRoom
       security:
         - signedRequest: []
@@ -64,13 +64,13 @@ paths:
             A transaction containing the PDUs that preceded the given event(s), including the given
             event(s), up to the given limit.
 
-            .. Note::
-               Though the PDU definitions require that ``prev_events`` and ``auth_events`` be limited
-               in number, the response of backfill MUST NOT be validated on these specific restrictions.
+            **Note:**
+            Though the PDU definitions require that `prev_events` and `auth_events` be limited
+            in number, the response of backfill MUST NOT be validated on these specific restrictions.
 
-               Due to historical reasons, it is possible that events which were previously accepted
-               would now be rejected by these limitations. The events should be rejected per usual by
-               the ``/send``, ``/get_missing_events``, and remaining endpoints.
+            Due to historical reasons, it is possible that events which were previously accepted
+            would now be rejected by these limitations. The events should be rejected per usual by
+            the `/send`, `/get_missing_events`, and remaining endpoints.
           schema:
             $ref: "definitions/unlimited_pdu_transaction.yaml"
   "/get_missing_events/{roomId}":
@@ -78,8 +78,8 @@ paths:
       summary: Retrieves events that the sender is missing
       description: |-
         Retrieves previous events that the sender is missing. This is done by doing a breadth-first
-        walk of the ``prev_events`` for the ``latest_events``, ignoring any events in ``earliest_events``
-        and stopping at the ``limit``.
+        walk of the `prev_events` for the `latest_events`, ignoring any events in `earliest_events`
+        and stopping at the `limit`.
       operationId: getMissingPreviousEvents
       security:
         - signedRequest: []
@@ -107,7 +107,7 @@ paths:
                 type: array
                 description: |-
                   The latest event IDs that the sender already has. These are skipped when retrieving
-                  the previous events of ``latest_events``.
+                  the previous events of `latest_events`.
                 items:
                   type: string
                 example: ["$missing_event:example.org"]
@@ -121,8 +121,8 @@ paths:
       responses:
         200:
           description: |-
-            The previous events for ``latest_events``, excluding any ``earliest_events``, up to the
-            provided ``limit``.
+            The previous events for `latest_events`, excluding any `earliest_events`, up to the
+            provided `limit`.
           schema:
             type: object
             properties:
@@ -130,7 +130,7 @@ paths:
                 type: array
                 description: |-
                   The missing events. The event format varies depending on the room version - check
-                  the `room version specification`_ for precise event formats.
+                  the [room version specification](/#room-versions) for precise event formats.
                 items:
                   type: object
                   title: PDU
diff --git a/api/server-server/definitions/edu.yaml b/data/api/server-server/definitions/edu.yaml
similarity index 100%
rename from api/server-server/definitions/edu.yaml
rename to data/api/server-server/definitions/edu.yaml
diff --git a/api/server-server/definitions/event-schemas/m.device_list_update.yaml b/data/api/server-server/definitions/event-schemas/m.device_list_update.yaml
similarity index 90%
rename from api/server-server/definitions/event-schemas/m.device_list_update.yaml
rename to data/api/server-server/definitions/event-schemas/m.device_list_update.yaml
index d511bfae7c0..2a9d9b60263 100644
--- a/api/server-server/definitions/event-schemas/m.device_list_update.yaml
+++ b/data/api/server-server/definitions/event-schemas/m.device_list_update.yaml
@@ -1,4 +1,5 @@
 # Copyright 2018 New Vector Ltd
+# Copyright 2020 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,7 +18,8 @@ title: m.device_list_update
 description: |-
   An EDU that lets servers push details to each other when one of their users
   adds a new device to their account, required for E2E encryption to correctly
-  target the current set of devices for a given user.
+  target the current set of devices for a given user. This event will also be
+  sent when an existing device gets a new cross-signing signature.
 
 # FIXME: It's very unclear why we have this API surface for synchronising
 # device lists, rather than just using a room (which could also be used for
@@ -30,7 +32,7 @@ allOf:
       edu_type:
         type: enum
         enum: ['m.device_list_update']
-        description: The string ``m.device_list_update``.
+        description: The string `m.device_list_update`.
         example: "m.device_list_update"
       content:
         type: object
@@ -55,7 +57,7 @@ allOf:
             type: integer
             description: |-
               An ID sent by the server for this update, unique for a given
-              user_id.  Used to identify any gaps in the sequence of ``m.device_list_update``
+              user_id.  Used to identify any gaps in the sequence of `m.device_list_update`
               EDUs broadcast by a server.
             example: 6
           prev_id:
@@ -65,7 +67,7 @@ allOf:
               which have not been referred to already in an EDU's prev_id field.  If the
               receiving server does not recognise any of the prev_ids, it means an EDU
               has been lost and the server should query a snapshot of the device list
-              via ``/user/keys/query`` in order to correctly interpret future ``m.device_list_update``
+              via `/user/keys/query` in order to correctly interpret future `m.device_list_update`
               EDUs.  May be missing or empty for the first EDU in a sequence.
             items:
               type: integer
diff --git a/api/server-server/definitions/event-schemas/m.direct_to_device.yaml b/data/api/server-server/definitions/event-schemas/m.direct_to_device.yaml
similarity index 92%
rename from api/server-server/definitions/event-schemas/m.direct_to_device.yaml
rename to data/api/server-server/definitions/event-schemas/m.direct_to_device.yaml
index 9d5a7468c27..f628ebe0269 100644
--- a/api/server-server/definitions/event-schemas/m.direct_to_device.yaml
+++ b/data/api/server-server/definitions/event-schemas/m.direct_to_device.yaml
@@ -25,7 +25,7 @@ allOf:
       edu_type:
         type: enum
         enum: ['m.direct_to_device']
-        description: The string ``m.direct_to_device``.
+        description: The string `m.direct_to_device`.
         example: "m.direct_to_device"
       content:
         type: object
@@ -35,7 +35,7 @@ allOf:
           sender:
             type: string
             description: User ID of the sender.
-            example: "john@example.com"
+            example: "@john:example.com"
           type:
             type: string
             description: Event type for the message.
@@ -50,7 +50,7 @@ allOf:
             description: |-
               The contents of the messages to be sent.  These are arranged in
               a map of user IDs to a map of device IDs to message bodies.
-              The device ID may also be ``*``, meaning all known devices for the user.
+              The device ID may also be `*`, meaning all known devices for the user.
             additionalProperties:
               type: object
               title: User Devices
@@ -59,7 +59,7 @@ allOf:
                 title: Device Message Contents
                 properties: {}
             example: {
-              "alice@example.org": {
+              "@alice:example.org": {
                 "IWHQUZUIAH": {
                   "algorithm": "m.megolm.v1.aes-sha2",
                   "room_id": "!Cuyf34gef24t:localhost",
diff --git a/api/server-server/definitions/event-schemas/m.presence.yaml b/data/api/server-server/definitions/event-schemas/m.presence.yaml
similarity index 95%
rename from api/server-server/definitions/event-schemas/m.presence.yaml
rename to data/api/server-server/definitions/event-schemas/m.presence.yaml
index 7f47add4dcc..09d5d0d2d64 100644
--- a/api/server-server/definitions/event-schemas/m.presence.yaml
+++ b/data/api/server-server/definitions/event-schemas/m.presence.yaml
@@ -23,7 +23,7 @@ allOf:
       edu_type:
         type: enum
         enum: ['m.presence']
-        description: The string ``m.presence``
+        description: The string `m.presence`
         example: "m.presence"
       content:
         type: object
@@ -63,8 +63,8 @@ allOf:
                   type: boolean
                   description: |-
                     True if the user is likely to be interacting with their
-                    client. This may be indicated by the user having a 
-                    ``last_active_ago`` within the last few minutes. Defaults
+                    client. This may be indicated by the user having a
+                    `last_active_ago` within the last few minutes. Defaults
                     to false.
                   example: true
               required: ['user_id', 'presence', 'last_active_ago']
diff --git a/api/server-server/definitions/event-schemas/m.receipt.yaml b/data/api/server-server/definitions/event-schemas/m.receipt.yaml
similarity index 98%
rename from api/server-server/definitions/event-schemas/m.receipt.yaml
rename to data/api/server-server/definitions/event-schemas/m.receipt.yaml
index 70a02b49a5a..335e7c27d63 100644
--- a/api/server-server/definitions/event-schemas/m.receipt.yaml
+++ b/data/api/server-server/definitions/event-schemas/m.receipt.yaml
@@ -26,7 +26,7 @@ allOf:
       edu_type:
         type: enum
         enum: ['m.receipt']
-        description: The string ``m.receipt``
+        description: The string `m.receipt`
         example: "m.receipt"
       content:
         type: object
diff --git a/data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml b/data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml
new file mode 100644
index 00000000000..c84cd6c31d4
--- /dev/null
+++ b/data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml
@@ -0,0 +1,64 @@
+# Copyright 2020 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+type: object
+title: m.signing_key_update
+description: |-
+  An EDU that lets servers push details to each other when one of their users
+  updates their cross-signing keys.
+allOf:
+  - $ref: ../edu.yaml
+  - type: object
+    properties:
+      edu_type:
+        type: enum
+        enum: ['m.signing_key_update']
+        description: The string `m.signing_update`.
+        example: "m.signing_key_update"
+      content:
+        type: object
+        description: The updated signing keys.
+        title: Signing Key Update
+        properties:
+          user_id:
+            type: string
+            description: The user ID whose cross-signing keys have changed.
+            example: "@alice:example.com"
+          master_key:
+            type: object
+            $ref: ../../../client-server/definitions/cross_signing_key.yaml
+            example: {
+              "user_id": "@alice:example.com",
+              "usage": ["master"],
+              "keys": {
+                "ed25519:base64+master+public+key": "base64+master+public+key",
+              }
+            }
+          self_signing_key:
+            type: object
+            $ref: ../../../client-server/definitions/cross_signing_key.yaml
+            example: {
+              "user_id": "@alice:example.com",
+              "usage": ["self_signing"],
+              "keys": {
+                "ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
+              },
+              "signatures": {
+                "@alice:example.com": {
+                  "ed25519:base64+master+public+key": "signature+of+self+signing+key"
+                }
+              }
+            }
+        required:
+          - user_id
diff --git a/api/server-server/definitions/event-schemas/m.typing.yaml b/data/api/server-server/definitions/event-schemas/m.typing.yaml
similarity index 97%
rename from api/server-server/definitions/event-schemas/m.typing.yaml
rename to data/api/server-server/definitions/event-schemas/m.typing.yaml
index ccbecf53548..7f23bae146e 100644
--- a/api/server-server/definitions/event-schemas/m.typing.yaml
+++ b/data/api/server-server/definitions/event-schemas/m.typing.yaml
@@ -22,7 +22,7 @@ allOf:
       edu_type:
         type: enum
         enum: ['m.typing']
-        description: The string ``m.typing``
+        description: The string `m.typing`
         example: "m.typing"
       content:
         type: object
diff --git a/api/server-server/definitions/invite_event.yaml b/data/api/server-server/definitions/invite_event.yaml
similarity index 82%
rename from api/server-server/definitions/invite_event.yaml
rename to data/api/server-server/definitions/invite_event.yaml
index dd2efdd6dc6..416eb709a4d 100644
--- a/api/server-server/definitions/invite_event.yaml
+++ b/data/api/server-server/definitions/invite_event.yaml
@@ -15,14 +15,14 @@ type: object
 title: InviteEvent
 description: |-
   An invite event. Note that events have a different format depending on the
-  room version - check the `room version specification`_ for precise event formats.
+  room version - check the [room version specification](/#room-versions) for precise event formats.
 allOf:
   - type: object
     properties:
       sender:
         type: string
         description: |-
-          The matrix ID of the user who sent the original ``m.room.third_party_invite``.
+          The matrix ID of the user who sent the original `m.room.third_party_invite`.
         example: "@someone:example.org"
       origin:
         type: string
@@ -35,7 +35,7 @@ allOf:
         example: 1234567890
       type:
         type: string
-        description: The value ``m.room.member``.
+        description: The value `m.room.member`.
         example: "m.room.member"
       state_key:
         type: string
@@ -46,12 +46,12 @@ allOf:
         title: Membership Event Content
         description: |-
           The content of the event, matching what is available in the
-          `Client-Server API`_. Must include a ``membership`` of ``invite``.
+          [Client-Server API](/client-server-api/). Must include a `membership` of `invite`.
         example: {"membership": "invite"}
         properties:
           membership:
             type: string
-            description: The value ``invite``.
+            description: The value `invite`.
             example: "invite"
         required: ['membership']
     required:
diff --git a/api/server-server/definitions/keys.yaml b/data/api/server-server/definitions/keys.yaml
similarity index 79%
rename from api/server-server/definitions/keys.yaml
rename to data/api/server-server/definitions/keys.yaml
index 306d4d00860..3676ae5216e 100644
--- a/api/server-server/definitions/keys.yaml
+++ b/data/api/server-server/definitions/keys.yaml
@@ -26,10 +26,10 @@ properties:
     description: |-
       Public keys of the homeserver for verifying digital signatures.
 
-      The object's key is the algorithm and version combined (``ed25519`` being the
-      algorithm and ``abc123`` being the version in the example below). Together,
+      The object's key is the algorithm and version combined (`ed25519` being the
+      algorithm and `abc123` being the version in the example below). Together,
       this forms the Key ID. The version must have characters matching the regular
-      expression ``[a-zA-Z0-9_]``.
+      expression `[a-zA-Z0-9_]`.
     additionalProperties:
       type: object
       title: Verify Key
@@ -41,7 +41,7 @@ properties:
       properties:
         key:
           type: string
-          description: The `Unpadded Base64`_ encoded key.
+          description: The [Unpadded base64](/appendices/#unpadded-base64) encoded key.
           example: "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA"
       required: ["key"]
   old_verify_keys:
@@ -49,10 +49,10 @@ properties:
     description: |-
       The public keys that the server used to use and when it stopped using them.
 
-      The object's key is the algorithm and version combined (``ed25519`` being the
-      algorithm and ``0ldK3y`` being the version in the example below). Together,
+      The object's key is the algorithm and version combined (`ed25519` being the
+      algorithm and `0ldK3y` being the version in the example below). Together,
       this forms the Key ID. The version must have characters matching the regular
-      expression ``[a-zA-Z0-9_]``.
+      expression `[a-zA-Z0-9_]`.
     additionalProperties:
       type: object
       title: Old Verify Key
@@ -70,16 +70,15 @@ properties:
           example: 1532645052628
         key:
           type: string
-          description: The `Unpadded Base64`_ encoded key.
+          description: The [Unpadded base64](/appendices/#unpadded-base64) encoded key.
           example: "VGhpcyBzaG91bGQgYmUgeW91ciBvbGQga2V5J3MgZWQyNTUxOSBwYXlsb2FkLg"
       required: ["expired_ts", "key"]
   signatures:
     type: object
     description: |-
-      Digital signatures for this object signed using the ``verify_keys``.
+      Digital signatures for this object signed using the `verify_keys`.
 
-      The signature is calculated using the process described at `Signing
-      JSON`_.
+      The signature is calculated using the process described at [Signing JSON](/appendices/#signing-json).
     title: Signatures
     additionalProperties:
       type: object
@@ -91,7 +90,7 @@ properties:
     description: |-
       POSIX timestamp when the list of valid keys should be refreshed. This field MUST
       be ignored in room versions 1, 2, 3, and 4. Keys used beyond this timestamp MUST
-      be considered invalid, depending on the `room version specification`_.
+      be considered invalid, depending on the [room version specification](/#room-versions).
 
       Servers MUST use the lesser of this field and 7 days into the future when
       determining if a key is valid. This is to avoid a situation where an attacker
diff --git a/api/server-server/definitions/keys_query_response.yaml b/data/api/server-server/definitions/keys_query_response.yaml
similarity index 100%
rename from api/server-server/definitions/keys_query_response.yaml
rename to data/api/server-server/definitions/keys_query_response.yaml
diff --git a/api/server-server/definitions/pdu.yaml b/data/api/server-server/definitions/pdu.yaml
similarity index 93%
rename from api/server-server/definitions/pdu.yaml
rename to data/api/server-server/definitions/pdu.yaml
index 87064c22c65..d87db1a30a8 100644
--- a/api/server-server/definitions/pdu.yaml
+++ b/data/api/server-server/definitions/pdu.yaml
@@ -24,7 +24,7 @@ allOf:
         type: object
         title: Event Hash
         description: |-
-          Content hashes of the PDU, following the algorithm specified in `Signing Events`_.
+          Content hashes of the PDU, following the algorithm specified in [Signing Events](/server-server-api/#signing-events).
         example: {
           "sha256": "ThisHashCoversAllFieldsInCaseThisIsRedacted"
         }
@@ -37,7 +37,7 @@ allOf:
       signatures:
         type: object
         description: |-
-          Signatures for the PDU, following the algorithm specified in `Signing Events`_.
+          Signatures for the PDU, following the algorithm specified in [Signing Events](/server-server-api/#signing-events).
         example: {
           "example.com": {
             "ed25519:key_version:": "86BytesOfSignatureOfTheRedactedEvent"
diff --git a/api/server-server/definitions/pdu_v3.yaml b/data/api/server-server/definitions/pdu_v3.yaml
similarity index 95%
rename from api/server-server/definitions/pdu_v3.yaml
rename to data/api/server-server/definitions/pdu_v3.yaml
index 3e69d941b35..32d05b36f9a 100644
--- a/api/server-server/definitions/pdu_v3.yaml
+++ b/data/api/server-server/definitions/pdu_v3.yaml
@@ -52,7 +52,7 @@ allOf:
         type: object
         title: Event Hash
         description: |-
-          Content hashes of the PDU, following the algorithm specified in `Signing Events`_.
+          Content hashes of the PDU, following the algorithm specified in [Signing Events](/server-server-api/#signing-events).
         example: {
           "sha256": "ThisHashCoversAllFieldsInCaseThisIsRedacted"
         }
@@ -65,7 +65,7 @@ allOf:
       signatures:
         type: object
         description: |-
-          Signatures for the PDU, following the algorithm specified in `Signing Events`_.
+          Signatures for the PDU, following the algorithm specified in [Signing Events](/server-server-api/#signing-events).
         example: {
           "example.com": {
             "ed25519:key_version:": "86BytesOfSignatureOfTheRedactedEvent"
diff --git a/api/server-server/definitions/pdu_v4.yaml b/data/api/server-server/definitions/pdu_v4.yaml
similarity index 100%
rename from api/server-server/definitions/pdu_v4.yaml
rename to data/api/server-server/definitions/pdu_v4.yaml
diff --git a/api/server-server/definitions/security.yaml b/data/api/server-server/definitions/security.yaml
similarity index 85%
rename from api/server-server/definitions/security.yaml
rename to data/api/server-server/definitions/security.yaml
index 6c9cc80850f..822b3fdfc8a 100644
--- a/api/server-server/definitions/security.yaml
+++ b/data/api/server-server/definitions/security.yaml
@@ -14,6 +14,6 @@
 signedRequest:
   type: apiKey
   description: |-
-    The ``Authorization`` header defined in the `Authentication`_ section.
+    The `Authorization` header defined in the [Authentication](/server-server-api/#authentication) section.
   name: Authorization
   in: header
diff --git a/api/server-server/definitions/send_join_response.yaml b/data/api/server-server/definitions/send_join_response.yaml
similarity index 73%
rename from api/server-server/definitions/send_join_response.yaml
rename to data/api/server-server/definitions/send_join_response.yaml
index 2837556b8ea..0aad175860f 100644
--- a/api/server-server/definitions/send_join_response.yaml
+++ b/data/api/server-server/definitions/send_join_response.yaml
@@ -25,13 +25,13 @@ properties:
       The auth chain for the entire current room state prior to the join event.
 
       Note that events have a different format depending on the room version - check the
-      `room version specification`_ for precise event formats.
+      [room version specification](/#room-versions) for precise event formats.
     items:
       type: object
       title: PDU
       description: |-
-        The `PDUs <#pdus>`_ that make up the auth chain. The event format varies depending
-        on the room version - check the `room version specification`_ for precise event formats.
+        The [PDUs](/server-server-api/#pdus) that make up the auth chain. The event format varies depending
+        on the room version - check the [room version specification](/#room-versions) for precise event formats.
       schema:
         type: object
         properties: []
@@ -42,14 +42,14 @@ properties:
     description: |-
       The resolved current room state prior to the join event.
 
-      The event format varies depending on the room version - check the `room version specification`_
+      The event format varies depending on the room version - check the [room version specification](/#room-versions)
       for precise event formats.
     items:
       type: object
       title: PDU
       description: |-
-        The `PDUs <#pdus>`_ for the fully resolved state of the room. The event format varies depending
-        on the room version - check the `room version specification`_ for precise event formats.
+        The [PDUs](/server-server-api/#pdus) for the fully resolved state of the room. The event format varies depending
+        on the room version - check the [room version specification](/#room-versions) for precise event formats.
       schema:
         type: object
         properties: []
diff --git a/api/server-server/definitions/single_pdu_transaction.yaml b/data/api/server-server/definitions/single_pdu_transaction.yaml
similarity index 75%
rename from api/server-server/definitions/single_pdu_transaction.yaml
rename to data/api/server-server/definitions/single_pdu_transaction.yaml
index ff682a44ff2..3c406e8fb01 100644
--- a/api/server-server/definitions/single_pdu_transaction.yaml
+++ b/data/api/server-server/definitions/single_pdu_transaction.yaml
@@ -19,13 +19,13 @@ properties:
     type: array
     description: |-
       A single PDU. Note that events have a different format depending on the room
-      version - check the `room version specification`_ for precise event formats.
+      version - check the [room version specification](/#room-versions) for precise event formats.
     items:
       type: object
       title: PDU
       description: |-
-        The `PDUs <#pdus>`_ contained in the transaction. The event format varies depending
-        on the room version - check the `room version specification`_ for precise event formats.
+        The [PDUs](/server-server-api/#pdus) contained in the transaction. The event format varies depending
+        on the room version - check the [room version specification](/#room-versions) for precise event formats.
       properties: []
       example:
         $ref: "../examples/minimal_pdu.json"
diff --git a/api/server-server/definitions/transaction.yaml b/data/api/server-server/definitions/transaction.yaml
similarity index 78%
rename from api/server-server/definitions/transaction.yaml
rename to data/api/server-server/definitions/transaction.yaml
index 08f3738ab16..4d9f3ae4d49 100644
--- a/api/server-server/definitions/transaction.yaml
+++ b/data/api/server-server/definitions/transaction.yaml
@@ -20,7 +20,7 @@ properties:
   origin:
     type: string
     description: |-
-      The ``server_name`` of the homeserver sending this transaction.
+      The `server_name` of the homeserver sending this transaction.
     example: "example.org"
   origin_server_ts:
     type: integer
@@ -34,13 +34,13 @@ properties:
     description: |-
       List of persistent updates to rooms. Must not include more than 50 PDUs. Note that
       events have a different format depending on the room version - check the
-      `room version specification`_ for precise event formats.
+      [room version specification](/#room-versions) for precise event formats.
     items:
       type: object
       title: PDU
       description: |-
-        The `PDUs <#pdus>`_ contained in the transaction. The event format varies depending
-        on the room version - check the `room version specification`_ for precise event formats.
+        The [PDUs](/server-server-api/#pdus) contained in the transaction. The event format varies depending
+        on the room version - check the [room version specification](/#room-versions) for precise event formats.
       properties: []
       example:
         $ref: "../examples/minimal_pdu.json"
diff --git a/api/server-server/definitions/unlimited_pdu_transaction.yaml b/data/api/server-server/definitions/unlimited_pdu_transaction.yaml
similarity index 75%
rename from api/server-server/definitions/unlimited_pdu_transaction.yaml
rename to data/api/server-server/definitions/unlimited_pdu_transaction.yaml
index 0fc31ee4174..bfa29609f1b 100644
--- a/api/server-server/definitions/unlimited_pdu_transaction.yaml
+++ b/data/api/server-server/definitions/unlimited_pdu_transaction.yaml
@@ -19,14 +19,14 @@ properties:
     type: array
     description: |-
       List of persistent updates to rooms. Note that events have a different format
-      depending on the room version - check the `room version specification`_ for
+      depending on the room version - check the [room version specification](/#room-versions) for
       precise event formats.
     items:
       type: object
       title: PDU
       description: |-
-        The `PDUs <#pdus>`_ contained in the transaction. The event format varies depending
-        on the room version - check the `room version specification`_ for precise event formats.
+        The [PDUs](/server-server-api/#pdus) contained in the transaction. The event format varies depending
+        on the room version - check the [room version specification](/#room-versions) for precise event formats.
       properties: []
       example:
         $ref: "../examples/minimal_pdu.json"
diff --git a/api/server-server/definitions/unsigned_pdu.yaml b/data/api/server-server/definitions/unsigned_pdu.yaml
similarity index 100%
rename from api/server-server/definitions/unsigned_pdu.yaml
rename to data/api/server-server/definitions/unsigned_pdu.yaml
diff --git a/api/server-server/definitions/unsigned_pdu_base.yaml b/data/api/server-server/definitions/unsigned_pdu_base.yaml
similarity index 94%
rename from api/server-server/definitions/unsigned_pdu_base.yaml
rename to data/api/server-server/definitions/unsigned_pdu_base.yaml
index c97e74de594..dae148a189b 100644
--- a/api/server-server/definitions/unsigned_pdu_base.yaml
+++ b/data/api/server-server/definitions/unsigned_pdu_base.yaml
@@ -27,7 +27,7 @@ properties:
     example: "@someone:matrix.org"
   origin:
     type: string
-    description: The ``server_name`` of the homeserver that created this event.
+    description: The `server_name` of the homeserver that created this event.
     example: "matrix.org"
   origin_server_ts:
     type: integer
@@ -42,7 +42,7 @@ properties:
     type: string
     description: |-
       If this key is present, the event is a state event, and it will replace previous events
-      with the same ``type`` and ``state_key`` in the room state.
+      with the same `type` and `state_key` in the room state.
     example: "my_key"
   content:
     type: object
@@ -77,7 +77,7 @@ properties:
   depth:
     type: integer
     description: |-
-      The maximum depth of the ``prev_events``, plus one. Must be less than the
+      The maximum depth of the `prev_events`, plus one. Must be less than the
       maximum value for an integer (2^63 - 1). If the room's depth is already at
       the limit, the depth must be set to the limit.
     example: 12
@@ -117,7 +117,7 @@ properties:
     type: object
     title: UnsignedData
     description: |-
-      Additional data added by the origin server but not covered by the ``signatures``. More
+      Additional data added by the origin server but not covered by the `signatures`. More
       keys than those defined here may be used.
     example: {"key": "value"}
     properties:
diff --git a/api/server-server/event_auth.yaml b/data/api/server-server/event_auth.yaml
similarity index 90%
rename from api/server-server/event_auth.yaml
rename to data/api/server-server/event_auth.yaml
index 8f545e1d8a3..0d9fdec1c97 100644
--- a/api/server-server/event_auth.yaml
+++ b/data/api/server-server/event_auth.yaml
@@ -60,13 +60,13 @@ paths:
                   The full set of authorization events that make up the state of
                   the room, and their authorization events, recursively. Note that
                   events have a different format depending on the room version -
-                  check the `room version specification`_ for precise event formats.
+                  check the [room version specification](/#room-versions) for precise event formats.
                 items:
                   type: object
                   title: PDU
                   description: |-
-                    The `PDUs <#pdus>`_ contained in the auth chain. The event format
-                    varies depending on the room version - check the `room version specification`_
+                    The [PDUs](/server-server-api/#pdus) contained in the auth chain. The event format
+                    varies depending on the room version - check the [room version specification](/#room-versions)
                     for precise event formats.
                   properties: []
                   example:
diff --git a/api/server-server/events.yaml b/data/api/server-server/events.yaml
similarity index 90%
rename from api/server-server/events.yaml
rename to data/api/server-server/events.yaml
index 1f8ee537f44..51405d1ce9c 100644
--- a/api/server-server/events.yaml
+++ b/data/api/server-server/events.yaml
@@ -61,13 +61,13 @@ paths:
                   The full set of authorization events that make up the state
                   of the room, and their authorization events, recursively. Note that
                   events have a different format depending on the room version -
-                  check the `room version specification`_ for precise event formats.
+                  check the [room version specification](/#room-versions) for precise event formats.
                 items:
                   type: object
                   title: PDU
                   description: |-
-                    The `PDUs <#pdus>`_ contained in the auth chain. The event format
-                    varies depending on the room version - check the `room version specification`_
+                    The [PDUs](/server-server-api/#pdus) contained in the auth chain. The event format
+                    varies depending on the room version - check the [room version specification](/#room-versions)
                     for precise event formats.
                   properties: []
                   example:
@@ -77,13 +77,13 @@ paths:
                 description: |-
                   The fully resolved state of the room at the given event. Note that
                   events have a different format depending on the room version -
-                  check the `room version specification`_ for precise event formats.
+                  check the [room version specification](/#room-versions) for precise event formats.
                 items:
                   type: object
                   title: PDU
                   description: |-
-                    The `PDUs <#pdus>`_ for the fully resolved state of the room. The event format
-                    varies depending on the room version - check the `room version specification`_
+                    The [PDUs](/server-server-api/#pdus) for the fully resolved state of the room. The event format
+                    varies depending on the room version - check the [room version specification](/#room-versions)
                     for precise event formats.
                   properties: []
                   example:
@@ -94,7 +94,7 @@ paths:
       summary: Get all the state event IDs of a given room
       description: |-
         Retrieves a snapshot of a room's state at a given event, in the form of
-        event IDs. This performs the same function as calling ``/state/{roomId}``,
+        event IDs. This performs the same function as calling `/state/{roomId}`,
         however this returns just the event IDs rather than the full events.
       operationId: getRoomStateIds
       security:
diff --git a/api/server-server/examples/edu.json b/data/api/server-server/examples/edu.json
similarity index 100%
rename from api/server-server/examples/edu.json
rename to data/api/server-server/examples/edu.json
diff --git a/api/server-server/examples/minimal_pdu.json b/data/api/server-server/examples/minimal_pdu.json
similarity index 100%
rename from api/server-server/examples/minimal_pdu.json
rename to data/api/server-server/examples/minimal_pdu.json
diff --git a/api/server-server/examples/pdu.json b/data/api/server-server/examples/pdu.json
similarity index 100%
rename from api/server-server/examples/pdu.json
rename to data/api/server-server/examples/pdu.json
diff --git a/api/server-server/examples/pdu_v3.json b/data/api/server-server/examples/pdu_v3.json
similarity index 100%
rename from api/server-server/examples/pdu_v3.json
rename to data/api/server-server/examples/pdu_v3.json
diff --git a/api/server-server/examples/pdu_v4.json b/data/api/server-server/examples/pdu_v4.json
similarity index 100%
rename from api/server-server/examples/pdu_v4.json
rename to data/api/server-server/examples/pdu_v4.json
diff --git a/api/server-server/examples/server_key.json b/data/api/server-server/examples/server_key.json
similarity index 100%
rename from api/server-server/examples/server_key.json
rename to data/api/server-server/examples/server_key.json
diff --git a/api/server-server/examples/server_key_notary_signed.json b/data/api/server-server/examples/server_key_notary_signed.json
similarity index 100%
rename from api/server-server/examples/server_key_notary_signed.json
rename to data/api/server-server/examples/server_key_notary_signed.json
diff --git a/api/server-server/examples/transaction.json b/data/api/server-server/examples/transaction.json
similarity index 100%
rename from api/server-server/examples/transaction.json
rename to data/api/server-server/examples/transaction.json
diff --git a/api/server-server/examples/unsigned_pdu.json b/data/api/server-server/examples/unsigned_pdu.json
similarity index 100%
rename from api/server-server/examples/unsigned_pdu.json
rename to data/api/server-server/examples/unsigned_pdu.json
diff --git a/api/server-server/examples/unsigned_pdu_base.json b/data/api/server-server/examples/unsigned_pdu_base.json
similarity index 100%
rename from api/server-server/examples/unsigned_pdu_base.json
rename to data/api/server-server/examples/unsigned_pdu_base.json
diff --git a/api/server-server/invites-v1.yaml b/data/api/server-server/invites-v1.yaml
similarity index 93%
rename from api/server-server/invites-v1.yaml
rename to data/api/server-server/invites-v1.yaml
index c62d8e3d697..4925221fc7c 100644
--- a/api/server-server/invites-v1.yaml
+++ b/data/api/server-server/invites-v1.yaml
@@ -36,11 +36,11 @@ paths:
         room by the inviting homeserver.
 
         Servers should prefer to use the v2 API for invites instead of the v1 API. Servers
-        which receive a v1 invite request must assume that the room version is either ``"1"``
-        or ``"2"``.
+        which receive a v1 invite request must assume that the room version is either `"1"`
+        or `"2"`.
 
         Note that events have a different format depending on the room version - check the
-        `room version specification`_ for precise event formats. **The request and response
+        [room version specification](/#room-versions) for precise event formats. **The request and response
         bodies here describe the common event fields in more detail and may be missing other
         required fields for a PDU.**
       operationId: sendInviteV1
@@ -106,14 +106,14 @@ paths:
           description: |-
             The event with the invited server's signature added. All other fields of the events
             should remain untouched. Note that events have a different format depending on the
-            room version - check the `room version specification`_ for precise event formats.
+            room version - check the [room version specification](/#room-versions) for precise event formats.
           schema:
             type: array
             minItems: 2
             maxItems: 2
             items:
               - type: integer
-                description: The value ``200``.
+                description: The value `200`.
                 example: 200
               - type: object
                 description: An object containing the signed invite event.
@@ -135,7 +135,7 @@ paths:
                   "sender": "@someone:example.org",
                   "unsigned": {
                     "invite_room_state": {
-                      "$ref": "../../../event-schemas/examples/invite_room_state.json"
+                      "$ref": "../../event-schemas/examples/invite_room_state.json"
                     }
                   },
                   "content": {
diff --git a/api/server-server/invites-v2.yaml b/data/api/server-server/invites-v2.yaml
similarity index 91%
rename from api/server-server/invites-v2.yaml
rename to data/api/server-server/invites-v2.yaml
index cae14bb4546..039a9e65748 100644
--- a/api/server-server/invites-v2.yaml
+++ b/data/api/server-server/invites-v2.yaml
@@ -31,9 +31,9 @@ paths:
     put:
       summary: Invites a remote user to a room
       description: |-
-        .. Note::
-           This API is nearly identical to the v1 API with the exception of the request
-           body being different, and the response format fixed.
+        **Note:**
+        This API is nearly identical to the v1 API with the exception of the request
+        body being different, and the response format fixed.
 
         Invites a remote user to a room. Once the event has been  signed by both the inviting
         homeserver and the invited homeserver, it can be sent to all of the servers in the
@@ -44,7 +44,7 @@ paths:
         API as the server may be older, if the room version is "1" or "2".
 
         Note that events have a different format depending on the room version - check the
-        `room version specification`_ for precise event formats. **The request and response
+        [room version specification](/#room-versions) for precise event formats. **The request and response
         bodies here describe the common event fields in more detail and may be missing other
         required fields for a PDU.**
       operationId: sendInviteV2
@@ -111,7 +111,7 @@ paths:
           description: |-
             The event with the invited server's signature added. All other fields of the events
             should remain untouched. Note that events have a different format depending on the
-            room version - check the `room version specification`_ for precise event formats.
+            room version - check the [room version specification](/#room-versions) for precise event formats.
           schema:
             type: object
             description: An object containing the signed invite event.
@@ -131,7 +131,7 @@ paths:
                 "sender": "@someone:example.org",
                 "unsigned": {
                   "invite_room_state": {
-                    "$ref": "../../../event-schemas/examples/invite_room_state.json"
+                    "$ref": "../../event-schemas/examples/invite_room_state.json"
                   }
                 },
                 "content": {
@@ -164,7 +164,7 @@ paths:
         400:
           description: |-
             The request is invalid or the room the server is attempting
-            to join has a version that is not listed in the ``ver``
+            to join has a version that is not listed in the `ver`
             parameters.
 
             The error should be passed through to clients so that they
@@ -177,8 +177,8 @@ paths:
                   room_version:
                     type: string
                     description: |-
-                      The version of the room. Required if the ``errcode``
-                      is ``M_INCOMPATIBLE_ROOM_VERSION``.
+                      The version of the room. Required if the `errcode`
+                      is `M_INCOMPATIBLE_ROOM_VERSION`.
           examples:
             application/json: {
               "errcode": "M_INCOMPATIBLE_ROOM_VERSION",
diff --git a/api/server-server/joins-v1.yaml b/data/api/server-server/joins-v1.yaml
similarity index 90%
rename from api/server-server/joins-v1.yaml
rename to data/api/server-server/joins-v1.yaml
index d4fc8f2471e..696ca533352 100644
--- a/api/server-server/joins-v1.yaml
+++ b/data/api/server-server/joins-v1.yaml
@@ -57,14 +57,14 @@ paths:
           name: ver
           description: |-
             The room versions the sending server has support for. Defaults
-            to ``[1]``.
+            to `[1]`.
           x-example: ["1", "2"]
       responses:
         200:
           description: |-
-            A template to be used for the rest of the `Joining Rooms`_ handshake. Note that
+            A template to be used for the rest of the [Joining Rooms](/server-server-api/#joining-rooms) handshake. Note that
             events have a different format depending on the room version - check the
-            `room version specification`_ for precise event formats. **The response body
+            [room version specification](/#room-versions) for precise event formats. **The response body
             here describes the common event fields in more detail and may be missing other
             required fields for a PDU.**
           schema:
@@ -79,7 +79,7 @@ paths:
               event:
                 description: |-
                   An unsigned template event. Note that events have a different format
-                  depending on the room version - check the `room version specification`_
+                  depending on the room version - check the [room version specification](/#room-versions)
                   for precise event formats.
                 type: object
                 title: Event Template
@@ -99,7 +99,7 @@ paths:
                     example: 1234567890
                   type:
                     type: string
-                    description: The value ``m.room.member``.
+                    description: The value `m.room.member`.
                     example: "m.room.member"
                   state_key:
                     type: string
@@ -113,7 +113,7 @@ paths:
                     properties:
                       membership:
                         type: string
-                        description: The value ``join``.
+                        description: The value `join`.
                         example: "join"
                     required: ['membership']
                 required:
@@ -141,7 +141,7 @@ paths:
         400:
           description: |-
             The request is invalid or the room the server is attempting
-            to join has a version that is not listed in the ``ver``
+            to join has a version that is not listed in the `ver`
             parameters.
 
             The error should be passed through to clients so that they
@@ -154,8 +154,8 @@ paths:
                   room_version:
                     type: string
                     description: |-
-                      The version of the room. Required if the ``errcode``
-                      is ``M_INCOMPATIBLE_ROOM_VERSION``.
+                      The version of the room. Required if the `errcode`
+                      is `M_INCOMPATIBLE_ROOM_VERSION`.
           examples:
             application/json: {
               "errcode": "M_INCOMPATIBLE_ROOM_VERSION",
@@ -171,19 +171,18 @@ paths:
               "errcode": "M_NOT_FOUND",
               "error": "Unknown room",
             }
-  
+
   "/send_join/{roomId}/{eventId}":
     put:
       summary: Submit a signed join event to a resident server
       description: |-
-        .. Note::
-           Servers should instead prefer to use the v2 ``/send_join``
-           endpoint.
+        **Note:**
+        Servers should instead prefer to use the v2 `/send_join` endpoint.
 
         Submits a signed join event to the resident server for it
         to accept it into the room's graph. Note that events have
         a different format depending on the room version - check
-        the `room version specification`_ for precise event formats.
+        the [room version specification](/#room-versions) for precise event formats.
         **The request and response body here describe the common
         event fields in more detail and may be missing other required
         fields for a PDU.**
@@ -225,7 +224,7 @@ paths:
                 example: 1234567890
               type:
                 type: string
-                description: The value ``m.room.member``.
+                description: The value `m.room.member`.
                 example: "m.room.member"
               state_key:
                 type: string
@@ -239,7 +238,7 @@ paths:
                 properties:
                   membership:
                     type: string
-                    description: The value ``join``.
+                    description: The value `join`.
                     example: "join"
                 required: ['membership']
             required:
@@ -270,7 +269,7 @@ paths:
             maxItems: 2
             items:
               - type: integer
-                description: The value ``200``.
+                description: The value `200`.
                 example: 200
               - $ref: "./definitions/send_join_response.yaml"
           examples:
diff --git a/api/server-server/joins-v2.yaml b/data/api/server-server/joins-v2.yaml
similarity index 93%
rename from api/server-server/joins-v2.yaml
rename to data/api/server-server/joins-v2.yaml
index b5a1544c93c..de5c57113e9 100644
--- a/api/server-server/joins-v2.yaml
+++ b/data/api/server-server/joins-v2.yaml
@@ -33,9 +33,9 @@ paths:
     put:
       summary: Submit a signed join event to a resident server
       description: |-
-        .. Note::
-           This API is nearly identical to the v1 API with the
-           exception of the response format being fixed.
+        **Note:**
+        This API is nearly identical to the v1 API with the
+        exception of the response format being fixed.
 
         This endpoint is preferred over the v1 API as it provides
         a more standarised response format. Senders which receive
@@ -45,7 +45,7 @@ paths:
         Submits a signed join event to the resident server for it
         to accept it into the room's graph. Note that events have
         a different format depending on the room version - check
-        the `room version specification`_ for precise event formats.
+        the [room version specification](/#room-versions) for precise event formats.
         **The request and response body here describe the common
         event fields in more detail and may be missing other required
         fields for a PDU.**
@@ -87,7 +87,7 @@ paths:
                 example: 1234567890
               type:
                 type: string
-                description: The value ``m.room.member``.
+                description: The value `m.room.member`.
                 example: "m.room.member"
               state_key:
                 type: string
@@ -101,7 +101,7 @@ paths:
                 properties:
                   membership:
                     type: string
-                    description: The value ``join``.
+                    description: The value `join`.
                     example: "join"
                 required: ['membership']
             required:
diff --git a/api/server-server/keys_query.yaml b/data/api/server-server/keys_query.yaml
similarity index 96%
rename from api/server-server/keys_query.yaml
rename to data/api/server-server/keys_query.yaml
index 4989f7faa8a..cad6b8824fe 100644
--- a/api/server-server/keys_query.yaml
+++ b/data/api/server-server/keys_query.yaml
@@ -93,11 +93,11 @@ paths:
               server_keys:
                 type: object
                 description: |-
-                  The query criteria. The outer ``string`` key on the object is the
-                  server name (eg: ``matrix.org``). The inner ``string`` key is the
+                  The query criteria. The outer `string` key on the object is the
+                  server name (eg: `matrix.org`). The inner `string` key is the
                   Key ID to query for the particular server. If no key IDs are given
                   to be queried, the notary server should query for all keys. If no
-                  servers are given, the notary server must return an empty ``server_keys``
+                  servers are given, the notary server must return an empty `server_keys`
                   array in the response.
 
                   The notary server may return multiple keys regardless of the Key IDs
diff --git a/api/server-server/keys_server.yaml b/data/api/server-server/keys_server.yaml
similarity index 100%
rename from api/server-server/keys_server.yaml
rename to data/api/server-server/keys_server.yaml
diff --git a/data/api/server-server/knocks.yaml b/data/api/server-server/knocks.yaml
new file mode 100644
index 00000000000..945362a1c93
--- /dev/null
+++ b/data/api/server-server/knocks.yaml
@@ -0,0 +1,322 @@
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+swagger: '2.0'
+info:
+  title: "Matrix Federation Knock Room API"
+  version: "1.0.0"
+host: localhost:8448
+schemes:
+  - https
+basePath: /_matrix/federation/v1
+consumes:
+  - application/json
+produces:
+  - application/json
+securityDefinitions:
+  $ref: definitions/security.yaml
+paths:
+  "/make_knock/{roomId}/{userId}":
+    get:
+      summary: Get information required to make a knock event for a room.
+      description: |-
+        Asks the receiving server to return information that the sending
+        server will need to prepare a knock event for the room.
+      operationId: makeKnock
+      security:
+        - signedRequest: []
+      parameters:
+        - in: path
+          name: roomId
+          type: string
+          description: The room ID that is about to be knocked.
+          required: true
+          x-example: "!abc123:example.org"
+        - in: path
+          name: userId
+          type: string
+          description: The user ID the knock event will be for.
+          required: true
+          x-example: "@someone:example.org"
+        - in: query
+          type: array
+          items:
+            type: string
+          name: ver
+          description: |-
+            The room versions the sending server has support for.
+          required: true  # knocking was supported in v7
+          x-example: ["1", "7"]
+      responses:
+        200:
+          description: |-
+            A template to be used for the rest of the [Knocking Rooms](/server-server-api/#knocking-rooms)
+            handshake. Note that events have a different format depending on room version - check the
+            [room version specification](/#room-versions) for precise event formats. **The response body
+            here describes the common event fields in more detail and may be missing other
+            required fields for a PDU.**
+          schema:
+            type: object
+            properties:
+              room_version:
+                type: string
+                description: |-
+                  The version of the room where the server is trying to knock.
+                example: "7"
+              event:
+                description: |-
+                  An unsigned template event. Note that events have a different format
+                  depending on the room version - check the [room version specification](/#room-versions)
+                  for precise event formats.
+                type: object
+                title: Event Template
+                properties:
+                  sender:
+                    type: string
+                    description: The user ID of the knocking member.
+                    example: "@someone:example.org"
+                  origin:
+                    type: string
+                    description: The name of the resident homeserver.
+                    example: "matrix.org"
+                  origin_server_ts:
+                    type: integer
+                    format: int64
+                    description: A timestamp added by the resident homeserver.
+                    example: 1234567890
+                  type:
+                    type: string
+                    description: The value `m.room.member`.
+                    example: "m.room.member"
+                  state_key:
+                    type: string
+                    description: The user ID of the knocking member.
+                    example: "@someone:example.org"
+                  content:
+                    type: object
+                    title: Membership Event Content
+                    description: The content of the event.
+                    example: {"membership": "knock"}
+                    properties:
+                      membership:
+                        type: string
+                        description: The value `knock`.
+                        example: "knock"
+                    required: ['membership']
+                required:
+                  - state_key
+                  - origin
+                  - origin_server_ts
+                  - type
+                  - content
+                  - sender
+            required:
+              - room_version  # knocking was added in v7
+              - event
+          examples:
+            application/json: {
+              "room_version": "7",
+              "event": {
+                "$ref": "examples/minimal_pdu.json",
+                "type": "m.room.member",
+                "state_key": "@someone:example.org",
+                "origin": "example.org",
+                "origin_server_ts": 1549041175876,
+                "sender": "@someone:example.org",
+                "content": {
+                  "membership": "knock"
+                }
+              }
+            }
+        400:
+          description: |-
+            The request is invalid or the room the server is attempting
+            to knock upon has a version that is not listed in the `ver`
+            parameters.
+
+            The error should be passed through to clients so that they
+            may give better feedback to users.
+          schema:
+            allOf:
+              - $ref: "../client-server/definitions/errors/error.yaml"
+              - type: object
+                properties:
+                  room_version:
+                    type: string
+                    description: |-
+                      The version of the room. Required if the `errcode`
+                      is `M_INCOMPATIBLE_ROOM_VERSION`.
+          examples:
+            application/json: {
+              "errcode": "M_INCOMPATIBLE_ROOM_VERSION",
+              "error": "Your homeserver does not support the features required to knock on this room",
+              "room_version": "7"
+            }
+        404:
+          description: |-
+            The room that the knocking server is attempting to knock upon is unknown
+            to the receiving server.
+          schema:
+            allOf:
+              - $ref: "../client-server/definitions/errors/error.yaml"
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "Unknown room",
+            }
+        403:
+          description: |-
+            The knocking server or user is not permitted to knock on the room, such as when the
+            server/user is banned or the room is not set up for receiving knocks.
+          schema:
+            allOf:
+              - $ref: "../client-server/definitions/errors/error.yaml"
+          examples:
+            application/json: {
+              "errcode": "M_FORBIDDEN",
+              "error": "You are not permitted to knock on this room",
+            }
+
+  "/send_knock/{roomId}/{eventId}":
+    put:
+      summary: Submit a signed knock event to a resident server.
+      description: |-
+        Submits a signed knock event to the resident server for it to
+        accept into the room's graph. Note that events have
+        a different format depending on the room version - check
+        the [room version specification](/#room-versions) for precise event formats.
+        **The request and response body here describe the common
+        event fields in more detail and may be missing other required
+        fields for a PDU.**
+      operationId: sendKnock
+      security:
+        - signedRequest: []
+      parameters:
+        - in: path
+          name: roomId
+          type: string
+          description: The room ID that is about to be knocked upon.
+          required: true
+          x-example: "!abc123:example.org"
+        - in: path
+          name: eventId
+          type: string
+          description: The event ID for the knock event.
+          required: true
+          x-example: "$abc123:example.org"
+        - in: body
+          name: body
+          type: object
+          required: true
+          schema:
+            type: object
+            properties:
+              sender:
+                type: string
+                description: The user ID of the knocking member.
+                example: "@someone:example.org"
+              origin:
+                type: string
+                description: The name of the knocking homeserver.
+                example: "matrix.org"
+              origin_server_ts:
+                type: integer
+                format: int64
+                description: A timestamp added by the knocking homeserver.
+                example: 1234567890
+              type:
+                type: string
+                description: The value `m.room.member`.
+                example: "m.room.member"
+              state_key:
+                type: string
+                description: The user ID of the knocking member.
+                example: "@someone:example.org"
+              content:
+                type: object
+                title: Membership Event Content
+                description: The content of the event.
+                example: {"membership": "knock"}
+                properties:
+                  membership:
+                    type: string
+                    description: The value `knock`.
+                    example: "knock"
+                required: ['membership']
+            required:
+              - state_key
+              - sender
+              - origin
+              - origin_server_ts
+              - type
+              - content
+          example: {
+            "$ref": "examples/minimal_pdu.json",
+            "type": "m.room.member",
+            "state_key": "@someone:example.org",
+            "origin": "example.org",
+            "origin_server_ts": 1549041175876,
+            "sender": "@someone:example.org",
+            "content": {
+                "membership": "knock"
+            }
+          }
+      responses:
+        200:
+          description: |-
+            Information about the room to pass along to clients regarding the
+            knock.
+          schema:
+            type: object
+            properties:
+              knock_room_state:
+                type: array
+                items:
+                  $ref: "../../event-schemas/schema/stripped_state.yaml"
+                description: |-
+                  A list of simplified events to help the initiator of the knock identify
+                  the room. The recommended events to include are the join rules, canonical
+                  alias, avatar, name, and encryption state of the room.
+                example:
+                  $ref: "../../event-schemas/examples/knock_room_state.json"
+            required: ['knock_room_state']
+          examples:
+            application/json: {
+              "knock_room_state": {"$ref": "../../event-schemas/examples/knock_room_state.json"}
+            }
+        404:
+          description: |-
+            The room that the knocking server is attempting to knock upon is unknown
+            to the receiving server.
+          schema:
+            allOf:
+              - $ref: "../client-server/definitions/errors/error.yaml"
+          examples:
+            application/json: {
+              "errcode": "M_NOT_FOUND",
+              "error": "Unknown room",
+            }
+        403:
+          description: |-
+            The knocking server or user is not permitted to knock on the room, such as when the
+            server/user is banned or the room is not set up for receiving knocks.
+          schema:
+            allOf:
+              - $ref: "../client-server/definitions/errors/error.yaml"
+          examples:
+            application/json: {
+              "errcode": "M_FORBIDDEN",
+              "error": "You are not permitted to knock on this room",
+            }
+
diff --git a/api/server-server/leaving-v1.yaml b/data/api/server-server/leaving-v1.yaml
similarity index 92%
rename from api/server-server/leaving-v1.yaml
rename to data/api/server-server/leaving-v1.yaml
index c92b79201c7..ce96ab4abc0 100644
--- a/api/server-server/leaving-v1.yaml
+++ b/data/api/server-server/leaving-v1.yaml
@@ -53,9 +53,9 @@ paths:
       responses:
         200:
           description: |-
-            A template to be used to call ``/send_leave``. Note that
+            A template to be used to call `/send_leave`. Note that
             events have a different format depending on the room version - check the
-            `room version specification`_ for precise event formats. **The response body
+            [room version specification](/#room-versions) for precise event formats. **The response body
             here describes the common event fields in more detail and may be missing other
             required fields for a PDU.**
           schema:
@@ -70,7 +70,7 @@ paths:
               event:
                 description: |-
                   An unsigned template event. Note that events have a different format
-                  depending on the room version - check the `room version specification`_
+                  depending on the room version - check the [room version specification](/#room-versions)
                   for precise event formats.
                 type: object
                 title: Event Template
@@ -90,7 +90,7 @@ paths:
                     example: 1234567890
                   type:
                     type: string
-                    description: The value ``m.room.member``.
+                    description: The value `m.room.member`.
                     example: "m.room.member"
                   state_key:
                     type: string
@@ -104,7 +104,7 @@ paths:
                     properties:
                       membership:
                         type: string
-                        description: The value ``leave``.
+                        description: The value `leave`.
                         example: "leave"
                     required: ['membership']
                 required:
@@ -143,14 +143,13 @@ paths:
     put:
       summary: Submit a signed leave event to a resident server
       description: |-
-        .. Note::
-           Servers should instead prefer to use the v2 ``/send_leave``
-           endpoint.
+        **Note:**
+        Servers should instead prefer to use the v2 `/send_leave` endpoint.
 
         Submits a signed leave event to the resident server for it
         to accept it into the room's graph. Note that events have
         a different format depending on the room version - check
-        the `room version specification`_ for precise event formats.
+        the [room version specification](/#room-versions) for precise event formats.
         **The request and response body here describe the common
         event fields in more detail and may be missing other required
         fields for a PDU.**
@@ -192,7 +191,7 @@ paths:
                 example: 1234567890
               type:
                 type: string
-                description: The value ``m.room.member``.
+                description: The value `m.room.member`.
                 example: "m.room.member"
               state_key:
                 type: string
@@ -206,7 +205,7 @@ paths:
                 properties:
                   membership:
                     type: string
-                    description: The value ``leave``.
+                    description: The value `leave`.
                     example: "leave"
                 required: ['membership']
               depth:
@@ -243,7 +242,7 @@ paths:
             maxItems: 2
             items:
               - type: integer
-                description: The value ``200``.
+                description: The value `200`.
                 example: 200
               - type: object
                 title: Empty Object
diff --git a/api/server-server/leaving-v2.yaml b/data/api/server-server/leaving-v2.yaml
similarity index 93%
rename from api/server-server/leaving-v2.yaml
rename to data/api/server-server/leaving-v2.yaml
index 3e82c414a20..28a417591a5 100644
--- a/api/server-server/leaving-v2.yaml
+++ b/data/api/server-server/leaving-v2.yaml
@@ -33,9 +33,9 @@ paths:
     put:
       summary: Submit a signed leave event to a resident server
       description: |-
-        .. Note::
-           This API is nearly identical to the v1 API with the
-           exception of the response format being fixed.
+        **Note:**
+        This API is nearly identical to the v1 API with the
+        exception of the response format being fixed.
 
         This endpoint is preferred over the v1 API as it provides
         a more standarised response format. Senders which receive
@@ -45,7 +45,7 @@ paths:
         Submits a signed leave event to the resident server for it
         to accept it into the room's graph. Note that events have
         a different format depending on the room version - check
-        the `room version specification`_ for precise event formats.
+        the [room version specification](/#room-versions) for precise event formats.
         **The request and response body here describe the common
         event fields in more detail and may be missing other required
         fields for a PDU.**
@@ -87,7 +87,7 @@ paths:
                 example: 1234567890
               type:
                 type: string
-                description: The value ``m.room.member``.
+                description: The value `m.room.member`.
                 example: "m.room.member"
               state_key:
                 type: string
@@ -101,7 +101,7 @@ paths:
                 properties:
                   membership:
                     type: string
-                    description: The value ``leave``.
+                    description: The value `leave`.
                     example: "leave"
                 required: ['membership']
               depth:
diff --git a/api/server-server/openid.yaml b/data/api/server-server/openid.yaml
similarity index 100%
rename from api/server-server/openid.yaml
rename to data/api/server-server/openid.yaml
diff --git a/api/server-server/public_rooms.yaml b/data/api/server-server/public_rooms.yaml
similarity index 91%
rename from api/server-server/public_rooms.yaml
rename to data/api/server-server/public_rooms.yaml
index 5324eac39ff..235177857f8 100644
--- a/api/server-server/public_rooms.yaml
+++ b/data/api/server-server/public_rooms.yaml
@@ -1,4 +1,4 @@
-# Copyright 2018 New Vector Ltd
+# Copyright 2018, 2021 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ paths:
           type: string
           description: |-
             The specific third party network/protocol to request from the homeserver.
-            Can only be used if ``include_all_networks`` is false.
+            Can only be used if `include_all_networks` is false.
           x-example: "irc"
       responses:
         200:
@@ -77,7 +77,7 @@ paths:
         of joined members, with the largest rooms first.
 
         Note that this endpoint receives and returns the same format that is seen
-        in the Client-Server API's ``POST /publicRooms`` endpoint.
+        in the Client-Server API's `POST /publicRooms` endpoint.
       operationId: queryPublicRooms
       security:
         - signedRequest: []
@@ -122,7 +122,7 @@ paths:
                 type: string
                 description: |-
                   The specific third party network/protocol to request from the
-                  homeserver. Can only be used if ``include_all_networks`` is false.
+                  homeserver. Can only be used if `include_all_networks` is false.
                 example: "irc"
             example: {
               "limit": 10,
@@ -193,6 +193,13 @@ paths:
                     avatar_url:
                       type: string
                       description: The URL for the room's avatar, if one is set.
+                    join_rule:
+                      type: string
+                      description: |-
+                        The room's join rule. When not present, the room is assumed to
+                        be `public`. Note that rooms with `invite` join rules are not
+                        expected here, but rooms with `knock` rules are given their
+                        near-public nature.
               next_batch:
                 type: string
                 description: |-
@@ -215,13 +222,14 @@ paths:
               "chunk": [
                 {
                   "aliases": ["#murrays:cheese.bar"],
-                  "avatar_url": "mxc://bleeker.street/CHEDDARandBRIE",
+                  "avatar_url": "mxc://bleecker.street/CHEDDARandBRIE",
                   "guest_can_join": false,
                   "name": "CHEESE",
                   "num_joined_members": 37,
                   "room_id": "!ol19s:bleecker.street",
                   "topic": "Tasty tasty cheese",
-                  "world_readable": true
+                  "world_readable": true,
+                  "join_rule": "public"
                 }
               ],
               "next_batch": "p190q",
diff --git a/api/server-server/query.yaml b/data/api/server-server/query.yaml
similarity index 97%
rename from api/server-server/query.yaml
rename to data/api/server-server/query.yaml
index 29826b32260..42b64ea811a 100644
--- a/api/server-server/query.yaml
+++ b/data/api/server-server/query.yaml
@@ -137,13 +137,13 @@ paths:
       responses:
         200:
           description: |-
-            The profile for the user. If a ``field`` is specified in the request, only the
-            matching field should be included in the response. If no ``field`` was specified,
+            The profile for the user. If a `field` is specified in the request, only the
+            matching field should be included in the response. If no `field` was specified,
             the response should include the fields of the user's profile that can be made
             public, such as the display name and avatar.
 
             If the user does not have a particular field set on their profile, the server
-            should exclude it from the response body or give it the value ``null``.
+            should exclude it from the response body or give it the value `null`.
           schema:
             type: object
             properties:
diff --git a/api/server-server/third_party_invite.yaml b/data/api/server-server/third_party_invite.yaml
similarity index 96%
rename from api/server-server/third_party_invite.yaml
rename to data/api/server-server/third_party_invite.yaml
index fbd2a9d999e..9a636aa92a4 100644
--- a/api/server-server/third_party_invite.yaml
+++ b/data/api/server-server/third_party_invite.yaml
@@ -31,9 +31,9 @@ paths:
     put:
       summary: Request a server to auth a third party invite event
       description: |-
-        The receiving server will verify the partial ``m.room.member`` event
+        The receiving server will verify the partial `m.room.member` event
         given in the request body. If valid, the receiving server will issue
-        an invite as per the `Inviting to a room`_ section before returning a
+        an invite as per the [Inviting to a room](/server-server-api/#inviting-to-a-room) section before returning a
         response to this request.
       operationId: exchangeThirdPartyInvite
       security:
@@ -48,14 +48,14 @@ paths:
         - in: body
           name: body
           type: object
-          description: A partial ``m.room.member`` event
+          description: A partial `m.room.member` event
           required: true
           schema:
             type: object
             properties:
               type:
                 type: string
-                description: The event type. Must be ``m.room.member``
+                description: The event type. Must be `m.room.member`
                 example: "m.room.member"
               room_id:
                 type: string
@@ -66,7 +66,7 @@ paths:
               sender:
                 type: string
                 description: |-
-                  The user ID of the user who sent the original ``m.room.third_party_invite``
+                  The user ID of the user who sent the original `m.room.third_party_invite`
                   event.
                 example: "@joe:matrix.org"
               state_key:
@@ -80,7 +80,7 @@ paths:
                 properties:
                   membership:
                     type: string
-                    description: The membership state. Must be ``invite``
+                    description: The membership state. Must be `invite`
                     example: invite
                   third_party_invite:
                     type: object
@@ -111,7 +111,7 @@ paths:
                               The server signatures for this event.
 
                               The signature is calculated using the process
-                              described at `Signing JSON`_.
+                              described at [Signing JSON](/appendices/#signing-json).
                             example: {
                               "magic.forest": {
                                 "ed25519:3": "fQpGIW1Snz+pwLZu6sTy2aHy/DYWWTspTJRPyNp0PKkymfIsNffysMl6ObMMFdIJhk6g6pwlIqZ54rxo8SLmAg"
@@ -288,7 +288,7 @@ paths:
                           type: object
                           title: Identity Server Signature
                           description: |-
-                            The signature from the identity server. The ``string`` key
+                            The signature from the identity server. The `string` key
                             is the identity server's domain name, such as vector.im
                           additionalProperties:
                             type: object
diff --git a/api/server-server/transactions.yaml b/data/api/server-server/transactions.yaml
similarity index 96%
rename from api/server-server/transactions.yaml
rename to data/api/server-server/transactions.yaml
index a6348e1398a..15b3ee368ba 100644
--- a/api/server-server/transactions.yaml
+++ b/data/api/server-server/transactions.yaml
@@ -36,10 +36,10 @@ paths:
         transaction body will be processed.
 
         The sending server must wait and retry for a 200 OK response before sending a
-        transaction with a different ``txnId`` to the receiving server.
+        transaction with a different `txnId` to the receiving server.
 
         Note that events have a different format depending on the room version - check
-        the `room version specification`_ for precise event formats.
+        the [room version specification](/#room-versions) for precise event formats.
       operationId: sendTransaction
       security:
         - signedRequest: []
diff --git a/api/server-server/user_devices.yaml b/data/api/server-server/user_devices.yaml
similarity index 63%
rename from api/server-server/user_devices.yaml
rename to data/api/server-server/user_devices.yaml
index 362f9baa061..9fb15777fd2 100644
--- a/api/server-server/user_devices.yaml
+++ b/data/api/server-server/user_devices.yaml
@@ -1,4 +1,5 @@
 # Copyright 2018 New Vector Ltd
+# Copyright 2020 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -57,8 +58,8 @@ paths:
                 type: integer
                 description: |-
                   A unique ID for a given user_id which describes the version of
-                  the returned device list.  This is matched with the ``stream_id``
-                  field in ``m.device_list_update`` EDUs in order to incrementally
+                  the returned device list.  This is matched with the `stream_id`
+                  field in `m.device_list_update` EDUs in order to incrementally
                   update the returned device_list.
                 example: 5
               devices:
@@ -81,4 +82,37 @@ paths:
                       description: Optional display name for the device.
                       example: "Alice's Mobile Phone"
                   required: ['device_id', 'keys']
+              master_key:
+                type: object
+                description: |-
+                  The user\'s master cross-signing key.
+                allOf:
+                  - $ref: ../client-server/definitions/cross_signing_key.yaml
+                  # FIXME: why isn't the doc generator picking up this example?
+                  - example: {
+                      "user_id": "@alice:example.com",
+                      "usage": ["master"],
+                      "keys": {
+                        "ed25519:base64+master+public+key": "base64+master+public+key",
+                      }
+                    }
+              self_signing_key:
+                type: object
+                description: |-
+                  The user\'s self-signing key.
+                allOf:
+                  - $ref: ../client-server/definitions/cross_signing_key.yaml
+                  # FIXME: why isn't the doc generator picking up this example?
+                  - example: {
+                      "user_id": "@alice:example.com",
+                      "usage": ["self_signing"],
+                      "keys": {
+                        "ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
+                      },
+                      "signatures": {
+                        "@alice:example.com": {
+                          "ed25519:base64+master+public+key": "signature+of+self+signing+key"
+                        }
+                      }
+                    }
             required: ['user_id', 'stream_id', 'devices']
diff --git a/api/server-server/user_keys.yaml b/data/api/server-server/user_keys.yaml
similarity index 74%
rename from api/server-server/user_keys.yaml
rename to data/api/server-server/user_keys.yaml
index 6ed51af0bfd..e1601e33c0a 100644
--- a/api/server-server/user_keys.yaml
+++ b/data/api/server-server/user_keys.yaml
@@ -1,4 +1,5 @@
 # Copyright 2018 New Vector Ltd
+# Copyright 2020 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -71,9 +72,9 @@ paths:
                 type: object
                 description: |-
                   One-time keys for the queried devices. A map from user ID, to a
-                  map from devices to a map from ``<algorithm>:<key_id>`` to the key object.
+                  map from devices to a map from `<algorithm>:<key_id>` to the key object.
 
-                  See the `Client-Server Key Algorithms`_ section for more information on
+                  See the [Client-Server Key Algorithms](/client-server-api/#key-algorithms) section for more information on
                   the Key Object format.
                 additionalProperties:
                   type: object
@@ -96,8 +97,7 @@ paths:
                             description: |-
                               Signature of the key object.
 
-                              The signature is calculated using the process described at `Signing
-                              JSON`_.
+                              The signature is calculated using the process described at [Signing JSON](/appendices/#signing-json).
                         required: ['key', 'signatures']
                 example: {
                   "@alice:example.com": {
@@ -157,7 +157,7 @@ paths:
                   Information on the queried devices. A map from user ID, to a
                   map from device ID to device information.  For each device,
                   the information returned will be the same as uploaded via
-                  ``/keys/upload``, with the addition of an ``unsigned``
+                  `/keys/upload`, with the addition of an `unsigned`
                   property.
                 additionalProperties:
                   type: object
@@ -177,6 +177,51 @@ paths:
                             type: string
                             description:
                               The display name which the user set on the device.
+              master_keys:
+                type: object
+                description: |-
+                  Information on the master cross-signing keys of the queried users.
+                  A map from user ID, to master key information.  For each key, the
+                  information returned will be the same as uploaded via
+                  `/keys/device_signing/upload`, along with the signatures
+                  uploaded via `/keys/signatures/upload` that the user is
+                  allowed to see.
+                additionalProperties:
+                  allOf:
+                    - $ref: ../client-server/definitions/cross_signing_key.yaml
+                example: {
+                  "@alice:example.com": {
+                    "user_id": "@alice:example.com",
+                    "usage": ["master"],
+                    "keys": {
+                      "ed25519:base64+master+public+key": "base64+master+public+key",
+                    }
+                  }
+                }
+              self_signing_keys:
+                type: object
+                description: |-
+                  Information on the self-signing keys of the queried users. A map
+                  from user ID, to self-signing key information.  For each key, the
+                  information returned will be the same as uploaded via
+                  `/keys/device_signing/upload`.
+                additionalProperties:
+                  allOf:
+                    - $ref: ../client-server/definitions/cross_signing_key.yaml
+                example: {
+                  "@alice:example.com": {
+                    "user_id": "@alice:example.com",
+                    "usage": ["self_signing"],
+                    "keys": {
+                      "ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
+                    },
+                    "signatures": {
+                      "@alice:example.com": {
+                        "ed25519:base64+master+public+key": "signature+of+self+signing+key"
+                      }
+                    }
+                  }
+                }
             required: ['device_keys']
           examples:
             application/json: {
diff --git a/api/server-server/version.yaml b/data/api/server-server/version.yaml
similarity index 100%
rename from api/server-server/version.yaml
rename to data/api/server-server/version.yaml
diff --git a/api/server-server/wellknown.yaml b/data/api/server-server/wellknown.yaml
similarity index 87%
rename from api/server-server/wellknown.yaml
rename to data/api/server-server/wellknown.yaml
index bc390bd5530..54da2c75ccc 100644
--- a/api/server-server/wellknown.yaml
+++ b/data/api/server-server/wellknown.yaml
@@ -33,8 +33,8 @@ paths:
       responses:
         200:
           description:
-            The delegated server information. The ``Content-Type`` for this response SHOULD
-            be ``application/json``, however servers parsing the response should assume that
+            The delegated server information. The `Content-Type` for this response SHOULD
+            be `application/json`, however servers parsing the response should assume that
             the body is JSON regardless of type. Failures parsing the JSON or invalid data
             provided in the resulting parsed JSON should not result in discovery failure -
             consult the server discovery process for information on how to continue.
@@ -50,4 +50,4 @@ paths:
                 description: |-
                   The server name to delegate server-server communciations to, with optional
                   port. The delegated server name uses the same grammar as
-                  `server names in the appendices <../appendices.html#server-name>`_.
+                  [server names in the appendices](/appendices/#server-name).
diff --git a/event-schemas/examples/core/event.json b/data/event-schemas/examples/core/event.json
similarity index 100%
rename from event-schemas/examples/core/event.json
rename to data/event-schemas/examples/core/event.json
diff --git a/event-schemas/examples/core/room_edu.json b/data/event-schemas/examples/core/room_edu.json
similarity index 100%
rename from event-schemas/examples/core/room_edu.json
rename to data/event-schemas/examples/core/room_edu.json
diff --git a/event-schemas/examples/core/room_event.json b/data/event-schemas/examples/core/room_event.json
similarity index 100%
rename from event-schemas/examples/core/room_event.json
rename to data/event-schemas/examples/core/room_event.json
diff --git a/event-schemas/examples/core/state_event.json b/data/event-schemas/examples/core/state_event.json
similarity index 100%
rename from event-schemas/examples/core/state_event.json
rename to data/event-schemas/examples/core/state_event.json
diff --git a/event-schemas/examples/invite_room_state.json b/data/event-schemas/examples/invite_room_state.json
similarity index 100%
rename from event-schemas/examples/invite_room_state.json
rename to data/event-schemas/examples/invite_room_state.json
diff --git a/data/event-schemas/examples/knock_room_state.json b/data/event-schemas/examples/knock_room_state.json
new file mode 100644
index 00000000000..9692bb31e6d
--- /dev/null
+++ b/data/event-schemas/examples/knock_room_state.json
@@ -0,0 +1,18 @@
+[
+    {
+        "type": "m.room.name",
+        "sender": "@bob:example.org",
+        "state_key": "",
+        "content": {
+            "name": "Example Room"
+        }
+    },
+    {
+        "type": "m.room.join_rules",
+        "sender": "@bob:example.org",
+        "state_key": "",
+        "content": {
+            "join_rule": "knock"
+        }
+    }
+]
diff --git a/event-schemas/examples/m.accepted_terms b/data/event-schemas/examples/m.accepted_terms.yaml
similarity index 100%
rename from event-schemas/examples/m.accepted_terms
rename to data/event-schemas/examples/m.accepted_terms.yaml
diff --git a/event-schemas/examples/m.call.answer b/data/event-schemas/examples/m.call.answer.yaml
similarity index 100%
rename from event-schemas/examples/m.call.answer
rename to data/event-schemas/examples/m.call.answer.yaml
diff --git a/event-schemas/examples/m.call.candidates b/data/event-schemas/examples/m.call.candidates.yaml
similarity index 100%
rename from event-schemas/examples/m.call.candidates
rename to data/event-schemas/examples/m.call.candidates.yaml
diff --git a/event-schemas/examples/m.call.hangup b/data/event-schemas/examples/m.call.hangup.yaml
similarity index 100%
rename from event-schemas/examples/m.call.hangup
rename to data/event-schemas/examples/m.call.hangup.yaml
diff --git a/event-schemas/examples/m.call.invite b/data/event-schemas/examples/m.call.invite.yaml
similarity index 100%
rename from event-schemas/examples/m.call.invite
rename to data/event-schemas/examples/m.call.invite.yaml
diff --git a/event-schemas/examples/m.direct b/data/event-schemas/examples/m.direct.yaml
similarity index 100%
rename from event-schemas/examples/m.direct
rename to data/event-schemas/examples/m.direct.yaml
diff --git a/event-schemas/examples/m.dummy b/data/event-schemas/examples/m.dummy.yaml
similarity index 100%
rename from event-schemas/examples/m.dummy
rename to data/event-schemas/examples/m.dummy.yaml
diff --git a/event-schemas/examples/m.forwarded_room_key b/data/event-schemas/examples/m.forwarded_room_key.yaml
similarity index 100%
rename from event-schemas/examples/m.forwarded_room_key
rename to data/event-schemas/examples/m.forwarded_room_key.yaml
diff --git a/event-schemas/examples/m.fully_read b/data/event-schemas/examples/m.fully_read.yaml
similarity index 100%
rename from event-schemas/examples/m.fully_read
rename to data/event-schemas/examples/m.fully_read.yaml
diff --git a/event-schemas/examples/m.identity_server b/data/event-schemas/examples/m.identity_server.yaml
similarity index 100%
rename from event-schemas/examples/m.identity_server
rename to data/event-schemas/examples/m.identity_server.yaml
diff --git a/event-schemas/examples/m.ignored_user_list b/data/event-schemas/examples/m.ignored_user_list.yaml
similarity index 100%
rename from event-schemas/examples/m.ignored_user_list
rename to data/event-schemas/examples/m.ignored_user_list.yaml
diff --git a/event-schemas/examples/m.key.verification.accept b/data/event-schemas/examples/m.key.verification.accept.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.accept
rename to data/event-schemas/examples/m.key.verification.accept.yaml
diff --git a/event-schemas/examples/m.key.verification.cancel b/data/event-schemas/examples/m.key.verification.cancel.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.cancel
rename to data/event-schemas/examples/m.key.verification.cancel.yaml
diff --git a/data/event-schemas/examples/m.key.verification.done.yaml b/data/event-schemas/examples/m.key.verification.done.yaml
new file mode 100644
index 00000000000..0e883cf1a5c
--- /dev/null
+++ b/data/event-schemas/examples/m.key.verification.done.yaml
@@ -0,0 +1,6 @@
+{
+    "type": "m.key.verification.done",
+    "content": {
+        "transaction_id": "S0meUniqueAndOpaqueString"
+    }
+}
diff --git a/event-schemas/examples/m.key.verification.key b/data/event-schemas/examples/m.key.verification.key.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.key
rename to data/event-schemas/examples/m.key.verification.key.yaml
diff --git a/event-schemas/examples/m.key.verification.mac b/data/event-schemas/examples/m.key.verification.mac.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.mac
rename to data/event-schemas/examples/m.key.verification.mac.yaml
diff --git a/data/event-schemas/examples/m.key.verification.ready.yaml b/data/event-schemas/examples/m.key.verification.ready.yaml
new file mode 100644
index 00000000000..0397a566561
--- /dev/null
+++ b/data/event-schemas/examples/m.key.verification.ready.yaml
@@ -0,0 +1,10 @@
+{
+    "type": "m.key.verification.ready",
+    "content": {
+        "from_device": "BobDevice1",
+        "transaction_id": "S0meUniqueAndOpaqueString",
+        "methods": [
+            "m.sas.v1"
+        ]
+    }
+}
diff --git a/event-schemas/examples/m.key.verification.request b/data/event-schemas/examples/m.key.verification.request.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.request
rename to data/event-schemas/examples/m.key.verification.request.yaml
diff --git a/event-schemas/examples/m.key.verification.start$m.sas.v1 b/data/event-schemas/examples/m.key.verification.start$m.sas.v1.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.start$m.sas.v1
rename to data/event-schemas/examples/m.key.verification.start$m.sas.v1.yaml
diff --git a/event-schemas/examples/m.key.verification.start b/data/event-schemas/examples/m.key.verification.start.yaml
similarity index 100%
rename from event-schemas/examples/m.key.verification.start
rename to data/event-schemas/examples/m.key.verification.start.yaml
diff --git a/event-schemas/examples/m.policy.rule.room b/data/event-schemas/examples/m.policy.rule.room.yaml
similarity index 100%
rename from event-schemas/examples/m.policy.rule.room
rename to data/event-schemas/examples/m.policy.rule.room.yaml
diff --git a/event-schemas/examples/m.policy.rule.server b/data/event-schemas/examples/m.policy.rule.server.yaml
similarity index 100%
rename from event-schemas/examples/m.policy.rule.server
rename to data/event-schemas/examples/m.policy.rule.server.yaml
diff --git a/event-schemas/examples/m.policy.rule.user b/data/event-schemas/examples/m.policy.rule.user.yaml
similarity index 100%
rename from event-schemas/examples/m.policy.rule.user
rename to data/event-schemas/examples/m.policy.rule.user.yaml
diff --git a/event-schemas/examples/m.presence b/data/event-schemas/examples/m.presence.yaml
similarity index 81%
rename from event-schemas/examples/m.presence
rename to data/event-schemas/examples/m.presence.yaml
index ec4ce6e03e2..4d9cd5a5a27 100644
--- a/event-schemas/examples/m.presence
+++ b/data/event-schemas/examples/m.presence.yaml
@@ -3,7 +3,7 @@
   "sender": "@example:localhost",
   "type": "m.presence",
   "content": {
-    "avatar_url": "mxc://localhost:wefuiwegh8742w",
+    "avatar_url": "mxc://localhost/wefuiwegh8742w",
     "last_active_ago": 2478593,
     "presence": "online",
     "currently_active": false,
diff --git a/event-schemas/examples/m.push_rules b/data/event-schemas/examples/m.push_rules.yaml
similarity index 100%
rename from event-schemas/examples/m.push_rules
rename to data/event-schemas/examples/m.push_rules.yaml
diff --git a/event-schemas/examples/m.receipt b/data/event-schemas/examples/m.receipt.yaml
similarity index 100%
rename from event-schemas/examples/m.receipt
rename to data/event-schemas/examples/m.receipt.yaml
diff --git a/event-schemas/examples/m.room.avatar b/data/event-schemas/examples/m.room.avatar.yaml
similarity index 100%
rename from event-schemas/examples/m.room.avatar
rename to data/event-schemas/examples/m.room.avatar.yaml
diff --git a/event-schemas/examples/m.room.canonical_alias b/data/event-schemas/examples/m.room.canonical_alias.yaml
similarity index 100%
rename from event-schemas/examples/m.room.canonical_alias
rename to data/event-schemas/examples/m.room.canonical_alias.yaml
diff --git a/event-schemas/examples/m.room.create b/data/event-schemas/examples/m.room.create.yaml
similarity index 100%
rename from event-schemas/examples/m.room.create
rename to data/event-schemas/examples/m.room.create.yaml
diff --git a/event-schemas/examples/m.room.encrypted$megolm b/data/event-schemas/examples/m.room.encrypted$megolm.yaml
similarity index 100%
rename from event-schemas/examples/m.room.encrypted$megolm
rename to data/event-schemas/examples/m.room.encrypted$megolm.yaml
diff --git a/event-schemas/examples/m.room.encrypted$olm b/data/event-schemas/examples/m.room.encrypted$olm.yaml
similarity index 100%
rename from event-schemas/examples/m.room.encrypted$olm
rename to data/event-schemas/examples/m.room.encrypted$olm.yaml
diff --git a/event-schemas/examples/m.room.encryption b/data/event-schemas/examples/m.room.encryption.yaml
similarity index 100%
rename from event-schemas/examples/m.room.encryption
rename to data/event-schemas/examples/m.room.encryption.yaml
diff --git a/event-schemas/examples/m.room.guest_access b/data/event-schemas/examples/m.room.guest_access.yaml
similarity index 100%
rename from event-schemas/examples/m.room.guest_access
rename to data/event-schemas/examples/m.room.guest_access.yaml
diff --git a/event-schemas/examples/m.room.history_visibility b/data/event-schemas/examples/m.room.history_visibility.yaml
similarity index 100%
rename from event-schemas/examples/m.room.history_visibility
rename to data/event-schemas/examples/m.room.history_visibility.yaml
diff --git a/event-schemas/examples/m.room.join_rules b/data/event-schemas/examples/m.room.join_rules.yaml
similarity index 100%
rename from event-schemas/examples/m.room.join_rules
rename to data/event-schemas/examples/m.room.join_rules.yaml
diff --git a/event-schemas/examples/m.room.member$invite_room_state b/data/event-schemas/examples/m.room.member$invite_room_state.yaml
similarity index 66%
rename from event-schemas/examples/m.room.member$invite_room_state
rename to data/event-schemas/examples/m.room.member$invite_room_state.yaml
index 54fcba60ad9..38a4951cee0 100644
--- a/event-schemas/examples/m.room.member$invite_room_state
+++ b/data/event-schemas/examples/m.room.member$invite_room_state.yaml
@@ -1,9 +1,10 @@
 {
-  "$ref": "m.room.member",
+  "$ref": "m.room.member.yaml",
   "content": {
     "membership": "invite",
     "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
-    "displayname": "Alice Margatroid"
+    "displayname": "Alice Margatroid",
+    "reason": "Looking for support"
   },
   "unsigned": {
     "age": 1234,
diff --git a/data/event-schemas/examples/m.room.member$knock_room_state.yaml b/data/event-schemas/examples/m.room.member$knock_room_state.yaml
new file mode 100644
index 00000000000..c1ec3a3215b
--- /dev/null
+++ b/data/event-schemas/examples/m.room.member$knock_room_state.yaml
@@ -0,0 +1,15 @@
+{
+  "$ref": "m.room.member.yaml",
+  "content": {
+    "membership": "knock",
+    "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
+    "displayname": "Alice Margatroid",
+    "reason": "Looking for support"
+  },
+  "unsigned": {
+    "age": 1234,
+    "knock_room_state": {
+      "$ref": "knock_room_state.json"
+    }
+  }
+}
diff --git a/event-schemas/examples/m.room.member$third_party_invite b/data/event-schemas/examples/m.room.member$third_party_invite.yaml
similarity index 93%
rename from event-schemas/examples/m.room.member$third_party_invite
rename to data/event-schemas/examples/m.room.member$third_party_invite.yaml
index a40d44f9934..ead4cbee379 100644
--- a/event-schemas/examples/m.room.member$third_party_invite
+++ b/data/event-schemas/examples/m.room.member$third_party_invite.yaml
@@ -1,5 +1,5 @@
 {
-  "$ref": "m.room.member",
+  "$ref": "m.room.member.yaml",
   "content": {
     "membership": "invite",
     "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
diff --git a/event-schemas/examples/m.room.member b/data/event-schemas/examples/m.room.member.yaml
similarity index 73%
rename from event-schemas/examples/m.room.member
rename to data/event-schemas/examples/m.room.member.yaml
index 18bc457b7c6..5147b258fed 100644
--- a/event-schemas/examples/m.room.member
+++ b/data/event-schemas/examples/m.room.member.yaml
@@ -5,6 +5,7 @@
   "content": {
     "membership": "join",
     "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
-    "displayname": "Alice Margatroid"
+    "displayname": "Alice Margatroid",
+    "reason": "Looking for support"
   }
 }
diff --git a/event-schemas/examples/m.room.message$m.audio b/data/event-schemas/examples/m.room.message$m.audio.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.audio
rename to data/event-schemas/examples/m.room.message$m.audio.yaml
diff --git a/event-schemas/examples/m.room.message$m.emote b/data/event-schemas/examples/m.room.message$m.emote.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.emote
rename to data/event-schemas/examples/m.room.message$m.emote.yaml
diff --git a/event-schemas/examples/m.room.message$m.file b/data/event-schemas/examples/m.room.message$m.file.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.file
rename to data/event-schemas/examples/m.room.message$m.file.yaml
diff --git a/event-schemas/examples/m.room.message$m.image b/data/event-schemas/examples/m.room.message$m.image.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.image
rename to data/event-schemas/examples/m.room.message$m.image.yaml
diff --git a/event-schemas/examples/m.room.message$m.location b/data/event-schemas/examples/m.room.message$m.location.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.location
rename to data/event-schemas/examples/m.room.message$m.location.yaml
diff --git a/event-schemas/examples/m.room.message$m.notice b/data/event-schemas/examples/m.room.message$m.notice.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.notice
rename to data/event-schemas/examples/m.room.message$m.notice.yaml
diff --git a/event-schemas/examples/m.room.message$m.server_notice b/data/event-schemas/examples/m.room.message$m.server_notice.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.server_notice
rename to data/event-schemas/examples/m.room.message$m.server_notice.yaml
diff --git a/event-schemas/examples/m.room.message$m.text b/data/event-schemas/examples/m.room.message$m.text.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.text
rename to data/event-schemas/examples/m.room.message$m.text.yaml
diff --git a/event-schemas/examples/m.room.message$m.video b/data/event-schemas/examples/m.room.message$m.video.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message$m.video
rename to data/event-schemas/examples/m.room.message$m.video.yaml
diff --git a/event-schemas/examples/m.room.message.feedback b/data/event-schemas/examples/m.room.message.feedback.yaml
similarity index 100%
rename from event-schemas/examples/m.room.message.feedback
rename to data/event-schemas/examples/m.room.message.feedback.yaml
diff --git a/event-schemas/examples/m.room.name b/data/event-schemas/examples/m.room.name.yaml
similarity index 100%
rename from event-schemas/examples/m.room.name
rename to data/event-schemas/examples/m.room.name.yaml
diff --git a/event-schemas/examples/m.room.pinned_events b/data/event-schemas/examples/m.room.pinned_events.yaml
similarity index 100%
rename from event-schemas/examples/m.room.pinned_events
rename to data/event-schemas/examples/m.room.pinned_events.yaml
diff --git a/event-schemas/examples/m.room.power_levels b/data/event-schemas/examples/m.room.power_levels.yaml
similarity index 100%
rename from event-schemas/examples/m.room.power_levels
rename to data/event-schemas/examples/m.room.power_levels.yaml
diff --git a/event-schemas/examples/m.room.redaction b/data/event-schemas/examples/m.room.redaction.yaml
similarity index 100%
rename from event-schemas/examples/m.room.redaction
rename to data/event-schemas/examples/m.room.redaction.yaml
diff --git a/event-schemas/examples/m.room.server_acl b/data/event-schemas/examples/m.room.server_acl.yaml
similarity index 100%
rename from event-schemas/examples/m.room.server_acl
rename to data/event-schemas/examples/m.room.server_acl.yaml
diff --git a/event-schemas/examples/m.room.third_party_invite b/data/event-schemas/examples/m.room.third_party_invite.yaml
similarity index 100%
rename from event-schemas/examples/m.room.third_party_invite
rename to data/event-schemas/examples/m.room.third_party_invite.yaml
diff --git a/event-schemas/examples/m.room.tombstone b/data/event-schemas/examples/m.room.tombstone.yaml
similarity index 100%
rename from event-schemas/examples/m.room.tombstone
rename to data/event-schemas/examples/m.room.tombstone.yaml
diff --git a/event-schemas/examples/m.room.topic b/data/event-schemas/examples/m.room.topic.yaml
similarity index 100%
rename from event-schemas/examples/m.room.topic
rename to data/event-schemas/examples/m.room.topic.yaml
diff --git a/data/event-schemas/examples/m.room_key.withheld.yaml b/data/event-schemas/examples/m.room_key.withheld.yaml
new file mode 100644
index 00000000000..fa8f135f141
--- /dev/null
+++ b/data/event-schemas/examples/m.room_key.withheld.yaml
@@ -0,0 +1,12 @@
+{
+  "$ref": "core/event.json",
+  "type": "m.room_key.withheld",
+  "content": {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "room_id": "!Cuyf34gef24t:localhost",
+    "session_id": "X3lUlvLELLYxeTx4yOVu6UDpasGEVO0Jbu+QFnm0cKQ",
+    "sender_key": "RF3s+E7RkTQTGF2d8Deol0FkQvgII2aJDf3/Jp5mxVU",
+    "code": "m.unverified",
+    "reason": "Device not verified"
+  }
+}
diff --git a/event-schemas/examples/m.room_key b/data/event-schemas/examples/m.room_key.yaml
similarity index 100%
rename from event-schemas/examples/m.room_key
rename to data/event-schemas/examples/m.room_key.yaml
diff --git a/event-schemas/examples/m.room_key_request$cancel_request b/data/event-schemas/examples/m.room_key_request$cancel_request.yaml
similarity index 100%
rename from event-schemas/examples/m.room_key_request$cancel_request
rename to data/event-schemas/examples/m.room_key_request$cancel_request.yaml
diff --git a/event-schemas/examples/m.room_key_request$request b/data/event-schemas/examples/m.room_key_request$request.yaml
similarity index 100%
rename from event-schemas/examples/m.room_key_request$request
rename to data/event-schemas/examples/m.room_key_request$request.yaml
diff --git a/event-schemas/examples/m.sticker b/data/event-schemas/examples/m.sticker.yaml
similarity index 100%
rename from event-schemas/examples/m.sticker
rename to data/event-schemas/examples/m.sticker.yaml
diff --git a/event-schemas/examples/m.tag b/data/event-schemas/examples/m.tag.yaml
similarity index 100%
rename from event-schemas/examples/m.tag
rename to data/event-schemas/examples/m.tag.yaml
diff --git a/event-schemas/examples/m.typing b/data/event-schemas/examples/m.typing.yaml
similarity index 100%
rename from event-schemas/examples/m.typing
rename to data/event-schemas/examples/m.typing.yaml
diff --git a/event-schemas/moderation_policy_rule.yaml b/data/event-schemas/moderation_policy_rule.yaml
similarity index 77%
rename from event-schemas/moderation_policy_rule.yaml
rename to data/event-schemas/moderation_policy_rule.yaml
index 34ad4d9a1b3..a57a1ffe7b1 100644
--- a/event-schemas/moderation_policy_rule.yaml
+++ b/data/event-schemas/moderation_policy_rule.yaml
@@ -14,14 +14,14 @@
 properties:
   entity:
     description: |-
-      The entity affected by this rule. Glob characters ``*`` and ``?`` can be used
+      The entity affected by this rule. Glob characters `*` and `?` can be used
       to match zero or more and one or more characters respectively.
     type: string
   recommendation:
-    description: The suggested action to take. Currently only ``m.ban`` is specified.
+    description: The suggested action to take. Currently only `m.ban` is specified.
     type: string
   reason:
-    description: The human-readable description for the ``recommendation``.
+    description: The human-readable description for the `recommendation`.
     type: string
 type: object
 required:
diff --git a/event-schemas/schema/core-event-schema/event.yaml b/data/event-schemas/schema/core-event-schema/event.yaml
similarity index 100%
rename from event-schemas/schema/core-event-schema/event.yaml
rename to data/event-schemas/schema/core-event-schema/event.yaml
diff --git a/event-schemas/schema/core-event-schema/msgtype_infos/image_info.yaml b/data/event-schemas/schema/core-event-schema/msgtype_infos/image_info.yaml
similarity index 70%
rename from event-schemas/schema/core-event-schema/msgtype_infos/image_info.yaml
rename to data/event-schemas/schema/core-event-schema/msgtype_infos/image_info.yaml
index ff40efcb843..b83bf6c1361 100644
--- a/event-schemas/schema/core-event-schema/msgtype_infos/image_info.yaml
+++ b/data/event-schemas/schema/core-event-schema/msgtype_infos/image_info.yaml
@@ -12,25 +12,26 @@ properties:
       differ from the intrinsic dimensions of the image file.
     type: integer
   mimetype:
-    description: The mimetype of the image, e.g. ``image/jpeg``.
+    description: The mimetype of the image, e.g. `image/jpeg`.
     type: string
   size:
     description: Size of the image in bytes.
     type: integer
   thumbnail_url:
     description: |-
-      The URL (typically `MXC URI`_) to a thumbnail of the image.
+      The URL (typically [MXC URI](/client-server-api/#matrix-content-mxc-uris)) to a thumbnail of the image.
       Only present if the thumbnail is unencrypted.
     type: string
   thumbnail_file:
     description: |-
       Information on the encrypted thumbnail file, as specified in
-      |encrypted_files|_. Only present if the thumbnail is encrypted.
+      [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
+      Only present if the thumbnail is encrypted.
     title: EncryptedFile
     type: object
   thumbnail_info:
     allOf:
       - $ref: thumbnail_info.yaml
-    description: Metadata about the image referred to in ``thumbnail_url``.
+    description: Metadata about the image referred to in `thumbnail_url`.
 title: ImageInfo
 type: object
diff --git a/event-schemas/schema/core-event-schema/msgtype_infos/thumbnail_info.yaml b/data/event-schemas/schema/core-event-schema/msgtype_infos/thumbnail_info.yaml
similarity index 90%
rename from event-schemas/schema/core-event-schema/msgtype_infos/thumbnail_info.yaml
rename to data/event-schemas/schema/core-event-schema/msgtype_infos/thumbnail_info.yaml
index 82ffaf5e460..79f7c253257 100644
--- a/event-schemas/schema/core-event-schema/msgtype_infos/thumbnail_info.yaml
+++ b/data/event-schemas/schema/core-event-schema/msgtype_infos/thumbnail_info.yaml
@@ -12,7 +12,7 @@ properties:
       differ from the intrinsic dimensions of the image file.
     type: integer
   mimetype:
-    description: The mimetype of the image, e.g. ``image/jpeg``.
+    description: The mimetype of the image, e.g. `image/jpeg`.
     type: string
   size:
     description: Size of the image in bytes.
diff --git a/event-schemas/schema/core-event-schema/room_event.yaml b/data/event-schemas/schema/core-event-schema/room_event.yaml
similarity index 78%
rename from event-schemas/schema/core-event-schema/room_event.yaml
rename to data/event-schemas/schema/core-event-schema/room_event.yaml
index 6a74acdc4d8..7eaae2236da 100644
--- a/event-schemas/schema/core-event-schema/room_event.yaml
+++ b/data/event-schemas/schema/core-event-schema/room_event.yaml
@@ -5,7 +5,7 @@ properties:
   room_id:
     description: |-
       The ID of the room associated with this event. Will not be present on events
-      that arrive through ``/sync``, despite being required everywhere else.
+      that arrive through `/sync`, despite being required everywhere else.
     type: string
 required:
 - room_id
diff --git a/event-schemas/schema/core-event-schema/state_event.yaml b/data/event-schemas/schema/core-event-schema/state_event.yaml
similarity index 100%
rename from event-schemas/schema/core-event-schema/state_event.yaml
rename to data/event-schemas/schema/core-event-schema/state_event.yaml
diff --git a/event-schemas/schema/core-event-schema/sync_room_event.yaml b/data/event-schemas/schema/core-event-schema/sync_room_event.yaml
similarity index 100%
rename from event-schemas/schema/core-event-schema/sync_room_event.yaml
rename to data/event-schemas/schema/core-event-schema/sync_room_event.yaml
diff --git a/event-schemas/schema/core-event-schema/sync_state_event.yaml b/data/event-schemas/schema/core-event-schema/sync_state_event.yaml
similarity index 88%
rename from event-schemas/schema/core-event-schema/sync_state_event.yaml
rename to data/event-schemas/schema/core-event-schema/sync_state_event.yaml
index dc48f941646..e7a061f52fd 100644
--- a/event-schemas/schema/core-event-schema/sync_state_event.yaml
+++ b/data/event-schemas/schema/core-event-schema/sync_state_event.yaml
@@ -20,7 +20,7 @@ description: In addition to the Room Event fields, State Events have the followi
   additional fields.
 properties:
   prev_content:
-    description: Optional. The previous ``content`` for this event. If there is no
+    description: Optional. The previous `content` for this event. If there is no
       previous content, this key will be missing.
     title: EventContent
     type: object
@@ -29,7 +29,7 @@ properties:
       of room state. This value is often a zero-length string. The presence of this
       key makes this event a State Event.
 
-      State keys starting with an ``@`` are reserved for referencing user IDs, such
+      State keys starting with an `@` are reserved for referencing user IDs, such
       as room members. With the exception of a few events, state events set with a
       given user's ID as the state key MUST only be set by that user.
     type: string
diff --git a/event-schemas/schema/core-event-schema/unsigned_prop.yaml b/data/event-schemas/schema/core-event-schema/unsigned_prop.yaml
similarity index 94%
rename from event-schemas/schema/core-event-schema/unsigned_prop.yaml
rename to data/event-schemas/schema/core-event-schema/unsigned_prop.yaml
index 36c372306f5..aace29ffd7a 100644
--- a/event-schemas/schema/core-event-schema/unsigned_prop.yaml
+++ b/data/event-schemas/schema/core-event-schema/unsigned_prop.yaml
@@ -29,6 +29,6 @@ properties:
   transaction_id:
     description: |
       The client-supplied transaction ID, for example, provided via
-      ``PUT /_matrix/client/r0/rooms/{roomId}/send/{eventType}/{txnId}``,
+      `PUT /_matrix/client/r0/rooms/{roomId}/send/{eventType}/{txnId}`,
       if the client being given the event is the same one which sent it.
     type: string
diff --git a/event-schemas/schema/m.accepted_terms b/data/event-schemas/schema/m.accepted_terms.yaml
similarity index 100%
rename from event-schemas/schema/m.accepted_terms
rename to data/event-schemas/schema/m.accepted_terms.yaml
diff --git a/event-schemas/schema/m.call.answer b/data/event-schemas/schema/m.call.answer.yaml
similarity index 100%
rename from event-schemas/schema/m.call.answer
rename to data/event-schemas/schema/m.call.answer.yaml
diff --git a/event-schemas/schema/m.call.candidates b/data/event-schemas/schema/m.call.candidates.yaml
similarity index 100%
rename from event-schemas/schema/m.call.candidates
rename to data/event-schemas/schema/m.call.candidates.yaml
diff --git a/event-schemas/schema/m.call.hangup b/data/event-schemas/schema/m.call.hangup.yaml
similarity index 90%
rename from event-schemas/schema/m.call.hangup
rename to data/event-schemas/schema/m.call.hangup.yaml
index c0478f5a7e7..116d5af7da1 100644
--- a/event-schemas/schema/m.call.hangup
+++ b/data/event-schemas/schema/m.call.hangup.yaml
@@ -18,7 +18,7 @@
                 },
                 "reason": {
                     "type": "string",
-                    "description": "Optional error reason for the hangup. This should not be provided when the user naturally ends or rejects the call. When there was an error in the call negotiation, this should be ``ice_failed`` for when ICE negotiation fails or ``invite_timeout`` for when the other party did not answer in time.",
+                    "description": "Optional error reason for the hangup. This should not be provided when the user naturally ends or rejects the call. When there was an error in the call negotiation, this should be `ice_failed` for when ICE negotiation fails or `invite_timeout` for when the other party did not answer in time.",
                     "enum": [
                         "ice_failed",
                         "invite_timeout"
diff --git a/event-schemas/schema/m.call.invite b/data/event-schemas/schema/m.call.invite.yaml
similarity index 100%
rename from event-schemas/schema/m.call.invite
rename to data/event-schemas/schema/m.call.invite.yaml
diff --git a/event-schemas/schema/m.direct b/data/event-schemas/schema/m.direct.yaml
similarity index 88%
rename from event-schemas/schema/m.direct
rename to data/event-schemas/schema/m.direct.yaml
index 8cbbf38f0b7..f00b83bcefe 100644
--- a/event-schemas/schema/m.direct
+++ b/data/event-schemas/schema/m.direct.yaml
@@ -3,7 +3,7 @@ allOf:
   - $ref: core-event-schema/event.yaml
 description: |-
   A map of which rooms are considered 'direct' rooms for specific users
-  is kept in  ``account_data`` in an event of type ``m.direct``. The
+  is kept in  `account_data` in an event of type `m.direct`. The
   content of this event is an object where the keys are the user IDs
   and values are lists of room ID strings of the 'direct' rooms for
   that user ID.
diff --git a/event-schemas/schema/m.dummy b/data/event-schemas/schema/m.dummy.yaml
similarity index 64%
rename from event-schemas/schema/m.dummy
rename to data/event-schemas/schema/m.dummy.yaml
index 8e4b6f944a7..4699dd869d3 100644
--- a/event-schemas/schema/m.dummy
+++ b/data/event-schemas/schema/m.dummy.yaml
@@ -4,13 +4,13 @@ allOf:
 
 description: |-
   This event type is used to indicate new Olm sessions for end-to-end encryption.
-  Typically it is encrypted as an ``m.room.encrypted`` event, then sent as a `to-device`_
+  Typically it is encrypted as an `m.room.encrypted` event, then sent as a [to-device](/client-server-api/#send-to-device-messaging)
   event.
 
   The event does not have any content associated with it. The sending client is expected
   to send a key share request shortly after this message, causing the receiving client to
-  process this ``m.dummy`` event as the most recent event and using the keyshare request
-  to set up the session. The keyshare request and ``m.dummy`` combination should result
+  process this `m.dummy` event as the most recent event and using the keyshare request
+  to set up the session. The keyshare request and `m.dummy` combination should result
   in the original sending client receiving keys over the newly established session.
 properties:
   content:
diff --git a/event-schemas/schema/m.forwarded_room_key b/data/event-schemas/schema/m.forwarded_room_key.yaml
similarity index 74%
rename from event-schemas/schema/m.forwarded_room_key
rename to data/event-schemas/schema/m.forwarded_room_key.yaml
index f0beed2b377..71ea6690c29 100644
--- a/event-schemas/schema/m.forwarded_room_key
+++ b/data/event-schemas/schema/m.forwarded_room_key.yaml
@@ -4,7 +4,7 @@ allOf:
 
 description: |-
   This event type is used to forward keys for end-to-end encryption. Typically
-  it is encrypted as an ``m.room.encrypted`` event, then sent as a `to-device`_
+  it is encrypted as an `m.room.encrypted` event, then sent as a [to-device](/client-server-api/#send-to-device-messaging)
   event.
 properties:
   content:
@@ -43,6 +43,15 @@ properties:
           to the end of the list. For example, if the key is forwarded from A to B to
           C, this field is empty between A and B, and contains A's Curve25519 key between
           B and C.
+      withheld:
+        type: object
+        description: |-
+          Indicates that the key cannot be used to decrypt all the messages
+          from the session because a portion of the session was withheld as
+          described in [Reporting that decryption keys are withheld](/client-server-api/#reporting-that-decryption-keys-are-withheld). This
+          object must include the `code` and `reason` properties from the
+          `m.room_key.withheld` message that was received by the sender of
+          this message.
     required:
       - algorithm
       - room_id
diff --git a/event-schemas/schema/m.fully_read b/data/event-schemas/schema/m.fully_read.yaml
similarity index 100%
rename from event-schemas/schema/m.fully_read
rename to data/event-schemas/schema/m.fully_read.yaml
diff --git a/event-schemas/schema/m.identity_server b/data/event-schemas/schema/m.identity_server.yaml
similarity index 79%
rename from event-schemas/schema/m.identity_server
rename to data/event-schemas/schema/m.identity_server.yaml
index 75d2409ffbb..acd0eb92ac3 100644
--- a/event-schemas/schema/m.identity_server
+++ b/data/event-schemas/schema/m.identity_server.yaml
@@ -11,10 +11,10 @@ properties:
       base_url:
         type: string
         description: |-
-          The URL of the identity server the user prefers to use, or ``null``
+          The URL of the identity server the user prefers to use, or `null`
           if the user does not want to use an identity server. This value is
-          similar in structure to the ``base_url`` for identity servers in the
-          ``.well-known/matrix/client`` schema.
+          similar in structure to the `base_url` for identity servers in the
+          `.well-known/matrix/client` schema.
   type:
     enum:
       - m.identity_server
diff --git a/event-schemas/schema/m.ignored_user_list b/data/event-schemas/schema/m.ignored_user_list.yaml
similarity index 82%
rename from event-schemas/schema/m.ignored_user_list
rename to data/event-schemas/schema/m.ignored_user_list.yaml
index 7f7a6604ee8..0f0b2f85eb9 100644
--- a/event-schemas/schema/m.ignored_user_list
+++ b/data/event-schemas/schema/m.ignored_user_list.yaml
@@ -2,8 +2,8 @@
 allOf:
   - $ref: core-event-schema/event.yaml
 description: |-
-  A map of users which are considered ignored is kept in ``account_data``
-  in an event type of ``m.ignored_user_list``.
+  A map of users which are considered ignored is kept in `account_data`
+  in an event type of `m.ignored_user_list`.
 properties:
   content:
     type: object
diff --git a/event-schemas/schema/m.key.verification.accept b/data/event-schemas/schema/m.key.verification.accept.yaml
similarity index 66%
rename from event-schemas/schema/m.key.verification.accept
rename to data/event-schemas/schema/m.key.verification.accept.yaml
index 3f579cc49b9..ae63995b8c5 100644
--- a/event-schemas/schema/m.key.verification.accept
+++ b/data/event-schemas/schema/m.key.verification.accept.yaml
@@ -3,36 +3,36 @@ allOf:
   - $ref: core-event-schema/event.yaml
 
 description: |-
-  Accepts a previously sent ``m.key.verification.start`` message. Typically sent as a
-  `to-device`_ event.
+  Accepts a previously sent `m.key.verification.start` message.
 properties:
   content:
     properties:
       transaction_id:
         type: string
         description: |-
-          An opaque identifier for the verification process. Must be the same as
-          the one used for the ``m.key.verification.start`` message.
+          Required when sent as a to-device message. An opaque identifier for
+          the verification process. Must be the same as the one used for the
+          `m.key.verification.start` message.
       key_agreement_protocol:
         type: string
         description: |-
           The key agreement protocol the device is choosing to use, out of the
-          options in the ``m.key.verification.start`` message.
+          options in the `m.key.verification.start` message.
       hash:
         type: string
         description: |-
           The hash method the device is choosing to use, out of the options in
-          the ``m.key.verification.start`` message.
+          the `m.key.verification.start` message.
       message_authentication_code:
         type: string
         description: |-
           The message authentication code the device is choosing to use, out of
-          the options in the ``m.key.verification.start`` message.
+          the options in the `m.key.verification.start` message.
       short_authentication_string:
         type: array
         description: |-
           The SAS methods both devices involved in the verification process
-          understand. Must be a subset of the options in the ``m.key.verification.start``
+          understand. Must be a subset of the options in the `m.key.verification.start`
           message.
         items:
           type: string
@@ -42,9 +42,11 @@ properties:
         description: |-
           The hash (encoded as unpadded base64) of the concatenation of the device's
           ephemeral public key (encoded as unpadded base64) and the canonical JSON
-          representation of the ``m.key.verification.start`` message.
+          representation of the `m.key.verification.start` message.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
     required:
-      - transaction_id
       - method
       - key_agreement_protocol
       - hash
diff --git a/event-schemas/schema/m.key.verification.cancel b/data/event-schemas/schema/m.key.verification.cancel.yaml
similarity index 52%
rename from event-schemas/schema/m.key.verification.cancel
rename to data/event-schemas/schema/m.key.verification.cancel.yaml
index 36ffc9ea75c..6474b763593 100644
--- a/event-schemas/schema/m.key.verification.cancel
+++ b/data/event-schemas/schema/m.key.verification.cancel.yaml
@@ -3,19 +3,20 @@ allOf:
   - $ref: core-event-schema/event.yaml
 
 description: |-
-  Cancels a key verification process/request. Typically sent as a `to-device`_ event.
+  Cancels a key verification process/request.
 properties:
   content:
     properties:
       transaction_id:
         type: string
         description: |-
-          The opaque identifier for the verification process/request.
+          Required when sent as a to-device message. The opaque identifier for
+          the verification process/request.
       reason:
         type: string
         description: |-
-          A human readable description of the ``code``. The client should only rely on this
-          string if it does not understand the ``code``.
+          A human readable description of the `code`. The client should only rely on this
+          string if it does not understand the `code`.
       code:
         type: string
         # Note: this is not an enum because we go into detail about the different
@@ -27,39 +28,39 @@ properties:
           codes should use the Java package naming convention if not in the following
           list:
 
-          ``m.user``: The user cancelled the verification.
+          * `m.user`: The user cancelled the verification.
 
-          ``m.timeout``: The verification process timed out. Verification processes
+          * `m.timeout`: The verification process timed out. Verification processes
           can define their own timeout parameters.
 
-          ``m.unknown_transaction``: The device does not know about the given transaction
+          * `m.unknown_transaction`: The device does not know about the given transaction
           ID.
 
-          ``m.unknown_method``: The device does not know how to handle the requested
-          method. This should be sent for ``m.key.verification.start`` messages and
+          * `m.unknown_method`: The device does not know how to handle the requested
+          method. This should be sent for `m.key.verification.start` messages and
           messages defined by individual verification processes.
 
-          ``m.unexpected_message``: The device received an unexpected message. Typically
+          * `m.unexpected_message`: The device received an unexpected message. Typically
           raised when one of the parties is handling the verification out of order.
 
-          ``m.key_mismatch``: The key was not verified.
+          * `m.key_mismatch`: The key was not verified.
 
-          ``m.user_mismatch``: The expected user did not match the user verified.
+          * `m.user_mismatch`: The expected user did not match the user verified.
 
-          ``m.invalid_message``: The message received was invalid.
+          * `m.invalid_message`: The message received was invalid.
 
-          ``m.accepted``: A ``m.key.verification.request`` was accepted by a different
+          * `m.accepted`: A `m.key.verification.request` was accepted by a different
             device. The device receiving this error can ignore the verification request.
 
           Clients should be careful to avoid error loops. For example, if a device sends
-          an incorrect message and the client returns ``m.invalid_message`` to which it
-          gets an unexpected response with ``m.unexpected_message``, the client should not
-          respond again with ``m.unexpected_message`` to avoid the other device potentially
+          an incorrect message and the client returns `m.invalid_message` to which it
+          gets an unexpected response with `m.unexpected_message`, the client should not
+          respond again with `m.unexpected_message` to avoid the other device potentially
           sending another error response.
-
-          .. The above blank line is important for RST.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
     required:
-      - transaction_id
       - code
       - reason
     type: object
diff --git a/data/event-schemas/schema/m.key.verification.done.yaml b/data/event-schemas/schema/m.key.verification.done.yaml
new file mode 100644
index 00000000000..bfdc540b657
--- /dev/null
+++ b/data/event-schemas/schema/m.key.verification.done.yaml
@@ -0,0 +1,23 @@
+---
+allOf:
+  - $ref: core-event-schema/event.yaml
+
+description: |-
+  Indicates that a verification process/request has completed successfully.
+properties:
+  content:
+    properties:
+      transaction_id:
+        type: string
+        description: |-
+          Required when sent as a to-device message. The opaque identifier for
+          the verification process/request.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
+    type: object
+  type:
+    enum:
+      - m.key.verification.done
+    type: string
+type: object
diff --git a/event-schemas/schema/m.key.verification.key b/data/event-schemas/schema/m.key.verification.key.yaml
similarity index 62%
rename from event-schemas/schema/m.key.verification.key
rename to data/event-schemas/schema/m.key.verification.key.yaml
index 6dc4954badc..62704ea77fc 100644
--- a/event-schemas/schema/m.key.verification.key
+++ b/data/event-schemas/schema/m.key.verification.key.yaml
@@ -3,22 +3,24 @@ allOf:
   - $ref: core-event-schema/event.yaml
 
 description: |-
-  Sends the ephemeral public key for a device to the partner device. Typically sent as a
-  `to-device`_ event.
+  Sends the ephemeral public key for a device to the partner device.
 properties:
   content:
     properties:
       transaction_id:
         type: string
         description: |-
-          An opaque identifier for the verification process. Must be the same as
-          the one used for the ``m.key.verification.start`` message.
+          Required when sent as a to-device message. An opaque identifier for
+          the verification process. Must be the same as the one used for the
+          `m.key.verification.start` message.
       key:
         type: string
         description: |-
           The device's ephemeral public key, encoded as unpadded base64.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
     required:
-      - transaction_id
       - key
     type: object
   type:
diff --git a/data/event-schemas/schema/m.key.verification.m.relates_to.yaml b/data/event-schemas/schema/m.key.verification.m.relates_to.yaml
new file mode 100644
index 00000000000..e29f8bbe1a2
--- /dev/null
+++ b/data/event-schemas/schema/m.key.verification.m.relates_to.yaml
@@ -0,0 +1,21 @@
+---
+description: |-
+  Required when sent as an in-room message. Indicates the
+  `m.key.verification.request` that this message is related to. Note that for
+  encrypted messages, this property should be in the unencrypted portion of the
+  event.
+properties:
+  rel_type:
+    type: string
+    enum:
+      - m.reference
+    description: |-
+      The relationship type.
+  event_id:
+    type: string
+    description: |-
+      The event ID of the `m.key.verification.request` that this message is
+      related to.
+    type: object
+type: object
+title: VerificationRelatesTo
diff --git a/event-schemas/schema/m.key.verification.mac b/data/event-schemas/schema/m.key.verification.mac.yaml
similarity index 68%
rename from event-schemas/schema/m.key.verification.mac
rename to data/event-schemas/schema/m.key.verification.mac.yaml
index 769ebe1505e..9f7f5f4f963 100644
--- a/event-schemas/schema/m.key.verification.mac
+++ b/data/event-schemas/schema/m.key.verification.mac.yaml
@@ -3,16 +3,16 @@ allOf:
   - $ref: core-event-schema/event.yaml
 
 description: |-
-  Sends the MAC of a device's key to the partner device. Typically sent as a
-  `to-device`_ event.
+  Sends the MAC of a device's key to the partner device.
 properties:
   content:
     properties:
       transaction_id:
         type: string
         description: |-
-          An opaque identifier for the verification process. Must be the same as
-          the one used for the ``m.key.verification.start`` message.
+          Required when sent as a to-device message. An opaque identifier for
+          the verification process. Must be the same as the one used for the
+          `m.key.verification.start` message.
       mac:
         type: object
         description: |-
@@ -24,10 +24,12 @@ properties:
       keys:
         type: string
         description: |-
-          The MAC of the comma-separated, sorted, list of key IDs given in the ``mac``
+          The MAC of the comma-separated, sorted, list of key IDs given in the `mac`
           property, encoded as unpadded base64.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
     required:
-      - transaction_id
       - mac
       - keys
     type: object
diff --git a/data/event-schemas/schema/m.key.verification.ready.yaml b/data/event-schemas/schema/m.key.verification.ready.yaml
new file mode 100644
index 00000000000..bf9d975bc5e
--- /dev/null
+++ b/data/event-schemas/schema/m.key.verification.ready.yaml
@@ -0,0 +1,40 @@
+---
+allOf:
+  - $ref: core-event-schema/event.yaml
+
+description: |-
+  Accepts a key verification request. Sent in response to an
+  `m.key.verification.request` event.
+properties:
+  content:
+    properties:
+      from_device:
+        type: string
+        description: |-
+          The device ID which is accepting the request.
+      transaction_id:
+        type: string
+        description: |-
+          Required when sent as a to-device message. The transaction ID of the
+          verification request, as given in the `m.key.verification.request`
+          message.
+      methods:
+        type: array
+        description: |-
+          The verification methods supported by the sender, corresponding to
+          the verification methods indicated in the
+          `m.key.verification.request` message.
+        items:
+          type: string
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
+    required:
+      - from_device
+      - methods
+    type: object
+  type:
+    enum:
+      - m.key.verification.ready
+    type: string
+type: object
diff --git a/event-schemas/schema/m.key.verification.request b/data/event-schemas/schema/m.key.verification.request.yaml
similarity index 56%
rename from event-schemas/schema/m.key.verification.request
rename to data/event-schemas/schema/m.key.verification.request.yaml
index c9efa14e9c2..7732cf38ee2 100644
--- a/event-schemas/schema/m.key.verification.request
+++ b/data/event-schemas/schema/m.key.verification.request.yaml
@@ -3,8 +3,7 @@ allOf:
   - $ref: core-event-schema/event.yaml
 
 description: |-
-  Requests a key verification with another user's devices. Typically sent as a
-  `to-device`_ event.
+  Requests a key verification with another user's devices.
 properties:
   content:
     properties:
@@ -15,8 +14,9 @@ properties:
       transaction_id:
         type: string
         description: |-
-          An opaque identifier for the verification request. Must be unique
-          with respect to the devices involved.
+          Required when sent as a to-device message. An opaque identifier for
+          the verification request. Must be unique with respect to the devices
+          involved.
       methods:
         type: array
         description: |-
@@ -27,14 +27,13 @@ properties:
         type: integer
         format: int64
         description: |-
-          The POSIX timestamp in milliseconds for when the request was made. If
-          the request is in the future by more than 5 minutes or more than 10
-          minutes in the past, the message should be ignored by the receiver.
+          Required when sent as a to-device message. The POSIX timestamp in
+          milliseconds for when the request was made. If the request is in the
+          future by more than 5 minutes or more than 10 minutes in the past,
+          the message should be ignored by the receiver.
     required:
       - from_device
-      - transaction_id
       - methods
-      - timestamp
     type: object
   type:
     enum:
diff --git a/data/event-schemas/schema/m.key.verification.start$m.reciprocate.v1.yaml b/data/event-schemas/schema/m.key.verification.start$m.reciprocate.v1.yaml
new file mode 100644
index 00000000000..a60711b3a1c
--- /dev/null
+++ b/data/event-schemas/schema/m.key.verification.start$m.reciprocate.v1.yaml
@@ -0,0 +1,44 @@
+---
+allOf:
+  - $ref: core-event-schema/event.yaml
+
+description: |-
+  Begins a key verification process using the `m.reciprocate.v1` method, after
+  scanning a QR code.
+properties:
+  content:
+    properties:
+      from_device:
+        type: string
+        description: |-
+          The device ID which is initiating the process.
+      transaction_id:
+        type: string
+        description: |-
+          Required when sent as a to-device message. An opaque identifier for
+          the verification process. Must be unique with respect to the devices
+          involved. Must be the same as the `transaction_id` given in the
+          `m.key.verification.request` if this process is originating from a
+          request.
+      method:
+        type: string
+        enum: ["m.reciprocate.v1"]
+        description: |-
+          The verification method to use.
+      secret:
+        type: string
+        description: |-
+          The shared secret from the QR code, encoded using unpadded base64.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
+    required:
+      - from_device
+      - method
+      - secret
+    type: object
+  type:
+    enum:
+      - m.key.verification.start
+    type: string
+type: object
diff --git a/event-schemas/schema/m.key.verification.start$m.sas.v1 b/data/event-schemas/schema/m.key.verification.start$m.sas.v1.yaml
similarity index 67%
rename from event-schemas/schema/m.key.verification.start$m.sas.v1
rename to data/event-schemas/schema/m.key.verification.start$m.sas.v1.yaml
index f4deb3c8d38..515a72a1218 100644
--- a/event-schemas/schema/m.key.verification.start$m.sas.v1
+++ b/data/event-schemas/schema/m.key.verification.start$m.sas.v1.yaml
@@ -3,7 +3,7 @@ allOf:
   - $ref: core-event-schema/event.yaml
 
 description: |-
-  Begins a SAS key verification process using the ``m.sas.v1`` method. Typically sent as a `to-device`_ event.
+  Begins a SAS key verification process using the `m.sas.v1` method.
 properties:
   content:
     properties:
@@ -14,10 +14,11 @@ properties:
       transaction_id:
         type: string
         description: |-
-          An opaque identifier for the verification process. Must be unique
-          with respect to the devices involved. Must be the same as the
-          ``transaction_id`` given in the ``m.key.verification.request``
-          if this process is originating from a request.
+          Required when sent as a to-device message. An opaque identifier for
+          the verification process. Must be unique with respect to the devices
+          involved. Must be the same as the `transaction_id` given in the
+          `m.key.verification.request` if this process is originating from a
+          request.
       method:
         type: string
         enum: ["m.sas.v1"]
@@ -27,35 +28,37 @@ properties:
         type: array
         description: |-
           The key agreement protocols the sending device understands. Should
-          include at least ``curve25519-hkdf-sha256``.
+          include at least `curve25519-hkdf-sha256`.
         items:
           type: string
       hashes:
         type: array
         description: |-
           The hash methods the sending device understands. Must include at least
-          ``sha256``.
+          `sha256`.
         items:
           type: string
       message_authentication_codes:
         type: array
         description: |-
           The message authentication codes that the sending device understands.
-          Must include at least ``hkdf-hmac-sha256``.
+          Must include at least `hkdf-hmac-sha256`.
         items:
           type: string
       short_authentication_string:
         type: array
         description: |-
           The SAS methods the sending device (and the sending device's user)
-          understands. Must include at least ``decimal``. Optionally can include
-          ``emoji``.
+          understands. Must include at least `decimal`. Optionally can include
+          `emoji`.
         items:
           type: string
           enum: ["decimal", "emoji"]
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
     required:
       - from_device
-      - transaction_id
       - method
       - key_agreement_protocols
       - hashes
diff --git a/data/event-schemas/schema/m.key.verification.start.yaml b/data/event-schemas/schema/m.key.verification.start.yaml
new file mode 100644
index 00000000000..a36a72f8691
--- /dev/null
+++ b/data/event-schemas/schema/m.key.verification.start.yaml
@@ -0,0 +1,45 @@
+---
+allOf:
+  - $ref: core-event-schema/event.yaml
+
+description: |-
+  Begins a key verification process. Typically sent as a [to-device](/client-server-api/#send-to-device-messaging) event. The `method`
+  field determines the type of verification. The fields in the event will differ depending
+  on the `method`. This definition includes fields that are in common among all variants.
+properties:
+  content:
+    properties:
+      from_device:
+        type: string
+        description: |-
+          The device ID which is initiating the process.
+      transaction_id:
+        type: string
+        description: |-
+          Required when sent as a to-device message. An opaque identifier for
+          the verification process. Must be unique with respect to the devices
+          involved. Must be the same as the `transaction_id` given in the
+          `m.key.verification.request` if this process is originating from a
+          request.
+      method:
+        type: string
+        description: |-
+          The verification method to use.
+      next_method:
+        type: string
+        description: |-
+          Optional method to use to verify the other user's key with. Applicable
+          when the `method` chosen only verifies one user's key. This field will
+          never be present if the `method` verifies keys both ways.
+      m.relates_to:
+        allOf:
+          - $ref: m.key.verification.m.relates_to.yaml
+    required:
+      - from_device
+      - method
+    type: object
+  type:
+    enum:
+      - m.key.verification.start
+    type: string
+type: object
diff --git a/event-schemas/schema/m.policy.rule.room b/data/event-schemas/schema/m.policy.rule.room.yaml
similarity index 100%
rename from event-schemas/schema/m.policy.rule.room
rename to data/event-schemas/schema/m.policy.rule.room.yaml
diff --git a/event-schemas/schema/m.policy.rule.server b/data/event-schemas/schema/m.policy.rule.server.yaml
similarity index 100%
rename from event-schemas/schema/m.policy.rule.server
rename to data/event-schemas/schema/m.policy.rule.server.yaml
diff --git a/event-schemas/schema/m.policy.rule.user b/data/event-schemas/schema/m.policy.rule.user.yaml
similarity index 100%
rename from event-schemas/schema/m.policy.rule.user
rename to data/event-schemas/schema/m.policy.rule.user.yaml
diff --git a/event-schemas/schema/m.presence b/data/event-schemas/schema/m.presence.yaml
similarity index 100%
rename from event-schemas/schema/m.presence
rename to data/event-schemas/schema/m.presence.yaml
diff --git a/event-schemas/schema/m.push_rules b/data/event-schemas/schema/m.push_rules.yaml
similarity index 100%
rename from event-schemas/schema/m.push_rules
rename to data/event-schemas/schema/m.push_rules.yaml
diff --git a/event-schemas/schema/m.receipt b/data/event-schemas/schema/m.receipt.yaml
similarity index 97%
rename from event-schemas/schema/m.receipt
rename to data/event-schemas/schema/m.receipt.yaml
index 8594dd7c147..4b04e6d68e1 100644
--- a/event-schemas/schema/m.receipt
+++ b/data/event-schemas/schema/m.receipt.yaml
@@ -18,7 +18,7 @@
                         "m.read": {
                             "type": "object",
                             "title": "Users",
-                            "description": "A collection of users who have sent ``m.read`` receipts for this event.",
+                            "description": "A collection of users who have sent `m.read` receipts for this event.",
                             "patternProperties": {
                                 "^@": {
                                     "type": "object",
diff --git a/event-schemas/schema/m.room.avatar b/data/event-schemas/schema/m.room.avatar.yaml
similarity index 89%
rename from event-schemas/schema/m.room.avatar
rename to data/event-schemas/schema/m.room.avatar.yaml
index a0ecb21c2de..7d4b90b156e 100644
--- a/event-schemas/schema/m.room.avatar
+++ b/data/event-schemas/schema/m.room.avatar.yaml
@@ -8,7 +8,7 @@ properties:
       info:
         allOf:
           - $ref: core-event-schema/msgtype_infos/image_info.yaml
-        description: Metadata about the image referred to in ``url``.
+        description: Metadata about the image referred to in `url`.
       url:
         description: The URL to the image.
         type: string
diff --git a/event-schemas/schema/m.room.canonical_alias b/data/event-schemas/schema/m.room.canonical_alias.yaml
similarity index 92%
rename from event-schemas/schema/m.room.canonical_alias
rename to data/event-schemas/schema/m.room.canonical_alias.yaml
index f227871aa95..7547bd3af2f 100644
--- a/event-schemas/schema/m.room.canonical_alias
+++ b/data/event-schemas/schema/m.room.canonical_alias.yaml
@@ -17,7 +17,7 @@ properties:
       alt_aliases:
         description: |
           Alternative aliases the room advertises. This list can have aliases
-          despite the ``alias`` field being null, empty, or otherwise not present.
+          despite the `alias` field being null, empty, or otherwise not present.
         type: array
         items:
           type: string
diff --git a/event-schemas/schema/m.room.create b/data/event-schemas/schema/m.room.create.yaml
similarity index 82%
rename from event-schemas/schema/m.room.create
rename to data/event-schemas/schema/m.room.create.yaml
index a6fe331e44f..80ff046e9b7 100644
--- a/event-schemas/schema/m.room.create
+++ b/data/event-schemas/schema/m.room.create.yaml
@@ -6,13 +6,13 @@ properties:
   content:
     properties:
       creator:
-        description: The ``user_id`` of the room creator. This is set by the homeserver.
+        description: The `user_id` of the room creator. This is set by the homeserver.
         type: string
       m.federate:
-        description: Whether users on other servers can join this room. Defaults to ``true`` if key does not exist.
+        description: Whether users on other servers can join this room. Defaults to `true` if key does not exist.
         type: boolean
       room_version:
-        description: The version of the room. Defaults to ``"1"`` if the key does not exist.
+        description: The version of the room. Defaults to `"1"` if the key does not exist.
         type: string
       predecessor:
         description: A reference to the room this room replaces, if the previous room was upgraded.
diff --git a/event-schemas/schema/m.room.encrypted b/data/event-schemas/schema/m.room.encrypted.yaml
similarity index 84%
rename from event-schemas/schema/m.room.encrypted
rename to data/event-schemas/schema/m.room.encrypted.yaml
index 44b09c3f607..32e869029d0 100644
--- a/event-schemas/schema/m.room.encrypted
+++ b/data/event-schemas/schema/m.room.encrypted.yaml
@@ -4,8 +4,8 @@ allOf:
 
 description: |-
   This event type is used when sending encrypted events. It can be used either
-  within a room (in which case it will have all of the `Room Event fields`_), or
-  as a `to-device`_ event.
+  within a room (in which case it will have all of the [Room Event fields](/client-server-api/#room-event-fields)), or
+  as a [to-device](/client-server-api/#send-to-device-messaging) event.
 
 properties:
   content:
@@ -37,7 +37,7 @@ properties:
           The encrypted content of the event. Either the encrypted payload
           itself, in the case of a Megolm event, or a map from the recipient
           Curve25519 identity key to ciphertext information, in the case of an
-          Olm event. For more details, see `Messaging Algorithms`_.
+          Olm event. For more details, see [Messaging Algorithms](/client-server-api/#messaging-algorithms).
       sender_key:
         type: string
         description: The Curve25519 key of the sender.
diff --git a/event-schemas/schema/m.room.encryption b/data/event-schemas/schema/m.room.encryption.yaml
similarity index 96%
rename from event-schemas/schema/m.room.encryption
rename to data/event-schemas/schema/m.room.encryption.yaml
index d7c4d429455..9f443b5eb92 100644
--- a/event-schemas/schema/m.room.encryption
+++ b/data/event-schemas/schema/m.room.encryption.yaml
@@ -15,12 +15,12 @@ properties:
       rotation_period_ms:
         type: integer
         description: |-
-          How long the session should be used before changing it. ``604800000``
+          How long the session should be used before changing it. `604800000`
           (a week) is the recommended default.
       rotation_period_msgs:
         type: integer
         description: |-
-          How many messages should be sent before changing the session. ``100`` is the
+          How many messages should be sent before changing the session. `100` is the
           recommended default.
     required:
       - algorithm
diff --git a/event-schemas/schema/m.room.guest_access b/data/event-schemas/schema/m.room.guest_access.yaml
similarity index 100%
rename from event-schemas/schema/m.room.guest_access
rename to data/event-schemas/schema/m.room.guest_access.yaml
diff --git a/event-schemas/schema/m.room.history_visibility b/data/event-schemas/schema/m.room.history_visibility.yaml
similarity index 100%
rename from event-schemas/schema/m.room.history_visibility
rename to data/event-schemas/schema/m.room.history_visibility.yaml
diff --git a/data/event-schemas/schema/m.room.join_rules.yaml b/data/event-schemas/schema/m.room.join_rules.yaml
new file mode 100644
index 00000000000..5f0e11afef7
--- /dev/null
+++ b/data/event-schemas/schema/m.room.join_rules.yaml
@@ -0,0 +1,37 @@
+---
+allOf:
+  - $ref: core-event-schema/state_event.yaml
+description: |
+  A room may be `public` meaning anyone can join the room without any prior action.
+  Alternatively, it can be `invite` meaning that a user who wishes to join the room
+  must first receive an invite to the room from someone already inside of the room.
+  `knock` means that users are able to ask for permission to join the room, where
+  they are either allowed (invited) or denied (kicked/banned) access. Join rules
+  of `knock` are otherwise the same as `invite`: the user needs an explicit invite
+  to join the room.
+
+  Currently, `private` is a reserved keyword which is not implemented.
+properties:
+  content:
+    properties:
+      join_rule:
+        description: The type of rules used for users wishing to join this room.
+        enum:
+          - public
+          - knock
+          - invite
+          - private
+        type: string
+    required:
+      - join_rule
+    type: object
+  state_key:
+    description: A zero-length string.
+    pattern: '^$'
+    type: string
+  type:
+    enum:
+      - m.room.join_rules
+    type: string
+title: Describes how users are allowed to join the room.
+type: object
diff --git a/data/event-schemas/schema/m.room.member.yaml b/data/event-schemas/schema/m.room.member.yaml
new file mode 100644
index 00000000000..37975cbe1e9
--- /dev/null
+++ b/data/event-schemas/schema/m.room.member.yaml
@@ -0,0 +1,150 @@
+---
+allOf:
+  - $ref: core-event-schema/state_event.yaml
+description: |-
+  Adjusts the membership state for a user in a room. It is preferable to use the membership APIs (`/rooms/<room id>/invite` etc) when performing membership actions rather than adjusting the state directly as there are a restricted set of valid transformations. For example, user A cannot force user B to join a room, and trying to force this state change directly will fail.
+
+  The following membership states are specified:
+
+  - `invite` - The user has been invited to join a room, but has not yet joined it. They may not participate in the room until they join.
+
+  - `join` - The user has joined the room (possibly after accepting an invite), and may participate in it.
+
+  - `leave` - The user was once joined to the room, but has since left (possibly by choice, or possibly by being kicked).
+
+  - `ban` - The user has been banned from the room, and is no longer allowed to join it until they are un-banned from the room (by having their membership state set to a value other than `ban`).
+
+  - `knock` - The user has knocked on the room, requesting permission to participate. They may not participate in the room until they join.
+
+  The `third_party_invite` property will be set if this invite is an `invite` event and is the successor of an `m.room.third_party_invite` event, and absent otherwise.
+
+  This event may also include an `invite_room_state` key inside the event's `unsigned` data.
+  If present, this contains an array of `StrippedState` Events. These events provide information
+  on a subset of state events such as the room name.
+
+  The user for which a membership applies is represented by the `state_key`. Under some conditions,
+  the `sender` and `state_key` may not match - this may be interpreted as the `sender` affecting
+  the membership state of the `state_key` user.
+
+  The `membership` for a given user can change over time. The table below represents the various changes
+  over time and how clients and servers must interpret those changes. Previous membership can be retrieved
+  from the `prev_content` object on an event. If not present, the user's previous membership must be assumed
+  as `leave`.
+
+  |                   | to `invite`          | to `join`                              | to `leave`                                                                                                                              | to `ban`                    | to `knock`         |
+  |-------------------|----------------------|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|--------------------|
+  | **from `invite`** | No change.           | User joined the room.                  | If the `state_key` is the same as the `sender`, the user rejected the invite. Otherwise, the `state_key` user had their invite revoked. | User was banned.            | Must never happen. |
+  | **from `join`**   | Must never happen.   | `displayname` or `avatar_url` changed. | If the `state_key` is the same as the `sender`, the user left. Otherwise, the `state_key` user was kicked.                              | User was kicked and banned. | Must never happen. |
+  | **from `leave`**  | New invitation sent. | User joined.                           | No change.                                                                                                                              | User was banned.            | User is knocking.  |
+  | **from `ban`**    | Must never happen.   | Must never happen.                     | User was unbanned.                                                                                                                      | No change.                  | Must never happen. |
+  | **from `knock`**  | Knock accepted.      | Must never happen.                     | If the `state_key` is the same as the `sender`, the user retracted the knock. Otherwise, the `state_key` user had their knock denied.   | User was banned.            | No change.         |
+
+properties:
+  content:
+    properties:
+      avatar_url:
+        description: 'The avatar URL for this user, if any.'
+        type: string
+        format: uri
+      displayname:
+        description: 'The display name for this user, if any.'
+        type:
+          - "string"
+          - "null"
+      membership:
+        description: The membership state of the user.
+        enum:
+          - invite
+          - join
+          - knock
+          - leave
+          - ban
+        type: string
+      is_direct:
+        description: Flag indicating if the room containing this event was created with the intention of being a direct chat. See [Direct Messaging](/client-server-api/#direct-messaging).
+        type: boolean
+      reason:
+        type: string
+        description: |-
+          Optional user-supplied text for why their membership has changed. For kicks and bans, this is typically the reason for the kick or ban.
+          For other membership changes, this is a way for the user to communicate their intent without having to send a message to the room, such
+          as in a case where Bob rejects an invite from Alice about an upcoming concert, but can't make it that day.
+
+          Clients are not recommended to show this reason to users when receiving an invite due to the potential for spam and abuse. Hiding the
+          reason behind a button or other component is recommended.
+      third_party_invite:
+        properties:
+          display_name:
+            description: A name which can be displayed to represent the user instead of their third party identifier
+            type: string
+          signed:
+            description: 'A block of content which has been signed, which servers can use to verify the event. Clients should ignore this.'
+            properties:
+              mxid:
+                description: The invited matrix user ID. Must be equal to the user_id property of the event.
+                type: string
+              signatures:
+                description: 'A single signature from the verifying server, in the format specified by the Signing Events section of the server-server API.'
+                title: Signatures
+                type: object
+                additionalProperties:
+                  type: object
+                  additionalProperties:
+                    type: string
+              token:
+                description: The token property of the containing third_party_invite object.
+                type: string
+            required:
+              - mxid
+              - signatures
+              - token
+            title: signed
+            type: object
+        required:
+          - display_name
+          - signed
+        title: Invite
+        type: object
+    required:
+      - membership
+    title: EventContent
+    type: object
+  state_key:
+    description: |-
+      The `user_id` this membership event relates to. In all cases except for when `membership` is
+      `join`, the user ID sending the event does not need to match the user ID in the `state_key`,
+      unlike other events. Regular authorisation rules still apply.
+    type: string
+  type:
+    enum:
+      - m.room.member
+    type: string
+  unsigned:
+    allOf:
+      - $ref: "core-event-schema/unsigned_prop.yaml"
+      - type: object
+        properties:
+          invite_room_state:
+            description: |-
+              A subset of the state of the room at the time of the invite, if `membership` is `invite`.
+              Note that this state is informational, and SHOULD NOT be trusted; once the client has
+              joined the room, it SHOULD fetch the live state from the server and discard the
+              invite_room_state. Also, clients must not rely on any particular state being present here;
+              they SHOULD behave properly (with possibly a degraded but not a broken experience) in
+              the absence of any particular events here. If they are set on the room, at least the
+              state for `m.room.avatar`, `m.room.canonical_alias`, `m.room.join_rules`, and `m.room.name`
+              SHOULD be included.
+            items:
+              $ref: "stripped_state.yaml"
+            type: array
+          knock_room_state:
+            description: |-
+              A subset of the state of the room at the time of the knock, if `membership` is `knock`.
+              This has the same restrictions as `invite_room_state`. If they are set on the room, at least
+              the state for `m.room.avatar`, `m.room.canonical_alias`, `m.room.join_rules`, `m.room.name`,
+              and `m.room.encryption` SHOULD be included.
+            items:
+              $ref: "stripped_state.yaml"
+            type: array
+title: The current membership state of a user in the room.
+type: object
diff --git a/event-schemas/schema/m.room.message$m.audio b/data/event-schemas/schema/m.room.message$m.audio.yaml
similarity index 83%
rename from event-schemas/schema/m.room.message$m.audio
rename to data/event-schemas/schema/m.room.message$m.audio.yaml
index fb049fc92e1..3faf0c312ce 100644
--- a/event-schemas/schema/m.room.message$m.audio
+++ b/data/event-schemas/schema/m.room.message$m.audio.yaml
@@ -9,13 +9,13 @@ properties:
         description: "A description of the audio e.g. 'Bee Gees - Stayin' Alive', or some kind of content description for accessibility e.g. 'audio attachment'."
         type: string
       info:
-        description: Metadata for the audio clip referred to in ``url``.
+        description: Metadata for the audio clip referred to in `url`.
         properties:
           duration:
             description: The duration of the audio in milliseconds.
             type: integer
           mimetype:
-            description: The mimetype of the audio e.g. ``audio/aac``.
+            description: The mimetype of the audio e.g. `audio/aac`.
             type: string
           size:
             description: The size of the audio clip in bytes.
@@ -28,13 +28,14 @@ properties:
         type: string
       url:
         description: |-
-          Required if the file is unencrypted. The URL (typically `MXC URI`_)
+          Required if the file is unencrypted. The URL (typically [MXC URI](/client-server-api/#matrix-content-mxc-uris))
           to the audio clip.
         type: string
       file:
         description: |-
           Required if the file is encrypted. Information on the encrypted
-          file, as specified in |encrypted_files|_.
+          file, as specified in
+          [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
         title: EncryptedFile
         type: object
     required:
diff --git a/event-schemas/schema/m.room.message$m.emote b/data/event-schemas/schema/m.room.message$m.emote.yaml
similarity index 50%
rename from event-schemas/schema/m.room.message$m.emote
rename to data/event-schemas/schema/m.room.message$m.emote.yaml
index f67a184b12e..43e2639dc09 100644
--- a/event-schemas/schema/m.room.message$m.emote
+++ b/data/event-schemas/schema/m.room.message$m.emote.yaml
@@ -1,7 +1,7 @@
 ---
 allOf:
   - $ref: core-event-schema/room_event.yaml
-description: "This message is similar to ``m.text`` except that the sender is 'performing' the action contained in the ``body`` key, similar to ``/me`` in IRC. This message should be prefixed by the name of the sender. This message could also be represented in a different colour to distinguish it from regular ``m.text`` messages."
+description: "This message is similar to `m.text` except that the sender is 'performing' the action contained in the `body` key, similar to `/me` in IRC. This message should be prefixed by the name of the sender. This message could also be represented in a different colour to distinguish it from regular `m.text` messages."
 properties:
   content:
     properties:
@@ -14,12 +14,12 @@ properties:
         type: string
       format:
         description: |-
-          The format used in the ``formatted_body``. Currently only
-          ``org.matrix.custom.html`` is supported.
+          The format used in the `formatted_body`. Currently only
+          `org.matrix.custom.html` is supported.
         type: string
       formatted_body:
         description: |-
-          The formatted version of the ``body``. This is required if ``format``
+          The formatted version of the `body`. This is required if `format`
           is specified.
         type: string
     required:
diff --git a/event-schemas/schema/m.room.message$m.file b/data/event-schemas/schema/m.room.message$m.file.yaml
similarity index 80%
rename from event-schemas/schema/m.room.message$m.file
rename to data/event-schemas/schema/m.room.message$m.file.yaml
index 54a999ec38b..5958e1176c8 100644
--- a/event-schemas/schema/m.room.message$m.file
+++ b/data/event-schemas/schema/m.room.message$m.file.yaml
@@ -12,10 +12,10 @@ properties:
         description: The original filename of the uploaded file.
         type: string
       info:
-        description: Information about the file referred to in ``url``.
+        description: Information about the file referred to in `url`.
         properties:
           mimetype:
-            description: The mimetype of the file e.g. ``application/msword``.
+            description: The mimetype of the file e.g. `application/msword`.
             type: string
           size:
             description: The size of the file in bytes.
@@ -28,13 +28,14 @@ properties:
           thumbnail_file:
             description: |-
               Information on the encrypted thumbnail file, as specified in
-              |encrypted_files|_. Only present if the thumbnail is encrypted.
+              [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
+              Only present if the thumbnail is encrypted.
             title: EncryptedFile
             type: object
           thumbnail_info:
             allOf:
               - $ref: core-event-schema/msgtype_infos/thumbnail_info.yaml
-            description: Metadata about the image referred to in ``thumbnail_url``.
+            description: Metadata about the image referred to in `thumbnail_url`.
         title: FileInfo
         type: object
       msgtype:
@@ -43,13 +44,14 @@ properties:
         type: string
       url:
         description: |-
-          Required if the file is unencrypted. The URL (typically `MXC URI`_)
+          Required if the file is unencrypted. The URL (typically [MXC URI](/client-server-api/#matrix-content-mxc-uris))
           to the file.
         type: string
       file:
         description: |-
           Required if the file is encrypted. Information on the encrypted
-          file, as specified in |encrypted_files|_.
+          file, as specified in
+          [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
         title: EncryptedFile
         type: object
     required:
diff --git a/event-schemas/schema/m.room.message$m.image b/data/event-schemas/schema/m.room.message$m.image.yaml
similarity index 80%
rename from event-schemas/schema/m.room.message$m.image
rename to data/event-schemas/schema/m.room.message$m.image.yaml
index 8944ce963f0..5eaa89d48e6 100644
--- a/event-schemas/schema/m.room.message$m.image
+++ b/data/event-schemas/schema/m.room.message$m.image.yaml
@@ -11,20 +11,21 @@ properties:
       info:
         allOf:
           - $ref: core-event-schema/msgtype_infos/image_info.yaml
-        description: Metadata about the image referred to in ``url``.
+        description: Metadata about the image referred to in `url`.
       msgtype:
         enum:
           - m.image
         type: string
       url:
         description: |-
-          Required if the file is unencrypted. The URL (typically `MXC URI`_)
+          Required if the file is unencrypted. The URL (typically [MXC URI](/client-server-api/#matrix-content-mxc-uris))
           to the image.
         type: string
       file:
         description: |-
           Required if the file is encrypted. Information on the encrypted
-          file, as specified in |encrypted_files|_.
+          file, as specified in
+          [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
         title: EncryptedFile
         type: object
     required:
diff --git a/event-schemas/schema/m.room.message$m.location b/data/event-schemas/schema/m.room.message$m.location.yaml
similarity index 88%
rename from event-schemas/schema/m.room.message$m.location
rename to data/event-schemas/schema/m.room.message$m.location.yaml
index ffc4edceec1..5ddf68b7f35 100644
--- a/event-schemas/schema/m.room.message$m.location
+++ b/data/event-schemas/schema/m.room.message$m.location.yaml
@@ -26,13 +26,14 @@ properties:
           thumbnail_file:
             description: |-
               Information on the encrypted thumbnail file, as specified in
-              |encrypted_files|_. Only present if the thumbnail is encrypted.
+              [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
+              Only present if the thumbnail is encrypted.
             title: EncryptedFile
             type: object
           thumbnail_info:
             allOf:
               - $ref: core-event-schema/msgtype_infos/thumbnail_info.yaml
-            description:  Metadata about the image referred to in ``thumbnail_url``.
+            description:  Metadata about the image referred to in `thumbnail_url`.
         title: LocationInfo
     required:
       - msgtype
diff --git a/data/event-schemas/schema/m.room.message$m.notice.yaml b/data/event-schemas/schema/m.room.message$m.notice.yaml
new file mode 100644
index 00000000000..7b735d60d66
--- /dev/null
+++ b/data/event-schemas/schema/m.room.message$m.notice.yaml
@@ -0,0 +1,34 @@
+---
+allOf:
+  - $ref: core-event-schema/room_event.yaml
+description: 'The `m.notice` type is primarily intended for responses from automated clients. An `m.notice` message must be treated the same way as a regular `m.text` message with two exceptions. Firstly, clients should present `m.notice` messages to users in a distinct manner, and secondly, `m.notice` messages must never be automatically responded to. This helps to prevent infinite-loop situations where two automated clients continuously exchange messages.'
+properties:
+  content:
+    properties:
+      body:
+        description: The notice text to send.
+        type: string
+      msgtype:
+        enum:
+          - m.notice
+        type: string
+      format:
+        description: |-
+          The format used in the `formatted_body`. Currently only
+          `org.matrix.custom.html` is supported.
+        type: string
+      formatted_body:
+        description: |-
+          The formatted version of the `body`. This is required if `format`
+          is specified.
+        type: string
+    required:
+      - msgtype
+      - body
+    type: object
+  type:
+    enum:
+      - m.room.message
+    type: string
+title: NoticeMessage
+type: object
diff --git a/event-schemas/schema/m.room.message$m.server_notice b/data/event-schemas/schema/m.room.message$m.server_notice.yaml
similarity index 88%
rename from event-schemas/schema/m.room.message$m.server_notice
rename to data/event-schemas/schema/m.room.message$m.server_notice.yaml
index f184882180b..ca7144b08a9 100644
--- a/event-schemas/schema/m.room.message$m.server_notice
+++ b/data/event-schemas/schema/m.room.message$m.server_notice.yaml
@@ -19,12 +19,12 @@ properties:
       admin_contact:
         description: |-
           A URI giving a contact method for the server administrator. Required if the
-          notice type is ``m.server_notice.usage_limit_reached``.
+          notice type is `m.server_notice.usage_limit_reached`.
         type: string
       limit_type:
         description: |-
           The kind of usage limit the server has exceeded. Required if the notice type is
-          ``m.server_notice.usage_limit_reached``.
+          `m.server_notice.usage_limit_reached`.
         type: string
     required:
       - msgtype
diff --git a/event-schemas/schema/m.room.message$m.text b/data/event-schemas/schema/m.room.message$m.text.yaml
similarity index 75%
rename from event-schemas/schema/m.room.message$m.text
rename to data/event-schemas/schema/m.room.message$m.text.yaml
index b481bceab53..4cba2bd64d7 100644
--- a/event-schemas/schema/m.room.message$m.text
+++ b/data/event-schemas/schema/m.room.message$m.text.yaml
@@ -14,12 +14,12 @@ properties:
         type: string
       format:
         description: |-
-          The format used in the ``formatted_body``. Currently only
-          ``org.matrix.custom.html`` is supported.
+          The format used in the `formatted_body`. Currently only
+          `org.matrix.custom.html` is supported.
         type: string
       formatted_body:
         description: |-
-          The formatted version of the ``body``. This is required if ``format``
+          The formatted version of the `body`. This is required if `format`
           is specified.
         type: string
     required:
diff --git a/event-schemas/schema/m.room.message$m.video b/data/event-schemas/schema/m.room.message$m.video.yaml
similarity index 78%
rename from event-schemas/schema/m.room.message$m.video
rename to data/event-schemas/schema/m.room.message$m.video.yaml
index 1a3c3e406d8..1879df65cbb 100644
--- a/event-schemas/schema/m.room.message$m.video
+++ b/data/event-schemas/schema/m.room.message$m.video.yaml
@@ -9,7 +9,7 @@ properties:
         description: "A description of the video e.g. 'Gangnam style', or some kind of content description for accessibility e.g. 'video attachment'."
         type: string
       info:
-        description: Metadata about the video clip referred to in ``url``.
+        description: Metadata about the video clip referred to in `url`.
         properties:
           duration:
             description: The duration of the video in milliseconds.
@@ -21,26 +21,27 @@ properties:
             description: The width of the video in pixels.
             type: integer
           mimetype:
-            description: The mimetype of the video e.g. ``video/mp4``.
+            description: The mimetype of the video e.g. `video/mp4`.
             type: string
           size:
             description: The size of the video in bytes.
             type: integer
           thumbnail_url:
             description: |-
-              The URL (typically `MXC URI`_) to an image thumbnail of
+              The URL (typically [MXC URI](/client-server-api/#matrix-content-mxc-uris)) to an image thumbnail of
               the video clip. Only present if the thumbnail is unencrypted.
             type: string
           thumbnail_file:
             description: |-
               Information on the encrypted thumbnail file, as specified in
-              |encrypted_files|_. Only present if the thumbnail is encrypted.
+              [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
+              Only present if the thumbnail is encrypted.
             title: EncryptedFile
             type: object
           thumbnail_info:
             allOf:
               - $ref: core-event-schema/msgtype_infos/thumbnail_info.yaml
-            description: Metadata about the image referred to in ``thumbnail_url``.
+            description: Metadata about the image referred to in `thumbnail_url`.
         title: VideoInfo
         type: object
       msgtype:
@@ -49,13 +50,14 @@ properties:
         type: string
       url:
         description: |-
-          Required if the file is unencrypted. The URL (typically `MXC URI`_)
+          Required if the file is unencrypted. The URL (typically [MXC URI](/client-server-api/#matrix-content-mxc-uris))
           to the video clip.
         type: string
       file:
         description: |-
           Required if the file is encrypted. Information on the encrypted
-          file, as specified in |encrypted_files|_.
+          file, as specified in
+          [End-to-end encryption](/client-server-api/#sending-encrypted-attachments).
         title: EncryptedFile
         type: object
     required:
diff --git a/event-schemas/schema/m.room.message.feedback b/data/event-schemas/schema/m.room.message.feedback.yaml
similarity index 57%
rename from event-schemas/schema/m.room.message.feedback
rename to data/event-schemas/schema/m.room.message.feedback.yaml
index fa3390fa776..fbb39c0a156 100644
--- a/event-schemas/schema/m.room.message.feedback
+++ b/data/event-schemas/schema/m.room.message.feedback.yaml
@@ -1,7 +1,7 @@
 ---
 allOf:
   - $ref: core-event-schema/room_event.yaml
-description: '**NB: Usage of this event is discouraged in favour of the** `receipts module`_. **Most clients will not recognise this event.** Feedback events are events sent to acknowledge a message in some way. There are two supported acknowledgements: ``delivered`` (sent when the event has been received) and ``read`` (sent when the event has been observed by the end-user). The ``target_event_id`` should reference the ``m.room.message`` event being acknowledged.'
+description: '**NB: Usage of this event is discouraged in favour of the** [receipts module](/client-server-api/#receipts). **Most clients will not recognise this event.** Feedback events are events sent to acknowledge a message in some way. There are two supported acknowledgements: `delivered` (sent when the event has been received) and `read` (sent when the event has been observed by the end-user). The `target_event_id` should reference the `m.room.message` event being acknowledged.'
 properties:
   content:
     properties:
diff --git a/event-schemas/schema/m.room.message b/data/event-schemas/schema/m.room.message.yaml
similarity index 51%
rename from event-schemas/schema/m.room.message
rename to data/event-schemas/schema/m.room.message.yaml
index 45025c99326..546b5e19e6c 100644
--- a/event-schemas/schema/m.room.message
+++ b/data/event-schemas/schema/m.room.message.yaml
@@ -1,7 +1,7 @@
 ---
 allOf:
   - $ref: core-event-schema/room_event.yaml
-description: 'This event is used when sending messages in a room. Messages are not limited to be text. The ``msgtype`` key outlines the type of message, e.g. text, audio, image, video, etc. The ``body`` key is text and MUST be used with every kind of ``msgtype`` as a fallback mechanism for when a client cannot render a message. This allows clients to display *something* even if it is just plain text.'
+description: 'This event is used when sending messages in a room. Messages are not limited to be text. The `msgtype` key outlines the type of message, e.g. text, audio, image, video, etc. The `body` key is text and MUST be used with every kind of `msgtype` as a fallback mechanism for when a client cannot render a message. This allows clients to display *something* even if it is just plain text.'
 properties:
   content:
     properties:
@@ -9,7 +9,7 @@ properties:
         description: The textual representation of this message.
         type: string
       msgtype:
-        description: 'The type of message, e.g. ``m.image``, ``m.text``'
+        description: 'The type of message, e.g. `m.image`, `m.text`'
         type: string
     required:
       - msgtype
diff --git a/event-schemas/schema/m.room.name b/data/event-schemas/schema/m.room.name.yaml
similarity index 81%
rename from event-schemas/schema/m.room.name
rename to data/event-schemas/schema/m.room.name.yaml
index 3e3d15ace0e..bbc5fc9aa4a 100644
--- a/event-schemas/schema/m.room.name
+++ b/data/event-schemas/schema/m.room.name.yaml
@@ -7,12 +7,12 @@ description: |-
     is a human-friendly string designed to be displayed to the end-user. The
     room name is not unique, as multiple rooms can have the same room name set.
 
-    A room with an ``m.room.name`` event with an absent, null, or empty
-    ``name`` field should be treated the same as a room with no ``m.room.name``
+    A room with an `m.room.name` event with an absent, null, or empty
+    `name` field should be treated the same as a room with no `m.room.name`
     event.
 
     An event of this type is automatically created when creating a room using
-    ``/createRoom`` with the ``name`` key.
+    `/createRoom` with the `name` key.
 properties:
   content:
     properties:
diff --git a/event-schemas/schema/m.room.pinned_events b/data/event-schemas/schema/m.room.pinned_events.yaml
similarity index 100%
rename from event-schemas/schema/m.room.pinned_events
rename to data/event-schemas/schema/m.room.pinned_events.yaml
diff --git a/event-schemas/schema/m.room.power_levels b/data/event-schemas/schema/m.room.power_levels.yaml
similarity index 51%
rename from event-schemas/schema/m.room.power_levels
rename to data/event-schemas/schema/m.room.power_levels.yaml
index 06f55d26190..39c1988c49f 100644
--- a/event-schemas/schema/m.room.power_levels
+++ b/data/event-schemas/schema/m.room.power_levels.yaml
@@ -5,41 +5,42 @@ description: |-
   This event specifies the minimum level a user must have in order to perform a
   certain action. It also specifies the levels of each user in the room.
 
-  If a ``user_id`` is in the ``users`` list, then that ``user_id`` has the
+  If a `user_id` is in the `users` list, then that `user_id` has the
   associated power level. Otherwise they have the default level
-  ``users_default``. If ``users_default`` is not supplied, it is assumed to be
-  0. If the room contains no ``m.room.power_levels`` event, the room's creator has
+  `users_default`. If `users_default` is not supplied, it is assumed to be
+  0. If the room contains no `m.room.power_levels` event, the room's creator has
   a power level of 100, and all other users have a power level of 0.
 
-  The level required to send a certain event is governed by ``events``,
-  ``state_default`` and ``events_default``. If an event type is specified in
-  ``events``, then the user must have at least the level specified in order to
+  The level required to send a certain event is governed by `events`,
+  `state_default` and `events_default`. If an event type is specified in
+  `events`, then the user must have at least the level specified in order to
   send that event. If the event type is not supplied, it defaults to
-  ``events_default`` for Message Events and ``state_default`` for State
+  `events_default` for Message Events and `state_default` for State
   Events.
 
-  If there is no ``state_default`` in the ``m.room.power_levels`` event, the
-  ``state_default`` is 50. If there is no ``events_default`` in the
-  ``m.room.power_levels`` event, the ``events_default`` is 0. If the room
-  contains no ``m.room.power_levels`` event, *both* the ``state_default`` and
-  ``events_default`` are 0.
+  If there is no `state_default` in the `m.room.power_levels` event, the
+  `state_default` is 50. If there is no `events_default` in the
+  `m.room.power_levels` event, the `events_default` is 0. If the room
+  contains no `m.room.power_levels` event, *both* the `state_default` and
+  `events_default` are 0.
 
   The power level required to invite a user to the room, kick a user from the
-  room, ban a user from the room, or redact an event, is defined by ``invite``,
-  ``kick``, ``ban``, and ``redact``, respectively. Each of these levels defaults
-  to 50 if they are not specified in the ``m.room.power_levels`` event, or if
-  the room contains no ``m.room.power_levels`` event.
+  room, ban a user from the room, or redact an event sent by another user, is
+  defined by `invite`, `kick`, `ban`, and `redact`, respectively. Each
+  of these levels defaults to 50 if they are not specified in the
+  `m.room.power_levels` event, or if the room contains no `m.room.power_levels`
+  event.
 
-  .. NOTE::
+  **Note:**
 
-    As noted above, in the absence of an ``m.room.power_levels`` event, the
-    ``state_default`` is 0, and all users are considered to have power level 0.
-    That means that **any** member of the room can send an
-    ``m.room.power_levels`` event, changing the permissions in the room.
+  As noted above, in the absence of an `m.room.power_levels` event, the
+  `state_default` is 0, and all users are considered to have power level 0.
+  That means that **any** member of the room can send an
+  `m.room.power_levels` event, changing the permissions in the room.
 
-    Server implementations should therefore ensure that each room has an
-    ``m.room.power_levels`` event as soon as it is created. See also the
-    documentation of the ``/createRoom`` API.
+  Server implementations should therefore ensure that each room has an
+  `m.room.power_levels` event as soon as it is created. See also the
+  documentation of the `/createRoom` API.
 
 properties:
   content:
@@ -56,7 +57,7 @@ properties:
       events_default:
         description: |-
             The default level required to send message events. Can be
-            overridden by the ``events`` key.  Defaults to 0 if unspecified.
+            overridden by the `events` key.  Defaults to 0 if unspecified.
         type: integer
       invite:
         description: The level required to invite a user. Defaults to 50 if unspecified.
@@ -65,35 +66,35 @@ properties:
         description: The level required to kick a user. Defaults to 50 if unspecified.
         type: integer
       redact:
-        description: The level required to redact an event. Defaults to 50 if unspecified.
+        description: The level required to redact an event sent by another user. Defaults to 50 if unspecified.
         type: integer
       state_default:
         description: |-
             The default level required to send state events. Can be overridden
-            by the ``events`` key. Defaults to 50 if unspecified.
+            by the `events` key. Defaults to 50 if unspecified.
         type: integer
       users:
         additionalProperties:
           type: integer
-        description: The power levels for specific users. This is a mapping from ``user_id`` to power level for that user.
+        description: The power levels for specific users. This is a mapping from `user_id` to power level for that user.
         title: User power levels
         type: object
       users_default:
         description: |-
             The default power level for every user in the room, unless their
-            ``user_id`` is mentioned in the ``users`` key. Defaults to 0 if
+            `user_id` is mentioned in the `users` key. Defaults to 0 if
             unspecified.
         type: integer
       notifications:
         properties:
           room:
             type: integer
-            description: The level required to trigger an ``@room`` notification. Defaults to 50 if unspecified.
+            description: The level required to trigger an `@room` notification. Defaults to 50 if unspecified.
         additionalProperties:
           type: integer
         description: |-
             The power level requirements for specific notification types.
-            This is a mapping from ``key`` to power level for that notifications key.
+            This is a mapping from `key` to power level for that notifications key.
         title: Notifications
         type: object
     type: object
diff --git a/data/event-schemas/schema/m.room.redaction.yaml b/data/event-schemas/schema/m.room.redaction.yaml
new file mode 100644
index 00000000000..143e7eff12d
--- /dev/null
+++ b/data/event-schemas/schema/m.room.redaction.yaml
@@ -0,0 +1,22 @@
+---
+allOf:
+  - $ref: core-event-schema/room_event.yaml
+description: 'This event is created by the server to describe which event has been redacted, by whom, and optionally why. The event that has been redacted is specified in the `redacts` event level key. Redacting an event means that all keys not required by the protocol are stripped off, allowing messages to be hidden or allowing admins to remove offensive or illegal content.'
+properties:
+  content:
+    properties:
+      reason:
+        description: 'The reason for the redaction, if any.'
+        type: string
+    type: object
+  redacts:
+    description: The event ID that was redacted.
+    type: string
+  type:
+    enum:
+      - m.room.redaction
+    type: string
+required:
+  - redacts
+title: Redaction
+type: object
diff --git a/data/event-schemas/schema/m.room.server_acl.yaml b/data/event-schemas/schema/m.room.server_acl.yaml
new file mode 100644
index 00000000000..3a7128f0bb1
--- /dev/null
+++ b/data/event-schemas/schema/m.room.server_acl.yaml
@@ -0,0 +1,88 @@
+---
+title: Server ACL
+description: |-
+  An event to indicate which servers are permitted to participate in the
+  room. Server ACLs may allow or deny groups of hosts. All servers participating
+  in the room, including those that are denied, are expected to uphold the
+  server ACL. Servers that do not uphold the ACLs MUST be added to the denied hosts
+  list in order for the ACLs to remain effective.
+
+  The `allow` and `deny` lists are lists of globs supporting `?` and `*`
+  as wildcards. When comparing against the server ACLs, the suspect server's port
+  number must not be considered. Therefore `evil.com`, `evil.com:8448`, and
+  `evil.com:1234` would all match rules that apply to `evil.com`, for example.
+
+  The ACLs are applied to servers when they make requests, and are applied in
+  the following order:
+
+  1. If there is no `m.room.server_acl` event in the room state, allow.
+  #. If the server name is an IP address (v4 or v6) literal, and `allow_ip_literals`
+     is present and `false`, deny.
+  #. If the server name matches an entry in the `deny` list, deny.
+  #. If the server name matches an entry in the `allow` list, allow.
+  #. Otherwise, deny.
+
+  **Note:**
+  Server ACLs do not restrict the events relative to the room DAG via authorisation
+  rules, but instead act purely at the network layer to determine which servers are
+  allowed to connect and interact with a given room.
+
+  **Warning:**
+  Failing to provide an `allow` rule of some kind will prevent **all**
+  servers from participating in the room, including the sender. This renders
+  the room unusable. A common allow rule is `[ "*" ]` which would still
+  permit the use of the `deny` list without losing the room.
+
+  **Warning:**
+  All compliant servers must implement server ACLs.  However, legacy or noncompliant
+  servers exist which do not uphold ACLs, and these MUST be manually appended to
+  the denied hosts list when setting an ACL to prevent them from leaking events from
+  banned servers into a room. Currently, the only way to determine noncompliant hosts is
+  to check the `prev_events` of leaked events, therefore detecting servers which
+  are not upholding the ACLs. Server versions can also be used to try to detect hosts that
+  will not uphold the ACLs, although this is not comprehensive. Server ACLs were added
+  in Synapse v0.32.0, although other server implementations and versions exist in the world.
+allOf:
+  - $ref: core-event-schema/state_event.yaml
+type: object
+properties:
+  content:
+    properties:
+      allow_ip_literals:
+        type: boolean
+        description: |-
+          True to allow server names that are IP address literals. False to
+          deny. Defaults to true if missing or otherwise not a boolean.
+
+          This is strongly recommended to be set to `false` as servers running
+          with IP literal names are strongly discouraged in order to require
+          legitimate homeservers to be backed by a valid registered domain name.
+      allow:
+        type: array
+        description: |-
+          The server names to allow in the room, excluding any port information.
+          Wildcards may be used to cover a wider range of hosts, where `*`
+          matches zero or more characters and `?` matches exactly one character.
+
+          **This defaults to an empty list when not provided, effectively disallowing
+          every server.**
+        items:
+          type: string
+      deny:
+        type: array
+        description: |-
+          The server names to disallow in the room, excluding any port information.
+          Wildcards may be used to cover a wider range of hosts, where `*`
+          matches zero or more characters and `?` matches exactly one character.
+
+          This defaults to an empty list when not provided.
+        items:
+          type: string
+    type: object
+  state_key:
+    description: A zero-length string.
+    pattern: '^$'
+    type: string
+  type:
+    enum: ['m.room.server_acl']
+    type: string
diff --git a/event-schemas/schema/m.room.third_party_invite b/data/event-schemas/schema/m.room.third_party_invite.yaml
similarity index 87%
rename from event-schemas/schema/m.room.third_party_invite
rename to data/event-schemas/schema/m.room.third_party_invite.yaml
index 794bd232a74..f4188192e0b 100644
--- a/event-schemas/schema/m.room.third_party_invite
+++ b/data/event-schemas/schema/m.room.third_party_invite.yaml
@@ -2,7 +2,7 @@
 $schema: http://json-schema.org/draft-04/schema#
 allOf:
   - $ref: core-event-schema/state_event.yaml
-description: "Acts as an ``m.room.member`` invite event, where there isn't a target user_id to invite. This event contains a token and a public key whose private key must be used to sign the token. Any user who can present that signature may use this invitation to join the target room."
+description: "Acts as an `m.room.member` invite event, where there isn't a target user_id to invite. This event contains a token and a public key whose private key must be used to sign the token. Any user who can present that signature may use this invitation to join the target room."
 properties:
   content:
     properties:
diff --git a/event-schemas/schema/m.room.tombstone b/data/event-schemas/schema/m.room.tombstone.yaml
similarity index 88%
rename from event-schemas/schema/m.room.tombstone
rename to data/event-schemas/schema/m.room.tombstone.yaml
index 0fd8ba452b7..1c590e1fd20 100644
--- a/event-schemas/schema/m.room.tombstone
+++ b/data/event-schemas/schema/m.room.tombstone.yaml
@@ -10,7 +10,7 @@ properties:
         description: A server-defined message.
       replacement_room:
         type: string
-        description: The new room the client should be visiting.
+        description: The room ID of the new room the client should be visiting.
     required:
       - replacement_room
       - body
diff --git a/event-schemas/schema/m.room.topic b/data/event-schemas/schema/m.room.topic.yaml
similarity index 91%
rename from event-schemas/schema/m.room.topic
rename to data/event-schemas/schema/m.room.topic.yaml
index ad2a3ba251e..78a3d878a4f 100644
--- a/event-schemas/schema/m.room.topic
+++ b/data/event-schemas/schema/m.room.topic.yaml
@@ -1,7 +1,7 @@
 ---
 allOf:
   - $ref: core-event-schema/state_event.yaml
-description: 'A topic is a short message detailing what is currently being discussed in the room.  It can also be used as a way to display extra information about the room, which may not be suitable for the room name. The room topic can also be set when creating a room using ``/createRoom`` with the ``topic`` key.'
+description: 'A topic is a short message detailing what is currently being discussed in the room.  It can also be used as a way to display extra information about the room, which may not be suitable for the room name. The room topic can also be set when creating a room using `/createRoom` with the `topic` key.'
 properties:
   content:
     properties:
diff --git a/data/event-schemas/schema/m.room_key.withheld.yaml b/data/event-schemas/schema/m.room_key.withheld.yaml
new file mode 100644
index 00000000000..797b51f9b05
--- /dev/null
+++ b/data/event-schemas/schema/m.room_key.withheld.yaml
@@ -0,0 +1,86 @@
+---
+allOf:
+  - $ref: core-event-schema/event.yaml
+
+description: |-
+  This event type is used to indicate that the sender is not sharing room keys
+  with the recipient. It is sent as a to-device event.
+
+  Possible values for `code` include:
+
+  * `m.blacklisted`: the user/device was blacklisted.
+  * `m.unverified`: the user/device was not verified, and the sender is only
+    sharing keys with verified users/devices.
+  * `m.unauthorised`: the user/device is not allowed to have the key. For
+    example, this could be sent in response to a key request if the user/device
+    was not in the room when the original message was sent.
+  * `m.unavailable`: sent in reply to a key request if the device that the
+    key is requested from does not have the requested key.
+  * `m.no_olm`: an olm session could not be established.
+
+  In most cases, this event refers to a specific room key. The one exception to
+  this is when the sender is unable to establish an olm session with the
+  recipient. When this happens, multiple sessions will be affected.  In order
+  to avoid filling the recipient\'s device mailbox, the sender should only send
+  one `m.room_key.withheld` message with no `room_id` nor `session_id`
+  set.  If the sender retries and fails to create an olm session again in the
+  future, it should not send another `m.room_key.withheld` message with a
+  `code` of `m.no_olm`, unless another olm session was previously
+  established successfully.  In response to receiving an
+  `m.room_key.withheld` message with a `code` of `m.no_olm`, the
+  recipient may start an olm session with the sender and send an `m.dummy`
+  message to notify the sender of the new olm session.  The recipient may
+  assume that this `m.room_key.withheld` message applies to all encrypted
+  room messages sent before it receives the message.
+properties:
+  content:
+    properties:
+      algorithm:
+        type: string
+        enum: ["m.megolm.v1.aes-sha2"]
+        description: |-
+          The encryption algorithm for the key that this event is about.
+      room_id:
+        type: string
+        description: |-
+          Required if `code` is not `m.no_olm`.  The room for the key that
+          this event is about.
+      session_id:
+        type: string
+        description: |-
+          Required of `code` is not `m.no_olm`.  The session ID of the key
+          that this event is aboutis for.
+      sender_key:
+        type: string
+        description: |-
+          The unpadded base64-encoded device curve25519 key of the event\'s
+          sender.
+      code:
+        type: string
+        enum:
+          - m.blacklisted
+          - m.unverified
+          - m.unauthorised
+          - m.unavailable
+          - m.no_olm
+        description: |-
+          A machine-readable code for why the key was not sent. Codes beginning
+          with `m.` are reserved for codes defined in the Matrix
+          specification. Custom codes must use the Java package naming
+          convention.
+      reason:
+        type: string
+        description: |-
+          A human-readable reason for why the key was not sent. The receiving
+          client should only use this string if it does not understand the
+          `code`.
+    required:
+      - algorithm
+      - sender_key
+      - code
+    type: object
+  type:
+    enum:
+      - m.room_key.withheld
+    type: string
+type: object
diff --git a/event-schemas/schema/m.room_key b/data/event-schemas/schema/m.room_key.yaml
similarity index 86%
rename from event-schemas/schema/m.room_key
rename to data/event-schemas/schema/m.room_key.yaml
index ef8c51c08fa..6eebbec5f3b 100644
--- a/event-schemas/schema/m.room_key
+++ b/data/event-schemas/schema/m.room_key.yaml
@@ -4,7 +4,7 @@ allOf:
 
 description: |-
   This event type is used to exchange keys for end-to-end encryption. Typically
-  it is encrypted as an ``m.room.encrypted`` event, then sent as a `to-device`_ event.
+  it is encrypted as an `m.room.encrypted` event, then sent as a [to-device](/client-server-api/#send-to-device-messaging) event.
 properties:
   content:
     properties:
diff --git a/event-schemas/schema/m.room_key_request b/data/event-schemas/schema/m.room_key_request.yaml
similarity index 90%
rename from event-schemas/schema/m.room_key_request
rename to data/event-schemas/schema/m.room_key_request.yaml
index c08ac0e37bf..99afdb191e1 100644
--- a/event-schemas/schema/m.room_key_request
+++ b/data/event-schemas/schema/m.room_key_request.yaml
@@ -4,14 +4,14 @@ allOf:
 
 description: |-
   This event type is used to request keys for end-to-end encryption. It is sent as an
-  unencrypted `to-device`_ event.
+  unencrypted [to-device](/client-server-api/#send-to-device-messaging) event.
 properties:
   content:
     properties:
       body:
         description: |-
-          Information about the requested key. Required when ``action`` is
-          ``request``.
+          Information about the requested key. Required when `action` is
+          `request`.
         properties:
           algorithm:
             type: string
diff --git a/event-schemas/schema/m.sticker b/data/event-schemas/schema/m.sticker.yaml
similarity index 83%
rename from event-schemas/schema/m.sticker
rename to data/event-schemas/schema/m.sticker.yaml
index 1dd1173c9c2..5856cca6ff6 100644
--- a/event-schemas/schema/m.sticker
+++ b/data/event-schemas/schema/m.sticker.yaml
@@ -15,11 +15,11 @@ properties:
         allOf:
           - $ref: core-event-schema/msgtype_infos/image_info.yaml
         description: |-
-          Metadata about the image referred to in ``url`` including a thumbnail
+          Metadata about the image referred to in `url` including a thumbnail
           representation.
       url:
         description: |-
-          The URL to the sticker image. This must be a valid ``mxc://`` URI.
+          The URL to the sticker image. This must be a valid `mxc://` URI.
         type: string
     required:
       - body
diff --git a/event-schemas/schema/m.tag b/data/event-schemas/schema/m.tag.yaml
similarity index 87%
rename from event-schemas/schema/m.tag
rename to data/event-schemas/schema/m.tag.yaml
index 8da093bd542..afa2242093f 100644
--- a/event-schemas/schema/m.tag
+++ b/data/event-schemas/schema/m.tag.yaml
@@ -24,7 +24,7 @@
                 "type": "number",
                 "format": "float",
                 "description":
-                  "A number in a range ``[0,1]`` describing a relative position of the room under the given tag."
+                  "A number in a range `[0,1]` describing a relative position of the room under the given tag."
               }
             }
           }
diff --git a/event-schemas/schema/m.typing b/data/event-schemas/schema/m.typing.yaml
similarity index 100%
rename from event-schemas/schema/m.typing
rename to data/event-schemas/schema/m.typing.yaml
diff --git a/event-schemas/schema/stripped_state.yaml b/data/event-schemas/schema/stripped_state.yaml
similarity index 79%
rename from event-schemas/schema/stripped_state.yaml
rename to data/event-schemas/schema/stripped_state.yaml
index ec591bf15c2..92306dc99af 100644
--- a/event-schemas/schema/stripped_state.yaml
+++ b/data/event-schemas/schema/stripped_state.yaml
@@ -21,21 +21,21 @@
 title: StrippedState
 type: object
 description: |-
-  A stripped down state event, with only the ``type``, ``state_key``,
-  ``sender``, and ``content`` keys.
+  A stripped down state event, with only the `type`, `state_key`,
+  `sender`, and `content` keys.
 properties:
   content:
-    description: The ``content`` for the event.
+    description: The `content` for the event.
     title: EventContent
     type: object
   state_key:
-    description: The ``state_key`` for the event.
+    description: The `state_key` for the event.
     type: string
   type:
-    description: The ``type`` for the event.
+    description: The `type` for the event.
     type: string
   sender:
-    description: The ``sender`` for the event.
+    description: The `sender` for the event.
     type: string
 required:
   - type
diff --git a/schemas/server-signatures.yaml b/data/schemas/server-signatures.yaml
similarity index 100%
rename from schemas/server-signatures.yaml
rename to data/schemas/server-signatures.yaml
diff --git a/event-schemas/README.md b/event-schemas/README.md
deleted file mode 100644
index c833b9c3e51..00000000000
--- a/event-schemas/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Checking the event schemas
-==========================
-
-To validate the event schemas, and check the example events, run
-
-   ./check-examples.py
diff --git a/event-schemas/schema/m.key.verification.start b/event-schemas/schema/m.key.verification.start
deleted file mode 100644
index faa7a96ae6e..00000000000
--- a/event-schemas/schema/m.key.verification.start
+++ /dev/null
@@ -1,42 +0,0 @@
----
-allOf:
-  - $ref: core-event-schema/event.yaml
-
-description: |-
-  Begins a key verification process. Typically sent as a `to-device`_ event. The ``method``
-  field determines the type of verification. The fields in the event will differ depending
-  on the ``method``. This definition includes fields that are in common among all variants.
-properties:
-  content:
-    properties:
-      from_device:
-        type: string
-        description: |-
-          The device ID which is initiating the process.
-      transaction_id:
-        type: string
-        description: |-
-          An opaque identifier for the verification process. Must be unique
-          with respect to the devices involved. Must be the same as the
-          ``transaction_id`` given in the ``m.key.verification.request``
-          if this process is originating from a request.
-      method:
-        type: string
-        description: |-
-          The verification method to use.
-      next_method:
-        type: string
-        description: |-
-          Optional method to use to verify the other user's key with. Applicable
-          when the ``method`` chosen only verifies one user's key. This field will
-          never be present if the ``method`` verifies keys both ways.
-    required:
-      - from_device
-      - transaction_id
-      - method
-    type: object
-  type:
-    enum:
-      - m.key.verification.start
-    type: string
-type: object
diff --git a/event-schemas/schema/m.room.join_rules b/event-schemas/schema/m.room.join_rules
deleted file mode 100644
index b8e8501c53d..00000000000
--- a/event-schemas/schema/m.room.join_rules
+++ /dev/null
@@ -1,28 +0,0 @@
----
-allOf:
-  - $ref: core-event-schema/state_event.yaml
-description: 'A room may be ``public`` meaning anyone can join the room without any prior action. Alternatively, it can be ``invite`` meaning that a user who wishes to join the room must first receive an invite to the room from someone already inside of the room. Currently, ``knock`` and ``private`` are reserved keywords which are not implemented.'
-properties:
-  content:
-    properties:
-      join_rule:
-        description: The type of rules used for users wishing to join this room.
-        enum:
-          - public
-          - knock
-          - invite
-          - private
-        type: string
-    required:
-      - join_rule
-    type: object
-  state_key:
-    description: A zero-length string.
-    pattern: '^$'
-    type: string
-  type:
-    enum:
-      - m.room.join_rules
-    type: string
-title: Describes how users are allowed to join the room.
-type: object
diff --git a/event-schemas/schema/m.room.member b/event-schemas/schema/m.room.member
deleted file mode 100644
index 36490c6b978..00000000000
--- a/event-schemas/schema/m.room.member
+++ /dev/null
@@ -1,128 +0,0 @@
----
-allOf:
-  - $ref: core-event-schema/state_event.yaml
-description: |-
-  Adjusts the membership state for a user in a room. It is preferable to use the membership APIs (``/rooms/<room id>/invite`` etc) when performing membership actions rather than adjusting the state directly as there are a restricted set of valid transformations. For example, user A cannot force user B to join a room, and trying to force this state change directly will fail.
-
-  The following membership states are specified:
-
-  - ``invite`` - The user has been invited to join a room, but has not yet joined it. They may not participate in the room until they join.
-
-  - ``join`` - The user has joined the room (possibly after accepting an invite), and may participate in it.
-
-  - ``leave`` - The user was once joined to the room, but has since left (possibly by choice, or possibly by being kicked).
-
-  - ``ban`` - The user has been banned from the room, and is no longer allowed to join it until they are un-banned from the room (by having their membership state set to a value other than ``ban``).
-
-  - ``knock`` - This is a reserved word, which currently has no meaning.
-
-  The ``third_party_invite`` property will be set if this invite is an ``invite`` event and is the successor of an ``m.room.third_party_invite`` event, and absent otherwise.
-
-  This event may also include an ``invite_room_state`` key inside the event's ``unsigned`` data.
-  If present, this contains an array of ``StrippedState`` Events. These events provide information
-  on a subset of state events such as the room name.
-
-  The user for which a membership applies is represented by the ``state_key``. Under some conditions,
-  the ``sender`` and ``state_key`` may not match - this may be interpreted as the ``sender`` affecting
-  the membership state of the ``state_key`` user.
-
-  The ``membership`` for a given user can change over time. The table below represents the various changes
-  over time and how clients and servers must interpret those changes. Previous membership can be retrieved
-  from the ``prev_content`` object on an event. If not present, the user's previous membership must be assumed
-  as ``leave``.
-
-  .. TODO: Improve how this table is written? We use a csv-table to get around vertical header restrictions.
-
-  .. csv-table::
-    :header-rows: 1
-    :stub-columns: 1
-
-    "","to ``invite``","to ``join``","to ``leave``","to ``ban``","to ``knock``"
-    "from ``invite``","No change.","User joined the room.","If the ``state_key`` is the same as the ``sender``, the user rejected the invite. Otherwise, the ``state_key`` user had their invite revoked.","User was banned.","Not implemented."
-    "from ``join``","Must never happen.","``displayname`` or ``avatar_url`` changed.","If the ``state_key`` is the same as the ``sender``, the user left. Otherwise, the ``state_key`` user was kicked.","User was kicked and banned.","Not implemented."
-    "from ``leave``","New invitation sent.","User joined.","No change.","User was banned.","Not implemented."
-    "from ``ban``","Must never happen.","Must never happen.","User was unbanned.","No change.","Not implemented."
-    "from ``knock``","Not implemented.","Not implemented.","Not implemented.","Not implemented.","Not implemented."
-
-properties:
-  content:
-    properties:
-      avatar_url:
-        description: 'The avatar URL for this user, if any.'
-        type: string
-      displayname:
-        description: 'The display name for this user, if any.'
-        type:
-          - "string"
-          - "null"
-      membership:
-        description: The membership state of the user.
-        enum:
-          - invite
-          - join
-          - knock
-          - leave
-          - ban
-        type: string
-      is_direct:
-        description: Flag indicating if the room containing this event was created with the intention of being a direct chat. See `Direct Messaging`_.
-        type: boolean
-      third_party_invite:
-        properties:
-          display_name:
-            description: A name which can be displayed to represent the user instead of their third party identifier
-            type: string
-          signed:
-            description: 'A block of content which has been signed, which servers can use to verify the event. Clients should ignore this.'
-            properties:
-              mxid:
-                description: The invited matrix user ID. Must be equal to the user_id property of the event.
-                type: string
-              signatures:
-                description: 'A single signature from the verifying server, in the format specified by the Signing Events section of the server-server API.'
-                title: Signatures
-                type: object
-                additionalProperties:
-                  type: object
-                  additionalProperties:
-                    type: string
-              token:
-                description: The token property of the containing third_party_invite object.
-                type: string
-            required:
-              - mxid
-              - signatures
-              - token
-            title: signed
-            type: object
-        required:
-          - display_name
-          - signed
-        title: Invite
-        type: object
-    required:
-      - membership
-    title: EventContent
-    type: object
-  state_key:
-    description: |-
-      The ``user_id`` this membership event relates to. In all cases except for when ``membership`` is
-      ``join``, the user ID sending the event does not need to match the user ID in the ``state_key``,
-      unlike other events. Regular authorisation rules still apply.
-    type: string
-  type:
-    enum:
-      - m.room.member
-    type: string
-  unsigned:
-    allOf:
-      - $ref: "core-event-schema/unsigned_prop.yaml"
-      - type: object
-        properties:
-          invite_room_state:
-            description: 'A subset of the state of the room at the time of the invite, if ``membership`` is ``invite``. Note that this state is informational, and SHOULD NOT be trusted; once the client has joined the room, it SHOULD fetch the live state from the server and discard the invite_room_state. Also, clients must not rely on any particular state being present here; they SHOULD behave properly (with possibly a degraded but not a broken experience) in the absence of any particular events here. If they are set on the room, at least the state for ``m.room.avatar``, ``m.room.canonical_alias``, ``m.room.join_rules``, and ``m.room.name`` SHOULD be included.'
-            items:
-              $ref: "stripped_state.yaml"
-            type: array
-title: The current membership state of a user in the room.
-type: object
diff --git a/event-schemas/schema/m.room.message$m.notice b/event-schemas/schema/m.room.message$m.notice
deleted file mode 100644
index 19c4f9858b6..00000000000
--- a/event-schemas/schema/m.room.message$m.notice
+++ /dev/null
@@ -1,34 +0,0 @@
----
-allOf:
-  - $ref: core-event-schema/room_event.yaml
-description: 'The ``m.notice`` type is primarily intended for responses from automated clients. An ``m.notice`` message must be treated the same way as a regular ``m.text`` message with two exceptions. Firstly, clients should present ``m.notice`` messages to users in a distinct manner, and secondly, ``m.notice`` messages must never be automatically responded to. This helps to prevent infinite-loop situations where two automated clients continuously exchange messages.'
-properties:
-  content:
-    properties:
-      body:
-        description: The notice text to send.
-        type: string
-      msgtype:
-        enum:
-          - m.notice
-        type: string
-      format:
-        description: |-
-          The format used in the ``formatted_body``. Currently only
-          ``org.matrix.custom.html`` is supported.
-        type: string
-      formatted_body:
-        description: |-
-          The formatted version of the ``body``. This is required if ``format``
-          is specified.
-        type: string
-    required:
-      - msgtype
-      - body
-    type: object
-  type:
-    enum:
-      - m.room.message
-    type: string
-title: NoticeMessage
-type: object
diff --git a/event-schemas/schema/m.room.redaction b/event-schemas/schema/m.room.redaction
deleted file mode 100644
index b3bc418e9c6..00000000000
--- a/event-schemas/schema/m.room.redaction
+++ /dev/null
@@ -1,22 +0,0 @@
----
-allOf:
-  - $ref: core-event-schema/room_event.yaml
-description: 'Events can be redacted by either room or server admins. Redacting an event means that all keys not required by the protocol are stripped off, allowing admins to remove offensive or illegal content that may have been attached to any event. This cannot be undone, allowing server owners to physically delete the offending data.  There is also a concept of a moderator hiding a message event, which can be undone, but cannot be applied to state events. The event that has been redacted is specified in the ``redacts`` event level key.'
-properties:
-  content:
-    properties:
-      reason:
-        description: 'The reason for the redaction, if any.'
-        type: string
-    type: object
-  redacts:
-    description: The event ID that was redacted.
-    type: string
-  type:
-    enum:
-      - m.room.redaction
-    type: string
-required:
-  - redacts
-title: Redaction
-type: object
diff --git a/event-schemas/schema/m.room.server_acl b/event-schemas/schema/m.room.server_acl
deleted file mode 100644
index 86d83832ed1..00000000000
--- a/event-schemas/schema/m.room.server_acl
+++ /dev/null
@@ -1,88 +0,0 @@
----
-title: Server ACL
-description: |-
-  An event to indicate which servers are permitted to participate in the
-  room. Server ACLs may allow or deny groups of hosts. All servers participating
-  in the room, including those that are denied, are expected to uphold the
-  server ACL. Servers that do not uphold the ACLs MUST be added to the denied hosts
-  list in order for the ACLs to remain effective.
-
-  The ``allow`` and ``deny`` lists are lists of globs supporting ``?`` and ``*``
-  as wildcards. When comparing against the server ACLs, the suspect server's port
-  number must not be considered. Therefore ``evil.com``, ``evil.com:8448``, and
-  ``evil.com:1234`` would all match rules that apply to ``evil.com``, for example.
-
-  The ACLs are applied to servers when they make requests, and are applied in
-  the following order:
-
-  1. If there is no ``m.room.server_acl`` event in the room state, allow.
-  #. If the server name is an IP address (v4 or v6) literal, and ``allow_ip_literals``
-     is present and ``false``, deny.
-  #. If the server name matches an entry in the ``deny`` list, deny.
-  #. If the server name matches an entry in the ``allow`` list, allow.
-  #. Otherwise, deny.
-
-  .. Note::
-     Server ACLs do not restrict the events relative to the room DAG via authorisation
-     rules, but instead act purely at the network layer to determine which servers are
-     allowed to connect and interact with a given room.
-
-  .. WARNING::
-     Failing to provide an ``allow`` rule of some kind will prevent **all**
-     servers from participating in the room, including the sender. This renders
-     the room unusable. A common allow rule is ``[ "*" ]`` which would still
-     permit the use of the ``deny`` list without losing the room.
-  
-  .. WARNING::
-     All compliant servers must implement server ACLs.  However, legacy or noncompliant
-     servers exist which do not uphold ACLs, and these MUST be manually appended to
-     the denied hosts list when setting an ACL to prevent them from leaking events from
-     banned servers into a room. Currently, the only way to determine noncompliant hosts is
-     to check the ``prev_events`` of leaked events, therefore detecting servers which
-     are not upholding the ACLs. Server versions can also be used to try to detect hosts that
-     will not uphold the ACLs, although this is not comprehensive. Server ACLs were added
-     in Synapse v0.32.0, although other server implementations and versions exist in the world.
-allOf:
-  - $ref: core-event-schema/state_event.yaml
-type: object
-properties:
-  content:
-    properties:
-      allow_ip_literals:
-        type: boolean
-        description: |-
-          True to allow server names that are IP address literals. False to
-          deny. Defaults to true if missing or otherwise not a boolean.
-
-          This is strongly recommended to be set to ``false`` as servers running
-          with IP literal names are strongly discouraged in order to require 
-          legitimate homeservers to be backed by a valid registered domain name.
-      allow:
-        type: array
-        description: |-
-          The server names to allow in the room, excluding any port information.
-          Wildcards may be used to cover a wider range of hosts, where ``*``
-          matches zero or more characters and ``?`` matches exactly one character.
-
-          **This defaults to an empty list when not provided, effectively disallowing
-          every server.**
-        items:
-          type: string
-      deny:
-        type: array
-        description: |-
-          The server names to disallow in the room, excluding any port information.
-          Wildcards may be used to cover a wider range of hosts, where ``*``
-          matches zero or more characters and ``?`` matches exactly one character.
-
-          This defaults to an empty list when not provided.
-        items:
-          type: string
-    type: object
-  state_key:
-    description: A zero-length string.
-    pattern: '^$'
-    type: string
-  type:
-    enum: ['m.room.server_acl']
-    type: string
diff --git a/informal/idp-brands.md b/informal/idp-brands.md
new file mode 100644
index 00000000000..24f91811936
--- /dev/null
+++ b/informal/idp-brands.md
@@ -0,0 +1,67 @@
+# SSO IdP brand registry
+
+This informal document contains specification for common brands that clients might experience
+in the wild as part of `m.login.sso` flows. To add your brand, open a PR against this document
+with the relevant additions (using the existing specification as reference) - an MSC is not
+required. Once opened, mention your PR in [#sct-office:matrix.org](https://matrix.to/#/#sct-office:matrix.org)
+on Matrix so it doesn't end up lost.
+
+Please also take some time to read the [contributing guidelines](https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst)
+for an overview of PR requirements.
+
+<!--
+Author's note: This document intentionally has 2 blank lines between brands for easier distinction
+in the plaintext version. Please maintain them for new & existing brands.
+-->
+
+## Brands
+
+For the brands listed here, the `identifier` would be used as the `brand` value in an IdP definition
+under `m.login.sso`'s flow.
+
+Note that each brand may have their own requirements for how they are represented by clients, such as
+Facebook/Twitter wanting their signature blues for button backgrounds whereas GitHub is not as particular
+about the press requirements. Clients should not rely on this document for guidance on press requirements
+and instead refer to the brands individually.
+
+
+### Apple
+
+**Identifier**: `apple`
+
+Suitable for "Sign in with Apple": see https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple/overview/buttons/.
+
+
+### Facebook
+
+**Identifier**: `facebook`
+
+"Continue with Facebook": see https://developers.facebook.com/docs/facebook-login/web/login-button/.
+
+
+### GitHub
+
+**Identifier**: `github`
+
+Logos available at https://github.com/logos.
+
+
+### GitLab
+
+**Identifier**: `gitlab`
+
+Logos available at https://about.gitlab.com/press/press-kit/.
+
+
+### Google
+
+**Identifier**: `google`
+
+Suitable for "Google Sign-In": see https://developers.google.com/identity/branding-guidelines.
+
+
+### Twitter
+
+**Identifier**: `twitter`
+
+Suitable for "Log in with Twitter": see https://developer.twitter.com/en/docs/authentication/guides/log-in-with-twitter#tab1.
diff --git a/layouts/404.html b/layouts/404.html
new file mode 100644
index 00000000000..212e20bae74
--- /dev/null
+++ b/layouts/404.html
@@ -0,0 +1,8 @@
+{{ define "main"}}
+    <main id="main">
+      <div>
+       <h1 id="title">Not found</h1>
+          <p>This page doesn't exist. Try going back to the <a href="{{ "/" | relURL }}">main page for the Matrix Specification</a>.</p>
+      </div>
+    </main>
+{{ end }}
diff --git a/layouts/_default/content.html b/layouts/_default/content.html
new file mode 100644
index 00000000000..e58073f343e
--- /dev/null
+++ b/layouts/_default/content.html
@@ -0,0 +1,4 @@
+<div class="td-content">
+	<h1>{{ .Title }}</h1>
+	{{ .Content }}
+</div>
diff --git a/layouts/docs/baseof.html b/layouts/docs/baseof.html
new file mode 100644
index 00000000000..3e058fd0b2e
--- /dev/null
+++ b/layouts/docs/baseof.html
@@ -0,0 +1,34 @@
+{{/*
+
+  A copy of the baseof.html partial in Docsy, modified
+	to remove the right-hand column from the layout.
+
+*/}}
+
+<!doctype html>
+<html lang="{{ .Site.Language.Lang }}" class="no-js">
+  <head>
+    {{ partial "head.html" . }}
+  </head>
+  <body class="td-{{ .Kind }}">
+    <header>
+      {{ partial "navbar.html" . }}
+    </header>
+    <div class="container-fluid td-outer">
+      <div class="td-main">
+        <div class="row flex-xl-nowrap">
+          <div class="col-12 col-md-3 col-xl-3 td-sidebar d-print-none">
+            {{ partial "sidebar.html" . }}
+          </div>
+          <main class="col-12 col-md-9 col-xl-7 pl-md-5" role="main">
+            {{ partial "version-banner.html" . }}
+            {{ partial "breadcrumb.html" . }}
+            {{ block "main" . }}{{ end }}
+          </main>
+        </div>
+      </div>
+      {{ partial "footer.html" . }}
+    </div>
+    {{ partial "scripts.html" . }}
+  </body>
+</html>
diff --git a/layouts/docs/list.html b/layouts/docs/list.html
new file mode 100644
index 00000000000..01145138559
--- /dev/null
+++ b/layouts/docs/list.html
@@ -0,0 +1,13 @@
+{{/*
+
+  A simplified version of the list.html partial in Docsy.
+
+*/}}
+
+{{ define "main" }}
+<div class="td-content">
+	<h1>{{ .Title }}</h1>
+        {{ with .Params.description }}<div class="lead">{{ . | markdownify }}</div>{{ end }}
+	{{ .Content }}
+</div>
+{{ end }}
diff --git a/layouts/partials/alert.html b/layouts/partials/alert.html
new file mode 100644
index 00000000000..9096769f522
--- /dev/null
+++ b/layouts/partials/alert.html
@@ -0,0 +1,20 @@
+{{/*
+
+  Display an alert box of the given type, containing the given content.
+
+  Supported types are "warning", "info", and "rationale".
+  The type determines the colors used in the box and, by default,
+  the title for the box: WARNING, INFO, RATIONALE.
+
+  By passing "omit_title", a caller can suppress the title, and just get
+  a box using the colors and styles for the given type.
+
+*/}}
+
+{{ $type := .type}}
+{{ $content := .content}}
+{{ $omit_title := .omit_title }}
+
+<div class="alert {{ $type }} {{ if $omit_title }}omit-title{{end}}" role="alert">
+{{ $content | markdownify }}
+</div>
diff --git a/layouts/partials/breadcrumb.html b/layouts/partials/breadcrumb.html
new file mode 100644
index 00000000000..8e1fb9b24b5
--- /dev/null
+++ b/layouts/partials/breadcrumb.html
@@ -0,0 +1,28 @@
+{{/*
+
+  A copy of the breadcrumb.html partial in Docsy, modified
+	to:
+  * omit breadcrumbs when this is the homepage
+  * otherwise, include the homepage in the breadcrumbs
+
+*/}}
+
+{{ if not .IsHome }}
+<nav aria-label="breadcrumb" class="d-none d-md-block d-print-none">
+	<ol class="breadcrumb spb-1">
+{{ template "breadcrumbnav" (dict "p1" . "p2" .) }}
+	</ol>
+</nav	>
+{{ end }}
+
+{{ define "breadcrumbnav" }}
+{{ if .p1.Parent }}
+{{ template "breadcrumbnav" (dict "p1" .p1.Parent "p2" .p2 )  }}
+{{ else if not .p1.IsHome }}
+{{ template "breadcrumbnav" (dict "p1" .p1.Site.Home "p2" .p2 )  }}
+{{ end }}
+{{ $isActive :=  eq .p1 .p2  }}
+<li class="breadcrumb-item{{ if $isActive }} active{{ end }}" {{ if $isActive }}aria-current="page"{{ end }}>
+	<a href="{{ .p1.RelPermalink }}">{{ .p1.LinkTitle }}</a>
+</li>
+{{ end }}
diff --git a/layouts/partials/events/render-event.html b/layouts/partials/events/render-event.html
new file mode 100644
index 00000000000..b4bb75b4f69
--- /dev/null
+++ b/layouts/partials/events/render-event.html
@@ -0,0 +1,93 @@
+{{/*
+
+  Renders a single event, given:
+
+    * `event_name`: the name we want to display for the event
+    * `event_data`: the event specification
+    * `desired_example_name` (optional): the exact name of the examples to render.
+    If `desired_example_name` is omitted we render all examples
+    whose names start with the `event_name`.
+
+*/}}
+
+{{ $event_name := .event_name }}
+{{ $desired_example_name := .desired_example_name }}
+{{ $event_data := .event_data }}
+
+<section class="rendered-data event">
+
+<details {{ if not .Site.Params.ui.rendered_data_collapsed }}open{{ end }}>
+<summary>
+
+  <h1 id="{{ anchorize $event_name }}">
+   <code>{{ $event_name }}</code>
+  </h1>
+
+  <hr/>
+
+{{ $event_data.description | markdownify }}
+
+</summary>
+
+{{ $state_key := index $event_data.properties "state_key" }}
+
+<table class="basic-info">
+  <tr>
+   <th>Event type:</th>
+   <td>{{ if $state_key }}State event{{ else }}Message event{{ end }}</td>
+  </tr>
+{{ if $state_key }}
+  <tr>
+   <th>State key</th>
+   <td>{{ $state_key.description | markdownify }}</td>
+ </tr>
+{{ end }}
+</table>
+
+<h2>Content</h2>
+
+{{ $additional_types := partial "json-schema/resolve-additional-types" $event_data.properties.content }}
+
+{{ range $additional_types }}
+    {{ partial "openapi/render-object-table" (dict "caption" .title "properties" .properties "required" .required) }}
+{{end}}
+
+<h2>Examples</h2>
+
+{{ $all_examples := index site.Data "event-schemas" "examples" }}
+
+{{ range $example_name, $example := $all_examples }}
+
+    {{/*
+      This is to allow the msgtype template to work.
+      It lets callers specify exactly the name of the example they want
+    */}}
+    {{ if $desired_example_name }}
+        {{ if eq $example_name $desired_example_name }}
+            {{ $example_content := partial "json-schema/resolve-refs" (dict "schema" $example "path" "event-schemas/examples") }}
+```json
+{{ jsonify (dict "indent" "  ") $example_content }}
+```
+        {{ end }}
+    {{/*
+      If `$desired_example_name` is not given, we will include any
+      examples whose first part (before "$") matches the event name
+    */}}
+    {{ else }}
+
+        {{ $pieces := split $example_name "$" }}
+        {{ $example_base_name := index $pieces 0 }}
+        {{ if eq $event_name $example_base_name }}
+            {{ $example_content := partial "json-schema/resolve-refs" (dict "schema" $example "path" "event-schemas/examples") }}
+            {{ $example_json := jsonify (dict "indent" "  ") $example_content }}
+            {{ $example_json = replace $example_json "\\u003c" "<" }}
+            {{ $example_json = replace $example_json "\\u003e" ">" | safeHTML }}
+
+```json
+{{ $example_json }}
+```
+        {{ end }}
+    {{ end }}
+{{ end }}
+
+</section>
diff --git a/layouts/partials/footer.html b/layouts/partials/footer.html
new file mode 100644
index 00000000000..3506f83423b
--- /dev/null
+++ b/layouts/partials/footer.html
@@ -0,0 +1,39 @@
+{{/*
+
+  A modified version of the footer.html partial in Docsy.
+
+*/}}
+
+{{ $links := .Site.Params.links }}
+<footer class="py-5 row d-print-none">
+  <div class="container-fluid mx-sm-5">
+    <div class="row">
+      <div class="col-12 text-center text-xs-center order-sm-3">
+        {{ with $links }}
+        {{ with index . "developer"}}
+        {{ template "footer-links-block"  . }}
+        {{ end }}
+        {{ end }}
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-12 text-center py-2 order-sm-3">
+        {{ with .Site.Params.copyright }}<small>&copy; {{ now.Year}} {{ .}}</small>{{ end }}
+	{{ if not .Site.Params.ui.footer_about_disable }}
+		{{ with .Site.GetPage "about" }}<p class="mt-2"><a href="{{ .RelPermalink }}">{{ .Title }}</a></p>{{ end }}
+	{{ end }}
+      </div>
+    </div>
+  </div>
+</footer>
+{{ define "footer-links-block" }}
+<ul class="list-inline mb-0">
+  {{ range . }}
+  <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="{{ .name }}" aria-label="{{ .name }}">
+    <a class="text-dark" target="_blank" rel="noopener noreferrer" href="{{ .url }}">
+      <i class="{{ .icon }}"></i>
+    </a>
+  </li>
+  {{ end }}
+</ul>
+{{ end }}
diff --git a/layouts/partials/hooks/body-end.html b/layouts/partials/hooks/body-end.html
new file mode 100644
index 00000000000..377470d911a
--- /dev/null
+++ b/layouts/partials/hooks/body-end.html
@@ -0,0 +1,17 @@
+{{/*
+
+  This template is included at the end of each page's `<body>`.
+
+  We're using it here to:
+
+  1) include the JS that generates the table of contents. It would be better
+  to generate the table of contents as part of the Hugo build process, but
+  that doesn't work nicely with the way we want to author client-server modules
+  as separate files.
+
+  2) highlight and scroll the ToC in the sidebar to match the place we are at
+  in the document.
+
+*/}}
+
+<script defer language="javascript" type="text/javascript"  src="{{ "js/toc.js" | urlize | relURL }}"></script>
diff --git a/layouts/partials/hooks/head-end.html b/layouts/partials/hooks/head-end.html
new file mode 100644
index 00000000000..925c43cc15d
--- /dev/null
+++ b/layouts/partials/hooks/head-end.html
@@ -0,0 +1,18 @@
+{{/*
+
+  This template is included at the end of each page's `<head>`.
+
+  We're using it here to include the custom CSS for the Matrix spec.
+
+*/}}
+
+{{ $scss := "scss/custom.scss"}}
+{{ if .Site.IsServer }}
+{{/* Note the missing postCSS. This makes it snappier to develop in Chrome, but makes it look sub-optimal in other browsers. */}}
+{{ $css := resources.Get $scss | toCSS (dict "enableSourceMap" true) }}
+<link href="{{ $css.RelPermalink }}" rel="stylesheet">
+{{ else }}
+{{ $css := resources.Get $scss | toCSS (dict "enableSourceMap" false) | postCSS | minify | fingerprint }}
+<link rel="preload" href="{{ $css.RelPermalink }}" as="style">
+<link href="{{ $css.RelPermalink }}" rel="stylesheet" integrity="{{ $css.Data.integrity }}">
+{{ end }}
diff --git a/layouts/partials/json-schema/resolve-additional-types.html b/layouts/partials/json-schema/resolve-additional-types.html
new file mode 100644
index 00000000000..26df52e5992
--- /dev/null
+++ b/layouts/partials/json-schema/resolve-additional-types.html
@@ -0,0 +1,92 @@
+{{/*
+
+  Finds and returns all nested objects, given:
+
+  * `this_object`: a JSON schema object
+
+  Given a schema object, this template finds all nested objects under that
+  schema.
+
+  It "cleans" each object by copying only the parts of the objects that
+  the renderer needs, and adds the result to an array, `additional_objects`.
+
+  Finally it returns the array of all the objects it found.
+
+  Note that the returned array may contain duplicate objects.
+
+*/}}
+
+{{ $this_object := partial "json-schema/resolve-allof" . }}
+{{ $additional_objects := slice }}
+
+{{ if eq $this_object.type "object" }}
+
+    {{/*
+      Add the object we were passed into the $additional_objects array
+    */}}
+    {{ $additional_objects = $additional_objects | append (partial "clean-object" $this_object) }}
+
+    {{/*
+      Add any nested objects referenced in this object's `additionalProperties`
+    */}}
+    {{ if $this_object.additionalProperties }}
+        {{ if reflect.IsMap $this_object.additionalProperties }}
+            {{ $additional_objects = $additional_objects | append (partial "clean-object" $this_object.additionalProperties) }}
+
+            {{ range $key, $property := $this_object.additionalProperties.properties }}
+                {{ $additional_objects = partial "get-additional-objects" (dict "this_object" $property "additional_objects" $additional_objects) }}
+            {{ end }}
+
+        {{ end }}
+    {{ end }}
+
+    {{/*
+      Add any nested objects referenced in this object's `properties`
+    */}}
+    {{ range $key, $property := $this_object.properties}}
+        {{ $additional_objects = partial "get-additional-objects" (dict "this_object" $property "additional_objects" $additional_objects) }}
+    {{ end }}
+
+{{ end }}
+
+{{ if eq $this_object.type "array" }}
+    {{/*
+      Add any nested objects referenced in this object's `items`
+    */}}
+    {{ if reflect.IsSlice $this_object.items}}
+        {{ range $this_object.items }}
+            {{ $additional_objects = partial "get-additional-objects" (dict "this_object" . "additional_objects" $additional_objects) }}
+        {{ end }}
+    {{ else }}
+        {{ $additional_objects = partial "get-additional-objects" (dict "this_object" $this_object.items "additional_objects" $additional_objects) }}
+    {{ end }}
+{{ end }}
+
+{{ return $additional_objects }}
+
+
+{{/*
+  This actually makes the recursive call and adds the returned objects to the array
+*/}}
+{{ define "partials/get-additional-objects" }}
+    {{ $additional_objects := .additional_objects }}
+
+    {{ $this_object := partial "json-schema/resolve-allof" .this_object }}
+    {{ $more_objects := partial "json-schema/resolve-additional-types" $this_object }}
+    {{/*
+      As far as I know we don't have something like Array.concat(), so add them one at a time
+    */}}
+    {{ range $more_objects}}
+        {{ $additional_objects = $additional_objects | append (partial "clean-object" .) }}
+    {{ end }}
+    {{ return $additional_objects }}
+{{ end }}
+
+{{/*
+  Only copy the bits of the object that we actually care about.
+  This is needed for uniqify to work - otherwise objects that are the same
+  but with (for example) different examples will be considered different.
+*/}}
+{{ define "partials/clean-object" }}
+    {{ return (dict "title" .title "properties" .properties "required" .required "enum" .enum) }}
+{{ end }}
diff --git a/layouts/partials/json-schema/resolve-allof.html b/layouts/partials/json-schema/resolve-allof.html
new file mode 100644
index 00000000000..0150cfdeb6c
--- /dev/null
+++ b/layouts/partials/json-schema/resolve-allof.html
@@ -0,0 +1,76 @@
+{{/*
+
+  Resolves the `allOf` keyword (https://swagger.io/specification/v2/#composition-and-inheritance-polymorphism),
+  given a JSON schema object.
+
+  `allOf` is used to support a kind of inheritance for JSON schema objects.
+
+  An object can reference a "parent" object using `allOf`, and it then inherits
+  its parent's properties. If the same property is present in the child, then
+  we use the child's version (the child overrides the parent).
+
+  Of course the parent can itself inherit from *its* parent, so we recurse to
+  handle that.
+
+*/}}
+
+{{ $ret := . }}
+{{ $original := . }}
+
+{{ $required := .required }}
+{{ if not $required }}
+    {{ $required := slice }}
+{{ end }}
+
+{{ with $ret.allOf }}
+
+    {{ $all_of_values := dict }}
+
+    {{/*
+      allOf is always an array
+    */}}
+    {{ range . }}
+
+        {{ with .required }}
+            {{ $required = union $required . }}
+        {{ end }}
+
+        {{/*
+          With merge, values from the second argument override those from the first argument.
+          So this order will accumulate values from allOf items, allowing later ones to override earlier
+        */}}
+        {{ $all_of_values = merge $all_of_values . }}
+
+    {{ end }}
+
+    {{/*
+      Then apply allOf values to the original, but allow the original to override allOf.
+    */}}
+    {{ $ret = merge $all_of_values $ret }}
+
+    {{/*
+      Except that if allOf *itself* contains allOf, we do want to override the original for that field only.
+    */}}
+    {{ with $all_of_values.allOf }}
+        {{ $ret = merge $ret (dict "allOf" . ) }}
+    {{ end }}
+
+    {{ with $ret.required }}
+        {{ $required = union $required $ret.required }}
+    {{ end }}
+
+    {{ $ret = merge $ret (dict "required" $required) }}
+
+{{ end }}
+
+{{/*
+  Recurse while we are finding new allOf entries to resolve
+*/}}
+{{ if ne $ret.allOf $original.allOf }}
+
+    {{ $resolved := partial "json-schema/resolve-allof" $ret }}
+    {{ $ret = merge $ret $resolved }}
+
+{{ end }}
+
+{{ return $ret }}
diff --git a/layouts/partials/json-schema/resolve-example.html b/layouts/partials/json-schema/resolve-example.html
new file mode 100644
index 00000000000..51ce6d5320d
--- /dev/null
+++ b/layouts/partials/json-schema/resolve-example.html
@@ -0,0 +1,29 @@
+{{/*
+
+  For complex objects, example content is sometimes attached to the
+  object's individual properties (and subproperties...), so to get
+  a complete example for the whole object we need to iterate through
+  its properties (and subproperties...) and assemble them.
+
+  That's what this template does.
+
+*/}}
+
+{{ $this_object := partial "json-schema/resolve-allof" . }}
+
+{{ if eq $this_object.type "object" }}
+
+    {{ if not $this_object.example }}
+        {{ $this_object := merge (dict "example" dict ) $this_object }}
+    {{ end }}
+
+    {{ range $key, $property := $this_object.properties}}
+        {{ $this_property_example := partial "json-schema/resolve-example" $property }}
+        {{ if $this_property_example }}
+            {{ $this_object = merge (dict "example" (dict $key $this_property_example)) $this_object }}
+        {{ end }}
+    {{ end }}
+
+{{ end }}
+
+{{ return $this_object.example }}
diff --git a/layouts/partials/json-schema/resolve-refs.html b/layouts/partials/json-schema/resolve-refs.html
new file mode 100644
index 00000000000..1d99201dbf6
--- /dev/null
+++ b/layouts/partials/json-schema/resolve-refs.html
@@ -0,0 +1,65 @@
+{{/*
+
+  Resolves the `$ref` JSON schema keyword, by recursively replacing
+  it with the object it points to.
+
+  This template uses [`Scratch`](https://gohugo.io/functions/scratch/)
+  rather than a normal `dict` because with `dict` you can't replace key values:
+  https://discourse.gohugo.io/t/how-can-i-add-set-and-delete-keys-in-a-dictionary/29661
+
+*/}}
+
+{{ $schema := .schema }}
+{{ $path := .path}}
+
+{{ $ret := $schema }}
+
+{{ if reflect.IsMap $schema }}
+
+    {{ $scratch := newScratch }}
+    {{ $scratch.Set "result_map" dict }}
+
+    {{ $ref_value := index $schema "$ref"}}
+    {{ if $ref_value}}
+        {{ $full_path := path.Join $path $ref_value }}
+        {{/*
+          Apparently Hugo doesn't give us a nice way to split the extension off a filename.
+        */}}
+        {{ $without_ext := replaceRE "\\.[^\\.]*$" "" $full_path }}
+        {{ $pieces := split $without_ext "/" }}
+
+        {{ $ref := index site.Data $pieces }}
+
+        {{ $new_path := (path.Split $full_path).Dir}}
+        {{ $result_map := partial "json-schema/resolve-refs" (dict "schema" $ref "path" $new_path)}}
+        {{ if $result_map}}
+            {{ $scratch.Set "result_map" $result_map }}
+        {{end }}
+    {{ end }}
+
+
+    {{ range $key, $value := $schema }}
+        {{ if ne $key "$ref" }}
+            {{ $resolved := partial "json-schema/resolve-refs" (dict "schema" $value "path" $path) }}
+            {{ $scratch.SetInMap "result_map" $key $resolved }}
+        {{ end }}
+    {{ end }}
+
+    {{ $ret = $scratch.Get "result_map" }}
+
+{{ end }}
+
+{{ if reflect.IsSlice $schema }}
+
+    {{ $result_slice := slice }}
+
+    {{ range $schema }}
+        {{ $resolved := partial "json-schema/resolve-refs" (dict "schema" . "path" $path) }}
+        {{ $result_slice = $result_slice | append $resolved }}
+    {{ end }}
+
+    {{ $ret = $result_slice }}
+
+{{ end }}
+
+{{ return $ret }}
diff --git a/layouts/partials/navbar.html b/layouts/partials/navbar.html
new file mode 100644
index 00000000000..e78ee9c410c
--- /dev/null
+++ b/layouts/partials/navbar.html
@@ -0,0 +1,55 @@
+{{/*
+
+  A version of the navbar.html partial in Docsy, only modified
+	to include the spec version, which is calculated using an
+  inline `version-string` partial.
+
+*/}}
+
+{{ $cover := .HasShortcode "blocks/cover" }}
+<nav class="js-navbar-scroll navbar navbar-expand navbar-light {{ if $cover}} td-navbar-cover {{ end }}flex-column flex-md-row td-navbar">
+        <a class="navbar-brand" href="{{ .Site.Home.RelPermalink }}">
+		<span class="navbar-logo">{{ with resources.Get "icons/logo.svg" }}{{ ( . | minify).Content | safeHTML }}{{ end }}</span><span class="font-weight-bold">specification</span><span class="navbar-version"> &mdash; {{ partial "version-string" . }}</span>
+	</a>
+	<div class="td-navbar-nav-scroll ml-md-auto" id="main_navbar">
+		<ul class="navbar-nav mt-2 mt-lg-0">
+
+			<li class="nav-item mr-4 mb-2 mb-lg-0"><a href="https://matrix.org/foundation/">Foundation</a>
+			</li>
+
+      <li class="nav-item mr-4 mb-2 mb-lg-0"><a href="https://matrix.org/faq/">FAQs</a>
+			</li>
+
+      <li class="nav-item mr-4 mb-2 mb-lg-0"><a href="https://matrix.org/blog/posts">Blog</a>
+      </li>
+
+			{{ if  .Site.Params.versions }}
+			<li class="nav-item dropdown d-none d-lg-block">
+				{{ partial "navbar-version-selector.html" . }}
+			</li>
+			{{ end }}
+			{{ if  (gt (len .Site.Home.Translations) 0) }}
+			<li class="nav-item dropdown d-none d-lg-block">
+				{{ partial "navbar-lang-selector.html" . }}
+			</li>
+			{{ end }}
+		</ul>
+	</div>
+	<div class="navbar-nav d-none d-lg-block">{{ partial "search-input.html" . }}</div>
+</nav>
+
+
+{{ define "partials/version-string" }}
+    {{ $ret := "unstable version"}}
+
+    {{ $status := .Site.Params.version.status }}
+
+    {{ if ne $status "unstable"}}
+        {{ $path := path.Join "changelogs" }}
+
+        {{/* produces a string similar to "version v1.5" */}}
+        {{ $ret = delimit (slice "version v" .Site.Params.version.major "." .Site.Params.version.minor) "" }}
+    {{ end }}
+
+    {{ return $ret }}
+{{ end }}
diff --git a/layouts/partials/openapi/render-api.html b/layouts/partials/openapi/render-api.html
new file mode 100644
index 00000000000..db10b98c0a9
--- /dev/null
+++ b/layouts/partials/openapi/render-api.html
@@ -0,0 +1,54 @@
+{{/*
+
+  Render an HTTP API, given:
+
+  * `api_data`: the OpenAPI/Swagger data
+  * `base_url`: the base URL: that is, the part we glue onto the front
+  of each value in `paths` to get a complete URL.
+  * `path`: the directory under /data where we found this API definition.
+  We use this to resolve "$ref" values, since they are relative to the schema's
+  location.
+
+*/}}
+
+{{ $api_data := index .api_data }}
+{{ $base_url := .base_url }}
+{{ $path := .path }}
+
+{{ range $path_name, $path_data := $api_data.paths }}
+
+    {{ $endpoint := delimit (slice $base_url $path_name ) "" }}
+
+    {{/* note that a `paths` entry can be a $ref */}}
+
+    {{ $params := dict "endpoint" $endpoint "path" $path }}
+
+    {{ with $path_data.get }}
+
+        {{ $operation_params := merge $params (dict "method" "GET" "operation_data" . ) }}
+        {{ partial "openapi/render-operation" $operation_params }}
+
+    {{ end }}
+
+    {{ with $path_data.post }}
+
+        {{ $operation_params := merge $params (dict "method" "POST" "operation_data" . ) }}
+        {{ partial "openapi/render-operation" $operation_params }}
+
+    {{ end }}
+
+    {{ with $path_data.put }}
+
+        {{ $operation_params := merge $params (dict "method" "PUT" "operation_data" . ) }}
+        {{ partial "openapi/render-operation" $operation_params }}
+
+    {{ end }}
+
+    {{ with $path_data.delete }}
+
+        {{ $operation_params := merge $params (dict "method" "DELETE" "operation_data" . ) }}
+        {{ partial "openapi/render-operation" $operation_params }}
+
+    {{ end }}
+
+{{ end }}
diff --git a/layouts/partials/openapi/render-object-table.html b/layouts/partials/openapi/render-object-table.html
new file mode 100644
index 00000000000..bf275ed6ec1
--- /dev/null
+++ b/layouts/partials/openapi/render-object-table.html
@@ -0,0 +1,92 @@
+{{/*
+
+  Render a table listing the properties of an object, given:
+
+  * `caption`: optional caption for the table
+  * `properties`: dictionary of the properties to list, each given as:
+  `property_name` : `property_data`
+  * `required`: array containing the names of required properties.
+  In some cases (such as response body specifications) this isn't used, and
+  instead properties have a `required` boolean attribute. We support this too.
+
+*/}}
+
+{{ $caption := .caption }}
+{{ $properties := .properties}}
+{{ $required := .required}}
+
+{{ if $properties }}
+
+<table class>
+ {{ with $caption }}
+ <caption>{{ . }}</caption>
+ {{ end }}
+ <thead>
+  <th class="col-name">Name</th>
+  <th class="col-type">Type</th>
+  <th class="col-description">Description</th>
+ </thead>
+
+    {{ range $property_name, $property := $properties }}
+
+        {{ $property := partial "json-schema/resolve-allof" $property }}
+
+        {{/*
+            If the property has a `title`, use that rather than `type`.
+            This means we can write things like `EventFilter` rather than `object`.
+        */}}
+        {{ $type := $property.type}}
+        {{ if $property.title }}
+            {{ $type = $property.title }}
+        {{ end }}
+
+        {{/*
+            If the property is an array, indicate this with square brackets,
+            like `[type]`.
+        */}}
+        {{ if eq $type "array"}}
+            {{ $items := $property.items }}
+            {{ if $property.items }}
+                {{ $items = partial "json-schema/resolve-allof" $property.items }}
+            {{ end }}
+            {{ $inner_type := $items.type }}
+            {{ if $items.title }}
+                {{ $inner_type = $items.title }}
+            {{ end }}
+            {{ $type = delimit (slice "[" $inner_type "]") "" }}
+        {{ end }}
+
+        {{/*
+            If the property is an enum, indicate this.
+        */}}
+        {{ if (and (eq $type "string") ($property.enum)) }}
+            {{ $type = "enum" }}
+        {{ end }}
+
+        {{/*
+            If the property uses `additionalProperties` to describe its
+            internal structure, handle this.
+        */}}
+        {{ if reflect.IsMap $property.additionalProperties }}
+            {{ if $property.additionalProperties.title }}
+                {{ $type = delimit (slice "{ string: " $property.additionalProperties.title "}" ) "" }}
+            {{ end }}
+        {{ end }}
+
+        {{/*
+          Handle two ways of indicating "required", one for simple parameters,
+          the other for request and response body objects.
+        */}}
+        {{ $required := cond (or (in $required $property_name) ( eq $property.required true )) true false }}
+
+ <tr>
+  <td><code>{{ $property_name }}</code></td>
+  <td><code>{{ $type }}</code></td>
+  <td>{{ if $required }}<strong>Required: </strong>{{end}}{{ $property.description | markdownify }}{{ if eq $type "enum"}}<p>One of: <code>{{ $property.enum }}</code>.</p>{{ end }}</td>
+ </tr>
+
+    {{ end }}
+
+</table>
+
+{{ end }}
diff --git a/layouts/partials/openapi/render-operation.html b/layouts/partials/openapi/render-operation.html
new file mode 100644
index 00000000000..430c571a091
--- /dev/null
+++ b/layouts/partials/openapi/render-operation.html
@@ -0,0 +1,65 @@
+{{/*
+
+  Render a single HTTP API operation: that is, a method+endpoint combination, given:
+
+  * `method`: the method, e.g. GET, PUT
+  * `endpoint`: the endpoint
+  * `operation_data`: the OpenAPI/Swagger data for the operation
+  * `path`: the path where this definition was found, to enable us to resolve "$ref"
+
+  This template renders the operation as a `<section>` containing:
+
+    * an `<h1>` heading containing the method and endpoint
+    * a `<details>` element containing the details, including:
+      * operation description
+      * basic info about the operation
+      * request details
+      * response details
+
+*/}}
+
+{{ $method := .method }}
+{{ $endpoint := .endpoint }}
+{{ $operation_data := .operation_data }}
+{{ $path := .path }}
+
+<section class="rendered-data http-api {{ $method }}">
+
+<details {{ if not site.Params.ui.rendered_data_collapsed }}open{{ end }}>
+<summary>
+
+  <h1 id="{{ lower $method }}{{ anchorize $endpoint }}">
+   <span class="http-api-method {{ $method }}">{{ $method }}</span>
+   <span class="endpoint{{ if $operation_data.deprecated }} deprecated-inline{{ end }}">{{ $endpoint }}</span>
+  </h1>
+
+  <hr/>
+
+{{ if $operation_data.deprecated }}
+    {{ partial "alert" (dict "type" "warning" "omit_title" "true" "content" "This API is deprecated and will be removed from a future release.") }}
+{{ end }}
+
+<p>{{ $operation_data.description | markdownify }}</p>
+
+</summary>
+
+<table class="basic-info">
+  <tr>
+   <th>Rate-limited:</th>
+   {{ $rate_limited := index $operation_data.responses "429" }}
+   <td>{{ if $rate_limited }}Yes{{ else }}No{{ end }}</td>
+  </tr>
+ <tr>
+  <th>Requires authentication:</th>
+  <td>{{ if $operation_data.security }}Yes{{ else }}No{{ end }}</td>
+ </tr>
+</table>
+
+<hr/>
+{{ partial "openapi/render-request"   (dict "parameters" $operation_data.parameters "path" $path) }}
+<hr/>
+{{ partial "openapi/render-responses" (dict "responses"  $operation_data.responses  "path" $path) }}
+
+</details>
+
+</section>
diff --git a/layouts/partials/openapi/render-parameters.html b/layouts/partials/openapi/render-parameters.html
new file mode 100644
index 00000000000..2b4fb09db1d
--- /dev/null
+++ b/layouts/partials/openapi/render-parameters.html
@@ -0,0 +1,30 @@
+{{/*
+
+  Render the parameters of a given type, given:
+
+  * `parameters`: OpenAPI/Swagger data specifying the parameters
+  * `type`: the type of parameters to render: "header, ""path", "query"
+  * `caption`: caption to use for the table
+
+  This template renders a single table containing parameters of the given type.
+
+*/}}
+
+{{ $parameters := .parameters }}
+{{ $type := .type }}
+{{ $caption := .caption }}
+
+{{ $parameters_of_type := where $parameters "in" $type }}
+
+{{ with $parameters_of_type }}
+
+    {{/* convert parameters into the format that render-object-table expects to see */}}
+    {{ $param_dict := dict }}
+    {{ range $parameter := . }}
+        {{ $param_dict = merge $param_dict (dict $parameter.name (dict "type" $parameter.type "description" $parameter.description "required" $parameter.required "enum" $parameter.enum)  )}}
+    {{ end }}
+
+    {{/* and render the parameters */}}
+    {{ partial "openapi/render-object-table" (dict "caption" $caption "properties" $param_dict) }}
+
+{{ end }}
diff --git a/layouts/partials/openapi/render-request.html b/layouts/partials/openapi/render-request.html
new file mode 100644
index 00000000000..1695c2f83a7
--- /dev/null
+++ b/layouts/partials/openapi/render-request.html
@@ -0,0 +1,67 @@
+{{/*
+
+  Render the request part of a single HTTP API operation, given:
+
+  * `parameters`: OpenAPI/Swagger data specifying the parameters
+  * `path`: the path where this definition was found, to enable us to resolve "$ref"
+
+  This template renders:
+  * the "simple parameters" (header, path, query parameters)
+  * body parameters, which may be more complex, containing nested objects
+  * response body examples
+
+*/}}
+
+{{ $parameters := .parameters }}
+{{ $path := .path }}
+
+<h2>Request</h2>
+
+{{ if $parameters }}
+
+    {{ $simple_parameters := where $parameters "in" "!=" "body"}}
+    {{ if $simple_parameters }}
+<h3>Request parameters</h3>
+
+        {{ partial "openapi/render-parameters" (dict "parameters" $simple_parameters "type" "header" "caption" "header parameters") }}
+        {{ partial "openapi/render-parameters" (dict "parameters" $simple_parameters "type" "path" "caption" "path parameters") }}
+        {{ partial "openapi/render-parameters" (dict "parameters" $simple_parameters "type" "query" "caption" "query parameters") }}
+
+    {{ end }}
+
+    {{ $body_parameters := where $parameters "in" "body"}}
+    {{ if $body_parameters }}
+<h3>Request body</h3>
+
+        {{/* at most one body param is allowed by the spec */}}
+        {{ $body_parameter := index $body_parameters 0 }}
+        {{ $schema := partial "json-schema/resolve-refs" (dict "schema" $body_parameter.schema "path" $path) }}
+        {{ $schema := partial "json-schema/resolve-allof" $schema }}
+
+        {{ $additional_types := partial "json-schema/resolve-additional-types" $schema }}
+        {{ $additional_types = uniq $additional_types }}
+        {{ range $additional_types }}
+            {{ partial "openapi/render-object-table" (dict "caption" .title "properties" .properties "required" .required) }}
+        {{ end }}
+
+<h3>Request body example</h3>
+
+        {{ $example := partial "json-schema/resolve-example" $schema }}
+        {{ if $example }}
+            {{ $example_json := jsonify (dict "indent" "  ") $example }}
+            {{ $example_json = replace $example_json "\\u003c" "<" }}
+            {{ $example_json = replace $example_json "\\u003e" ">" | safeHTML }}
+
+```json
+{{ $example_json }}
+```
+
+        {{ else }}
+            {{ partial "alert" (dict "type" "warning" "omit_title" "true" "color" "warning" "content" "Specification error: Example invalid or not present") }}
+        {{ end }}
+
+    {{ end }}
+
+{{ else }}
+<p>No request parameters or request body.</p>
+{{ end }}
diff --git a/layouts/partials/openapi/render-responses.html b/layouts/partials/openapi/render-responses.html
new file mode 100644
index 00000000000..c92aba8e357
--- /dev/null
+++ b/layouts/partials/openapi/render-responses.html
@@ -0,0 +1,97 @@
+{{/*
+
+  Render the response part of a single HTTP API operation, given:
+
+  * `responses`: OpenAPI/Swagger data specifying the responses
+  * `path`: the path where this definition was found, to enable us to resolve "$ref"
+
+  This template renders:
+  * a summary of all the different responses
+  * details of the body for each response code
+  * body parameters, which may be more complex, containing nested objects
+  * response body examples
+
+*/}}
+
+{{ $responses := .responses }}
+{{ $path := .path }}
+
+<h2>Responses</h2>
+
+<table class>
+ <thead>
+  <th class="col-status">Status</th>
+  <th class="col-status-description">Description</th>
+ </thead>
+
+{{ range $code, $response := $responses }}
+
+ <tr>
+  <td><code>{{ $code }}</code></td>
+  <td>{{ $response.description | markdownify }}</td>
+ </tr>
+
+{{ end }}
+
+</table>
+
+{{ range  $code, $response := $responses }}
+
+    {{ if $response.schema }}
+
+        {{ $schema := partial "json-schema/resolve-refs" (dict "schema" $response.schema "path" $path) }}
+        {{ $schema := partial "json-schema/resolve-allof" $schema }}
+
+        {{ if or $schema.properties (eq $schema.type "array") }}
+<h3>{{ $code}} response</h3>
+
+            {{/*
+              All this is to work out how to express the content of the response
+              in the case where it is an array.
+            */}}
+            {{ if eq $schema.type "array" }}
+                {{ $type_of := "" }}
+                {{ if reflect.IsSlice $schema.items }}
+                    {{ $types := slice }}
+                    {{ range $schema.items }}
+                        {{ if .title }}
+                            {{ $types = $types | append .title}}
+                        {{ else }}
+                            {{ $types = $types | append .type }}
+                        {{ end }}
+                    {{ end }}
+                    {{ $type_of = delimit $types ", "}}
+                {{ else }}
+                    {{ $type_of = $schema.items.title }}
+                {{ end }}
+<p>Array of <code>{{ $type_of }}</code>.</p>
+            {{ end }}
+
+            {{ $additional_types := partial "json-schema/resolve-additional-types" $schema }}
+            {{ $additional_types = uniq $additional_types }}
+            {{ range $additional_types }}
+                {{ partial "openapi/render-object-table" (dict "caption" .title "properties" .properties "required" .required) }}
+            {{ end }}
+
+            {{ $example := partial "json-schema/resolve-example" $schema }}
+            {{ if $response.examples }}
+                {{ $example = partial "json-schema/resolve-refs" (dict "schema" $response.examples "path" $path) }}
+                {{ $example = index $example "application/json" }}
+            {{ end }}
+
+            {{ if $example }}
+                {{ $example_json := jsonify (dict "indent" "  ") $example }}
+                {{ $example_json = replace $example_json "\\u003c" "<" }}
+                {{ $example_json = replace $example_json "\\u003e" ">" | safeHTML }}
+
+```json
+{{ $example_json }}
+```
+
+            {{ else }}
+                {{ partial "alert" (dict "type" "warning" "omit_title" "true" "color" "warning" "content" "Specification error: Example invalid or not present") }}
+            {{ end }}
+
+        {{ end }}
+    {{ end }}
+{{ end }}
diff --git a/layouts/partials/sidebar-tree.html b/layouts/partials/sidebar-tree.html
new file mode 100644
index 00000000000..17c181cc713
--- /dev/null
+++ b/layouts/partials/sidebar-tree.html
@@ -0,0 +1,64 @@
+{{/*
+
+  A version of the sidebar-tree.html partial in Docsy, with a few small
+  modifications:
+
+  * include `div#toc` for the ToC
+  * start the sidebar at the root (homepage) since for us that is the Matrix
+  overview page
+  * omit module pages, which we don't want to be directly accessible
+  (we only use them as raw material for the client-server spec)
+
+*/}}
+
+{{/* We cache this partial for bigger sites and set the active class client side. */}}
+{{ $shouldDelayActive := ge (len .Site.Pages) 2000 }}
+<div id="td-sidebar-menu" class="td-sidebar__inner{{ if $shouldDelayActive }} d-none{{ end }}">
+  <div id="content-mobile">
+  <form class="td-sidebar__search d-flex align-items-center">
+    {{ partial "search-input.html" . }}
+    <button class="btn btn-link td-sidebar__toggle d-md-none p-0 ml-3 fas fa-bars" type="button" data-toggle="collapse" data-target="#td-section-nav" aria-controls="td-docs-nav" aria-expanded="false" aria-label="Toggle section navigation">
+    </button>
+  </form>
+  </div>
+  <div id="content-desktop"></div>
+  <nav class="collapse td-sidebar-nav" id="td-section-nav">
+    {{ template "section-tree-nav-section" (dict "page" . "section" .Site.Home.CurrentSection "delayActive" $shouldDelayActive "indent" 0)  }}
+    <hr/>
+    <div id = "toc"></div>
+  </nav>
+</div>
+
+{{ define "section-tree-nav-section" }}
+    {{ $s := .section }}
+    {{ $p := .page }}
+    {{ $shouldDelayActive := .delayActive }}
+    {{ $indent := .indent }}
+    {{ $active := eq $p.RelPermalink $s.RelPermalink }}
+    {{ $show := or ($p.IsAncestor $s) ($p.IsDescendant $s) }}
+    {{ $sid := $s.RelPermalink | anchorize }}
+<ul class="td-sidebar-nav__section pr-md-3">
+  <li class="td-sidebar-nav__section-title">
+    <a  href="{{ $s.RelPermalink }}" class="align-left pl-0 pr-2{{ if not $show }} collapsed{{ end }}{{ if $active}} active{{ end }} td-sidebar-link td-sidebar-link__section indent-{{$indent}}">{{ $s.LinkTitle }}</a>
+    {{ $pages := where (union $s.Pages $s.Sections).ByWeight ".Params.toc_hide" "!=" true }}
+    {{ $pages = where $pages "Type" "!=" "module"}}
+    {{ $pages := $pages | first 50 }}
+    {{ if gt (len $pages) 0 }}
+    <ul>
+        {{ range $pages }}
+            {{ if .IsPage }}
+                {{ $mid := printf "m-%s" (.RelPermalink | anchorize) }}
+                {{ $active := eq . $p }}
+      <li class="collapse {{ if $show }}show{{ end }}" id="{{ $sid }}">
+        <a class="td-sidebar-link td-sidebar-link__page {{ if and (not $shouldDelayActive) $active }} active{{ end }} indent-{{add $indent 1}}" id="{{ $mid }}" href="{{ .RelPermalink }}">{{ .LinkTitle }}</a>
+      </li>
+            {{ else }}
+                {{ $indent := add $indent 1 }}
+                {{ template "section-tree-nav-section" (dict "page" $p "section" . "indent" $indent) }}
+            {{ end }}
+        {{ end }}
+    </ul>
+    {{ end }}
+  </li>
+</ul>
+{{ end }}
diff --git a/layouts/partials/version-banner.html b/layouts/partials/version-banner.html
new file mode 100644
index 00000000000..66850dc1137
--- /dev/null
+++ b/layouts/partials/version-banner.html
@@ -0,0 +1,22 @@
+{{/*
+
+  A modified version of the version-banner.html partial in Docsy.
+
+*/}}
+
+
+{{ $color := "primary" }}
+{{ $status := .Site.Params.version.status }}
+{{ $latest_version := .Site.Params.version.current_version_url }}
+{{ if eq $status "unstable"}}
+<div class="pageinfo pageinfo-{{ $color }} pageinfo-unstable">
+  <p>You're looking at an unstable version of this specification.
+  Unstable specifications may change at any time without notice.</p>
+  <p><a href="{{ $latest_version | safeURL }}">Switch to the current stable release</a>.</p>
+</div>
+{{ else if eq $status "historical" }}
+<div class="pageinfo pageinfo-{{ $color }}">
+  <p>You're looking at an old version of this specification.<p>
+  <p><a href="{{ $latest_version | safeURL }}">Switch to the current stable release</a>.</p>
+</div>
+{{ end }}
diff --git a/layouts/shortcodes/boxes/note.html b/layouts/shortcodes/boxes/note.html
new file mode 100644
index 00000000000..48c9d3c9153
--- /dev/null
+++ b/layouts/shortcodes/boxes/note.html
@@ -0,0 +1 @@
+{{ partial "alert" (dict "type" "note" "content" .Inner) }}
diff --git a/layouts/shortcodes/boxes/rationale.html b/layouts/shortcodes/boxes/rationale.html
new file mode 100644
index 00000000000..385bd4b6f58
--- /dev/null
+++ b/layouts/shortcodes/boxes/rationale.html
@@ -0,0 +1 @@
+{{ partial "alert" (dict "type" "rationale" "content" .Inner) }}
diff --git a/layouts/shortcodes/boxes/warning.html b/layouts/shortcodes/boxes/warning.html
new file mode 100644
index 00000000000..6e884026992
--- /dev/null
+++ b/layouts/shortcodes/boxes/warning.html
@@ -0,0 +1 @@
+{{ partial "alert" (dict "type" "warning" "content" .Inner) }}
diff --git a/layouts/shortcodes/changelog/changelog-changes.html b/layouts/shortcodes/changelog/changelog-changes.html
new file mode 100644
index 00000000000..11a59858095
--- /dev/null
+++ b/layouts/shortcodes/changelog/changelog-changes.html
@@ -0,0 +1,87 @@
+{{/*
+
+  This template is used to render the set of changes in the changelog page.
+
+  It expects to find a directory "changelogs" containing a subdirectory for
+  each of the 5 APIs in the specification. Inside each of these directories
+  it expects to find newsfragments describing changes to that API.
+
+  If the `version.status` setting in config.toml is anything other than
+  "unstable", then it also expects to find additional settings under
+  `version` in config.toml:
+  - `major`: the major version number of the release
+  - `minor`: the minor version number of the release
+  - `release_date`: the date of the release
+
+  The release tag is calculated as `v<major>.<minor>`; for example `v1.5`.
+
+  It then renders this into a table displayed before the list of changes.
+
+*/}}
+
+{{ $path := path.Join "changelogs" }}
+{{ $status := .Site.Params.version.status }}
+{{ $release_tag := delimit (slice "v" .Site.Params.version.major "." .Site.Params.version.minor) "" }}
+
+{{ if ne $status "unstable" }}
+<table class="release-info">
+<tr><th>Git commit</th><td><a href="https://github.com/matrix-org/matrix-doc/tree/{{ $release_tag }}">https://github.com/matrix-org/matrix-doc/tree/{{ $release_tag }}</a></td>
+<tr><th>Release date</th><td>{{ .Site.Params.version.release_date }}</td>
+</table>
+{{ end }}
+
+<h2 id=api-changes>Changes since last release</h2>
+{{ partial "render-api-changes" (dict "title" "Client-Server API" "id" "client-server-api" "path" (path.Join $path "client_server")) }}
+{{ partial "render-api-changes" (dict "title" "Server-Server API" "id" "server-server-api" "path" (path.Join $path "server_server")) }}
+{{ partial "render-api-changes" (dict "title" "Application Service API" "id" "application-service-api" "path" (path.Join $path "application_service")) }}
+{{ partial "render-api-changes" (dict "title" "Identity Service API" "id" "identity-service-api" "path" (path.Join $path "identity_service")) }}
+{{ partial "render-api-changes" (dict "title" "Push Gateway API" "id" "push-gateway-api" "path" (path.Join $path "push_gateway")) }}
+
+{{ define "partials/render-api-changes" }}
+<h3 id="{{.id}}">{{ .title }}</h3>
+    {{ $api_path := .path }}
+    {{ $config_file := path.Join $api_path "pyproject.toml" }}
+    {{ $config := readFile $config_file | transform.Unmarshal }}
+    {{ $news_path := path.Join $api_path "newsfragments" }}
+    {{ partial "render-newsfragments"  (dict "config" $config "news_path" $news_path )}}
+{{ end }}
+
+{{ define "partials/render-newsfragments" }}
+{{ $config := .config }}
+{{ $news_path := .news_path }}
+
+{{ $types := dict }}
+{{ range $config.tool.towncrier.type }}
+    {{ $types = merge $types (dict .directory (slice)) }}
+{{ end }}
+
+{{ range (readDir $news_path) }}
+
+    {{ $pieces := split .Name "." }}
+
+    {{ $ticket := index $pieces 0 }}
+    {{ $description := readFile (path.Join $news_path .Name ) }}
+    {{ $change_info := (dict "ticket" $ticket "description" $description )}}
+
+    {{ $type := index $pieces 1 }}
+    {{ $instances := index $types $type }}
+    {{ $instances = $instances | append $change_info }}
+    {{ $types = merge $types (dict $type $instances) }}
+
+{{ end }}
+
+<ul>
+{{ range $config.tool.towncrier.type }}
+    {{ $changes_of_type := (index $types .directory) }}
+    {{ if $changes_of_type }}
+<li><strong>{{.name}}</strong>
+<p><ul>
+        {{ range $changes_of_type }}
+<li><a href="https://github.com/matrix-org/matrix-doc/issues/{{.ticket}}"><strong>{{ .ticket }}: </strong></a>{{ .description | markdownify }}</li>
+        {{ end }}
+</ul></p>
+</li>
+    {{ end }}
+{{ end }}
+</ul>
+{{ end }}
diff --git a/layouts/shortcodes/changelog/changelog-description.html b/layouts/shortcodes/changelog/changelog-description.html
new file mode 100644
index 00000000000..3c719725281
--- /dev/null
+++ b/layouts/shortcodes/changelog/changelog-description.html
@@ -0,0 +1,19 @@
+{{/*
+
+  This template is used to provide different content for the unstable spec
+  version and for a versioned release.
+
+*/}}
+
+{{ $status := .Site.Params.version.status }}
+
+{{ if eq $status "unstable"}}
+
+<p>This is the <strong>unstable</strong> version of the Matrix specification.</p>
+<p>This changelog lists changes made since the last release of the specification.</p>
+
+{{ else }}
+
+<p>This is version <strong>v{{ .Site.Params.version.major }}.{{ .Site.Params.version.minor }}</strong> of the Matrix specification.</p>
+
+{{ end }}
diff --git a/layouts/shortcodes/cs-modules.html b/layouts/shortcodes/cs-modules.html
new file mode 100644
index 00000000000..eb294166262
--- /dev/null
+++ b/layouts/shortcodes/cs-modules.html
@@ -0,0 +1,14 @@
+{{/*
+
+  This template is used to embed module documentation in the client-server API spec.
+
+  It searches the site for pages of type "module", sorts them by weight, and
+  emits the page's rendered content.
+
+*/}}
+
+{{ $modules := where site.Pages "Type" "module" }}
+
+{{ range $modules.ByWeight }}
+{{ .Content }}
+{{ end }}
diff --git a/layouts/shortcodes/definition.html b/layouts/shortcodes/definition.html
new file mode 100644
index 00000000000..151e060607f
--- /dev/null
+++ b/layouts/shortcodes/definition.html
@@ -0,0 +1,59 @@
+{{/*
+
+  This template is used to render EDUs and PDUs in the server-server and room versions specs.
+
+  It expects to be passed a `path` parameter, which is a path, relative to /data,
+  pointing to a schema file. The file extension is omitted. For example:
+
+      {{% definition path="api/server-server/definitions/edu" %}}
+
+  This template replaces the old {{definition_*}} template.
+
+*/}}
+
+{{ $path := .Params.path }}
+{{ $compact := .Params.compact }}
+{{ $pieces := split $path "/" }}
+
+{{/* The definition is referenced by the .path parameter */}}
+{{ $definition := index .Site.Data $pieces }}
+
+{{/* The base path, which we use to resolve $ref, omits the last component */}}
+{{ $pieces = first (sub (len $pieces) 1) $pieces}}
+{{ $path = delimit $pieces "/" }}
+
+{{/* Resolve $ref and allOf */}}
+{{ $definition = partial "json-schema/resolve-refs" (dict "schema" $definition "path" $path) }}
+{{ $definition = partial "json-schema/resolve-allof" $definition }}
+
+<section class="rendered-data definition">
+
+<details {{ if not $compact }}open{{ end }}>
+<summary>
+
+<h1>
+ <code>{{ $definition.title }}</code>
+</h1>
+
+<hr/>
+
+{{ $definition.description | markdownify }}
+
+</summary>
+
+{{ $additional_types := partial "json-schema/resolve-additional-types" $definition }}
+{{ $additional_types = uniq $additional_types }}
+
+{{ range $additional_types }}
+    {{ partial "openapi/render-object-table" (dict "caption" .title "properties" .properties "required" .required) }}
+{{end}}
+
+<h2>Examples</h2>
+
+{{ $example := partial "json-schema/resolve-example" $definition }}
+
+```json
+{{ jsonify (dict "indent" "  ") $example }}
+```
+
+</section>
diff --git a/layouts/shortcodes/event-fields.html b/layouts/shortcodes/event-fields.html
new file mode 100644
index 00000000000..83651c213dc
--- /dev/null
+++ b/layouts/shortcodes/event-fields.html
@@ -0,0 +1,45 @@
+{{/*
+
+  This template is used to render the fields that all basic events and room events
+  must or may contain.
+
+  It expects to be passed an `event_type` parameter, is the name of a file under
+  /data/event-schemas/core-event-schema. The file extension is omitted. For example:
+
+      {{% event-fields event_type="room_event" %}}
+
+  This template replaces the old {{common_event_fields}} and {{common_room_event_fields}} templates.
+
+*/}}
+
+{{ $event := index .Site.Data "event-schemas" "schema" "core-event-schema" .Params.event_type }}
+{{ $path := "event-schemas/schema/core-event-schema" }}
+
+{{ $event = partial "json-schema/resolve-refs" (dict "schema" $event "path" $path) }}
+{{ $event := partial "json-schema/resolve-allof" $event }}
+
+<section class="rendered-data event">
+
+<details {{ if not .Site.Params.ui.rendered_data_collapsed }}open{{ end }}>
+<summary>
+
+<h1>
+ <code>{{ humanize $event.title }}</code>
+</h1>
+
+<hr/>
+
+{{ $event.description | markdownify }}
+
+</summary>
+
+{{ $event = merge $event (dict "title" "") }}
+
+{{ $additional_types := partial "json-schema/resolve-additional-types" $event }}
+{{ range $additional_types }}
+    {{ partial "openapi/render-object-table" (dict "caption" .title "properties" .properties "required" .required) }}
+{{end}}
+
+</details>
+
+</section>
diff --git a/layouts/shortcodes/event-group.html b/layouts/shortcodes/event-group.html
new file mode 100644
index 00000000000..5e2900f0439
--- /dev/null
+++ b/layouts/shortcodes/event-group.html
@@ -0,0 +1,32 @@
+{{/*
+
+  This template is used to render a group of events starting with a given prefix.
+
+  It expects to be passed a `group_name` parameter. For example:
+
+      {{% event-group group_name="m.call" %}}
+
+  The template will then render all events whose schema starts with the given name.
+
+  This template replaces the old {{*_events}} template.
+
+*/}}
+
+{{ $path := "event-schemas/schema" }}
+
+{{ $events := index .Site.Data "event-schemas" "schema" }}
+{{ $group_name := .Params.group_name }}
+
+{{ range $event_name, $event_data := $events }}
+
+    {{ $prefix := substr $event_name 0 (len $group_name) }}
+    {{ if eq $prefix $group_name }}
+
+        {{ $event_data = partial "json-schema/resolve-refs" (dict "schema" $event_data "path" $path) }}
+        {{ $event_data := partial "json-schema/resolve-allof" $event_data }}
+
+        {{ partial "events/render-event" (dict "event_name" $event_name "event_data" $event_data)}}
+
+    {{ end }}
+
+{{ end }}
diff --git a/layouts/shortcodes/event.html b/layouts/shortcodes/event.html
new file mode 100644
index 00000000000..71c9c53490a
--- /dev/null
+++ b/layouts/shortcodes/event.html
@@ -0,0 +1,20 @@
+{{/*
+
+  This template is used to render an event.
+
+  It expects to be passed an `event` parameter, which is the name of a schema file under
+  "data/event-schemas/schema". The file extension is omitted. For example:
+
+      {{% event event="m.accepted_terms" %}}
+
+  This template replaces the old {{*_event}} template.
+
+*/}}
+
+{{ $event_data := index .Site.Data "event-schemas" "schema" .Params.event }}
+{{ $path := "event-schemas/schema" }}
+
+{{ $event_data = partial "json-schema/resolve-refs" (dict "schema" $event_data "path" $path) }}
+{{ $event_data := partial "json-schema/resolve-allof" $event_data }}
+
+{{ partial "events/render-event" (dict "event_name" .Params.event "event_data" $event_data)}}
diff --git a/layouts/shortcodes/http-api.html b/layouts/shortcodes/http-api.html
new file mode 100644
index 00000000000..b4bc6d0dc81
--- /dev/null
+++ b/layouts/shortcodes/http-api.html
@@ -0,0 +1,26 @@
+{{/*
+
+  This template is used to render an HTTP API, given an OpenAPI/Swagger definition.
+
+  It expects to be passed two parameters:
+
+  * a `spec` parameter identifying the spec, which must be the name of
+  a directory under /data/api
+  * an `api` parameter, identifying an OpenAPI/Swagger definition,
+  which is the name of a schema file under "data/api/$spec".
+  The file extension is omitted. For example:
+
+      {{% http-api spec="server-server" api="public_rooms" %}}
+
+  This template replaces the old {{*_http_api}} template.
+
+*/}}
+
+{{ $spec := .Params.spec}}
+{{ $api := .Params.api}}
+
+{{ $api_data := index .Site.Data.api .Params.spec .Params.api }}
+{{ $base_url := replace $api_data.basePath "%CLIENT_MAJOR_VERSION%"  "r0" }}
+{{ $path := delimit (slice "api" $spec) "/" }}
+
+{{ partial "openapi/render-api" (dict "api_data" $api_data "base_url" $base_url "path" $path) }}
diff --git a/layouts/shortcodes/msgtypes.html b/layouts/shortcodes/msgtypes.html
new file mode 100644
index 00000000000..ccdfda5fac7
--- /dev/null
+++ b/layouts/shortcodes/msgtypes.html
@@ -0,0 +1,48 @@
+{{/*
+
+  This template is used to render the `m.room.message` events.
+
+  It replaces the old {{msgtype_events}} template.
+
+*/}}
+
+{{ $path := "event-schemas/schema" }}
+{{ $compact := false }}
+
+{{/*
+  The old template starts with an explicit list of events, presumably
+  to define the order in which they are rendered.
+*/}}
+{{ $msgtypes := (slice "m.room.message$m.text" "m.room.message$m.emote" "m.room.message$m.notice" "m.room.message$m.image" "m.room.message$m.file") }}
+
+{{/*
+  It excludes `m.room.message$m.server_notice`
+*/}}
+{{ $excluded := slice "m.room.message$m.server_notice" }}
+
+{{/*
+  It then adds any other events that start with `m.room.message`.
+*/}}
+{{ $events := index .Site.Data "event-schemas" "schema" }}
+{{ $expected_prefix := "m.room.message$"}}
+{{ range $object_name, $event_data := $events }}
+
+    {{ $prefix := substr $object_name 0 (len $expected_prefix) }}
+    {{ if and (eq $prefix $expected_prefix) (not (in $excluded $object_name)) (not (in $msgtypes $object_name))  }}
+        {{ $msgtypes = $msgtypes | append $object_name }}
+    {{ end }}
+
+{{ end }}
+
+{{ $site_data := .Site.Data }}
+
+{{ range $msgtypes }}
+
+    {{ $event_data := index $site_data "event-schemas" "schema" . }}
+    {{ $event_data = partial "json-schema/resolve-refs" (dict "schema" $event_data "path" $path) }}
+    {{ $event_data := partial "json-schema/resolve-allof" $event_data }}
+
+    {{ $event_name := index (split . "$") 1 }}
+    {{ partial "events/render-event" (dict "event_name" $event_name "desired_example_name" . "event_data" $event_data)}}
+
+{{ end }}
diff --git a/layouts/shortcodes/proposal-tables.html b/layouts/shortcodes/proposal-tables.html
new file mode 100644
index 00000000000..f61f168b32f
--- /dev/null
+++ b/layouts/shortcodes/proposal-tables.html
@@ -0,0 +1,81 @@
+{{/*
+
+  This template is used to render tables of MSC proposals.
+
+  It expects there to be a "proposals.json" under /data/msc.
+  It expects "proposals.json" to contain an array of objects,
+  one for each MSC state. Each object contains:
+  * `title`: human-readable title for the state, like "Proposal In Review"
+  * `label`: the GitHub label used for the state, like "proposal-in-review"
+  * `proposals`: an array of objects, each of which represents an MSC and contains:
+      * `number`: GitHub issue number
+      * `url`: GitHub URL for this issue
+      * `title`: Issue title
+      * `created_at`: issue creation date
+      * `updated_at`: issue last-updated date
+      * `authors`: array of GitHub user names representing authors of this MSC
+      * `shepherd`: GitHub user name representing the shepherd of this MSC, or null
+      * `documentation`: Links to further documentation referenced in the GitHub issue
+
+  This data is scraped from GitHub using the /scripts/proposals.js Node script.
+  The script is run in CI: so typically if you run a local server the data will
+  be missing and no tables will be generated. If you do want to see the tables locally,
+  you can run the script locally:
+
+    npm install
+    npm run get-proposals
+
+  If this template does find the data, it renders one table for each MSC state,
+  containing a row for each MSC in that state.
+
+*/}}
+
+{{ $states := .Site.Data.msc.proposals }}
+
+{{ range $states }}
+<h3 id="{{.label}}" class="proposal-table-title">{{ .title }}</h3>
+    {{ if .proposals }}
+<table class="msc-table table">
+  <thead>
+    <tr>
+      <th>MSC</th>
+      <th>Title</th>
+      <th>Created at</th>
+      <th>Updated at</th>
+      <th>Docs</th>
+      <th>Author</th>
+      <th>Shepherd</th>
+    </tr>
+  </thead>
+
+  <tbody>
+        {{ range .proposals }}
+
+            {{ $index := 0 }}
+            {{ $docs_links_list := slice }}
+            {{ range .documentation }}
+                {{ $index = add $index 1 }}
+                {{ $docs_link := printf "<a href=\"%s\">%d</a>" . $index }}
+                {{ $docs_links_list = $docs_links_list | append $docs_link }}
+            {{ end }}
+            {{ $docs_links := delimit $docs_links_list ", " }}
+
+            {{ $authors_list := apply .authors "printf" "<a href=\"https://github.com/%s\">@%s</a>" "." "." }}
+            {{ $authors := delimit $authors_list ", " }}
+
+  <tr>
+      <td><a href="{{ .url }}">{{ .number }}</a></td>
+      <td>{{ .title }}</td>
+      <td>{{ .created_at }}</td>
+      <td>{{ .updated_at }}</td>
+      <td>{{ with $docs_links }}{{ $docs_links }}{{ end }}</td>
+      <td>{{ $authors }}</td>
+      <td>{{ with .shepherd }}<a href="https://github.com/{{ . }}">@{{ . }}</a>{{ end }}</td>
+  </tr>
+        {{ end }}
+  </tbody>
+</table>
+    {{ else }}
+<p>No MSCs are currently in this state.</p>
+    {{ end }}
+{{ end }}
diff --git a/layouts/shortcodes/sas-emojis.html b/layouts/shortcodes/sas-emojis.html
new file mode 100644
index 00000000000..5ce6a00939c
--- /dev/null
+++ b/layouts/shortcodes/sas-emojis.html
@@ -0,0 +1,26 @@
+{{/*
+
+  This template is used to render the table of SAS emoji table.
+
+  It replaces the old {{sas_emoji_table}} template.
+
+*/}}
+
+{{ $emoji_json := readFile "data-definitions/sas-emoji.json" | transform.Unmarshal }}
+
+<table>
+  <tr>
+    <th>Number</th>
+    <th>Emoji</th>
+    <th>Unicode</th>
+    <th>Description</th>
+  </tr>
+{{ range $emoji_json }}
+  <tr>
+    <td>{{ .number }}</td>
+    <td>{{ .emoji }}</td>
+    <td>{{ .unicode }}</td>
+    <td>{{ .description }}</td>
+  </tr>
+{{ end }}
+</table>
diff --git a/meta/documentation_style.rst b/meta/documentation_style.rst
index e3d363c4802..aea495bd3e0 100644
--- a/meta/documentation_style.rst
+++ b/meta/documentation_style.rst
@@ -8,52 +8,36 @@ in.
 Format
 ------
 
-Documentation is written either in github-flavored markdown or RST.
+Documentation is written in Commonmark markdown.
 
 Sections
 --------
 
-RST support lots of different punctuation characters for underlines on sections.
-Content in the specification MUST use the same characters in order for the
-complete specification to be merged correctly. These characters are:
-
-- ``=``
-- ``-``
-- ``~``
-- ``+``
-- ``^``
-- \ `````
-- ``@``
-- ``:``
-
-If you find yourself using ``^`` or beyond, you should rethink your document
-layout if possible.
+Markdown supports headings through the `#` prefix on text. Please avoid heavily
+nested titles (h6, or 6 `#` characters) and instead re-evaluate the document structure.
 
 Correct capitalisation for long section names
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Headings should start with a capital letter, and use lower-case otherwise.
-
+Headings should start with a capital letter, and use lower-case otherwise. This
+document is an example of what we mean.
 
 TODOs
 -----
 
-Any RST file in this repository may make it onto ``matrix.org``. We do not want
-``TODO`` markers visible there. For internal comments, notes, TODOs, use standard
-RST comments like so::
-
-  .. TODO-Bob
-    There is something to do here. This will not be rendered by something like
-    rst2html.py so it is safe to put internal comments here.
-
-You SHOULD put your username with the TODO so we know who to ask about it.
+Any file in this repository might make it onto the matrix.org site, and as such
+we do not want ``TODO`` markers visible there. For internal comments, notes, TODOs,
+etc please use standard markdown comments (`<!-- TODO TravisR: Fix this -->`). Please
+include your name in the TODO comment so we know who to ask about it in the future.
 
 Line widths
 -----------
 
-We use 80 characters for line widths. This is a guideline and can be flouted IF
+We use 80 characters for line widths. This is a guideline and can be ignored IF
 AND ONLY IF it makes reading more legible. Use common sense.
 
+For proposals, please use 120 characters as a guide.
+
 Stylistic notes
 ---------------
 
@@ -82,6 +66,12 @@ Lists should:
 * Be used where they provide clarity.
 * Contain entries which start with a capital and end with a full stop.
 
+When talking about properties in JSON objects, prefer the word "property" to "field",
+"member", or various other alternatives. For example: "this property will be set to
+X if ...". Also avoid the term "key" unless you are specifically talking about the 
+*name* of a property - and be mindful of the scope for confusion with cryptographic
+keys.
+
 OpenAPI
 ~~~~~~~
 
diff --git a/api/openapi_extensions.md b/openapi_extensions.md
similarity index 100%
rename from api/openapi_extensions.md
rename to openapi_extensions.md
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 00000000000..73994715fea
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,986 @@
+{
+  "name": "matrix-spec",
+  "version": "0.0.1",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@nodelib/fs.scandir": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.3.tgz",
+      "integrity": "sha512-eGmwYQn3gxo4r7jdQnkrrN6bY478C3P+a/y72IJukF8LjB6ZHeB3c+Ehacj3sYeSmUXGlnA67/PmbM9CVwL7Dw==",
+      "dev": true,
+      "requires": {
+        "@nodelib/fs.stat": "2.0.3",
+        "run-parallel": "^1.1.9"
+      }
+    },
+    "@nodelib/fs.stat": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.3.tgz",
+      "integrity": "sha512-bQBFruR2TAwoevBEd/NWMoAAtNGzTRgdrqnYCc7dhzfoNvqPzLyqlEQnzZ3kVnNrSp25iyxE00/3h2fqGAGArA==",
+      "dev": true
+    },
+    "@nodelib/fs.walk": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.4.tgz",
+      "integrity": "sha512-1V9XOY4rDW0rehzbrcqAmHnz8e7SKvX27gh8Gt2WgB0+pdzdiLV83p72kZPU+jvMbS1qU5mauP2iOvO8rhmurQ==",
+      "dev": true,
+      "requires": {
+        "@nodelib/fs.scandir": "2.1.3",
+        "fastq": "^1.6.0"
+      }
+    },
+    "@types/color-name": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz",
+      "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz",
+      "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "anymatch": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.1.tgz",
+      "integrity": "sha512-mM8522psRCqzV+6LhomX5wgp25YVibjh8Wj23I5RPkPppSVSjyKD2A2mBJmWGa+KN7f2D6LNh9jkBCeyLktzjg==",
+      "dev": true,
+      "requires": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      }
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "array-union": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
+      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
+      "dev": true
+    },
+    "at-least-node": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
+      "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==",
+      "dev": true
+    },
+    "autoprefixer": {
+      "version": "9.8.6",
+      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-9.8.6.tgz",
+      "integrity": "sha512-XrvP4VVHdRBCdX1S3WXVD8+RyG9qeb1D5Sn1DeLiG2xfSpzellk5k54xbUERJ3M5DggQxes39UGOTP8CFrEGbg==",
+      "dev": true,
+      "requires": {
+        "browserslist": "^4.12.0",
+        "caniuse-lite": "^1.0.30001109",
+        "colorette": "^1.2.1",
+        "normalize-range": "^0.1.2",
+        "num2fraction": "^1.2.2",
+        "postcss": "^7.0.32",
+        "postcss-value-parser": "^4.1.0"
+      },
+      "dependencies": {
+        "supports-color": {
+          "version": "6.1.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-6.1.0.tgz",
+          "integrity": "sha512-qe1jfm1Mg7Nq/NSh6XE24gPXROEVsWHxC1LIx//XNlD9iw7YZQGjZNjYN7xGaEG6iKdA8EtNFW6R0gjnVXp+wQ==",
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
+    "binary-extensions": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.1.0.tgz",
+      "integrity": "sha512-1Yj8h9Q+QDF5FzhMs/c9+6UntbD5MkRfRwac8DoEm9ZfUBZ7tZ55YcGVAzEe4bXsdQHEk+s9S5wsOKVdZrw0tQ==",
+      "dev": true
+    },
+    "braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "dev": true,
+      "requires": {
+        "fill-range": "^7.0.1"
+      }
+    },
+    "browserslist": {
+      "version": "4.16.6",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.16.6.tgz",
+      "integrity": "sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==",
+      "dev": true,
+      "requires": {
+        "caniuse-lite": "^1.0.30001219",
+        "colorette": "^1.2.2",
+        "electron-to-chromium": "^1.3.723",
+        "escalade": "^3.1.1",
+        "node-releases": "^1.1.71"
+      },
+      "dependencies": {
+        "caniuse-lite": {
+          "version": "1.0.30001230",
+          "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001230.tgz",
+          "integrity": "sha512-5yBd5nWCBS+jWKTcHOzXwo5xzcj4ePE/yjtkZyUV1BTUmrBaA9MRGC+e7mxnqXSA90CmCA8L3eKLaSUkt099IQ==",
+          "dev": true
+        },
+        "colorette": {
+          "version": "1.2.2",
+          "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.2.tgz",
+          "integrity": "sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w==",
+          "dev": true
+        },
+        "electron-to-chromium": {
+          "version": "1.3.739",
+          "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.739.tgz",
+          "integrity": "sha512-+LPJVRsN7hGZ9EIUUiWCpO7l4E3qBYHNadazlucBfsXBbccDFNKUBAgzE68FnkWGJPwD/AfKhSzL+G+Iqb8A4A==",
+          "dev": true
+        },
+        "escalade": {
+          "version": "3.1.1",
+          "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
+          "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
+          "dev": true
+        },
+        "node-releases": {
+          "version": "1.1.72",
+          "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.72.tgz",
+          "integrity": "sha512-LLUo+PpH3dU6XizX3iVoubUNheF/owjXCZZ5yACDxNnPtgFuludV1ZL3ayK1kVep42Rmm0+R9/Y60NQbZ2bifw==",
+          "dev": true
+        }
+      }
+    },
+    "caller-callsite": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/caller-callsite/-/caller-callsite-2.0.0.tgz",
+      "integrity": "sha1-hH4PzgoiN1CpoCfFSzNzGtMVQTQ=",
+      "dev": true,
+      "requires": {
+        "callsites": "^2.0.0"
+      }
+    },
+    "caller-path": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/caller-path/-/caller-path-2.0.0.tgz",
+      "integrity": "sha1-Ro+DBE42mrIBD6xfBs7uFbsssfQ=",
+      "dev": true,
+      "requires": {
+        "caller-callsite": "^2.0.0"
+      }
+    },
+    "callsites": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-2.0.0.tgz",
+      "integrity": "sha1-BuuE8A7qQT2oav/vrL/7Ngk7PFA=",
+      "dev": true
+    },
+    "camelcase": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+      "dev": true
+    },
+    "caniuse-lite": {
+      "version": "1.0.30001115",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001115.tgz",
+      "integrity": "sha512-NZrG0439ePYna44lJX8evHX2L7Z3/z3qjVLnHgbBb/duNEnGo348u+BQS5o4HTWcrb++100dHFrU36IesIrC1Q==",
+      "dev": true
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      }
+    },
+    "chokidar": {
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.4.2.tgz",
+      "integrity": "sha512-IZHaDeBeI+sZJRX7lGcXsdzgvZqKv6sECqsbErJA4mHWfpRrD8B97kSFN4cQz6nGBGiuFia1MKR4d6c1o8Cv7A==",
+      "dev": true,
+      "requires": {
+        "anymatch": "~3.1.1",
+        "braces": "~3.0.2",
+        "fsevents": "~2.1.2",
+        "glob-parent": "~5.1.0",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.4.0"
+      }
+    },
+    "cliui": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
+      "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
+      "dev": true,
+      "requires": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^6.2.0"
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "colorette": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.1.tgz",
+      "integrity": "sha512-puCDz0CzydiSYOrnXpz/PKd69zRrribezjtE9yd4zvytoRc8+RY/KJPvtPFKZS3E3wP6neGyMe0vOTlHO5L3Pw==",
+      "dev": true
+    },
+    "cosmiconfig": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-5.2.1.tgz",
+      "integrity": "sha512-H65gsXo1SKjf8zmrJ67eJk8aIRKV5ff2D4uKZIBZShbhGSpEmsQOPW/SKMKYhSTrqR7ufy6RP69rPogdaPh/kA==",
+      "dev": true,
+      "requires": {
+        "import-fresh": "^2.0.0",
+        "is-directory": "^0.3.1",
+        "js-yaml": "^3.13.1",
+        "parse-json": "^4.0.0"
+      }
+    },
+    "decamelize": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
+      "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=",
+      "dev": true
+    },
+    "dependency-graph": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/dependency-graph/-/dependency-graph-0.9.0.tgz",
+      "integrity": "sha512-9YLIBURXj4DJMFALxXw9K3Y3rwb5Fk0X5/8ipCzaN84+gKxoHK43tVKRNakCQbiEx07E8Uwhuq21BpUagFhZ8w==",
+      "dev": true
+    },
+    "dir-glob": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
+      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
+      "dev": true,
+      "requires": {
+        "path-type": "^4.0.0"
+      }
+    },
+    "emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true
+    },
+    "error-ex": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
+      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
+      "dev": true,
+      "requires": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "fast-glob": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.4.tgz",
+      "integrity": "sha512-kr/Oo6PX51265qeuCYsyGypiO5uJFgBS0jksyG7FUeCyQzNwYnzrNIMR1NXfkZXsMYXYLRAHgISHBz8gQcxKHQ==",
+      "dev": true,
+      "requires": {
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.0",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.2",
+        "picomatch": "^2.2.1"
+      }
+    },
+    "fastq": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.8.0.tgz",
+      "integrity": "sha512-SMIZoZdLh/fgofivvIkmknUXyPnvxRE3DhtZ5Me3Mrsk5gyPL42F0xr51TdRXskBxHfMp+07bcYzfsYEsSQA9Q==",
+      "dev": true,
+      "requires": {
+        "reusify": "^1.0.4"
+      }
+    },
+    "fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dev": true,
+      "requires": {
+        "to-regex-range": "^5.0.1"
+      }
+    },
+    "find-up": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+      "dev": true,
+      "requires": {
+        "locate-path": "^5.0.0",
+        "path-exists": "^4.0.0"
+      }
+    },
+    "fs-extra": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.0.1.tgz",
+      "integrity": "sha512-h2iAoN838FqAFJY2/qVpzFXy+EBxfVE220PalAqQLDVsFOHLJrZvut5puAbCdNv6WJk+B8ihI+k0c7JK5erwqQ==",
+      "dev": true,
+      "requires": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^1.0.0"
+      }
+    },
+    "fsevents": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.1.3.tgz",
+      "integrity": "sha512-Auw9a4AxqWpa9GUfj370BMPzzyncfBABW8Mab7BGWBYDj4Isgq+cDKtx0i6u9jcX9pQDnswsaaOTgTmA5pEjuQ==",
+      "dev": true,
+      "optional": true
+    },
+    "get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "dev": true
+    },
+    "get-stdin": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-8.0.0.tgz",
+      "integrity": "sha512-sY22aA6xchAzprjyqmSEQv4UbAAzRN0L2dQB0NlN5acTTK9Don6nhoc3eAbUnpZiCANAMfd/+40kVdKfFygohg==",
+      "dev": true
+    },
+    "glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "requires": {
+        "is-glob": "^4.0.1"
+      }
+    },
+    "globby": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.1.tgz",
+      "integrity": "sha512-iH9RmgwCmUJHi2z5o2l3eTtGBtXek1OYlHrbcxOYugyHLmAsZrPj43OtHThd62Buh/Vv6VyCBD2bdyWcGNQqoQ==",
+      "dev": true,
+      "requires": {
+        "array-union": "^2.1.0",
+        "dir-glob": "^3.0.1",
+        "fast-glob": "^3.1.1",
+        "ignore": "^5.1.4",
+        "merge2": "^1.3.0",
+        "slash": "^3.0.0"
+      }
+    },
+    "graceful-fs": {
+      "version": "4.2.4",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz",
+      "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw==",
+      "dev": true
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
+    },
+    "ignore": {
+      "version": "5.1.8",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.8.tgz",
+      "integrity": "sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw==",
+      "dev": true
+    },
+    "import-cwd": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/import-cwd/-/import-cwd-2.1.0.tgz",
+      "integrity": "sha1-qmzzbnInYShcs3HsZRn1PiQ1sKk=",
+      "dev": true,
+      "requires": {
+        "import-from": "^2.1.0"
+      }
+    },
+    "import-fresh": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-2.0.0.tgz",
+      "integrity": "sha1-2BNVwVYS04bGH53dOSLUMEgipUY=",
+      "dev": true,
+      "requires": {
+        "caller-path": "^2.0.0",
+        "resolve-from": "^3.0.0"
+      }
+    },
+    "import-from": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/import-from/-/import-from-2.1.0.tgz",
+      "integrity": "sha1-M1238qev/VOqpHHUuAId7ja387E=",
+      "dev": true,
+      "requires": {
+        "resolve-from": "^3.0.0"
+      }
+    },
+    "is-arrayish": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
+      "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=",
+      "dev": true
+    },
+    "is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "requires": {
+        "binary-extensions": "^2.0.0"
+      }
+    },
+    "is-directory": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/is-directory/-/is-directory-0.3.1.tgz",
+      "integrity": "sha1-YTObbyR1/Hcv2cnYP1yFddwVSuE=",
+      "dev": true
+    },
+    "is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "dev": true
+    },
+    "is-glob": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
+      "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
+      "dev": true,
+      "requires": {
+        "is-extglob": "^2.1.1"
+      }
+    },
+    "is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.14.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz",
+      "integrity": "sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "json-parse-better-errors": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz",
+      "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==",
+      "dev": true
+    },
+    "jsonfile": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.0.1.tgz",
+      "integrity": "sha512-jR2b5v7d2vIOust+w3wtFKZIfpC2pnRmFAhAC/BuweZFQR8qZzxH1OyrQ10HmdVYiXWkYUqPVsz91cG7EL2FBg==",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.6",
+        "universalify": "^1.0.0"
+      }
+    },
+    "locate-path": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+      "dev": true,
+      "requires": {
+        "p-locate": "^4.1.0"
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "log-symbols": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-2.2.0.tgz",
+      "integrity": "sha512-VeIAFslyIerEJLXHziedo2basKbMKtTw3vfn5IzG0XTjhAVEJyNHnL2p7vc+wBDSdQuUpNw3M2u6xb9QsAY5Eg==",
+      "dev": true,
+      "requires": {
+        "chalk": "^2.0.1"
+      }
+    },
+    "merge2": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
+      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
+      "dev": true
+    },
+    "micromatch": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz",
+      "integrity": "sha512-y7FpHSbMUMoyPbYUSzO6PaZ6FyRnQOpHuKwbo1G+Knck95XVU4QAiKdGEnj5wwoS7PlOgthX/09u5iFJ+aYf5Q==",
+      "dev": true,
+      "requires": {
+        "braces": "^3.0.1",
+        "picomatch": "^2.0.5"
+      }
+    },
+    "node-fetch": {
+      "version": "2.6.1",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz",
+      "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==",
+      "dev": true
+    },
+    "normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true
+    },
+    "normalize-range": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz",
+      "integrity": "sha1-LRDAa9/TEuqXd2laTShDlFa3WUI=",
+      "dev": true
+    },
+    "num2fraction": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/num2fraction/-/num2fraction-1.2.2.tgz",
+      "integrity": "sha1-b2gragJ6Tp3fpFZM0lidHU5mnt4=",
+      "dev": true
+    },
+    "p-limit": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+      "dev": true,
+      "requires": {
+        "p-try": "^2.0.0"
+      }
+    },
+    "p-locate": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+      "dev": true,
+      "requires": {
+        "p-limit": "^2.2.0"
+      }
+    },
+    "p-try": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+      "dev": true
+    },
+    "parse-json": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
+      "integrity": "sha1-vjX1Qlvh9/bHRxhPmKeIy5lHfuA=",
+      "dev": true,
+      "requires": {
+        "error-ex": "^1.3.1",
+        "json-parse-better-errors": "^1.0.1"
+      }
+    },
+    "path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "dev": true
+    },
+    "path-type": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
+      "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
+      "dev": true
+    },
+    "picomatch": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz",
+      "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==",
+      "dev": true
+    },
+    "pify": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
+      "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=",
+      "dev": true
+    },
+    "postcss": {
+      "version": "7.0.36",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.36.tgz",
+      "integrity": "sha512-BebJSIUMwJHRH0HAQoxN4u1CN86glsrwsW0q7T+/m44eXOUAxSNdHRkNZPYz5vVUbg17hFgOQDE7fZk7li3pZw==",
+      "dev": true,
+      "requires": {
+        "chalk": "^2.4.2",
+        "source-map": "^0.6.1",
+        "supports-color": "^6.1.0"
+      },
+      "dependencies": {
+        "supports-color": {
+          "version": "6.1.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-6.1.0.tgz",
+          "integrity": "sha512-qe1jfm1Mg7Nq/NSh6XE24gPXROEVsWHxC1LIx//XNlD9iw7YZQGjZNjYN7xGaEG6iKdA8EtNFW6R0gjnVXp+wQ==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
+    "postcss-cli": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/postcss-cli/-/postcss-cli-7.1.2.tgz",
+      "integrity": "sha512-3mlEmN1v2NVuosMWZM2tP8bgZn7rO5PYxRRrXtdSyL5KipcgBDjJ9ct8/LKxImMCJJi3x5nYhCGFJOkGyEqXBQ==",
+      "dev": true,
+      "requires": {
+        "chalk": "^4.0.0",
+        "chokidar": "^3.3.0",
+        "dependency-graph": "^0.9.0",
+        "fs-extra": "^9.0.0",
+        "get-stdin": "^8.0.0",
+        "globby": "^11.0.0",
+        "postcss": "^7.0.0",
+        "postcss-load-config": "^2.0.0",
+        "postcss-reporter": "^6.0.0",
+        "pretty-hrtime": "^1.0.3",
+        "read-cache": "^1.0.0",
+        "yargs": "^15.0.2"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz",
+          "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==",
+          "dev": true,
+          "requires": {
+            "@types/color-name": "^1.1.1",
+            "color-convert": "^2.0.1"
+          }
+        },
+        "chalk": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz",
+          "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^4.1.0",
+            "supports-color": "^7.1.0"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        },
+        "has-flag": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+          "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+          "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "postcss-load-config": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-2.1.0.tgz",
+      "integrity": "sha512-4pV3JJVPLd5+RueiVVB+gFOAa7GWc25XQcMp86Zexzke69mKf6Nx9LRcQywdz7yZI9n1udOxmLuAwTBypypF8Q==",
+      "dev": true,
+      "requires": {
+        "cosmiconfig": "^5.0.0",
+        "import-cwd": "^2.0.0"
+      }
+    },
+    "postcss-reporter": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/postcss-reporter/-/postcss-reporter-6.0.1.tgz",
+      "integrity": "sha512-LpmQjfRWyabc+fRygxZjpRxfhRf9u/fdlKf4VHG4TSPbV2XNsuISzYW1KL+1aQzx53CAppa1bKG4APIB/DOXXw==",
+      "dev": true,
+      "requires": {
+        "chalk": "^2.4.1",
+        "lodash": "^4.17.11",
+        "log-symbols": "^2.2.0",
+        "postcss": "^7.0.7"
+      }
+    },
+    "postcss-value-parser": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.1.0.tgz",
+      "integrity": "sha512-97DXOFbQJhk71ne5/Mt6cOu6yxsSfM0QGQyl0L25Gca4yGWEGJaig7l7gbCX623VqTBNGLRLaVUCnNkcedlRSQ==",
+      "dev": true
+    },
+    "pretty-hrtime": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz",
+      "integrity": "sha1-t+PqQkNaTJsnWdmeDyAesZWALuE=",
+      "dev": true
+    },
+    "read-cache": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
+      "integrity": "sha1-5mTvMRYRZsl1HNvo28+GtftY93Q=",
+      "dev": true,
+      "requires": {
+        "pify": "^2.3.0"
+      }
+    },
+    "readdirp": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.4.0.tgz",
+      "integrity": "sha512-0xe001vZBnJEK+uKcj8qOhyAKPzIT+gStxWr3LCB0DwcXR5NZJ3IaC+yGnHCYzB/S7ov3m3EEbZI2zeNvX+hGQ==",
+      "dev": true,
+      "requires": {
+        "picomatch": "^2.2.1"
+      }
+    },
+    "require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=",
+      "dev": true
+    },
+    "require-main-filename": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
+      "dev": true
+    },
+    "resolve-from": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-3.0.0.tgz",
+      "integrity": "sha1-six699nWiBvItuZTM17rywoYh0g=",
+      "dev": true
+    },
+    "reusify": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
+      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
+      "dev": true
+    },
+    "run-parallel": {
+      "version": "1.1.9",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.9.tgz",
+      "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q==",
+      "dev": true
+    },
+    "set-blocking": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+      "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=",
+      "dev": true
+    },
+    "slash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
+      "dev": true
+    },
+    "source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "dev": true
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "string-width": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz",
+      "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==",
+      "dev": true,
+      "requires": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.0"
+      }
+    },
+    "strip-ansi": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz",
+      "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^5.0.0"
+      }
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dev": true,
+      "requires": {
+        "is-number": "^7.0.0"
+      }
+    },
+    "universalify": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-1.0.0.tgz",
+      "integrity": "sha512-rb6X1W158d7pRQBg5gkR8uPaSfiids68LTJQYOtEUhoJUWBdaQHsuT/EUduxXYxcrt4r5PJ4fuHW1MHT6p0qug==",
+      "dev": true
+    },
+    "which-module": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz",
+      "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=",
+      "dev": true
+    },
+    "wrap-ansi": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz",
+          "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==",
+          "dev": true,
+          "requires": {
+            "@types/color-name": "^1.1.1",
+            "color-convert": "^2.0.1"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        }
+      }
+    },
+    "y18n": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+      "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+      "dev": true
+    },
+    "yargs": {
+      "version": "15.4.1",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
+      "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
+      "dev": true,
+      "requires": {
+        "cliui": "^6.0.0",
+        "decamelize": "^1.2.0",
+        "find-up": "^4.1.0",
+        "get-caller-file": "^2.0.1",
+        "require-directory": "^2.1.1",
+        "require-main-filename": "^2.0.0",
+        "set-blocking": "^2.0.0",
+        "string-width": "^4.2.0",
+        "which-module": "^2.0.0",
+        "y18n": "^4.0.0",
+        "yargs-parser": "^18.1.2"
+      }
+    },
+    "yargs-parser": {
+      "version": "18.1.3",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
+      "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
+      "dev": true,
+      "requires": {
+        "camelcase": "^5.0.0",
+        "decamelize": "^1.2.0"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 00000000000..5a4e3142faa
--- /dev/null
+++ b/package.json
@@ -0,0 +1,27 @@
+{
+  "name": "matrix-spec",
+  "version": "0.0.1",
+  "description": "Hugo theme for the Matrix specification.",
+  "main": "none.js",
+  "scripts": {
+    "get-proposals": "node ./scripts/proposals.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/matrix-org/matrix-doc.git"
+  },
+  "author": "The Matrix.org Foundation C.I.C.",
+  "private": true,
+  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/matrix-org/matrix-doc"
+  },
+  "homepage": "https://github.com/matrix-org/matrix-doc#readme",
+  "dependencies": {},
+  "devDependencies": {
+    "autoprefixer": "^9.8.6",
+    "node-fetch": "^2.6.1",
+    "postcss-cli": "^7.1.2"
+  }
+}
diff --git a/proposals/1543-qr_code_key_verification.md b/proposals/1543-qr_code_key_verification.md
new file mode 100644
index 00000000000..ce620d92dac
--- /dev/null
+++ b/proposals/1543-qr_code_key_verification.md
@@ -0,0 +1,297 @@
+Bi-directional Key verification using QR codes
+==============================================
+
+Problem/Background
+------------------
+
+Key verification is essential in ensuring that end-to-end encrypted messages
+cannot be read by unauthorized parties.  Traditionally, key verification is
+done by comparing long strings.  To save users from the tedium of reading out
+long strings, some systems allow one party to verify the other party by
+scanning a QR code; by doing this twice, both parties can verify each other.
+In this proposal, we present a method for both parties to verify each other by
+only scanning one QR code.
+
+Proposal
+--------
+
+When Alice and Bob meet in person to verify keys, Alice will scan a QR code
+generated by Bob's device.  The QR code will encode both Bob's key as well as what Bob
+thinks Alice's key is.  When Alice scans the QR code, she will ensure that the
+keys match what is expected, in which case, she relays this information to Bob,
+who can then tell his device that the keys match.
+
+### Example flow
+
+1. Alice and Bob meet in person, and want to verify each other's keys.
+2. Alice requests a key verification through her device by sending an
+   `m.key.verification.request` message (see
+   [MSC2241](https://github.com/matrix-org/matrix-doc/pull/2241)), with
+   `m.qr_code.show.v1`, `m.qr_code.scan.v1`, and `m.reciprocate.v1` listed in
+   `methods`, and Bob responds with a `m.key.verification.ready` message.
+3. Alice's client displays a QR code that Bob is able to scan, and an option to
+   scan Bob's QR code.
+4. Bob's client prompts Bob to verify Alice's key.  The prompt includes a QR
+   code that Alice can scan (if the `m.key.verification.request` message listed
+   `m.qr_code.scan.v1`), and an option to scan Alice's QR code (if the
+   `m.key.verification.request` message listed `m.qr_code.show.v1`).  The QR
+   code encodes:
+   - Bob's master cross-signing public key,
+   - what Bob thinks Alice's master cross-signing public key is,
+   - a random shared secret.
+5. Alice scans Bob's QR code.
+6. Alice's device ensures that:
+   - Bob's key encoded in the QR code matches the key that she already has for
+     Bob, and
+   - Alice's cross-signing key matches the cross-signing key encoded in the QR
+     code.
+
+   If any of these checks fail, Alice's device displays an error message
+   indicating that the code is incorrect, and sends a
+   `m.key.verification.cancel` message to Bob's device.
+
+   Otherwise, at this point:
+   - Alice's device has now verified Bob's key, and
+   - Alice's device knows that Bob has the correct key for her.
+
+   Thus for Bob to verify Alice's key, Alice needs to tell Bob that he has the
+   right key.
+7. Alice's device displays a message saying that all is well.  This message
+   tells Alice that she has the right key for Bob, and tells Bob that he has
+   the right key for Alice.
+8. Alice's device sends a `m.key.verification.start` message with `method` set
+   to `m.reciprocate.v1` to Bob (see below).  The message includes the shared
+   secret from the QR code.  This signals to Bob's device that Alice has
+   scanned Bob's QR code.
+
+   This message is merely a signal for Bob's device to proceed to the next
+   step, and is not used for verification purposes.
+9. Upon receipt of the `m.key.verification.start` message, Bob's device ensures
+   that the shared secret matches.
+
+   If the shared secret does not match, it should display an error message
+   indicating that an attack was attempted.  (This does not affect Alice's
+   verification of Bob's keys.)
+
+   If the shared secret does match, it asks Bob to confirm that Alice
+   has scanned the QR code.
+10. Bob sees Alice's device confirm that the key matches, and presses the button
+    on his device to indicate that Alice's key is verified.
+
+    Bob's verification of Alice's key hinges on Alice telling Bob the result of
+    her scan.  Since the QR code includes what Bob thinks Alice's key is,
+    Alice's device can check whether Bob has the right key for her.  Alice has
+    no motivation to lie about the result, as getting Bob to trust an incorrect
+    key would only affect communications between herself and Bob.  Thus Alice
+    telling Bob that the code was scanned successfully is sufficient for Bob to
+    trust Alice's key, under the assumption that this communication is done
+    over a trusted medium (such as in-person).
+11. Both devices send an `m.key.verification.done` message.
+
+This flow allows Alice to verify Bob's key, and Bob to verify Alice's key.
+Alice verifies Bob's key because she can trust the QR code that Bob displays
+for her, as this is done over a trusted medium.  Bob verifies Alice's key
+because Alice can trust the QR code that Bob displays, and Bob can trust Alice
+to tell him the result of the verification.
+
+#### Self-verification
+
+QR codes can also be used by a user to verify their own devices.  These examples
+shows Alice verifying two devices, one of them (Osborne2) having cross-signing
+already set up, and the other one (Dynabook) having just logged in.
+
+In the first example, Osborne2 scans Dynabook:
+
+1. Alice logs into her new Dynabook and wants other users to be able to trust
+   it via cross-signing, and to trust other devices via cross-signing.
+2. Dynabook retrieves Alice's public cross-signing key from the server, and
+   displays a QR code that encodes:
+   - Dynabook's device key,
+   - what it thinks Alice's master key is, and
+   - a random shared secret.
+
+   Note that in this case, the QR code does not include Alice's master key in a
+   `key_<key_id>` parameter, since Dynabook does not know whether it is trusted
+   or not.
+3. Osborne2 scans the QR code displayed by Dynabook.  At this point, Osborne2
+   knows Dynabook's device key and can sign it with the self-signing key and
+   upload the signature, and can trust Dynabook for sending secrets via SSSS.
+   It also knows that Dynabook has the correct cross-signing key.
+4. Osborne2 tells Alice that the scan was successful, and sends the
+   `reciprocate` message containing the shared secret.
+5. Upon receipt of the `reciprocate` message, Dynabook (after checking the
+   shared secret) confirms with Alice that she successfully scanned the QR
+   code.
+6. Alice confirms.
+7. Dynabook now knows that it can trust Alice's cross-signing keys that it
+   fetched from the server.
+
+In the second example, Dynabook scans Osborne2:
+
+1. Alice logs into her new Dynabook and wants other users to be able to trust
+   it via cross-signing, and to trust other devices via cross-signing.
+2. Osborne2 notices that Dynabook is a new device.  Osborne2 fetches Dynabook's
+   identity key and displays a QR code that encodes:
+   - what it thinks Dynabook's key is,
+   - Alice's master key, and
+   - a random shared secret.
+3. Dynabook scans the QR code shown by Osborne2.  At this point, Dynabook knows
+   Alice's cross-signing key, and so it can trust it to sign other devices.  It
+   also knows that Osborne2 as the correct key for it.
+4. Dynabook tells Alice that the scan is successful, and sends the
+   `reciprocate` message containing the shared secret.
+5. Upon receipt of the `reciprocate` message, Osborne2 (after checking the
+   shared secret) confirms with Alice that she successfully scanned the QR
+   code.
+6. Alice confirms.
+7. Osborne2 now knows that it has the correct device key for Dynabook, and can
+   sign it with the self-signing key and upload the signature.  Osborne2 can
+   also trust Dynabook for sending secrets via SSSS.
+
+### Verification methods
+
+This proposal defines three verification methods that can be used in
+`m.key.verification.request` messages (see
+[MSC2241](https://github.com/matrix-org/matrix-doc/pull/2241)).
+
+- `m.qr_code.show.v2`: means that the sender of the
+  `m.key.verification.request` message can show a QR code that the recipient
+  can scan.  If the recipient can scan the QR code, it should allow the user to
+  do so.  This method is never sent as part of a `m.key.verification.start`
+  message.
+- `m.qr_code.scan.v2`: means that the sender of the
+  `m.key.verification.request` message can scan a QR code displayed by the
+  recipient.  If the recipient can display a QR code, it should allow the user
+  to display it so that the sender can scan it.  This method is never sent as
+  part of a `m.key.verification.start` message.
+- `m.reciprocate.v1`: means that the sender can participate in a reciprocal
+  verification, either as initiator or responder, as described in the [Message
+  types](#message-types) section below.
+
+### QR code format
+
+The QR codes to be displayed and scanned using this format will encode binary
+strings in the general form:
+
+- the ASCII string "MATRIX"
+- one byte indicating the QR code version (must be `0x02`)
+- one byte indicating the QR code verification mode.  May be one of the
+  following values:
+  - `0x00` verifying another user with cross-signing
+  - `0x01` self-verifying in which the current device does trust the master key
+  - `0x02` self-verifying in which the current device does not yet trust the
+    master key
+- the event ID or `transaction_id` of the associated verification
+  request event, encoded as:
+  - two bytes in network byte order (big-endian) indicating the length in
+    bytes of the ID as a UTF-8 string
+  - the ID as a UTF-8 string
+- the first key, as 32 bytes.  The key to use depends on the mode field:
+  - if `0x00` or `0x01`, then the current user's own master cross-signing public key
+  - if `0x02`, then the current device's device key
+- the second key, as 32 bytes.  The key to use depends on the mode field:
+  - if `0x00`, then what the device thinks the other user's master
+    cross-signing key is
+  - if `0x01`, then what the device thinks the other device's device key is
+  - if `0x02`, then what the device thinks the user's master cross-signing key
+    is
+- a random shared secret, as a byte string.  It is suggested to use a secret
+  that is about 8 bytes long.  Note: as we do not share the length of the
+  secret, and it is not a fixed size, clients will just use the remainder of
+  binary string as the shared secret.
+
+For example, if Alice displays a QR code encoding the following binary string:
+
+```
+      "MATRIX"    |ver|mode| len   | event ID
+ 4D 41 54 52 49 58  02  00   00 2D   21 41 42 43 44 ...
+| user's cross-signing key    | other user's cross-signing key | shared secret
+  00 01 02 03 04 05 06 07 ...   10 11 12 13 14 15 16 17 ...      20 21 22 23 24 25 26 27
+```
+
+this indicates that Alice is verifying another user (say Bob), in response to
+the request from event "$ABCD...", her cross-signing key is
+`0001020304050607...` (which is "AAECAwQFBg..." in base64), she thinks that
+Bob's cross-signing key is `1011121314151617...` (which is "EBESExQVFh..." in
+base64), and the shared secret is `2021222324252627` (which is "ICEiIyQlJic" in
+base64).
+
+### Message types
+
+#### `m.key.verification.start`
+
+Alice's device tells Bob's device that the QR code has been scanned.
+
+message contents:
+
+- `method`: `m.reciprocate.v1`
+- `m.relates_to`: as per [key verification framework](https://github.com/matrix-org/matrix-doc/pull/2241)
+- `secret`: the shared secret from the QR code, encoded using unpadded base64
+
+Example:
+
+```json
+{
+  "method": "m.reciprocate.v1",
+  "m.relates_to": {
+    "rel_type": "m.reference",
+    "event_id": "$event_id_of_verification_request"
+  },
+  "secret": "shared+secret"
+}
+```
+
+Note that this message could be sent by either the sender or the recipient of
+the `m.key.verification.request` message, depending on which user scanned the
+QR code.
+
+### Cancellation
+
+In addition to the cancellation codes specified in [the spec for
+`m.key.verification.cancel`](https://matrix.org/docs/spec/client_server/r0.5.0#m-key-verification-cancel),
+the following cancellation codes may be used:
+
+- `m.qr_code.invalid`: The QR code is invalid (e.g. it is not a URL of the
+  required form)
+
+The verification can also be cancelled with the error codes:
+
+- `m.key_mismatch`: if the QR code has keys that do not match the expected
+  value
+- `m.user_mismatch`: if the QR code is for a different user from what was expected
+
+Tradeoffs/Alternatives
+----------------------
+
+Other methods of verifying keys, which do not require scanning QR codes, are
+needed for devices that are unable to scan QR codes.  One such method is
+[MSC1267](https://github.com/matrix-org/matrix-doc/issues/1267).  Since the key
+verification framework allows for multiple methods to be supported, clients can
+allow users to use different methods depending on their capability.
+
+Rather than embedding the keys in the QR codes directly, the two clients could
+perform an exchange similar to
+[MSC1267](https://github.com/matrix-org/matrix-doc/issues/1267), and encoding
+the Short Authentication String code in the QR code.  However, this means that
+the clients must exchange several messages before they can verify each other,
+which would delay showing the QR codes.  This proposal is also simpler to
+implement.
+
+This proposal does not support the case of asynchronous verification, such as
+printing a QR code on a business card for others to scan.  That may be address
+in a separate MSC.
+
+Security Considerations
+-----------------------
+
+The security of verifying Alice's key depends on Bob not hitting the "Verified"
+button (step 10 in the example flow) until after Alice's device indicates
+success or failure.  Users have a tendency to click on buttons without reading
+what the screen says, but this is partially mitigated by the fact that it is
+unlikely that Bob will be interacting with the device while Alice is scanning
+and Alice's device will display the verification results immediately upon
+scanning.  Also, Bob's device will not display the button until it receives the
+`m.key.verification.start` message that contains the shared secret from the QR
+code, which means that an attacker would need to be physically present while
+Alice and Bob verify.  This issue can also be addressed by allowing Bob to
+easily undo the verification if Alice's device displays an error.
diff --git a/proposals/1756-cross-signing.md b/proposals/1756-cross-signing.md
index de08422a5ae..2ac8f706d84 100644
--- a/proposals/1756-cross-signing.md
+++ b/proposals/1756-cross-signing.md
@@ -528,7 +528,7 @@ look like:
 
 If Bob replaces his Dynabook without re-verifying with Alice, this will split
 the graph and Alice will not be able to verify Bob's other devices.  In
-contrast, in this proposal, Alice and Bob sign each other's self-signing key
+contrast, in this proposal, Alice and Bob sign each other's master keys
 with their user-signing keys, and the attestation graph would look like:
 
 ![](images/1756-graph2.dot.png)
@@ -543,7 +543,9 @@ devices, as there may be stale attestations and revocations lingering around.
 the signature created previously by the device making the attestation, or
 whether it should be a statement that the device should not be trusted at all.)
 In contrast, with this proposal, if a device is stolen, then only the
-user-signing key must be re-issued.
+keys for which the device had access to the private keys must be re-issued,
+along with any associated signatures.  When the new keys are distributed, the
+old keys and their signatures will no longer be part of the attestation graph.
 
 ## Security considerations
 
diff --git a/proposals/1772-groups-as-rooms.md b/proposals/1772-groups-as-rooms.md
new file mode 100644
index 00000000000..1d431f84158
--- /dev/null
+++ b/proposals/1772-groups-as-rooms.md
@@ -0,0 +1,427 @@
+# Proposal for Matrix "spaces" (formerly known as "groups as rooms (take 2)")
+
+This MSC, and related proposals, supercede
+[MSC1215](https://github.com/matrix-org/matrix-doc/issues/1215).
+
+## Background and objectives
+
+Collecting rooms together into groups is useful for a number of
+purposes. Examples include:
+
+ * Allowing users to discover different rooms related to a particular topic:
+   for example "official matrix.org rooms".
+ * Allowing administrators to manage permissions across a number of rooms: for
+   example "a new employee has joined my company and needs access to all of our
+   rooms".
+ * Letting users classify their rooms: for example, separating "work" from
+   "personal" rooms.
+
+We refer to such collections of rooms as "spaces".
+
+Synapse and Element-Web currently implement an unspecced "groups" API (referred
+to as "`/r0/groups`" in this document) which attempts to provide this
+functionality (see
+[MSC971](https://github.com/matrix-org/matrix-doc/issues/971)). However,
+this is a complex API which has various problems (see
+[appendix](#appendix-problems-with-the-r0groups-api)).
+
+This proposal suggests a new approach where spaces are themselves represented
+by rooms, rather than a custom first-class entity.  This requires minimal
+server changes.
+
+The existing `/r0/groups` API would be deprecated in Synapse and remain
+unspecified.
+
+## Proposal
+
+Each space is represented by its own room, known as a "space-room". The rooms
+within the space are determined by state events within the space-room.
+
+Space-rooms are distinguished from regular messaging rooms by the presence of
+a `'type': 'm.space'` property in the content of the `m.room.create` event.
+The value of the `type` property uses the Standardised Identifier Grammar from
+[MSC2758](https://github.com/matrix-org/matrix-doc/pull/2758). This allows clients to offer slightly customised user experience
+depending on the purpose of the room. Currently, no server-side behaviour is
+expected to depend on this property.  A `type` property on the `m.room.create`
+event is used to ensure that a room cannot change between being a space-room
+and a non-space room. For more information, see the "Rejected Alternatives"
+section below. Additionally, no client behaviour is recommended for handling
+unknown room types given the potential for legacy data: clients are free to
+make their own decisions about hiding unknown room types from users, though
+should note that a future conversation-like type (for example) might be
+introduced and could be considered "unknown" by older versions of their client.
+
+As with regular rooms, public spaces are expected to have an alias, for example
+`#foo:matrix.org`, which can be used to refer to the space.
+
+Space-rooms may have `m.room.name`, `m.room.avatar` and `m.room.topic` state
+events in the same way as a normal room.
+
+Normal messages within a space-room are discouraged (but not blocked by the
+server): user interfaces are not expected to have a way to enter or display
+such messages.  Space-rooms should be created with a power level for
+`events_default` of 100, to prevent the rooms accidentally/maliciously
+clogging up with messages from random members of the space.
+
+### Membership of spaces
+
+Users can be members of spaces (represented by `m.room.member` state events as
+normal). The existing [`m.room.history_visibility`
+mechanism](https://matrix.org/docs/spec/client_server/r0.6.1#room-history-visibility)
+controls whether membership of the space is required to view the room list,
+membership list, etc. "Public" or "community" spaces would be set to
+`world_readable` to allow clients to see the directory of rooms within the
+space by peeking into the space-room (thus avoiding the need to add
+`m.room.member` events to the event graph within the room).
+
+Join rules, invites and 3PID invites work as for a normal room.  In order for
+clients to distinguish space invites from room invites, all invites must now
+include the `m.room.create` event in their `invite_state` and `knock_state`.
+
+### Relationship between rooms and spaces
+
+The intention is that rooms and spaces form a hierarchy, which clients can use
+to structure the user's room list into a tree view. The parent/child
+relationship can be expressed in one of two ways:
+
+ 1. The admins of a space can advertise rooms and subspaces for their space by
+    setting `m.space.child` state events. The `state_key` is the ID of a child
+    room or space, and the content must contain a `via` key which gives a list
+    of candidate servers that can be used to join the room. Something like:
+
+    ```jsonc
+    // a child room
+    {
+        "type": "m.space.child",
+        "state_key": "!abcd:example.com",
+        "content": {
+            "via": ["example.com", "test.org"]
+        }
+    }
+
+    // a child room with an ordering.
+    {
+        "type": "m.space.child",
+        "state_key": "!efgh:example.com",
+        "content": {
+            "via": ["example.com"],
+            "order": "abcd"
+        }
+    }
+
+    // no longer a child room
+    {
+        "type": "m.space.child",
+        "state_key": "!jklm:example.com",
+        "content": {}
+    }
+    ```
+
+    Children where `via` is not present or invalid (not an array) are ignored.
+
+    The `order` key is a string which is used to provide a default ordering of
+    siblings in the room list. (Rooms are sorted based on a lexicographic
+    ordering of the Unicode codepoints of the characters in `order` values.
+    Rooms with no `order` come last, in ascending numeric order of the
+    `origin_server_ts` of their `m.room.create` events, or ascending
+    lexicographic order of their `room_id`s in case of equal
+    `origin_server_ts`.  `order`s which are not strings, or do not consist
+    solely of ascii characters in the range `\x20` (space) to `\x7E` (`~`), or
+    consist of more than 50 characters, are forbidden and the field should be
+    ignored if received.)
+
+ 2. Separately, rooms can claim parents via the `m.space.parent` state
+    event.
+
+    Similar to `m.space.child`, the `state_key` is the ID of the parent space,
+    and the content must contain a `via` key which gives a list of candidate
+    servers that can be used to join the parent.
+
+    ```jsonc
+    {
+        "type": "m.space.parent",
+        "state_key": "!space:example.com",
+        "content": {
+            "via": ["example.com"],
+            "canonical": true
+        }
+    }
+    ```
+
+    Parents where `via` is not present or invalid (not an array) are ignored.
+
+    `canonical` determines whether this is the main parent for the space. When
+    a user joins a room with a canonical parent, clients may switch to view the
+    room in the context of that space, peeking into it in order to find other
+    rooms and group them together.  In practice, well behaved rooms should only
+    have one `canonical` parent, but given this is not enforced: if multiple
+    are present the client should select the one with the lowest room ID, as
+    determined via a lexicographic ordering of the Unicode code-points.
+
+    To avoid abuse where a room admin falsely claims that a room is part of a
+    space that it should not be, clients could ignore such `m.space.parent`
+    events unless either (a) there is a corresponding `m.space.child` event in
+    the claimed parent, or (b) the sender of the `m.space.child` event has a
+    sufficient power-level to send such an `m.space.child` event in the
+    parent. (It is not necessarily required that that user currently be a
+    member of the parent room - only the `m.room.power_levels` event is
+    inspected.) [Checking the power-level rather than requiring an *actual*
+    `m.space.child` event in the parent allows for "secret" rooms (see below).]
+
+    Where the parent space also claims a parent, clients can recursively peek
+    into the grandparent space, and so on.
+
+This structure means that rooms can end up appearing multiple times in the
+room list hierarchy, given they can be children of multiple different spaces
+(or have multiple parents in different spaces).
+
+In a typical hierarchy, we expect *both* parent->child and child->parent
+relationships to exist, so that the space can be discovered from the room, and
+vice versa. Occasions when the relationship only exists in one direction
+include:
+
+ * User-curated lists of rooms: in this case the space will not be listed as a
+   parent of the room.
+
+ * "Secret" rooms: rooms where the admin does not want the room to be
+   advertised as part of a given space, but *does* want the room to form part
+   of the hierarchy of that space for those in the know.
+
+Cycles in the parent->child and child->parent relationships are *not*
+permitted, but clients (and servers) should be aware that they may be
+encountered, and MUST spot and break cycles rather than infinitely looping.
+
+### Suggested children
+
+Space admins can mark particular children of a space as "suggested". This
+mainly serves as a hint to clients that that they can be displayed differently
+(for example by showing them eagerly in the room list), though future
+server-side interfaces (such as the summary API proposed in
+[MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)) might also
+make use of it.
+
+A suggested child is identified by a `"suggested": true` property in the
+`m.space.child` event:
+
+
+```jsonc
+{
+    "type": "m.space.child",
+    "state_key": "!abcd:example.com",
+    "content": {
+        "via": ["example.com", "test.org"],
+        "suggested": true
+    }
+}
+```
+
+A child which is missing the `suggested` property is treated identically to a
+child with `"suggested": false`. A suggested child may be a room or a subspace.
+
+### Extended "room invite state"
+
+The specification is currently vague about what room state should be available
+to users that have been invited to a room, though the Federation API spec does
+recommend that the `invite_room_state` sent over federation via [PUT
+`/_matrix/federation/v2/invite`](https://matrix.org/docs/spec/server_server/r0.1.4#put-matrix-federation-v2-invite-roomid-eventid)
+should include "the join rules, canonical alias, avatar, and name of the room".
+
+This MSC proposes adding `m.room.create` to that list, so that the recipient of
+an invite can distinguish invites to spaces from other invites.
+
+## Future extensions
+
+The following sections are not blocking parts of this proposal, but are
+included as a useful reference for how we imagine it will be extended in future.
+
+### Auto-joined children
+
+We could add an `auto_join` flag to `m.space.child` events to allow a space
+admin to list the sub-spaces and rooms in that space which should be
+automatically joined by members of that space.
+
+This would be distinct from a force-join: the user could subsequently part any
+auto-joined room if they desire.
+
+Joining would be performed by the client.  This could possibly be sped up by
+using a summary API (such as that proposed in
+[MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)) to get a summary
+of the spacetree to be joined, and then using a batch join API to join
+whichever subset of it makes most sense for the client's UX.
+
+Obviously auto-joining can be a DoS vector, and we consider it to be antisocial
+for a space to try to autojoin its members to more than 100 children (in total).
+
+Clients could display the auto-joined children in the room list whenever the
+space appears in the list - thus helping users discover other rooms in a space
+even if they're not joined to that space.  For instance, if you join
+`#matrix:matrix.org`, your client could show that room in the context of its
+parent space, with that space's auto-joined children shown alongside it as
+siblings.
+
+### Restricting access to the spaces membership list
+
+In the existing `/r0/groups` API, the group server has total control over the
+visibility of group membership, as seen by a given querying user. In other
+words, arbitrary users can see entirely different views of a group at the
+server's discretion.
+
+Whilst this is very powerful for mapping arbitrary organisational structures
+into Matrix, it may be overengineered. Instead, the common case is (we believe)
+a space where some users are publicly visible as members, and others are not.
+
+One way of achieving this would be to create a separate space for the
+private members - e.g. have `#foo:matrix.org` and `#foo-private:matrix.org`.
+`#foo-private:matrix.org` is set up with `m.room.history_visibility` to not to
+allow peeking; you have to be joined to see the members.
+
+It's worth noting that any member of a space can currently see who else is a
+member of that space, which might pose privacy problems for sensitive spaces.
+While the server itself will inevitably track the space membership in state
+events, a future MSC could restrict the membership from being sent to clients.
+This is essentially the same as
+[matrix-doc#1653](https://github.com/matrix-org/matrix-doc/issues/1653).
+
+### Flair
+
+("Flair" is a term we use to describe a small badge which appears next to a
+user's displayname to advertise their membership of a space.)
+
+The flair image for a group is given by the room avatar. (In future it might
+preferable to use hand-crafted small resolution images: see
+[matrix-doc#1778](https://github.com/matrix-org/matrix-doc/issues/1778).
+
+One way this might be implemented is:
+
+ * User publishes the spaces they wish to announce on their profile
+   ([MSC1769](https://github.com/matrix-org/matrix-doc/issues/1769)
+   as an `m.flair` state event: it lists the spaces which they are advertising.
+
+ * When a client wants to know the current flair for a set of users (i.e.
+   those which it is currently displaying in the timeline), it peeks the
+   profile rooms of those users. (Ideally there would be an API to support
+   peeking multiple rooms at once to facilitate this.)
+
+ * The client must check that the user is *actually* a member of the advertised
+   spaces. Nominally it can do this by peeking the membership list of the
+   space; however for efficiency we could expose a dedicated Client-Server API
+   to do this check (and both servers and clients can cache the results fairly
+   aggressively.)
+
+## Related MSCs
+
+ * [MSC2946](https://github.com/matrix-org/matrix-doc/issues/2946): Spaces
+   Summary API.
+
+ * [MSC2962](https://github.com/matrix-org/matrix-doc/issues/2962): Managing
+   power levels via Spaces.
+
+ * [MSC3083](https://github.com/matrix-org/matrix-doc/issues/3083): Restricting
+   room membership based on space membership.
+
+ * [MSC2753](https://github.com/matrix-org/matrix-doc/issues/2753) for
+   effective peeking over the C/S API.
+
+ * [MSC2444](https://github.com/matrix-org/matrix-doc/issues/2444) (or similar)
+   for effective peeking over Federation.
+
+## Security considerations
+
+None at present.
+
+## Potential issues
+
+* If the membership of a space would be large (for example: an organisation of
+  several thousand people), this membership has to be copied entirely into the
+  room, rather than querying/searching incrementally.
+
+* If the membership list is based on an external service such as LDAP, it is
+  hard to keep the space membership in sync with the LDAP directory. In
+  practice, it might be possible to do so via a nightly "synchronisation" job
+  which searches the LDAP directory, or via "AD auditing".
+
+* No allowance is made for exposing different 'views' of the membership list to
+  different querying users. (It may be possible to simulate this behaviour
+  using smaller spaces).
+
+* The requirement that `m.space.parent` links be ignored unless the sender has a
+  high PL in the parent room could lead to suprising effects where a parent
+  link suddenly ceases to take effect because a user loses their PL in the
+  parent room. This is mitigated in the general case by honouring the parent
+  link when there is a corresponding `m.space.child` event, however it remains
+  a problem for "secret" rooms.
+
+* The `via` servers listed in the `m.space.child` and `m.space.parent` events
+  could get out of date, and will need to be updated from time to time. This
+  remains an unsolved problem.
+
+## Rejected alternatives
+
+### Use a separate state event for type of room
+
+[MSC1840](https://github.com/matrix-org/matrix-doc/pull/1840) proposes the use
+of a separate `m.room.type` state event to distinguish different room types.
+This implies that rooms can dynamically switch between being a Space, and
+being a regular non-Space room. That is not a usecase we consider useful, and
+allowing it would impose significant complexity on client and server
+implementations. Specifically, client and server implementations who store
+spaces separately from rooms would have to support migrating back and forth
+between them and dealing with the ambiguities of `room_id`s no longer pointing
+to valid spaces, etc.
+
+### Use a different sigil/twigil for spaces
+
+Groups used + as a sigil to differentiate them from rooms (e.g. +matrix:matrix.org).
+We considered doing similar for Spaces, e.g. a #+ twigil or reuse the + sigil,
+but concluded that the resulting complexity and exoticism is not worth it.
+This means that clients such as matrix.to have to peek into rooms to find out their
+`type` before being able to display an appropriate UI, and users will not know
+whether #matrix:matrix.org is a room or a space without using a client (e.g. if
+reading an advert).  It also means that if the client UI requires a space alias the
+client will need to validate the entered data serverside.
+
+## Unstable prefix
+
+The following mapping will be used for identifiers in this MSC during
+development:
+
+Proposed final identifier       | Purpose | Development identifier
+------------------------------- | ------- | ----
+`type` | property in `m.room.create` | `org.matrix.msc1772.type`
+`m.space` | value of `type` in `m.room.create` | `org.matrix.msc1772.space`
+`m.space.child` | event type | `org.matrix.msc1772.space.child`
+`m.space.parent` | event type | `org.matrix.msc1772.space.parent`
+
+## History
+
+ * This replaces [MSC1215](https://docs.google.com/document/d/1ZnAuA_zti-K2-RnheXII1F1-oyVziT4tJffdw1-SHrE).
+ * Other thoughts that led into this are [documented](https://docs.google.com/document/d/1hljmD-ytdCRL37t-D_LvGDA3a0_2MwowSPIiZRxcabs).
+
+## Appendix: problems with the `/r0/groups` API
+
+The existing `/r0/groups` API, as proposed in
+[MSC971](https://github.com/matrix-org/matrix-doc/issues/971), has various
+problems, including:
+
+ * It is a large API surface to implement, maintain and spec - particularly for
+   all the different clients out there.
+ * Much of the API overlaps significantly with mechanisms we already have for
+   managing rooms:
+   * Tracking membership identity
+   * Tracking membership hierarchy
+   * Inviting/kicking/banning user
+   * Tracking key/value metadata
+ * There are membership management features which could benefit rooms which
+   would also benefit groups and vice versa (e.g. "auditorium mode")
+ * The current implementations on Riot Web/iOS/Android all suffer bugs and
+   issues which have been solved previously for rooms.
+   * no local-echo of invites
+   * failures to set group avatars
+   * ability to specify multiple admins
+ * It doesn't support pushing updates to clients (particularly for flair
+   membership): https://github.com/vector-im/riot-web/issues/5235
+ * It doesn't support third-party invites.
+ * Groups could benefit from other features which already exist today for rooms
+   * e.g. Room Directories
+ * Groups are centralised, rather than being replicated across all
+   participating servers.
diff --git a/proposals/1960-integrations-openid.md b/proposals/1960-integrations-openid.md
new file mode 100644
index 00000000000..6f33001fb3a
--- /dev/null
+++ b/proposals/1960-integrations-openid.md
@@ -0,0 +1,192 @@
+# MSC1960: OpenID Connect information exchange for widgets
+
+Widgets are currently left with no options to verify the user's ID, making it hard for
+personalized and authenticated widgets to exist. The spec says the `$matrix_user_id`
+template variable cannot be relied upon due to how easy it is to faslify, which is true.
+
+This MSC aims to solve the problem with verifiably accurate OpenID Connect credentials.
+
+As of writing, the best resource to learn more about the widgets spec is the following
+spec PR: https://github.com/matrix-org/matrix-doc/pull/2764
+
+## Proposal
+
+Typically widgets which need to accurately verify the user's identity will also have a
+backend service of some kind. This backend service likely already uses the integration
+manager authentication APIs introduced by [MSC1961](https://github.com/matrix-org/matrix-doc/pull/1961).
+
+Through using the same concepts from MSC1961, the widget can verify the user's identity
+by requesting a fresh OpenID Connect credential object to pass along to its backend, like
+the integration manager which might be running it.
+
+The protocol sequence defined here is based upon the previous discussion in the Element Web
+issue tracker: https://github.com/vector-im/element-web/issues/7153
+
+It is proposed that after the capabilities negotation, the widget can ask the client for
+an OpenID Connect credential object so it can pass it along to its backend for validation.
+The request SHOULD result in the user being prompted to confirm that the widget can have
+their information. Because of this user interaction, it's not always possible for the user
+to complete the approval within the 10 second suggested timeout by the widget spec. As
+such, the initial request by the widget can have one of three states:
+
+1. The client indicates that the user is being prompted (to be followed up on).
+2. The client sends over credentials for the widget to verify.
+3. The client indicates the request was blocked/denied.
+
+The initial request from the widget looks as follows:
+
+```json
+{
+    "api": "fromWidget",
+    "action": "get_openid",
+    "requestId": "AAABBB",
+    "widgetId": "CCCDDD",
+    "data": {}
+}
+```
+
+Which then receives a response which has a `state` field alongside potentially the credentials
+to be verified. Matching the order of possible responses above, here are examples:
+
+```json
+{
+    "api": "fromWidget",
+    "action": "get_openid",
+    "requestId": "AAABBB",
+    "widgetId": "CCCDDD",
+    "data": {},
+    "response": {
+        "state": "request"
+    }
+}
+```
+
+```json
+{
+    "api": "fromWidget",
+    "action": "get_openid",
+    "requestId": "AAABBB",
+    "widgetId": "CCCDDD",
+    "data": {},
+    "response": {
+        "state": "allowed",
+        "access_token": "s3cr3t",
+        "token_type": "Bearer",
+        "matrix_server_name": "example.org",
+        "expires_in": 3600
+    }
+}
+```
+
+```json
+{
+    "api": "fromWidget",
+    "action": "get_openid",
+    "requestId": "AAABBB",
+    "widgetId": "CCCDDD",
+    "data": {},
+    "response": {
+        "state": "blocked"
+    }
+}
+```
+
+The credential information is directly copied from the `/_matrix/client/r0/user/:userId/openid/request_token`
+response.
+
+In the case of `state: "request"`, the user is being asked to approve the widget's attempt to
+verify their identity. To ensure that future requests are quicker, clients are encouraged to
+include a "remember this widget" option to make use of the immediate `state: "allowed"` or
+`state: "blocked"` responses above.
+
+There is no timeout associated with the user making their selection. Once a user does make
+a selection (allow or deny the request), the client sends a `toWidget` request to indicate the
+result, using a very similar structure to the above immediate responses:
+
+```json
+{
+    "api": "toWidget",
+    "action": "openid_credentials",
+    "requestId": "EEEFFF",
+    "widgetId": "CCCDDD",
+    "data": {
+        "state": "allowed",
+        "original_request_id": "AAABBB",
+        "access_token": "s3cr3t",
+        "token_type": "Bearer",
+        "matrix_server_name": "example.org",
+        "expires_in": 3600
+    }
+}
+```
+
+```json
+{
+    "api": "toWidget",
+    "action": "openid_credentials",
+    "requestId": "EEEFFF",
+    "widgetId": "CCCDDD",
+    "data": {
+        "state": "blocked",
+        "original_request_id": "AAABBB"
+    }
+}
+```
+
+`original_request_id` is the `requestId` of the `get_openid` request which started the prompt,
+for the widget's reference.
+
+The widget acknowledges receipt of the credentials with an empty `response` object.
+
+A typical sequence diagram for this flow is as follows:
+
+```
++-------+                                    +---------+                                +---------+
+| User  |                                    | Client  |                                | Widget  |
++-------+                                    +---------+                                +---------+
+    |                                             |                                          |
+    |                                             |                 Capabilities negotiation |
+    |                                             |----------------------------------------->|
+    |                                             |                                          |
+    |                                             | Capabilities negotiation                 |
+    |                                             |<-----------------------------------------|
+    |                                             |                                          |
+    |                                             |            fromWidget get_openid request |
+    |                                             |<-----------------------------------------|
+    |                                             |                                          |
+    |                                             | ack with state "request"                 |
+    |                                             |----------------------------------------->|
+    |                                             |                                          |
+    |      Ask if the widget can have information |                                          |
+    |<--------------------------------------------|                                          |
+    |                                             |                                          |
+    | Approve                                     |                                          |
+    |-------------------------------------------->|                                          |
+    |                                             |                                          |
+    |                                             | toWidget openid_credentials request      |
+    |                                             |----------------------------------------->|
+    |                                             |                                          |
+    |                                             |     acknowledge request (empty response) |
+    |                                             |<-----------------------------------------|
+```
+
+Prior to this proposal, widgets could use an undocumented `scalar_token` parameter if the client chose to
+send it to the widget. Clients typically chose to send it if the widget's URL matched a whitelist for URLs
+the client trusts. With the widget specification as written, widgets cannot rely on this behaviour.
+
+Widgets may wish to look into cookies and other storage techniques to avoid continously requesting
+credentials. Widgets should also look into [MSC1961](https://github.com/matrix-org/matrix-doc/pull/1961)
+for information on how to properly verify the OpenID Connect credentials it will be receiving. The
+widget is ultimately responsible for how it deals with the credentials, though the author recommends
+handing it off to an integration manager's `/register` endpoint to acquire a single token string
+instead.
+
+An implementation of this proposal's early draft is here: https://github.com/matrix-org/matrix-react-sdk/pull/2781
+
+## Security considerations
+
+The user is explicitly kept in the loop to avoid automatic and silent harvesting of private information.
+Clients must ask the user for permission to send OpenID Connect information to a widget, but may optionally allow
+the user to always allow/deny the widget access. Clients are encouraged to notify the user when future
+requests are automatically handled due to the user's prior selection (eg: an unobtrusive popup saying
+"hey, your sticker picker asked for your information. [Block future requests]").
diff --git a/proposals/2010-spoilers.md b/proposals/2010-spoilers.md
index 1d9f4dc9f11..f327fbb579d 100644
--- a/proposals/2010-spoilers.md
+++ b/proposals/2010-spoilers.md
@@ -3,10 +3,10 @@ Sometimes, while you want to put text into a spoiler to not have people accident
 
 For example, when discussing a new movie or a TV series, not everyone might have watched it yet.
 In such cases it would make sense to add a spoiler so that only those who have seen the movie or
-don't mind spoilers read the content.  
+don't mind spoilers read the content.
 Another example would be e.g. in mental health communities where certain people have certain
 triggers. People could put talking about abuse or the like into a spoiler, to not accidentally
-trigger anyone just reading along the conversation.  
+trigger anyone just reading along the conversation.
 Furthermore this is helpful for bridging to other networks that already have a spoiler feature.
 
 To render the spoiler the content is hidden and then revealed once interacted somehow
@@ -14,7 +14,7 @@ To render the spoiler the content is hidden and then revealed once interacted so
 
 ## Proposal
 This proposal is about adding a new attribute to the `formatted_body` of messages with type
-`m.room.message` and msgtype `m.text`.
+`m.room.message` and message types which support the `org.matrix.custom.html` format.
 
 It adds a new attribute, `data-mx-spoiler`, to the `<span>` tag. If the attribute is present the
 contents of the span tag should be rendered as a spoiler. Optionally, you can specify a reason for
@@ -22,6 +22,9 @@ the spoiler by setting the attribute string. It could be rendered, for example,
 
 ![Spoiler rendering idea](images/2010-spoiler-example.gif)
 
+The plaintext fallback supported by the `body` is optional. A recommendation for clients is included
+below.
+
 To preserve the semantics of a spoiler in the plaintext fallback it is recommended to upload the contents of the spoiler
 as a text file and then link this: `[Spoiler](mxc://someserver/somefile)` and
 `[Spoiler for reason](mxc://someserver/somefile)` respectively.
diff --git a/proposals/2184-allow-html-details.md b/proposals/2184-allow-html-details.md
new file mode 100644
index 00000000000..41e337221e2
--- /dev/null
+++ b/proposals/2184-allow-html-details.md
@@ -0,0 +1,45 @@
+# Allow the HTML `<details>` tag in messages
+
+Currently, there's no available method for bot developers - among others - to provide larger informative
+messages in a room without disrupting the conversation for all other users. This often causes bots
+to appear needlessly "spammy".
+
+## Proposal
+
+This proposal suggests adding the existing HTML tags for `<details>` and `<summary>` to the list of
+allowed tags in formatted Matrix messages. Which would allow for larger messages to be shown simply
+as smaller - and less intrusive - summaries for the users who are not interested in their full contents.
+
+## Tradeoffs
+
+An alternative method to provide a summary/details split could possibly be done through [MSC1767],
+with the details and summaries being specified through repeated bodies with added metadata. This could
+then also allow clients better autonomy in deciding what to display - or how to structure the information.
+
+However, allowing the use of the `<details>` and `<summary>` tags would still offer richer formatting
+capabilities even in such messages, especially as more than one detail/summary block could be included
+in a single message.
+
+## Potential issues
+
+Allowing more HTML tags in formatted messages could cause more work for client developers, as they would
+have to fit a larger and more diverse corpus of input into their designs and user experience.
+However, these are both well documented - and implemented - HTML tags, so there is plenty of prior work
+available to take example from in how to incorporate them.
+
+Additionally, as the addition of these tags will make it possible to fit even more information into
+a single message without worry of overflowing the room, any client that doesn't render the formatting
+of the body might end up with a lessened user experience - from either an under- or overflow of information.
+
+The onus on ensuring that the unformatted body is a reasonable representation of the message has always
+been on the user or bot writing the formatted message though, so providing an improved ability for
+formatting should not negatively affect the experience for any clients that simply render unformatted
+text.
+
+## Security considerations
+
+Allowing more HTML tags in client rendering could lead to a wider attack surface for DOM-based exploits.
+However, these tags are very simple in both function and design, so any possible attack surface they
+would offer would be minimal at best.
+
+[MSC1767]: https://github.com/matrix-org/matrix-doc/blob/matthew/msc1767/proposals/1767-extensible-events.md
diff --git a/proposals/2241-e2e-verification-in-dms.md b/proposals/2241-e2e-verification-in-dms.md
new file mode 100644
index 00000000000..dc2797f218d
--- /dev/null
+++ b/proposals/2241-e2e-verification-in-dms.md
@@ -0,0 +1,314 @@
+# Key verification in DMs
+
+Currently, key verification is done using `to_device` messages.  However, since
+`to_device` messages are not part of a timeline, there is no user-visible
+record of the key verification.
+
+As well, the current key verification framework does not provide any feedback
+when interacting with clients that do not support it; if a client does not
+support the key verification framework, there is no way for users to discover
+this other than waiting for a while and noticing that nothing is happening.
+
+This proposal will solve both problems.
+
+## Proposal
+
+The current [key verification
+framework](https://matrix.org/docs/spec/client_server/r0.5.0#key-verification-framework)
+will be replaced by a new framework that uses room messages rather than
+`to_device` messages.  Key verification messages will be sent in a [Direct
+Messaging](https://matrix.org/docs/spec/client_server/r0.5.0#id185) room.  If
+there is no Direct Messaging room between the two users involved, the client
+that initiates the key verification will create one.
+
+In this proposal, we use "Alice" to denote the user who initiates the key
+verification, and "Bob" to denote the other user involved in the key
+verification.
+
+### General framework
+
+#### Requesting a key verification
+
+To request a key verification, Alice will send an `m.room.message` event with the
+following properties in its contents:
+
+- `body`: a fallback message to alert users that their client does not support
+  the key verification framework, and that they should use a different method
+  to verify keys.  For example, "Alice is requesting to verify keys with you.
+  However, your client does not support this method, so you will need to use
+  the legacy method of key verification."
+
+  Clients that do support the key verification framework should hide the body
+  and instead present the user with an interface to accept or reject the key
+  verification.
+
+  The event may also contain `format` and `formatted_body` properties as
+  described in the [m.room.message
+  msgtypes](https://matrix.org/docs/spec/client_server/r0.5.0#m-room-message-msgtypes)
+  section of the spec.  Clients that support the key verification should
+  similarly hide these from the user.
+- `msgtype`: `m.key.verification.request`
+- `methods`: the verification methods supported by Alice's client
+- `to`: Bob's Matrix ID.  Users should only respond to verification requests if
+  they are named in this field.  Users who are not named in this field and who
+  did not send this event should ignore all other events that have a
+  `m.reference` relationship with this event.
+- `from_device`: Alice's device ID.  This is required since some verification
+  methods may use the device IDs as part of the verification process.
+
+Key verifications will be identified by the event ID of the key verification
+request event.
+
+Clients should ignore verification requests that have been accepted or
+cancelled, or if they do not belong to the sending or target users.
+
+The way that clients display this event can depend on which user and device the
+client belongs to, and what state the verification is in.  For example:
+
+- If the verification has been completed (there is an `m.key.verification.done`
+  or `m.key.verification.cancel` event), the client can indicate that the
+  verification was successful or had an error.
+- If the verification has been accepted (there is an `m.key.verification.start`
+  event) but has not been completed, the two devices involved can indicate that
+  the verification is in progress and can use this event as a place in the
+  room's timeline to display progress of the key verification and to interact
+  with the user as necessary.  Other devices can indicate that the verification
+  is in progress on other devices.
+- If the verification has not been accepted, clients for the target user can
+  indicate that a verification has been requested and allow the user to accept
+  the verification on that device.  The sending client can indicate that it is
+  waiting for the request to be accepted, and the sending user's other clients
+  can indicate the that a request was initiated on a different device.
+
+Clients may choose to display or not to display events of any other type that
+reference the original request event; but it must not have any effect on the
+verification itself.
+
+#### Accepting a key verification
+
+To accept a key verification, Bob will send an `m.key.verification.ready` event
+with the following properties in its contents:
+
+- `m.relates_to`: an object with the properties:
+  - `rel_type`: `m.reference`
+  - `event_id`: the event ID of the key verification request that is being
+    accepted
+- `methods`: an array of verification methods that the device supports
+- `from_device`: Bob's device ID.  This is required since some verification
+  methods may use the device IDs as part of the verification process.
+
+(Note: the form of the `m.relates_to` property is based on the current state of
+[MSC2674](https://github.com/matrix-org/matrix-doc/pull/2674), but is
+independent from it since this MSC does not rely on any aggregations features.)
+
+Clients should ignore `m.key.verification.ready` events that correspond to
+verification requests that they did not send.
+
+After this, either Alice or Bob may start the verification by sending an
+`m.key.verification.start` event with the following properties in its contents:
+
+- `m.relates_to`: an object with the properties:
+  - `rel_type`: `m.reference`
+  - `event_id`: the event ID of the key verification request that is being
+    started
+- `method`: the key verification method that is being used.  This should be a
+  method that both Alice's and Bob's devices support.
+- `from_device`: The user's device ID.
+
+If both Alice and Bob send an `m.key.verification.start` message, and they both
+specify the same verification method, then the event sent by the user whose
+user ID is the smallest is used, and the other event is ignored.  If they both
+send an `m.key.verification.start` message and the method is different, then
+the verification should be cancelled with a `code` of `m.unexpected_message`.
+
+After the `m.key.verification.start` event is sent, the devices may exchange
+messages (if any) according to the verification method in use.
+
+#### Rejecting a key verification
+
+To reject a key verification, Alice or Bob will send an
+`m.key.verification.cancel` event with the following properties in its
+contents:
+
+- `m.relates_to`: an object with the properties:
+  - `rel_type`: `m.reference`
+  - `event_id`: the event ID of the key verification that is being cancelled
+- `reason`: A human readable description of the `code`. The client should only
+  rely on this string if it does not understand the `code`.
+- `code`: The error code for why the process/request was cancelled by the
+  user. The contents are the same as the `code` property of the currently
+  defined [`m.key.verification.cancel` to-device
+  event](https://matrix.org/docs/spec/client_server/r0.5.0#m-key-verification-cancel),
+  or as defined for specific key verification methods.
+
+This message may be sent at any point in the key verification process.  Any
+subsequent key verification messages relating to the same request are ignored.
+However, this does not undo any verifications that have already been done.
+
+#### Concluding a key verification
+
+When the other user's key is verified and no more messages are expected, each
+party will send an `m.key.verification.done` event with the following
+properties in its contents:
+
+- `m.relates_to`: an object with the properties:
+  - `rel_type`: `m.reference`
+  - `event_id`: the event ID of the key verification that is being concluded
+
+This provides a record within the room of the result of the verification.
+
+Any subsequent key verification messages relating to the same request are
+ignored.
+
+Although a client may have successfully completed its side of the verification,
+it may wait until receiving an `m.key.verification.done` (or
+`m.key.verification.cancel`) event from the other device before informing the
+user that the verification was successful or unsuccessful.
+
+#### Other events
+
+Key verification methods may define their own event types, or extensions to the
+above event types.  All events sent as part of a key verification process
+should have an `m.relates_to` property as defined for
+`m.key.verification.accept` or `m.key.verification.cancel` events.
+
+Clients should ignore events with an `m.relates_to` that have a `rel_type` of
+`m.reference` that refer to a verification where it is neither the requester
+nor the accepter.
+
+Clients should not redact or edit verification messages.  A client may ignore
+redactions or edits of key verification messages, or may cancel the
+verification with a `code` of `m.unexpected_message` when it receives a
+redaction or edit.
+
+### SAS verification
+
+The messages used in SAS verification are the same as those currently defined,
+except that instead of the `transaction_id` property, an `m.relates_to`
+property, as defined above, is used instead.
+
+If the key verification messages are encrypted, the hash commitment sent in the
+`m.key.verification.accept` message MUST be based on the decrypted
+`m.key.verification.start` message contents, and include the `m.relates_to`
+field, even if the decrypted message contents do not include that field.  For
+example, if Alice sends a message to start the SAS verification:
+
+```json
+{
+  "content": {
+    "algorithm": "m.megolm.v1.aes-sha2",
+    "ciphertext": "ABCDEFG...",
+    "device_id": "Dynabook",
+    "sender_key": "alice+sender+key",
+    "session_id": "session+id",
+    "m.relates_to": {
+      "rel_type": "m.reference",
+      "event_id": "$verification_request_event"
+    }
+  },
+  "event_id": "$event_id",
+  "origin_server_ts": 1234567890,
+  "sender": "@alice:example.org",
+  "type": "m.room.encrypted",
+  "room_id": "!room_id:example.org"
+}
+```
+
+which, when decrypted, yields:
+
+```json
+{
+  "room_id": "!room_id:example.org",
+  "type": "m.key.verification.start",
+  "content": {
+    "from_device": "Dynabook",
+    "hashes": [
+      "sha256"
+    ],
+    "key_agreement_protocols": [
+        "curve25519"
+    ],
+    "message_authentication_codes": [
+        "hkdf-hmac-sha256"
+    ],
+    "method": "m.sas.v1",
+    "short_authentication_string": [
+        "decimal",
+        "emoji"
+    ]
+  }
+}
+```
+
+then the hash commitment will be based on the message contents:
+
+```json
+{
+  "from_device": "Dynabook",
+  "hashes": [
+    "sha256"
+  ],
+  "key_agreement_protocols": [
+      "curve25519"
+  ],
+  "message_authentication_codes": [
+      "hkdf-hmac-sha256"
+  ],
+  "method": "m.sas.v1",
+  "short_authentication_string": [
+      "decimal",
+      "emoji"
+  ],
+  "m.relates_to": {
+    "rel_type": "m.reference",
+    "event_id": "$verification_request_event"
+  }
+}
+```
+
+## Alternatives
+
+Messages sent by the verification methods, after the initial key verification
+request message, could be sent as to-device messages.  The
+`m.key.verification.ready`, `m.key.verification.cancel`, and
+`m.key.verification.done` messages must be still be sent in the room, as the
+`m.key.verification.ready` notifies the sender's other devices that the request
+has been acknowledged, and the `m.key.verification.cancel` and
+`m.key.verification.done` provide a record of the status of the key
+verification.
+
+However, it seems more natural to have all messages sent via the same
+mechanism.
+
+## Potential issues
+
+If a user wants to verify their own device, this will require the creation of a
+Direct Messaging room with themselves.  Instead, clients may use the current
+`to_device` messages for verifying the user's other devices.
+
+Direct Messaging rooms could have end-to-end encryption enabled, and some
+clients can be configured to only send decryption keys to verified devices.
+Key verification messages should be granted an exception to this (so that
+decryption keys are sent to all of the target user's devices), or should be
+sent unencrypted, so that unverified devices will be able to be verified.
+
+Users might have multiple Direct Messaging rooms with other users.  In this
+case, clients could need to prompt the user to select the room in which they
+want to perform the verification, or could select a room.
+
+## Security considerations
+
+Key verification is subject to the room's visibility settings, and may be
+visible to other users in the room.  However, key verification does not rely on
+secrecy, so this will no affect the security of the key verification.  This may
+reveal to others in the room that Alice and Bob know each other, but this is
+already revealed by the fact that they share a Direct Messaging room.
+
+This framework allows users to see what key verifications they have performed
+in the past.  However, since key verification messages are not secured, this
+should not be considered as authoritative.
+
+## Conclusion
+
+By using room messages to perform key verification rather than `to_device`
+messages, the user experience of key verification can be improved.
diff --git a/proposals/2265-email-lowercase.md b/proposals/2265-email-lowercase.md
index 5a1db682561..e4fe53139bd 100644
--- a/proposals/2265-email-lowercase.md
+++ b/proposals/2265-email-lowercase.md
@@ -23,8 +23,8 @@ Sydent.
 This proposal suggests changing the specification of the e-mail 3PID type in
 [the Matrix spec appendices](https://matrix.org/docs/spec/appendices#pid-types)
 to mandate that, before any processing, e-mail addresses must go through a full
-case folding based on [the unicode mapping
-file](https://www.unicode.org/Public/8.0.0/ucd/CaseFolding.txt), on top of
+case folding as described under "Caseless Matching" in
+[chapter 5 of the unicode standard](https://www.unicode.org/versions/Unicode13.0.0/ch05.pdf#G21790), on top of
 having their domain lowercased.
 
 This means that `Strauß@Example.com` must be considered as being the same e-mail
diff --git a/proposals/2312-matrix-uri.md b/proposals/2312-matrix-uri.md
new file mode 100644
index 00000000000..45bb2187279
--- /dev/null
+++ b/proposals/2312-matrix-uri.md
@@ -0,0 +1,769 @@
+# URI scheme for Matrix
+
+This is a proposal of a URI scheme to identify Matrix resources in a wide
+range of applications (web, desktop, or mobile) both throughout Matrix software
+and (especially) outside it. It supersedes 
+[MSC455](https://github.com/matrix-org/matrix-doc/issues/455) in order
+to continue the discussion in the modern GFM style.
+
+While Matrix has its own resource naming system that allows it to identify
+resources without resolving them, there is a common need to provide URIs
+to Matrix resources (e.g., rooms, users, PDUs) that could be transferred
+outside of Matrix and then resolved in a uniform way - matching URLs
+in World Wide Web.
+
+Specific use cases include:
+1. Representation: as a Matrix user I want to refer to Matrix entities
+   in the same way as for web pages, so that others could unambiguously identify
+   the resource, regardless of the context or used medium to identify it to them
+   (within or outside Matrix, e.g., in a web page or an email message).
+1. Inbound integration: as an author of Matrix software, I want to have a way
+   to invoke my software from the operating environment to resolve a Matrix URI
+   passed from another program. This is a case of, e.g.,
+   opening a Matrix client by clicking on a link from an email message.
+1. Outbound integration: as an author of Matrix software, I want to have a way
+   to export identifiers of Matrix resources to non-Matrix environment
+   so that they could be resolved in another time-place in a uniform way.
+   An example of this case is the "Share via…" action in a mobile Matrix client.
+
+Matrix identifiers as defined by the current specification have a form distinct
+enough from other identifiers to mostly fulfil the representation use case.
+Since they are not URIs, they can not cover the two integration use cases.
+https://matrix.to somehow compensates for this; however:
+* it requires a web browser to run JavaScript code that resolves identifiers
+  (basically limiting first-class support to browser-based clients), and
+* it relies on matrix.to as an intermediary that provides that JavaScript code.
+
+To cover the use cases above, the following scheme is proposed for Matrix URIs
+(`[]` enclose optional parts, `{}` enclose variables):
+```text
+matrix:[//{authority}/]{type}/{id without sigil}[/{type}/{id without sigil}...][?{query}][#{fragment}]
+```
+with `{type}` defining the resource type (such as `r`, `u` or `roomid` - see
+the "Path" section in the proposal) and `{query}` containing additional hints
+or request details on the Matrix entity (see "Query" in the proposal).
+`{authority}` and `{fragment}` parts are reserved for future use; this proposal
+does not define them and implementations SHOULD ignore them for now.
+
+This MSC does not introduce new Matrix entities, nor API endpoints -
+it merely defines a mapping between URIs with the scheme name `matrix:`
+and Matrix identifiers, as well as operations on them. The MSC should be
+sufficient to produce an implementation that would convert Matrix URIs to
+a series of [CS API](https://matrix.org/docs/spec/client_server/latest) calls,
+entirely on the client side. It is recognised, however, that most of
+the URI processing logic can and should (eventually) be on the server side
+in order to facilitate adoption of Matrix URIs; further MSCs are needed
+to define details for that, as well as to extend the mapping to more resources
+(including those without equivalent Matrix identifiers, such as room state or
+user profile data).
+
+The Matrix identifier (or identifiers) can be reconstructed from
+`{id without sigil}` by prepending a sigil character corresponding to `{type}`.
+To support a hierarchy of Matrix resources, more `/{type}/{id without sigil}`
+pairs can be appended, identifying resources within other resources.
+As of now, there's only one such case, with exactly one additional pair -
+pointing to an event in a room.
+
+Examples:
+* Room `#someroom:example.org`:
+  `matrix:r/someroom:example.org`
+* User `@me:example.org`:
+  `matrix:u/me:example.org`
+* Event in a room:
+  `matrix:r/someroom:example.org/e/Arbitrary_Event_Id`
+* [A commit like this](https://github.com/her001/steamlug.org/commit/2bd69441e1cf21f626e699f0957193f45a1d560f)
+  could make use of a Matrix URI in the form of
+  `<a href="{Matrix URI}">{Matrix identifier}</a>`.
+
+
+## Proposal
+
+### Definitions
+
+Further text uses the following terms:
+- Matrix identifier - one of identifiers defined by the current
+[Matrix Specification](https://matrix.org/docs/spec/appendices.html#identifier-grammar),
+- Matrix URI - a uniform resource identifier proposed hereby, following
+  the RFC-compliant URI format.
+- MUST/SHOULD/MAY etc. follow the conventions of
+  [RFC 2119](https://www.ietf.org/rfc/rfc2119.txt).
+
+
+### Requirements
+
+The following considerations drive the requirements for Matrix URIs:
+1. Follow existing standards and practices.
+1. Endorse the principle of the least surprise.
+1. Humans first, machines second.
+1. Cover as many entities as practical.
+1. URIs are expected to be extremely portable and stable;
+   you cannot rewrite them once they are released to the world.
+1. Ease of implementation, allowing reuse of existing codes.
+
+The following requirements resulted from these drivers:
+1. Matrix URI MUST comply with
+   [RFC 3986](https://tools.ietf.org/html/rfc3986) and
+   [RFC 7595](https://tools.ietf.org/html/rfc7595).
+1. By definition, Matrix URI MUST unambiguously identify a resource
+   in a Matrix network, across servers and types of resources.
+   This means, in particular, that two Matrix identifiers distinct by
+   [Matrix Specification](https://matrix.org/docs/spec/appendices.html#identifier-grammar)
+   MUST NOT have Matrix URIs that are equal in
+   [RFC 3986](https://tools.ietf.org/html/rfc3986) sense
+   (but two distinct Matrix URIs MAY map to the same Matrix identifier).
+1. References to the following entities MUST be supported:
+   1. User IDs (`@user:example.org`)
+   1. Room IDs (`!roomid:example.org`)
+   1. Room aliases (`#roomalias:example.org`)
+   1. Event IDs (`$arbitrary_eventid_with_or_without_serverpart`)
+1. The mapping MUST take into account that some identifiers
+   (e.g. aliases) can have non-ASCII characters - reusing
+   [RFC 3987](https://tools.ietf.org/html/rfc3987) is RECOMMENDED,
+   but an alternative encoding can be used if there are reasons for that.
+1. The mapping between Matrix identifiers and Matrix URIs MUST
+   be extensible (without invalidating previous URIs) to:
+   1. new classes of identifiers (there MUST be a meta-rule to produce
+      a new mapping for IDs following the `&somethingnew:example.org`
+      pattern assumed for Matrix identifiers);
+   1. new ways to navigate to and interact with objects in Matrix
+      (e.g., we might eventually want to have a mapping for
+      room-specific user profiles).
+1. The mapping MUST support decentralised as well as centralised IDs.
+   This basically means that the URI scheme MUST have provisions
+   for mapping of identifiers with `:<serverpart>` but it MUST NOT require
+   `:<serverpart>` to be there.
+1. Matrix URI SHOULD allow encoding of action requests such as joining a room.
+1. Matrix URI SHOULD have a human-readable, if not necessarily
+   human-friendly, representation - to allow visual sanity-checks.
+   In particular, characters escaping/encoding should be reduced
+   to bare minimum in that representation. As food for thought, see
+   [Wikipedia: Clean URL, aka SEF URL](https://en.wikipedia.org/wiki/Clean_URL) and
+   [a use case from RFC 3986](https://tools.ietf.org/html/rfc3986#section-1.2.1).
+1. It SHOULD be easy to parse Matrix URI in popular programming
+   languages: e.g., one should be able to use `parseUri()`
+   to dissect a Matrix URI into components in JavaScript.
+1. The mapping SHOULD be consistent across different classes of
+   Matrix identifiers.
+1. The mapping SHOULD support linking to unfederated servers/networks
+   (see also
+   [matrix-doc#2309](https://github.com/matrix-org/matrix-doc/issues/2309)
+   that calls for such linking).
+
+The syntax and mapping discussed below meet all these requirements except
+the last one that will be addressed separately.
+Further extensions MUST NOT reduce the supported set of requirements.
+
+
+### Syntax and high-level processing
+
+The proposed generic Matrix URI syntax is a subset of the generic
+URI syntax
+[defined by RFC 3986](https://tools.ietf.org/html/rfc3986#section-3):
+```text
+MatrixURI = "matrix:" hier-part [ "?" query ] [ "#" fragment ]
+hier-part = [ "//" authority "/" ] path
+```
+As mentioned above, this MSC assumes client-side URI processing
+(i.e. mapping to Matrix identifiers and CS API requests).
+However, even when URI processing is shifted to the server side
+the client will still have to parse the URI at least to remove
+the authority and fragment parts (if either exists)
+before sending the request to the server (more on that below).
+
+#### Scheme name
+The proposed scheme name is `matrix`.
+[RFC 7595](https://tools.ietf.org/html/rfc7595) states:
+  
+    if there’s one-to-one correspondence between a service name and
+    a scheme name then the scheme name should be the same as
+    the service name.
+
+Other considered options were `mx` and `web+matrix`;
+[comments to MSC455](https://github.com/matrix-org/matrix-doc/issues/455)
+mention two scheme names proposed and one more has been mentioned
+in `#matrix-core:matrix.org`.
+
+The scheme name is a definitive indication of a Matrix URI and MUST NOT
+be omitted. As can be seen below, Matrix URI rely heavily on [relative
+references](https://tools.ietf.org/html/rfc3986#section-4.2) and
+omitting the scheme name makes them indistinguishable from a local path
+that might have nothing to do with Matrix. Clients MUST NOT try to
+parse pieces like `r/MyRoom:example.org` as Matrix URIs; instead,
+users should be encouraged to use Matrix identifiers for in-text references
+(`#MyRoom:example.org`) and client applications SHOULD turn them into
+hyperlinks to Matrix URIs.
+
+#### Authority
+
+Basing on
+[the definition in RFC 3986](https://tools.ietf.org/html/rfc3986#section-3.2),
+this MSC restricts the authority part to never have a userinfo component,
+partially to prevent confusion concerned with the `@` character that has its
+own meaning in Matrix, but also because this component has historically been
+a popular target of abuse.
+```text
+authority = host [ ":" port ]
+```
+Further definition of syntax or semantics for the authority part is left for
+future MSCs. Clients MUST parse the authority part as per RFC 3986 (i.e.
+the presence of an authority part MUST NOT break URI parsing) but SHOULD NOT
+use data from the authority part other than for experiments or research.
+
+The authority part may eventually be used to indicate access to a Matrix
+resource (such as a room or a user) specifically through a given entity.
+See "Ideas for further evolution".
+
+#### Path
+This MSC restricts
+[the very wide definition of path in RFC 3986](https://tools.ietf.org/html/rfc3986#section-3.3),
+to a simple pattern that allows to easily reconstruct a Matrix identifier or
+a chain of identifiers and also to locate a certain sub-resource in the scope
+of a given Matrix entity:
+```text
+path = entity-descriptor ["/" entity-descriptor]
+entity-descriptor = nonid-segment / type-qualifier id-without-sigil
+nonid-segment = segment-nz ; as defined in RFC 3986, see also below
+type-qualifier = segment-nz "/" ; as defined in RFC 3986, see also below
+id-without-sigil = string ; as defined in Matrix identifier spec, see below
+```
+The path component consists of 1 or more descriptors separated by a slash
+(`/`) character. This is a generic pattern intended for reusing in future
+extensions.
+
+This MSC only proposes mappings along `type-qualifier id-without-sigil` syntax;
+`nonid-segment` is unused and reserved for future use. 
+For the sake of integrity future `nonid-segment` extensions must follow
+[the ABNF for `segment-nz` as defined in RFC 3986](https://tools.ietf.org/html/rfc3986#appendix-A).
+
+This MSC defines the following `type` specifiers: `u` (user id, sigil `@`),
+`r` (room alias, sigil `#`), `roomid` (room id, sigil `!`),  and
+`e` (event id, sigil `$`). This MSC does not define a type specifier for sigil `+`
+([groups](https://github.com/matrix-org/matrix-doc/issues/1513) aka communities
+or, in the more recent incarnation,
+[spaces](https://github.com/matrix-org/matrix-doc/pull/1772)); a separate MSC
+can introduce the specifier, along with the parsing/construction logic and
+relevant CS API invocations, following the framework of this proposal.
+
+The following type specifiers proposed in earlier editions of this MSC and
+already in use in several implementations, are deprecated: `user`, `room`, and
+`event`. Client applications MAY parse these specifiers as if they were
+`u`, `r`, and `e` respectively; they MUST NOT emit URIs with the deprecated
+specifiers. The rationale behind the switch is laid out in "Alternatives".
+
+As of this MSC, `u`, `r`, and `roomid` can only be at the top
+level. The type `e` (event) can only be used on the 2nd level and only under
+`r` or `roomid`; this is driven by the current shape of Client-Server API
+that does not provide a non-deprecated way to retrieve an event without knowing
+the room (see [MSC2695](https://github.com/matrix-org/matrix-doc/pull/2695) and
+[MSC2779](https://github.com/matrix-org/matrix-doc/issues/2779) that may
+change this).
+
+Further MSCs may introduce navigation to more top-level as well as
+non-top-level objects; see "Ideas for further evolution" to get inspired. These
+new proposals SHOULD follow the generic grammar laid out above, adding new
+`type` and `nonid-segment` specifiers and/or allowing them in other levels,
+rather than introduce a new grammar. It is recommended to only use abbreviated
+single-letter specifiers if they are expected to be user visible and convenient
+for type-in; if a URI for a given resource type is usually generated
+(e.g. because the corresponding identifier is not human-friendly), it's
+RECOMMENDED to use full (though short) words to avoid ambiguity and confusion.
+
+`id-without-sigil` is defined as the `string` part of Matrix
+[Common identifier format](https://matrix.org/docs/spec/appendices#common-identifier-format)
+with percent-encoded characters that are NEITHER unreserved, sub-delimiters, `:` nor `@`,
+[as per RFC 3986 rule for pchar](https://tools.ietf.org/html/rfc3986#appendix-A).
+This notably exempts `:` from percent-encoding but includes `/`.
+
+See the rationale behind dropping sigils and the respective up/downsides in
+"Discussion points and tradeoffs" as well as "Alternatives" below.
+  
+#### Query
+
+Matrix URI can optionally have
+[the query part](https://tools.ietf.org/html/rfc3986#section-3.4).
+This MSC defines the general form for the query and two "standard" query items;
+further MSCs may add to this as long as RFC 3986 is followed.
+```text
+query = query-element *( "&" query-item )
+query-item = action / routing / custom-query-item
+action = "action=" ( "join" / "chat" )
+routing = "via=” authority
+custom-query-item = custom-item-name "=" custom-item-value
+custom-item-name = 1*unreserved ; reverse-DNS name; see below
+custom-item-value = ; see below
+```
+
+The `action` query item is used in contexts where, on top of identifying
+the Matrix entity, a certain action is requested on it. This proposal
+describes two possible actions:
+* `action=join` is only valid in a URI resolving to a Matrix room;
+  applications MUST ignore it if found in other contexts and MUST NOT generate
+  it for other Matrix resources. This action means that a client application
+  SHOULD attempt to join the room specified by the URI path using the standard
+  CS API means.
+* `action=chat` is only valid in a URI resolving to a Matrix user;
+  applications MUST ignore it if found in other contexts and MUST NOT generate
+  it for other Matrix resources. This action means that a client application
+  SHOULD open a direct chat window with the user specified by the URI path;
+  clients supporting
+  [canonical direct chats](https://github.com/matrix-org/matrix-doc/pull/2199)
+  SHOULD open the canonical direct chat.
+  
+For both actions, where applicable, client applications SHOULD ask for user
+confirmation or at least notify the user before joining or creating a new room.
+Conversely, no additional confirmation/notification is necessary when
+the action leads to opening a room the user is already a member of.
+
+It is worth reiterating on the (blurry) distinction between URIs with `action`
+and those without:
+- a URI with no `action` simply _identifies_ the resource; if the context
+  implies an operation, it is usually focused on the retrieval of the resource,
+  in line with RFC 3986 (see also the next paragraph);
+- a URI with `action` in the query means that a client application should (but
+  is not obliged to) perform that action, with precautions as described above.
+
+In some cases a client application may have no meaningful way to immediately
+perform the default operation suggested by this MSC (see below); e.g.,
+the client may be unable to display a room before joining it, while the URI
+doesn't have `action=join`. In these cases client applications are free to do
+what's best for user experience (e.g., suggest joining the room), even if that
+means performing an action on a URI with no `action` in the query. 
+
+The routing query (`via=`) indicates servers that are likely involved in
+the room (see also
+[the feature of matrix.to](https://matrix.org/docs/spec/appendices#routing)).
+In the meantime, it is proposed that this routing query be used not only with
+room ids in a public federation but also when a URI refers to a resource in
+a non-public Matrix network (see the question about closed federations in
+"Discussion points and tradeoffs"). Note that `authority` in the definition
+above is only a part of the _query parameter_ grammar; it is not proposed here
+to generate or interpret the _authority part_ of the URI.
+
+Clients MAY introduce and recognise custom query items, according to
+the following rules:
+- the name of a custom item MUST follow the reverse-DNS (aka "Java package")
+  naming convention, as per
+  [MSC2758](https://github.com/matrix-org/matrix-doc/pull/2758) - e.g.,
+  a custom action item for Element clients would be named `io.element.action`,
+  for Quaternion - `com.github.quaternion.action`, etc.
+- the value of the item can be any content but its representation in the URI
+  MUST follow the general RFC requirements for the query part; on top of that,
+  if the raw value contains `&` it MUST be percent-encoded.
+- clients SHOULD respect standard query items over their own ones; e.g.,
+  if a URI contains both `action` and the custom client action, the standard
+  action should be respected as much as possible. Client authors SHOULD strive
+  for consistent experience across their and 3rd party clients, anticipating
+  that the same user may happen to have both their client and a 3rd party one.
+
+Client authors are strongly encouraged to standardise custom query elements
+that gain adoption by submitting an MSC defining them in a way compatible
+across the client ecosystem.
+
+
+### Recommended implementation
+
+#### URI parsing algorithm
+
+The reference algorithm of parsing a Matrix URI follows. Note that, although
+clients are encouraged to use lower-case strings in their URIs, all string
+comparisons are case-INsensitive. 
+
+1. Parse the URI into main components (`scheme name`, `authority`, `path`,
+   `query`, and `fragment`), decoding special or international characters
+   as directed by [RFC 3986](https://tools.ietf.org/html/rfc3986) and
+   (for IRIs) [RFC 3987](https://tools.ietf.org/html/rfc3987). Authors are
+   strongly RECOMMENDED that they find an existing implementation of that step
+   for their language and SDK, rather than implement it from scratch based
+   on RFCs.
+
+1. Check that `scheme name` is exactly `matrix`, case-insensitive. If
+   the scheme name doesn't match, exit parsing: this is not a Matrix URI.
+
+1. Split the `path` into segments separated by `/` character; several
+   subsequent `/` characters delimit empty segments, as advised by RFC 3986.
+
+1. Check that the URI contains either 2 or 4 segments; if it's not the case,
+   fail parsing; the Matrix URI is invalid.
+
+1. To construct the top-level (primary) Matrix identifier:
+   
+   a. Pick the leftmost segment of `path` until `/` (path segment) and match
+      it against the following list to produce `sigil-1`:
+      - `u` (or, optionally, `user` - see "Path") -> `@`
+      - `r` (or, optionally, `room`) -> `#`
+      - `roomid` -> `!`
+      - any other string, including an empty one -> fail parsing:
+        the Matrix URI is invalid.
+
+   b. Pick the next (2nd) leftmost path segment:
+      - if the segment is empty, fail parsing;
+      - otherwise, percent-decode the segment (unless the initial URI parse 
+        has already done that) and make `mxid-1` by prepending `sigil-1`.
+
+1. If `sigil-1` is `!` or `#` and the URI path has exactly 4 segments,
+   it may be possible to construct the 2nd-level Matrix identifier to
+   point to an event inside the room identified by `mxid-1`:
+
+   a. Pick the next (3rd) path segment:
+      - if the segment is exactly `e` (or, optionally, `event`), proceed;
+      - otherwise, including the case of an empty segment (trailing `/`, e.g.),
+        fail parsing.
+    
+   b. Pick the next (4th) leftmost path segment:
+      - if the segment is empty, fail parsing;
+      - otherwise, percent-decode the segment (unless the initial URI parse 
+        has already done that) and make `mxid-2` by prepending `$`.
+      
+1. Split the `query` into items separated by `&` character; several subsequent
+   `&` characters delimit empty items, ignored by this algorithm.
+   
+   a. If `query` contains one or more items starting with `via=`: for each item, treat
+      the rest of the item as a percent-encoded homeserver name to be used in
+      [routing](https://matrix.org/docs/spec/appendices#routing).
+      
+   b. If `query` contains one or more items starting with `action=`: treat
+      _the last_ such item as an instruction, as this proposal defines in [query](#query).
+
+Clients MUST implement proper percent-decoding of the identifiers; there's no
+liberty similar to that of matrix.to.
+
+#### Operations on Matrix URIs
+
+The main purpose of a Matrix URI is accessing the resource specified by the
+identifier. This MSC defines the "default" operation
+([in the sense of RFC 7595](https://tools.ietf.org/html/rfc7595#section-3.4))
+that a client application SHOULD perform when the user activates
+(e.g. clicks on) a URI; further MSCs may introduce additional operations
+enabled either by passing an `action` value in the query part, or by other
+means.
+
+The classes of URIs and corresponding default operations (along with relevant
+CS API calls) are collected below. The table assumes that the operations are
+performed on behalf (using the access token) of the user `@me:example.org`:
+
+| URI class/example | Interactive operation | Non-interactive operation / Involved CS API |
+| ----------------- | --------------------- | --------------------------------------------- |
+| User Id (no `action` in URI):<br/>`matrix:u/her:example.org` | _Outside the room context_: show user profile<br/>_Inside the room context:_ mention the user in the current room (client-local operation) | No default non-interactive operation<br/>`GET /profile/@her:example.org/display_name`<br/>`GET /profile/@her:example.org/avatar_url` |
+| User Id (`action=chat`):<br/>`matrix:u/her:example.org?action=chat` | 1. Confirm with the local user if needed (see "Query")<br/>2. Open the room as defined in the next column | If [canonical direct chats](https://github.com/matrix-org/matrix-doc/pull/2199) are supported: `GET /_matrix/client/r0/user/@me:example.org/dm?involves=@her:example.org`<br/>Without canonical direct chats:<br/>1. `GET /user/@me:example.org/account_data/m.direct`<br/>2. Find the room id for `@her:example.org` in the event content<br/>3. if found, return this room id; if not, `POST /createRoom` with `"is_direct": true` and return id of the created room |
+| Room (no `action` in URI):<br/>`matrix:roomid/rid:example.org`<br/>`matrix:r/us:example.org` | Attempt to "open" (usually: display the timeline at the latest or last remembered position) the room | No default non-interactive operation<br/>API: Find the respective room in the local `/sync` cache or<br/>`GET /rooms/!rid:example.org/...`<br/> |
+| Room (`action=join`):<br/>`matrix:roomid/rid:example.org?action=join&via=example2.org`<br/>`matrix:r/us:example.org?action=join` | 1. Confirm with the local user if needed (see "Query")<br/>2. Attempt to join the room | `POST /join/!rid:example.org?server_name=example2.org`<br/>`POST /join/#us:example.org` |
+| Event:<br/>`matrix:r/us:example.org/e/lol823y4bcp3qo4`<br/>`matrix:roomid/rid:example.org/event/lol823y4bcp3qo4?via=example2.org` | 1. For room aliases, resolve an alias to a room id (see the next column)<br/>2. Attempt to retrieve (see the next column) and display the event;<br/>3. If the event could not be retrieved due to access denial and the current user is not a member of the room, the client MAY offer the user to join the room and try to open the event again | Non-interactive operation: return event or event content, depending on context<br/>API: find the event in the local `/sync` cache or<br/>`GET /directory/room/%23us:example.org` (to resolve alias to id)<br/>`GET /rooms/!rid:example.org/event/lol823y4bcp3qo4?server_name=example2.org`<br/> |
+
+
+#### URI construction algorithm
+
+The following algorithm assumes a Matrix identifier that follows
+the high-level grammar described in the specification. Clients MUST ensure
+compliance of identifiers passed to this algorithm.
+
+For room and user identifiers (including room aliases):
+1. Remove the sigil character from the identifier and match it against
+   the following list to produce `prefix-1`:
+   - `@` -> `u/`
+   - `#` -> `r/`
+   - `!` -> `roomid/`
+2. Build the Matrix URI as a concatenation of:
+   - literal `matrix:`;
+   - `prefix-1`;
+   - the remainder of identifier (`id without sigil`), percent-encoded as per
+     [RFC 3986](https://tools.ietf.org/html/rfc3986).
+   
+For event identifiers (assuming they need the room context, see
+[MSC2695](https://github.com/matrix-org/matrix-doc/pull/2695) and
+[MSC2779](https://github.com/matrix-org/matrix-doc/issues/2779) that
+may change this):
+1. Take the event's room id or canonical alias and build a Matrix URI for them
+   as described above.
+2. Append to the result of previous step:
+   - literal `e/`;
+   - the event id after removing the sigil (`$`) and percent-encoding.
+   
+Clients MUST implement proper percent-encoding of the identifiers; there's no
+liberty similar to that of matrix.to.
+
+
+## Discussion and non-normative statements
+
+### Ideas for further evolution
+
+This MSC is obviously just the first step, keeping the door open for
+extensions. Here are a few ideas:
+
+* Add new actions; e.g. leaving a room (`action=leave`).
+
+* Add specifying a segment of the room timeline (`from=$evtid1&to=$evtid2`).
+
+* Unlock bare event ids (`matrix:e/$event_id`) - subject to change in
+  other areas of the specification.
+
+* Bring tangible semantics to the authority part. The main purpose of
+  the authority part,
+  [as per RFC 3986](https://tools.ietf.org/html/rfc3986#section-3.2),
+  is to identify the entity governing the namespace for the rest of the URI.
+  The current MSC rules out the userinfo component but leaves it to a separate
+  MSC to define semantics of the remaining`host[:port]` piece.
+
+  Importantly, future MSCs are advised against using the authority part for
+  _routing over federation_ (the case for `via=` query items), as it would be
+  against the spirit of RFC 3986. The authority part can be used in cases when
+  a given Matrix entity is only available from certain servers (the case of
+  closed federations or non-federating servers). 
+
+  While being a part of the original proposal in an attempt to address
+  [the respective case](https://github.com/matrix-org/matrix-doc/issues/2309),
+  the definition of the authority semantics has been dropped as a result of
+  [the subsequent discussion](https://github.com/matrix-org/matrix-doc/pull/2312#discussion_r348960282).
+  A further MSC may approach the same case (and/or others) and define the
+  meaning of the authority part (either on the client- or even on
+  the server-side - provided that using Matrix URIs on the server-side brings
+  some other value along the way). This might not necessarily be actual DNS
+  hostnames even - one (quite far-fetched for now) idea to entertain might be
+  introducing some decentralised system of "network names" in order to equalise
+  "public" and "non-public" federations.
+
+  Along the same lines, if providing any part of user credentials via
+  the authority part is found to be of considerable value in some case,
+  a separate MSC could both reinstate it in the grammar and define how
+  to construct, parse, and use it - provided that the same MSC addresses
+  the security concerns associated with such URIs.
+
+* One could conceive a URI mapping of avatars in the form of
+  `matrix:u/uid:matrix.org/avatar/room:matrix.org`
+  (a user’s avatar for a given room).
+
+* As described in "Alternatives", a synonymous system can be introduced that
+  uses Matrix identifiers with sigils by adding another path prefix (e.g.,
+  `matrix:id/%23matrix:matrix.org`). However, such MSC would have to address
+  the concerns of possible confusion arising from having two similar but
+  distinct notations.
+
+* Interoperability of Matrix URIs with
+  [Linked Data](https://en.wikipedia.org/wiki/Linked_data).
+
+
+### Past discussion points and tradeoffs
+
+The below documents the discussion and outcomes in various prior forums;
+further discussion should happen in GitHub comments.
+1. _Why no double-slashes in a typical URI?_
+   Because `//` is used to mark the beginning of an authority
+   part. RFC 3986 explicitly forbids to start the path component with
+   `//` if the URI doesn't have an authority component. In other words,
+   `//` implies a centre of authority, and the (public) Matrix
+   federation is not supposed to have one; hence no `//` in most URIs.
+1. ~~_Why do type specifiers use singular rather than plural
+   as is common in RESTful APIs?_~~
+   This is no more relevant with single-letter type specifiers. The answer
+   below is provided for history only.
+   Unlike in actual RESTful APIs, this MSC does not see `rooms/` or
+   `users/` as collections to browse. The type specifier completes
+   the id specification in the URI, defining a very specific and
+   easy to parse syntax for that. Future MSCs may certainly add
+   collection URIs, but it is recommended to use more distinct naming
+   for such collections. In particular, `rooms/` is ambiguous, as
+   different sets of rooms are available to any user at any time
+   (e.g., all rooms known to the user; or all routable rooms; or
+   public rooms known to the user's homeserver).
+1. _Should we advise using the query part for collections then?_
+   Not in this MSC but that can be considered in the future.
+1. _Why can't event URIs use the fragment part for the event ID?_
+   Because fragment is a part processed exclusively by the client
+   in order to navigate within a larger document, and room cannot
+   be considered a "document". Each event can be retrieved from the server
+   individually, so each event can be viewed as a self-contained document.
+   When/if URI processing is shifted to the server-side, servers are not even
+   going to receive fragments (as per RFC 3986), which is why usage of 
+   fragments to remove the need for percent-encoding in other identifiers
+   would lead to URIs that cannot be resolved on servers. Effectively, all
+   clients would have to implement full URI processing with no chance
+   to offload that to the server. For that reason fragments, if/when ever
+   employed in Matrix, only should be used to pinpoint a position within events
+   and for similar strictly client-side operations.
+1. _How does this MSC work with closed federations?_ ~~If you need to
+   communicate a URI to the bigger world where you cannot expect
+   the consumer to know in advance which federation they should use -
+   supply any server of the closed federation in the authority part.
+   Users inside the closed federation can omit the authority part if
+   they know the URI is not going to be used outside this federation.
+   Clients can facilitate that by having an option to always add or omit
+   the authority part in generated URIs for a given user account.~~
+   As of now, use `via=` in order to point to a homeserver in the closed
+   federation. The authority part may eventually be used for that (or for some
+   other case - see the previous section).
+
+
+### Alternatives
+
+#### Using full words for all types
+
+During its draft state, this MSC was proposing type specifiers using full words
+(`user`, `room`, `event` etc.), arguing that abbreviations can be introduced
+separately as synonyms. Full words have several shortcomings pointed out in
+discussions across the whole period of preparation, namely:
+- The singular vs. plural choice (see also "Past discussion points")
+- Using English words raises a question about eventual support of localised
+  URI variants (`matrix:benutzer/...`, `matrix:usuario/...` etc.) catering to
+  international audience, that would add complication to the Matrix technology.
+- Abbreviated forms are popularised by Reddit and make URIs shorter which is
+  crucial for the outbound integration case (see the introduction).
+
+Meanwhile, using `u`/`r`/`e` for users, rooms and events has the following
+advantages:
+1. there's a strong Reddit legacy, with users across the world quite familiar
+   with the abbreviated forms (and `r/` coincidentally standing for sub-Reddits
+   links to which have basically the same place in the Reddit ecosystem as
+   Matrix room aliases have in the Matrix ecosystem);
+2. matrix.to links to users and room aliases are heavily used throughout Matrix,
+   specifically in end-user-facing contexts (see also use cases in the
+   introductory section of this MSC);
+3. the singular vs. plural (`room` or `rooms`?) confusion is avoided;
+4. it's shorter, which is crucial for typing the URI in an external medium.
+
+The rationale behind not abbreviating `roomid/` is a better distinction between
+room aliases and room ids; also, since room ids are almost never typed in
+manually, the advantages (3) and (4) above don't hold.
+
+For these reasons, it was decided in the end to use the single-letter style
+for types most used in the outbound integration case. It's still possible to
+reinstate full words as synonyms some time down the road, with the caveat that
+a canonicalisation service from homeservers may be needed to avoid having
+to enable synonyms at each client individually.
+
+#### URNs
+
+The discussion in
+[MSC455](https://github.com/matrix-org/matrix-doc/issues/455)
+mentions an option to standardise URNs rather than URLs/URIs,
+with the list of resolvers being user-specific. While a URN namespace
+such as `urn:matrix:`, along with a URN scheme, might be deemed useful
+once we shift to (even) more decentralised structure of the network,
+`urn:` URIs must be managed entities (see
+[RFC 8141](https://tools.ietf.org/html/rfc8141)) which is not always
+the case in Matrix (consider room aliases, e.g.).
+
+With that said, a URN-styled (`matrix:room:example.org:roomalias`)
+option was considered. However, Matrix already uses colon (`:`) as
+a delimiter of id parts and, as can be seen above, reversing the parts
+to meet the URN's hierarchical order would look confusing for Matrix
+users (as in example above - is `room` a part of the identifier or
+the type signifier?).
+
+#### "Full REST" 
+
+Yet another alternative considered was to go "full REST" and structure
+URLs in a more traditional way with serverparts coming first, followed
+by type grouping (sic - not specifiers), and then by localparts,
+i.e. `matrix://example.org/rooms/roomalias`. This is even more difficult
+to comprehend for a Matrix user than the previous alternative and besides it
+conflates the notion of an authority server with that of a namespace
+discriminator: clients would not connect to `example.org` to resolve the alias
+above, they would still connect to their own homeserver.
+
+#### Minimal syntax
+
+One early proposal was to simply prepend `matrix:` to a Matrix identifier
+(without encoding it), assuming that it will only be processed on the client
+side. The massive downside of this option is that such strings are not actual
+URIs even though they look like ones: most URI parsers won't handle them
+correctly. As laid out in the beginning of this proposal, Matrix URIs are
+not striving to preempt Matrix identifiers; instead of trying to produce
+an equally readable string, one should just use identifiers where they work.
+Why Matrix identifiers look the way they look is way out of the MSC scope
+to discuss here.
+
+#### Minimal syntax based on the path component and percent-encoding
+
+A simple modification of the previous option is much more viable:
+proper percent-encoding of the Matrix identifier allows to use it as
+a URI path part. A single identifier packed in a URI could look like
+`matrix:/encoded_id_with_sigil`; an event-in-a-room URI would be something
+like `matrix:/roomid_or_alias/$event_id` (NB: RFC 3986 doesn't require `$`
+to be encoded). This is considerably more concise and encoding is only
+needed for `#`.
+
+Quite unfortunately, `#` is one of the two sigils in Matrix most relevant
+to integration cases. The other one is `@`; it doesn't need encoding except
+in the authority part - which is why the form above uses a leading `/` that
+puts the identifier in the path part instead of what parsers treat as
+the authority part. `#` has to be encoded wherever it appears, making a URI
+for Matrix HQ, the first chat room many new users join, look like
+`matrix:/%23matrix:matrix.org`. Beyond first-time usage, this generally impacts
+[the "napkin" case](https://tools.ietf.org/html/rfc3986#section-1.2.1) from
+RFC 3986 that the Requirements section of this MSC mentions. Until we have
+applications generally recognising Matrix identifiers in the same way e-mail
+addresses are recognised without prefixing `mailto:`, we should live with
+the fact that people will have to produce Matrix URIs by hand in various
+instances, from pen-and-paper to other instant messengers.
+
+Putting the whole id to the URI fragment (`matrix:#id_with_sigil` or,
+following on the `matrix.to` tradition, `matrix:#/id_with_sigil` for
+readability) allows using `#` without encoding on many URI parsers. It is
+still not fully RFC-compliant and rules out using URIs by homeservers
+(see also "Past discussion points" on using fragments to address events).
+
+Regardless of the placement (the fragment or the path), one more consideration
+is that the character space for sigils is extremely limited and
+Matrix identifiers are generally less expressive than full-blown URI paths.
+Not that Matrix showed a tendency to produce many classes of objects that would
+warrant a dedicated sigil but that cannot be ruled out. Rather than rely
+on the institute of sigils, this proposal gives an alternative more
+extensible syntax that can be used for more advanced cases - as a uniform way
+to represent arbitrary sub-objects (with or without Matrix identifier) such as
+user profiles, or a notifications feed for the room - and also, if ever needed,
+as an escape hatch to a bigger namespace if we hit shortage of sigils.
+
+The current proposal is also flexible enough to incorporate the minimal
+syntax of this option as an alternative to its own notation - e.g., a further
+MSC could enable `matrix:id/%23matrix:matrix.org` as a synonym for
+`matrix:room/matrix:matrix.org`.
+
+
+## Potential issues
+
+Despite the limited functionality of URIs as proposed in this MSC,
+Matrix authors are advised to use tools that would process URIs just
+like an HTTP(S) URI instead of making home-baked parsers/emitters.
+Even with that in mind, not all tools normalise and sanitise all cases
+in a fully RFC-compliant way. This MSC tries to keep the required
+transformations to the minimum and will likely not bring much grief even
+with naive implementations; however, as functionality of Matrix URI grows,
+the number of corner cases will increase.
+
+
+## Security/privacy considerations
+
+This MSC mostly builds on RFC 3986 but tries to reduce the scope
+as much as possible. Notably, it avoids introducing complex traversable
+structures and further restricts the URI grammar to the necessary subset.
+In particular, dot path segments (`.` and `..`), while potentially useful
+when URIs become richer, would come too much ahead of time for now. Care
+is taken to not make essential parts of the URI omittable to avoid
+even accidental misrepresentation of a local resource for a remote one
+in Matrix and vice versa.
+
+As mentioned in the authority part section, the MSC intentionally doesn't
+support conveying any kind of user information in URIs.
+
+The MSC strives to not be prescriptive in treating URIs except the `action`
+query parameter. Actions without user confirmation may lead to unintended
+leaks of certain metadata and/or changes in the account state with respect
+to Matrix. To reiterate, clients SHOULD ask for a user consent if/when they
+can unless applying the action doesn't lead to sending persistent (message
+or state) events on user's behalf.
+
+
+## Conclusion
+
+A dedicated URI scheme is well overdue for Matrix. Many other networks
+already have got one for themselves, benefiting both in terms of
+branding (compare `matrix:r/weruletheworld:example.org` vs.
+`#weruletheworld:example.org` from the standpoint of someone who
+hasn't been to Matrix) and interoperability (`matrix.to` requires
+opening a browser while clicking a `tg:` link dumped to the terminal
+application will open the correct application for Telegram without
+user intervention or can even offer to install one, if needed).
+The proposed syntax makes conversion between Matrix URIs
+and Matrix identifiers as easy as a bunch of string comparisons or
+regular expressions; so even though client-side processing of URIs
+might not be optimal longer-term, it's a very simple and quick way
+that allows plenty of experimentation early on.
diff --git a/proposals/2320-identity-versions.md b/proposals/2320-identity-versions.md
new file mode 100644
index 00000000000..ded50b3bc88
--- /dev/null
+++ b/proposals/2320-identity-versions.md
@@ -0,0 +1,35 @@
+# Versions information for identity servers
+
+The client-server API currently specifies a `/versions` endpoint that allows
+clients to know what version of that API are implemented by the server.
+Identity servers could benefit from that endpoint as both homeservers and
+clients interact with them, and therefore could know which features they can
+expect a given identity server to implement by looking at the versions of the
+API it claims to support.
+
+## Proposal
+
+This proposal adds the following endpoint to the identity server API.
+
+### `GET /_matrix/identity/versions`
+
+This endpoint serves information about the versions of the identity server API
+this identity server supports. Its response uses the following format:
+
+```json
+{
+    "versions": [
+        "r0.1.0",
+        "r0.2.0",
+        "r0.2.1",
+    ]
+}
+```
+
+## Alternative solutions
+
+Another solution which was considered was using the status check endpoint ([`GET
+/_matrix/api/v1`](https://matrix.org/docs/spec/identity_service/latest#get-matrix-identity-api-v1))
+to serve this information. This solution was discarded because it's using a
+versioned endpoint, which doesn't make sense to advertise the supported versions
+of the API to use.
diff --git a/proposals/2366-key-verification-accept.md b/proposals/2366-key-verification-accept.md
new file mode 100644
index 00000000000..bc355601ff9
--- /dev/null
+++ b/proposals/2366-key-verification-accept.md
@@ -0,0 +1,80 @@
+# Key verification flow additions: `m.key.verification.ready` and `m.key.verification.done`
+
+The current key verification framework is asymmetrical in that the user who
+requests the verification is unable to select the key verification method.
+This makes it harder for more experienced users who wish to guide less
+experienced users through the verification process, especially if they are not
+verifying in-person, but are using a trusted but remote channel of verification
+(such as telephone or video conference).
+
+As an example, let us say that Alice is an experienced Matrix user and is
+introducing Bob to the wonders of federated communications.  Alice wants to
+verify keys with Bob, so she clicks on the "Verify" button in her client on
+Bob's profile (which sends a `m.key.verification.request` message to Bob).
+Bob's device receives the verification request and prompts Bob to accept the
+verification request.  At this point, under the current framework, Bob is
+responsible for choosing the verification method to use.  However, with this
+proposal, Bob would be able to just accept the verification request without
+choosing a method, and allow Alice to choose the verification method.
+
+In addition, the current key verification framework does not have a method for
+clients to signal to the other side that a key verification was successful.
+Some clients may wish to wait until the other side has either confirmed a
+successful verification or indicated an error before displaying the result of
+the verification, in order to give the two users a consistent view of the
+verification as a whole.
+
+## Proposal
+
+Two new event types are added to the [key verification
+framework](https://matrix.org/docs/spec/client_server/r0.6.1#key-verification-framework)
+when verifying in to-device messages.  The new event
+types are already described in [MSC2241 (Key verification in
+DMs)](https://github.com/matrix-org/matrix-doc/pull/2241).  This proposal adds
+them to verifications in to-device messages.
+
+The first event type is `m.key.verification.ready`, which must be sent by the
+target of the `m.key.verification.request` message, upon receipt of the
+`m.key.verification.request` event.  It has the fields:
+
+- `from_device`: the ID of the device that sent the `m.key.verification.ready`
+  message
+- `methods`: an array of verification methods that the device supports
+
+It also has the usual `transaction_id` or `m.relates_to` fields for key
+verification events, depending on whether it is sent as a to-device event
+or an in-room event.
+
+After the `m.key.verification.ready` event is sent, either party can send an
+`m.key.verification.start` event to begin the verification.  If both parties
+send an `m.key.verification.start` event, and they both specify the same
+verification method, then the event sent by the user whose user ID is the
+lexicographically smallest is used, and the other `m.key.verification.start` event is ignored.
+In the case of a single user verifying two of their devices, the device ID is
+compared instead.  If both parties send an `m.key.verification.start` event,
+but they specify different verification methods, the verification should be
+cancelled with a `code` of `m.unexpected_message`.
+
+With to-device messages, previously the sender of the
+`m.key.verification.request` message would send an `m.key.verification.cancel`
+message to the recipient's other devices when it received an
+`m.key.verification.start` event. With this new event, the sender of the
+`m.key.verification.request` message should send an `m.key.verification.cancel`
+message when it receives an `m.key.verification.ready` or
+`m.key.verification.start` message, whichever comes first.
+
+The `m.key.verification.ready` event is required for verifications in both DMs
+and in to-device messages to accept verifications requested using an
+`m.key.verification.request` event.
+
+The second event type is `m.key.verification.done`, which has no fields other
+than the usual `transaction_id` or `m.relates_to` field.  This indicates that
+the device has successfully completed its side of the verification.
+
+## Potential issues
+
+Clients that follow the Client-Server 0.6.0 spec may not expect an
+`m.key.verification.ready` message in response to `m.key.verification.request`.
+However to our knowledge, no clients implement `m.key.verification.request` in
+this way yet -- to our knowledge, all clients that implement verification
+implement this proposal.
diff --git a/proposals/2403-knock.md b/proposals/2403-knock.md
new file mode 100644
index 00000000000..c0f39254e41
--- /dev/null
+++ b/proposals/2403-knock.md
@@ -0,0 +1,683 @@
+# MSC2403: Add "knock" feature
+Many people are in invite-only rooms. Sometimes, someone wants to join such a
+room and can't, as they aren't invited. This proposal adds a feature for a
+user to indicate that they want to join a room.
+
+# Proposal
+This proposal implements the reserved "knock" membership type for the
+`m.room.member` state event. This state event indicates that when a user
+knocks on a room, they are asking for permission to join. Like all membership
+events, it contains an optional "reason" parameter to specify the reason you
+want to join. Like other membership types, the parameters "displayname" and
+"avatar_url" are optional. This membership can be sent by users who aren't
+currently in said room. An example for the membership would look like the
+following:
+```json
+{
+  "membership": "knock",
+  "displayname": "Alice",
+  "avatar_url": "mxc://example.org/avatar",
+  "reason": "I want to join this room as I really love foxes!"
+}
+```
+
+After a knock in a room, a member of the room can invite the knocker, or they
+can decide to reject it instead.
+
+## Client-Server API
+A new endpoint is introduced in the Client-Server API: `POST
+/_matrix/client/r0/knock/{roomIdOrAlias}`. This allows the client to state
+their intent to knock on a room.
+
+Additionally, extensions to the `GET /_matrix/client/r0/sync` endpoint are
+introduced. These allow a client to receive information about the status of
+their knock attempt.
+
+### `POST /_matrix/client/r0/knock/{roomIdOrAlias}`
+Or the knocking equivalent of
+[`POST
+/_matrix/client/r0/join/{roomIdOrAlias}`](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-join-roomidoralias).
+
+The path parameter (`roomIdOrAlias`) is either the room ID or the alias of
+the room you want to knock on. Additionally, several `server_name` parameters
+can be specified via the query parameters. The post body accepts an optional
+string parameter, `reason`, which is the reason you want to join the room. A
+request could look as follows:
+
+```json
+POST /_matrix/client/r0/knock/%23foxes%3Amatrix.org?server_name=matrix.org&server_name=elsewhere.ca  HTTP/1.1
+Content-Type: application/json
+
+{
+  "reason": "I want to join this room as I really love foxes!"
+}
+```
+
+This endpoint requires authentication and can be rate limited.
+
+
+#### Responses:
+##### Status code 200:
+The user knocked successfully. The room ID of the knocked on room is returned. Example
+reply:
+```json
+{
+  "room_id": "!ZclcEpFTORTjmWIrqH:matrix.org"
+}
+```
+
+##### Status code 403:
+The user wasn't allowed to knock (e.g. they are banned). Example error reply:
+```json
+{
+  "errcode": "M_FORBIDDEN",
+  "error": "The user isn't allowed to knock in this room."
+}
+```
+
+##### Status code 404:
+The room was not found. Example error reply:
+```json
+{
+  "errcode": "M_NOT_FOUND",
+  "error": "Unknown room."
+}
+```
+
+### Extensions to `GET /_matrix/client/r0/sync`
+
+In [the response to
+`/sync`](https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-sync)
+is a `rooms` field. This is a dictionary which currently contains keys
+`join`, `invite` and `leave`, which each provide information to the client on
+various membership states regarding the user.
+
+It is proposed to add a fourth possible key to `rooms`, called `knock`. Its
+value is a mapping from room ID to room information. The room information is
+a mapping from a key `knock_state` to another mapping with key `events` being
+a list of `StrippedStateEvent`. `StrippedStateEvent`s are defined as state
+events that only contain the `sender`, `type`, `state_key` and `content`
+keys.
+
+Note that while `join` and `leave` keys in `/sync` use `state`, we use
+`knock_state` here. This mirrors `invite`s use of `invite_state`.
+
+These stripped state events contain information about the room, most notably
+the room's name and avatar. A client will need this information to show a
+nice representation of pending knocked rooms. The recommended events to
+include are the join rules, canonical alias, avatar, name and encryption
+state of the room, rather than all room state. This behaviour matches the
+information sent to remote homeservers when remote users are invited to a
+room.
+
+This prevents unneeded state from the room leaking out, and also speeds
+things up (think not sending over hundreds of membership events from big
+rooms).
+
+Also note that like `invite_state`, state events from `knock_state` are
+purely for giving the user some information about the current state of the
+room that they have knocked on. If the user was previously in the room, the
+state events in `knock_state` are not intended to overwrite any historical
+state. This applies storage of state on both the homeserver and the client.
+
+The following is an example of knock state coming down `/sync`.
+
+Request:
+```
+GET /_matrix/client/r0/sync HTTP/1.1
+Content-Type: application/json
+```
+
+Response:
+```json
+{
+  ...
+  "rooms": {
+    "knock": {
+      "!abcdefghijklmo:example.com": {
+        "knock_state": {
+          "events": [
+            {
+              "content": {
+                "join_rule": "knock"
+              },
+              "sender": "@room_admin:example.com",
+              "state_key": "",
+              "type": "m.room.join_rules"
+            },
+            {
+              "content": {
+                "name": "Some cool room"
+              },
+              "sender": "@room_admin:example.com",
+              "state_key": "",
+              "type": "m.room.name"
+            },
+            {
+              "content": {
+                "url": "mxc://example.com/xyz54321"
+              },
+              "sender": "@room_admin:example.com",
+              "state_key": "",
+              "type": "m.room.avatar"
+            },
+            {
+              "content": {
+                "avatar_url": "mxc://example.org/abc1234",
+                "displayname": "Knocking User",
+                "membership": "knock"
+              },
+              "sender": "@knocking_user:example.org",
+              "state_key": "@knocking_user:example.org",
+              "type": "m.room.member",
+            }
+          ]
+        }
+      }
+    }
+  },
+  ...
+}
+```
+
+### Changes regarding the Public Rooms Directory
+
+A problem arises for discovery of knockable rooms. Ideally one wouldn't have
+to send their colleagues a room ID for a room that they need to knock on. One
+of these methods for room discovery is the [public rooms
+directory](https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-publicrooms),
+which allows us to explore a list of rooms we may be able to join.
+
+The spec does not prevent us from adding rooms with 'knock' join_rules to the
+public rooms directory. However, a user attempting
+to join a room in the directory will not know whether to directly attempt a
+join, or to knock first. The current content of a `PublicRoomsChunk` does not
+contain this information:
+
+```json
+{
+  "aliases": [
+    "#murrays:cheese.bar"
+  ],
+  "avatar_url": "mxc://bleecker.street/CHEDDARandBRIE",
+  "guest_can_join": false,
+  "name": "CHEESE",
+  "num_joined_members": 37,
+  "room_id": "!ol19s:bleecker.street",
+  "topic": "Tasty tasty cheese",
+  "world_readable": true
+}
+```
+
+Therefore this proposal adds `join_rule` as a new, optional field to a
+`PublicRoomsChunk`. The `join_rule` of knockable rooms will be `knock`,
+thus giving clients the information they need to attempt entry of a
+room when a client selects it. It also allows clients to display
+knockable rooms differently than publicly joinable ones.
+
+For backwards compatibility with old servers, the default value of
+`join_rule` is `public`.
+
+### Push Rules
+
+To help knocks be noticed earlier, it would be nice to send a push
+notification to those in the room who can act on a knock when it
+comes in, rather than everyone in the room. This would require a
+push rule to fire only when that user's power level is high enough to
+accept or reject a knock.
+
+With the current push rules implementation it is possible to place a
+condition on the sender's power level, but unfortunately the same does
+not exist for event recipients.
+
+This MSC thus does not propose any changes to push rules at this time,
+but acknowledges that it would be useful for a future MSC to address when
+the underlying push rules architecture can support it.
+
+
+## Server-Server API
+Similarly to [join](https://matrix.org/docs/spec/server_server/r0.1.4#joining-rooms)
+and [leave](https://matrix.org/docs/spec/server_server/r0.1.4#leaving-rooms-rejecting-invites)
+over federation, a ping-pong game with two new endpoints is introduced: `make_knock`
+and `send_knock`. Both endpoints must be protected via server ACLs.
+
+### `GET /_matrix/federation/v1/make_knock/{roomId}/{userId}`
+
+Asks the receiving server to return information that the sending server will
+need to prepare a knock event.
+
+Request format:
+
+| Parameter | Type | Description |
+|-----------|------|-------------|
+| Path parameters:
+| roomId | string | Required. The room ID that should receive the knock.
+| userId | string | Required. The user ID the knock event will be for.
+| Query Parameters:
+| ver | [string] | Required. The room versions the sending server has support for.
+
+Note that `GET /_matrix/federation/v1/make_join/{roomId}/{userId}` does not make `ver`
+a required query parameter for backwards compatibility reasons. We have no such restrictions.
+
+
+Response Format:
+
+| Parameter | Type | Description |
+|-----------|------|-------------|
+| room_version | string | The version of the room where the server is trying to knock.
+| event | Event Template | An unsigned template event. May differ between room versions.
+
+#### Responses
+##### Status code 200:
+Returns a template to be used to knock on rooms. May depend on room version.
+```json
+{
+  "room_version": "2",
+  "event": {
+    "type": "m.room.member",
+    "room_id": "!somewhere:example.org",
+    "content": {
+      "membership": "knock"
+    },
+    "state_key": "@someone:example.org",
+    "origin": "example.org",
+    "origin_server_ts": 1549041175876,
+    "sender": "@someone:example.org"
+  }
+}
+```
+
+##### Status code 400:
+This request was invalid, e.g. bad JSON. Example reply:
+```json
+{
+  "errcode": "M_INCOMPATIBLE_ROOM_VERSION",
+  "error": "Your homeserver does not support the features required to join this room",
+  "room_version": "3"
+}
+```
+
+##### Status code 403:
+This request is forbidden, e.g. the user is banned from the room. Example reply:
+```json
+{
+  "errcode": "M_FORBIDDEN",
+  "error": "You are not allowed to knock on this room"
+}
+```
+
+##### Status code 404:
+The room is unknown to the remote server. Example reply:
+```json
+{
+  "errcode": "M_NOT_FOUND",
+  "error": "Unknown room"
+}
+```
+
+### `PUT /_matrix/federation/v1/send_knock/{roomId}/{eventId}`
+Submits a signed knock event to the resident homeserver for it to accept into
+the room's graph. Note that event format may differ between room versions.
+
+Note that in the past all `send_*` federation endpoints were updated to `/v2`
+to remove a redundant HTTP error code from the return body. While we don't
+have the same redundancy here, we start off at `/v1` for this new endpoint
+as per
+[MSC2844](https://github.com/matrix-org/matrix-doc/pull/2844).
+
+Request format:
+
+| Parameter | Type | Description |
+|-----------|------|-------------|
+| Path parameters:
+| roomId | string | Required. The room ID that should receive the knock.
+| eventId | string | Required. The event ID for the knock event.
+
+The JSON body is expected to be the full event.
+
+Response Format:
+
+| Parameter | Type | Description |
+|-----------|------|-------------|
+| `knock_room_state` | [StrippedStateEvent] | Required. State events providing public room metadata
+
+A request could look as follows:
+```json
+PUT /_matrix/federation/v1/send_knock/%21abc123%3Amatrix.org/%24abc123%3Aexample.org HTTP/1.1
+Content-Type: application/json
+
+{
+  "sender": "@someone:example.org",
+  "origin": "matrix.org",
+  "origin_server_ts": 1234567890,
+  "type": "m.room.member",
+  "state_key": "@someone:example.org",
+  "content": {
+    "membership": "knock",
+    "displayname": "Alice",
+    "avatar_url": "mxc://example.org/avatar",
+    "reason": "I want to join this room as I really love foxes!"
+  }
+}
+```
+
+#### Response:
+##### Status code 200:
+The event was successfully accepted into the graph by the homeserver that
+received the knock. It must then send this knock into the room, before
+responding to the knocking homeserver, indicating the knock succeeded.
+
+The response contains `StrippedStateEvent`s with room metadata (room name,
+avatar ...) that the knocking homeserver can pass to the client. The event
+types that can be sent here should match those of the `/sync` extensions
+mentioned above.
+
+This is loosely based on the
+[federated invite](https://matrix.org/docs/spec/server_server/r0.1.4#put-matrix-federation-v2-invite-roomid-eventid)
+request content.
+```json
+{
+  "knock_room_state": [
+    {
+      "content": {
+        "join_rule": "knock"
+      },
+      "sender": "@room_admin:example.com",
+      "state_key": "",
+      "type": "m.room.join_rules"
+    },
+    {
+      "content": {
+        "name": "Some cool room"
+      },
+      "sender": "@room_admin:example.com",
+      "state_key": "",
+      "type": "m.room.name"
+    },
+    {
+      "content": {
+        "url": "mxc://example.com/xyz54321"
+      },
+      "sender": "@room_admin:example.com",
+      "state_key": "",
+      "type": "m.room.avatar"
+    },
+    {
+      "content": {
+        "avatar_url": "mxc://example.org/abc1234",
+        "displayname": "Knocking User",
+        "membership": "knock"
+      },
+      "sender": "@knocking_user:example.org",
+      "state_key": "@knocking_user:example.org",
+      "type": "m.room.member",
+    }
+  ]
+}
+```
+
+##### Status code 403:
+This request is forbidden, e.g. the user is banned from the room. Example reply:
+```json
+{
+  "errcode": "M_FORBIDDEN",
+  "error": "You are not allowed to knock on this room"
+}
+```
+
+##### Status code 404:
+The room is unknown to the remote server. Example reply:
+```json
+{
+  "errcode": "M_NOT_FOUND",
+  "error": "Unknown room"
+}
+```
+
+## Restrictions
+There are restrictions to being able to set this membership, as well as
+accepting or denying the knock.  A formal description of the changes to the auth rules is given below; 
+first we summarise the semantics of the proposed changes.
+
+### Current membership
+Only users without a current membership or with their current membership
+set to "knock" or "leave" can knock on a room. This means that a user that
+is banned, is invited or is currently in the room cannot knock on it.
+
+### Join Rules
+This proposal makes use of the existing "knock" join rule. The value of
+`join_rule` in the content of the `m.room.join_rules` state event for a room
+must be set to "knock" for a knock to succeed. This means that existing rooms
+will need to opt into allowing knocks in their rooms. Other than allowing
+knocks, a join rule of "knock" is functionally equivalent to that of
+"invite", except that it additionally allows external users to change their
+membership to "knock" under certain conditions.
+
+### Auth rules
+
+Each room version defines the auth rules which should be applied in that room version.
+This MSC proposes a new room version with the following changes to the [auth
+rules from room version 6](https://matrix.org/docs/spec/rooms/v6#authorization-rules-for-events):
+
+* Under "5. If type is `m.room.member`", insert the following after "e. If membership is `ban`":
+
+  ```
+  f. If `membership` is `knock`:
+    i. If the `join_rule` is anything other than `knock`, reject.
+    ii. If `sender` does not match `state_key`, reject.
+    iii. If the `sender`'s membership is not `ban`, `invite` or `join`, allow.
+    iv. Otherwise, reject.
+  ```
+
+Note that:
+    - Both the `sender` and `state_key` fields are set to the user ID of the knocking
+      user. This is different to an `invite` membership event, where the `sender` is the inviter and
+      the `state_key` is the invitee.
+    - f.ii is justified as one user should not be able to knock on behalf of
+      another user.
+    - f.iii is justified as knocks should not be allowed if the knocking user
+      has been banned from the room, is invited to the room or if they are already
+      in the room.
+    - Knocks are not restricted by power level like invites are. The `join_rules`
+      are already used to enforce whether someone can or cannot knock. However,
+      power level rules do apply when approving or denying the knock, as discussed
+      in the Membership Changes section below.
+
+Additionally, note that redactions of knock events are not a concern, as
+`membership` keys are excluded from being redacted as defined by all current
+room versions.
+
+## Membership changes
+Once someone has sent a `knock` membership into the room, the membership for
+that user can be transitioned to the following possible states:
+ - `invite`: In this case, the knock was accepted by someone inside the room
+   and they are inviting the knocker into the room.
+ - `leave`: In this case, similar to how kicks are handled, the knock has
+   been rejected. Alternatively, the knocking user has rescinded their knock.
+ - `ban`: In this case, the knock was rejected and the user has been prevented
+   from sending further knocks.
+
+Let's talk about each one of these in more detail.
+
+### Membership change to `invite`
+
+The knock has been accepted by someone in the room.
+
+The user who is accepting the knock must have the power level to perform
+invites. The accepting user's homeserver will then send an invite - over federation if
+necessary - to the knocking user. The knocking user may then join the room as
+if they had been invited normally.
+
+To accept a knock, the client should call [`POST
+/_matrix/client/r0/rooms/{roomId}/invite`](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-rooms-roomid-invite)
+with the user ID of the knocking user in the JSON body.
+
+If the knocking user is on another homeserver, then the homeserver of the
+accepting user will call [`PUT
+/_matrix/federation/v2/invite/{roomId}/{eventId}`](https://matrix.org/docs/spec/server_server/r0.1.4#put-matrix-federation-v2-invite-roomid-eventid)
+on the knocking homeserver to inform it that the knock has been accepted.
+
+The knocking homeserver should assume an invite to a room it has knocked on means
+that its knock has been accepted, even if the invite was not explicitly
+related to the knock attempt.
+
+Note that client or homeserver implementations are free to automatically
+accept this invite given they're aware that it's the result of a previous
+knock. In case of failing to auto-accept an invite on the homeserver, it's
+recommended for homeservers to pass the invite down to the client so that it
+may try at a later point (or reject the potentially broken invite) at the user's
+discretion.
+
+### Membership change to `leave` via rejecting a knock
+
+The knock has been rejected by someone in the room.
+
+To reject a knock, the rejecting user's client must call [`POST
+/_matrix/client/r0/rooms/{roomId}/kick`](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-rooms-roomid-kick)
+with the user ID of the knocking user in the JSON body. Rejecting a knock
+over federation has a slight catch, though.
+
+When the knocking user is on another homeserver, the homeserver of the
+rejecting user needs to send the `leave` event over federation to the
+knocking homeserver. However, this is a bit tricky as it is currently very
+difficult to have events from a room propagate over federation when the
+receiving homeserver is not in the room. This is due to the remote homeserver
+being unable to verify that the event being sent is actually from a
+homeserver in the room - and that the homeserver in the room had the required
+power level to send it. This is a problem that currently affects other,
+similar operations, such as disinviting or unbanning a federated user. In
+both cases, they won't be notified as their homeserver is not in the room.
+
+While we could easily send the leave event as part of a generic
+transaction to the remote homeserver, that homeserver would have no way to
+validate the `prev_events` and `auth_events` that the event references. We
+could send those events over as well, but those will also reference other
+events that require validation and so on.
+
+A simple thing we could easily do here is to trust the leave event implicitly
+if it is sent by the homeserver we originally knocked through. We know this
+homeserver is (or at least was) in the room, so they're probably telling the
+truth. This is almost an edge case though, as while you'll knock through one
+homeserver in the room, there's no guarantee that the admin that denies your
+knock will be on the same homeserver you knocked through. Perhaps the
+homeserver you knocked through could listen for this and then send the event
+back to you - but what if it goes offline in the meantime?
+
+As such, informing remote homeservers about the rejection of knocks over
+federation is de-scoped for now, and left to a future MSC which can solve
+this class of problem in a suitable way. Rejections should still work for the
+homeservers that are in the room, as they can validate the leave event for
+they have access to the events it references.
+
+### Membership change to `leave` via rescinding a knock
+The knocking user has rescinded their knock.
+
+To rescind a knock, the knocking user's client must call [`POST
+/_matrix/client/r0/rooms/{roomId}/leave`](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-rooms-roomid-leave).
+To rescind a knock over federation, the knocking homeserver must complete
+a [`make_leave`, `send_leave` dance](
+https://matrix.org/docs/spec/server_server/r0.1.4#leaving-rooms-rejecting-invites)
+with a homeserver in the room.
+
+### Membership change to `ban`
+
+The knock has been rejected by someone in the room and the user has been
+banned, and is unable to send further knocks.
+
+This one is fairly straightforward. Someone with the appropriate power levels
+in the room bans the user. This will have the same effect as rejecting the
+knock, and in addition prevent any further knocks by this user from being
+allowed into the room.
+
+If the user is unbanned, they will be able to send a new knock which could be
+accepted.
+
+To ban the user, the client should call [`POST
+/_matrix/client/r0/rooms/{roomId}/ban`](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-rooms-roomid-ban) with the user ID of the knocking user in the JSON body.
+
+Informing the knocking user about the update is the same as rejecting the
+knock.
+
+# Potential issues
+This new feature would allow users to send events into rooms that they don't
+partake in. That is why this proposal enables the `knock` join rule, in
+order to allow room admins to opt in to this behaviour.
+
+# Alternatives
+The possibility of initiating a knock by sending EDUs between users instead of sending 
+a membership state event into a room has been raised. This is an ongoing discussion
+occurring at https://github.com/matrix-org/matrix-doc/pull/2403/files#r573180627.
+
+# Client UX recommendations
+After a knock is received in a room, it is expected to be displayed in the
+timeline, similar to other membership changes. Clients can optionally add a way
+for users of a room to review all current knocks.
+
+Please also note the recommendations for clients in the "Security considerations"
+section below.
+
+# Security considerations
+Clients must take care when implementing this feature in order to prevent
+simple abuse vectors that can be accomplished by individual users. For
+instance, when a knock occurs, clients are advised to hide the reason until
+the user interacts with the client in some way (e.g. clicking on a "show
+reason" button). The user should reveal the reason only if they choose to.
+
+It is recommended to not display the reason by default as else this would
+essentially allow outsiders to send messages into the room.
+
+It is still theoretically possible for a homeserver admin to create many users
+with different user IDs or display names, all spelling out an abusive
+message, and then having each of them knock in order.
+
+Clients should also do their best to prevent impersonation attacks. Similar to
+joins, users can set any displayname or avatar URL they'd like when knocking on
+a room. Clients SHOULD display further information to help identify the user,
+such as User ID, encryption verification status, rooms you share with the user,
+etc. Care should be taken to balance the importance of preventing attacks while
+avoiding overloading the user with too much information or raising false
+positives.
+
+Another abuse vector is allowed by the ability for users to rescind knocks.
+This is to help users in case they knocked on a room accidentally, or simply
+no longer want to join a room they've knocked on. While this is a useful
+feature, it also allows users to spam a room by knocking and rescinding their
+knocks over and over. Particularly note-worthy is that this will generate
+state events that homeservers in the room will need to process. And while
+join/leave state changes will do the same in a public room, the act of
+knocking is much lighter than the act of joining a room.
+
+In both cases, room admins should employ typical abuse mitigation tools, such
+as user bans and server ACLs. Clients are encouraged to make employing these
+tools easy even if the offensive user or server is not present in the room.
+
+# Unstable prefix
+
+An unstable feature flag is not required due to this proposal's requirement
+of a new room version. Clients can check for a room version that includes
+knocking via the Client-Server API's [capabilities
+endpoint](https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-capabilities).
+Experimental implementation should use `xyz.amorgan.knock` as a room version identifier.
+
+The new endpoints should contain an unstable prefix during experimental
+implementation. The unstable counterpart for each endpoint is:
+
+C-S knock:
+
+* `POST /_matrix/client/knock/{roomIdOrAlias}`
+* `POST /_matrix/client/unstable/xyz.amorgan.knock/knock/{roomIdOrAlias}`
+
+S-S make_knock:
+
+* `GET /_matrix/federation/v1/make_knock/{roomId}/{userId}`
+* `GET /_matrix/federation/unstable/xyz.amorgan.knock/make_knock/{roomId}/{userId}`
+
+S-S send_knock:
+
+* `PUT /_matrix/federation/v1/send_knock/{roomId}/{eventId}`
+* `PUT /_matrix/federation/unstable/xyz.amorgan.knock/send_knock/{roomId}/{eventId}`
+
+Finally, an unstable prefix is added to the key that comes down `/sync`,
+the join rule for rooms and the `content.membership` key of the member
+event sent into rooms when a user has knocked successfully. Instead of
+`knock`, experimental implementations should use `xyz.amorgan.knock`.
diff --git a/proposals/2414-optional-content-reporting-reason.md b/proposals/2414-optional-content-reporting-reason.md
new file mode 100644
index 00000000000..43cdf6c72ff
--- /dev/null
+++ b/proposals/2414-optional-content-reporting-reason.md
@@ -0,0 +1,45 @@
+# MSC2414: Make `reason` and `score` optional for reporting content
+
+## Proposal
+
+On the [report content endpoint](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-rooms-roomid-report-eventid)
+we remove the `required` flag for both the `reason` and `score` parameters, as
+well as the "may be blank" clause in the description of `reason`.
+
+## Rationale
+
+### `reason` Parameter
+
+Currently, the spec says that the `reason` parameter on the content reporting
+endpoint is required, but also says that the string "may be blank." This
+seems to be a contradiction.
+
+Note that the kicking and banning endpoints already have optional `reason`
+parameters. The other membership endpoints mentioned in
+[#2367][membership-endpoints] will also add optional `reason` parameters,
+so it would be more more consistent with the rest of the spec to make this
+optional as well.
+
+### `score` Parameter
+
+The spec also requires the `score` parameter, but its usefulness is limited.
+Offensiveness is difficult to measure and is likely not going to be applied
+consistently across several rooms. Because of this ambiguity, it seems, many
+clients [simply hard-code the integer value][hard-code].
+
+To make this useful, for example, room administrators would need a way to map more
+specific values to the integer range and perhaps even instruct the client to
+display those mappings to the user. That may be possible to do in a closed
+client/homeserver implementation, but not generally across the Matrix protocol.
+
+Making `score` optional would enable this feature to be used in specific contexts
+while not forcing clients to support the ambiguity it brings.
+
+## Backwards Compatibility
+
+Since servers currently expect these fields to be sent by all clients, making
+them optional is a breaking change. Clients should check the spec versions
+the homeserver supports to detect this change.
+
+[membership-endpoints]: https://github.com/matrix-org/matrix-doc/pull/2367
+[hard-code]: https://github.com/matrix-org/matrix-react-sdk/pull/3290/files#diff-551ca16d6a8ffb96888b337b5246402dR66
diff --git a/proposals/2557-spoiler-clarifications.md b/proposals/2557-spoiler-clarifications.md
new file mode 100644
index 00000000000..0391ee97e43
--- /dev/null
+++ b/proposals/2557-spoiler-clarifications.md
@@ -0,0 +1,20 @@
+# MSC2557: Clarifications on spoilers
+
+Spoiler messages are described in [MSC2010](https://github.com/matrix-org/matrix-doc/pull/2010)
+though the MSC is unclear if the fallback is required to be sent by clients.
+
+## Proposal
+
+The fallback for spoiler messages is optional, though recommended to be sent by clients. Clients
+should make reasonable efforts to represent the spoiler in the `body` field of a message.
+
+The recommended fallback format is unchanged.
+
+Additionally, this proposal opens up spoilers to any HTML-supporting message types. Currently
+this includes `m.text` (already included by MSC2010), `m.notice`, and `m.emote`.
+
+## Potential issues
+
+Clients could inadvertently spoil parts of a message by not representing the spoiler correctly
+in the `body` of the message. The author believes this would quickly show up as a bug report
+on the client due to the nature of spoilers.
diff --git a/proposals/2674-event-relationships.md b/proposals/2674-event-relationships.md
new file mode 100644
index 00000000000..95f077bada0
--- /dev/null
+++ b/proposals/2674-event-relationships.md
@@ -0,0 +1,250 @@
+# MSC2674: Event relationships
+
+It's common to want to send events in Matrix which relate to existing events -
+for instance, reactions, edits and even replies/threads.
+
+This proposal is one in a series of proposals that defines a mechanism for
+events to relate to each other.  Together, these proposals replace
+[MSC1849](https://github.com/matrix-org/matrix-doc/pull/1849).
+
+* This proposal defines a standard shape for indicating events which relate to
+  other events.
+* [MSC2675](https://github.com/matrix-org/matrix-doc/pull/2675) defines APIs to
+  let the server calculate the aggregations on behalf of the client, and so
+  bundle the related events with the original event where appropriate.
+* [MSC2676](https://github.com/matrix-org/matrix-doc/pull/2676) defines how
+  users can edit messages using this mechanism.
+* [MSC2677](https://github.com/matrix-org/matrix-doc/pull/2677) defines how
+  users can annotate events, such as reacting to events with emoji, using this
+  mechanism.
+* [MSC3267](https://github.com/matrix-org/matrix-doc/pull/3267) defines how events
+  can make a reference to other events.
+* [MSC3389](https://github.com/matrix-org/matrix-doc/pull/3389) defines changes to
+  the redaction algorithm, to preserve the type and target id of a relation.
+
+
+## Proposal
+
+This proposal introduces the concept of relations, which can be used to
+associate new information with an existing event.
+
+A relationship is an object with a field `rel_type`, which is a string describing the type of relation,
+and a field `event_id`, which is a string that represents the event_id of the target event of this relation.
+The target event must exist in the same room as the relating event is sent.
+Both of those fields are required. An event is said to contain a relationship if its `content` contains
+a relationship with all the required fields under the `m.relates_to` key. If any of these conditions is not met,
+clients and servers should treat the event as if it does not contain a relationship.
+Servers should reject events not meeting these conditions with an HTTP 400 error when
+they are received via the client-server API.
+
+Here's a (partial) example of an event relating to another event:
+
+```json
+{
+  "content": {
+      "m.relates_to": {
+          "rel_type": "m.replace",
+          "event_id": "$abc:server.tld"
+      }
+  }
+}
+```
+
+All the information about the relationship lives under the `m.relates_to` key.
+
+If it helps, you can think of relations as a "subject verb object" triple,
+where the subject is the relation event itself; the verb is the `rel_type`
+field of the `m.relates_to` and the object is the `event_id` field.
+
+We consciously do not support multiple different relations within a single event,
+in order to keep the API simple.  This means that if event A relates to event B
+in two different ways you would send two events to describe the two relations,
+rather than bundling them into a single event.  Another MSC,
+like [MSC 3051](https://github.com/matrix-org/matrix-doc/pull/3051),
+can propose a change to add support for multiple relations if it turns out that
+this would facilitate certain use cases.
+
+Relations do not yet replace the 
+[reply mechanism currently defined in the spec](https://matrix.org/docs/spec/client_server/r0.6.1#rich-replies).
+
+### Relation types
+
+Any values for `rel_type` should abide the
+[general guidelines for identifiers](https://github.com/matrix-org/matrix-doc/pull/3171).
+
+The `rel_type` property determines how an event relates to another and can be used
+by clients to determine how and in what context a relation should be displayed.
+
+[MSC 2675](https://github.com/matrix-org/matrix-doc/pull/2675) proposes to also interpret the `rel_type` server-side.
+
+It is left up to the discretion of other MSCs building on this one whether they introduce
+`rel_type`s that are specific to their use case or that can serve a broad range
+of use cases. MSCs may define additional properties on the relation object for a given `rel_type`.
+
+Currently, a few `rel_type`s are already proposed. Here's a non-exhaustive list:
+
+ - `m.replace` in [MSC 2676](https://github.com/matrix-org/matrix-doc/pull/2676).
+ - `m.annotation` in [MSC 2677](https://github.com/matrix-org/matrix-doc/pull/2677).
+ - `m.reference` in [MSC 3267](https://github.com/matrix-org/matrix-doc/pull/3267).
+ - `m.thread` in [MSC 3440](https://github.com/matrix-org/matrix-doc/pull/3440).
+
+
+### Sending relations
+
+Related events are normal Matrix events, and can be sent by the normal `/send`
+API.
+
+The server should postprocess relations if needed before sending them into a
+room, as defined by the relationship type. For example, a relationship type
+might only allow a user to send one related message to a given event.
+
+### Receiving relations
+
+Relations are received like other non-state events, with `/sync`,
+`/messages` and `/context`, as normal discrete Matrix events. As explained
+in the limitations, clients may be unaware of some relations using just these endpoints.
+
+[MSC2675](https://github.com/matrix-org/matrix-doc/pull/2675) defines ways in
+which the server may aid clients in processing relations by aggregating the
+events.
+
+### Redactions
+
+Events with a relation may be redacted like any other event.
+
+[MSC3389](https://github.com/matrix-org/matrix-doc/pull/3389) proposes that
+the redaction algorithm should preserve the type and target id of a relation.
+
+However, event relationships can still be used in existing room versions, but
+the user experience may be worse if redactions are performed.
+
+## Potential issues
+
+### Federation considerations
+
+We have a problem with resynchronising relations after a gap in federation:
+We have no way of knowing that an edit happened in the gap to one of the events
+we already have.  So, we'll show inconsistent data until we backfill the gap.
+ * We could write this off as a limitation.
+ * Or we could make *ALL* relations a DAG, so we can spot holes at the next
+   relation, and go walk the DAG to pull in the missing relations?  Then, the
+   next relation for an event could pull in any of the missing relations.
+   Socially this probably doesn't work as reactions will likely drop off over
+   time, so by the time your server comes back there won't be any more reactions
+   pulling the missing ones in.
+ * Could we also ask the server, after a gap, to provide all the relations which
+   happened during the gap to events whose root preceeded the gap.
+   * "Give me all relations which happened between this set of
+     forward-extremities when I lost sync, and the point i've rejoined the DAG,
+     for events which preceeded the gap"?
+   * Would be hard to auth all the relations which this api coughed up.
+     * We could auth them based only the auth events of the relation, except we
+       lose the context of the nearby DAG which we'd have if it was a normal
+       backfilled event.
+     * As a result it would be easier for a server to retrospectively lie about
+       events on behalf of its users.
+     * This probably isn't the end of the world, plus it's more likely to be
+       consistent than if we leave a gap.
+       * i.e. it's better to consistent with a small chance of being maliciously
+         wrong, than inconsistent with a guaranteed chance of being innocently
+         wrong.
+   * We'd need to worry about pagination.
+   * This is probably the best solution, but can also be added as a v2.
+ * In practice this seems to not be an issue, which is worth complicating
+   the s-s API over. Clients very rarely jump over the federation gap to an edit.
+   In most cases they scroll up, which backfills the server and we have all the
+   edits, when we reach the event before the gap.
+ 
+## Limitations
+
+Based solely on this MSC, relations are only received as discrete events in
+the timeline, so clients may only have an incomplete image of all the relations
+with an event if they do not fill gaps (syncs with a since token that have 
+`limited: true` set in the sync response for a room) in the timeline.
+
+In practice, this has proven not to be too big of a problem, as reactions
+(as proposed in [MSC 2677](https://github.com/matrix-org/matrix-doc/pull/2677))
+tend to be posted close after the target event in the timeline.
+
+A more complete solution to this has been deferred to
+[MSC2675](https://github.com/matrix-org/matrix-doc/pull/2675). 
+
+## Tradeoffs
+
+### Event shape
+
+Shape of
+
+```json
+"content": {
+    "m.relates_to": {
+        "m.reference": {
+            "event_id": "$another:event.com"
+        }
+    }
+}
+```
+versus
+
+```json
+"content": {
+    "m.relates_to": {
+        "rel_type": "m.reference",
+        "event_id": "$another:event.com"
+    }
+}
+```
+
+The reasons to go with `rel_type` is:
+ * This format is now in use in the wider matrix ecosystem without a prefix,
+   in spite of the original MSC 1849 not being merged. This situation is not ideal
+   but we still don't want to break compatibility with several clients.
+ * We don't need the extra indirection to let multiple relations apply to a given pair of
+   events, as that should be expressed as separate relation events.
+ * If we want 'adverbs' to apply to 'verbs' in the subject-verb-object triples which
+   relations form, then we apply it as mixins to the relation data itself rather than trying
+   to construct subject-verb-verb-object sentences.
+ * We decided to not adopt the format used by `m.in_reply_to` as it allows for multiple relations
+   and is hence overly flexible. Also, the relation type of `m.in_reply_to` is also overly specific
+   judged by the guidelines for `rel_type`s laid out in this MSC. Having replies use the same
+   format as relations is postponed to a later MSC, but it would likely involve replies
+   adopting the relation format with a more broadly useful `rel_type` (possibly the `m.reference`
+   type proposed in [MSC3267](https://github.com/matrix-org/matrix-doc/pull/3267)),
+   rather than relations adopting the replies format.
+
+## Historical context
+
+pik's MSC441 has:
+
+Define the JSON schema for the aggregation event, so the server can work out
+which fields should be aggregated.
+
+```json
+"type": "m.room._aggregation.emoticon",
+"content": {
+    "emoticon": "::smile::",
+    "msgtype": "?",
+    "target_id": "$another:event.com"
+}
+```
+
+These would then be aggregated, based on target_id, and returned as annotations on
+the source event in an `aggregation_data` field:
+
+```json
+"content": {
+    ...
+    "aggregation_data": {
+        "m.room._aggregation.emoticon": {
+            "aggregation_data": [
+                {
+                    "emoticon": "::smile::",
+                    "event_id": "$14796538949JTYis:pik-test",
+                    "sender": "@pik:pik-test"
+                }
+            ],
+            "latest_event_id": "$14796538949JTYis:pik-test"
+        }
+    }
+}
+```
diff --git a/proposals/2675-aggregations-server.md b/proposals/2675-aggregations-server.md
new file mode 100644
index 00000000000..5808dbec008
--- /dev/null
+++ b/proposals/2675-aggregations-server.md
@@ -0,0 +1,320 @@
+# MSC2675: Serverside aggregations of message relationships
+
+It's common to want to send events in Matrix which relate to existing events -
+for instance, reactions, edits and even replies/threads.
+
+Clients typically need to track the related events alongside the original
+event they relate to, in order to correctly display them.  For instance,
+reaction events need to be aggregated together by summing and be shown next to
+the event they react to; edits need to be aggregated together by replacing the
+original event and subsequent edits, etc.
+
+It is possible to treat relations as normal events and aggregate them
+clientside, but to do so comprehensively could be very resource intensive, as
+the client would need to spider all possible events in a room to find
+relationships and maintain a correct view.
+
+Instead, this proposal seeks to solve this problem by defining APIs to let the
+server calculate the aggregations on behalf of the client, and so bundle the
+aggregated data with the original event where appropriate. It also proposes an
+API to let clients paginate through all relations of an event.
+
+This proposal is one in a series of proposals that defines a mechanism for
+events to relate to each other.  Together, these proposals replace
+[MSC1849](https://github.com/matrix-org/matrix-doc/pull/1849).
+
+* [MSC2674](https://github.com/matrix-org/matrix-doc/pull/2674) defines a
+  standard shape for indicating events which relate to other events.
+* This proposal defines APIs to let the server calculate the aggregations on
+  behalf of the client, and so bundle the aggregated data with the original
+  event where appropriate.
+* [MSC2676](https://github.com/matrix-org/matrix-doc/pull/2676) defines how
+  users can edit messages using this mechanism.
+* [MSC2677](https://github.com/matrix-org/matrix-doc/pull/2677) defines how
+  users can annotate events, such as reacting to events with emoji, using this
+  mechanism.
+
+## Proposal
+
+### Aggregations
+
+Relation events can be aggregated per relation type by the server.
+The format of the aggregated value (hereafter called "aggregation")
+depends on the relation type.
+
+Some relation types might group the aggregations by the `key` property
+in the relation and aggregate to an array, while
+others might aggregate to a single object or any other value really.
+
+Here are some non-normative examples of what aggregations can look like:
+
+Example aggregation for [`m.thread`](https://github.com/matrix-org/matrix-doc/pull/3440) (which
+aggregates all relations into a single object):
+```
+{
+  "latest_event": {
+    "content": { ... },
+    ...
+  },
+  "count": 7,
+  "current_user_participated": true
+}
+```
+
+Example aggregation for [`m.annotation`](https://github.com/matrix-org/matrix-doc/pull/2677) (which
+aggregates relations into a list of objects, grouped by `key`).
+```
+[
+  {
+      "key": "👍",
+      "origin_server_ts": 1562763768320,
+      "count": 3
+  },
+  {
+      "key": "👎",
+      "origin_server_ts": 1562763768320,
+      "count": 2
+  }
+]
+```
+
+#### Bundling
+
+Other than during non-gappy incremental syncs, timeline events that have other
+events relate to them should include the aggregation of those related events
+in the `m.relations` property of their unsigned data.  This process is
+referred to as "bundling", and the aggregated relations included via
+this mechanism are called "bundled aggregations".
+
+By sending a summary of the relations, bundling
+avoids us having to always send lots of individual relation events
+to the client.
+
+Aggregations are never bundled into state events. This is a current
+implementation detail that could be revisited later,
+rather than a specific design decision.
+
+The following client-server APIs should bundle aggregations
+with events they return:
+
+  - `GET /rooms/{roomId}/messages`
+  - `GET /rooms/{roomId}/context/{eventId}`
+  - `GET /rooms/{roomId}/event/{eventId}`
+  - `GET /sync`, only for room sections in the response where `limited` field
+    is `true`; this amounts to all rooms in the response if 
+    the `since` request parameter was not passed, also known as an initial sync.
+  - `GET /relations`, as proposed in this MSC.
+
+Deprecated APIs like `/initialSync` and `/events/{eventId}` are *not* required
+to bundle aggregations.
+
+The bundled aggregations are grouped according to their relation type.
+The format of `m.relations` (here with *non-normative* examples of
+the [`m.replace`](https://github.com/matrix-org/matrix-doc/pull/2676) and
+[`m.annotation`](https://github.com/matrix-org/matrix-doc/pull/2677) relation
+types) is as follows:
+
+```json
+{
+  "event_id": "abc",
+  "unsigned": {
+    "m.relations": {
+      "m.annotation": {
+        "key": "👍",
+        "origin_server_ts": 1562763768320,
+        "count": 3
+      },
+      "m.replace": {
+        "event_id": "$edit_event_id",
+        "origin_server_ts": 1562763768320,
+        "sender": "@alice:localhost"
+      },
+    }
+  }
+}
+```
+
+#### Client-side aggregation
+
+Bundled aggregations on an event give a snapshot of what relations were known
+at the time the event was received. When relations are received through `/sync`,
+clients should locally aggregate (as they might have done already before
+supporting this MSC) the relation on top of any bundled aggregation the server
+might have sent along previously with the target event, to get an up to date
+view of the aggregations for the target event. The aggregation algorithm is the
+same as the one described here for the server.
+
+### Querying relations
+
+A single event can have lots of associated relations, and we do not want to
+overload the client by, for example, including them all bundled with the
+related-to event. Instead, we also provide a new `/relations` API in
+order to paginate over the relations, which behaves in a similar way to
+`/messages`, except using `next_batch` and `prev_batch` names
+(in line with `/sync` API). Tokens from `/sync` or `/messages` can be
+passed to `/relations` to only get relating events from a section of
+the timeline.
+
+The `/relations` API returns the discrete relation events
+associated with an event that the server is aware of
+in standard topological order. Note that events may be missing,
+see [limitations](#servers-might-not-be-aware-of-all-relations-of-an-event).
+You can optionally filter by a given relation type and the event type of the
+relating event:
+
+```
+GET /_matrix/client/v1/rooms/{roomID}/relations/{event_id}[/{rel_type}[/{event_type}]][?from=token][&to=token][&limit=amount]
+```
+
+```
+{
+  "chunk": [
+    {
+      "type": "m.reaction",
+      "sender": "...",
+      "content": {
+        "m.relates_to": {
+          "rel_type": "m.annotation",
+          ...
+        }
+      }
+    }
+  ],
+  "prev_batch": "some_token",
+  "next_batch": "some_token",
+}
+```
+
+The endpoint does not have any trailing slashes. It requires authentication
+and is not rate-limited.
+
+The `from` and `limit` query parameters are used for pagination, and work
+just like described for the `/messages` endpoint.
+
+Note that [MSC2676](https://github.com/matrix-org/matrix-doc/pull/2676)
+adds the related-to event in `original_event` property of the response.
+This way the full history (e.g. also the first, original event) of the event
+is obtained without further requests. See that MSC for further details.
+
+### End to end encryption
+
+Since the server has to be able to aggregate relation events, structural
+information about relations must be visible to the server, and so the
+`m.relates_to` field must be included in the plaintext.
+
+A future MSC may define a method for encrypting certain parts of the
+`m.relates_to` field that may contain sensitive information.
+
+### Redactions
+
+Redacted relations should not be taken into consideration in
+bundled aggregations, nor should they be returned from `/relations`.
+
+Requesting `/relations` on a redacted event should
+still return any existing relation events.
+This is in line with other APIs like `/context` and `/messages`.
+
+### Local echo
+
+For the best possible user experience, clients should also include unsent
+relations into the client-side aggregation. When adding a relation to the send
+queue, clients should locally aggregate it into the relations of the target
+event, ideally regardless of the target event having received an `event_id`
+already or still being pending. If the client gives up on sending the relation
+for some reason, the relation should be de-aggregated from the relations of
+the target event. If the client offers the user a possibility of manually
+retrying to send the relation, it should be re-aggregated when the user does so.
+
+De-aggregating a relation refers to rerunning the aggregation for a given
+target event while not considering the de-aggregated event any more.
+
+Upon receiving the remote echo for any relations, a client is likely to remove
+the pending event from the send queue. Here, it should also de-aggregate the
+pending event from the target event's relations, and re-aggregate the received
+remote event from `/sync` to make sure the client-side aggregation happens with
+the same event data as on the server.
+
+When adding a redaction for a relation to the send queue, the relation
+referred to should be de-aggregated from the relations of the target of the
+relation.  Similar to a relation, when the sending of the redaction fails or
+is cancelled, the relation should be aggregated again.
+
+If the target event is still pending and hasn't received its `event_id` yet,
+clients can locally relate relation events to their target by using
+`transaction_id` like they already do for detecting remote echos when sending
+events.
+
+## Edge cases
+
+### How do you handle ignored users?
+
+ * Information about relations sent from ignored users must never be sent to
+   the client, either in aggregations or discrete relation events.
+   This is to let you block someone from harassing you with emoji reactions
+   (or using edits as a side-channel to harass you). Therefore, it is possible
+   that different users will see different aggregations (a different last edit,
+   or a different reaction count) on an event.
+
+## Limitations
+
+### Relations can be missed while not being in the room
+
+Relation events behave no different from other events in terms of room history visibility,
+which means that some relations might not be visible to a user while they are not invited
+or have not joined the room. This can cause a user to see an incomplete edit history or reaction count
+based on discrete relation events upon (re)joining a room.
+
+Ideally the server would not include these events in aggregations, as it would mean breaking
+the room history visibility rules, but this MSC defers addressing this limitation and
+specifying the exact server behaviour to [MSC3570](https://github.com/matrix-org/matrix-doc/pull/3570).
+
+### Servers might not be aware of all relations of an event
+
+The response of `/relations` might be incomplete because the homeserver
+potentially doesn't have the full DAG of the room. The federation API doens't
+have an equivalent of the `/relations` API, so has no way but to fetch the
+full DAG over federation to assure itself that it is aware of all relations.
+
+[MSC2836](https://github.com/matrix-org/matrix-doc/pull/2836) provided a proposal for following relationships over federation in the "Querying relationships over federation" section via a `/_matrix/federation/v1/event_relationships` API
+
+### Event type based aggregation and filtering won't work well in encrypted rooms
+
+The `/relations` endpoint allows filtering by event type,
+which for encrypted rooms will be `m.room.encrypted`, rendering this filtering
+less useful for encrypted rooms.  Aggregation algorithms that take the type of
+the relating events they aggregate into account will suffer from the same
+limitation.
+
+## Future extensions
+
+### Handling limited (gappy) syncs
+
+For the special case of a gappy incremental sync, many relations (particularly
+reactions) may have occurred during the gap. It would be inefficient to send
+each one individually to the client, but it would also be inefficient to send
+all possible bundled aggregations to the client.
+
+The server could tell the client the event IDs of events which
+predate the gap which received relations during the gap. This means that the
+client could invalidate its copy of those events (if any) and then requery them
+(including their bundled relations) from the server if/when needed,
+for example using an extension of the `/event` API for batch requests.
+
+The server could do this with a new `stale_events` field of each room object
+in the sync response. The `stale_events` field would list all the event IDs
+prior to the gap which had updated relations during the gap. The event IDs
+would be grouped by relation type,
+and paginated as per the normal Matrix pagination model.
+
+This was originally part of this MSC but left out to limit the scope
+to what is implemented at the time of writing.
+
+## Prefix
+
+While this MSC is not considered stable, the endpoints become:
+
+ - `GET /_matrix/client/unstable/rooms/{roomID}/relations/{eventID}[/{relationType}[/{eventType}]]`
+
+None of the newly introduced identifiers should use a prefix though, as this MSC
+tries to document relation support already being used in
+the wider matrix ecosystem.
\ No newline at end of file
diff --git a/proposals/2713-remove-deprecated-identity-endpoints.md b/proposals/2713-remove-deprecated-identity-endpoints.md
new file mode 100644
index 00000000000..6e49477dfe3
--- /dev/null
+++ b/proposals/2713-remove-deprecated-identity-endpoints.md
@@ -0,0 +1,26 @@
+# MSC2713: Remove deprecated Identity Service endpoints
+
+Implementations will have had plenty of time to adopt the new v2 API for Identity Servers, so
+we should clean out the old endpoints.
+
+All deprecated endpoints in the r0.3.0 Identity Service API specification are to be removed.
+
+For completeness, this includes:
+
+* `GET /_matrix/identity/api/v1`
+* `GET /_matrix/identity/api/v1/pubkey/{keyId}`
+* `GET /_matrix/identity/api/v1/pubkey/isvalid`
+* `GET /_matrix/identity/api/v1/pubkey/ephemeral/isvalid`
+* `GET /_matrix/identity/api/v1/lookup`
+* `POST /_matrix/identity/api/v1/bulk_lookup`
+* `POST /_matrix/identity/api/v1/validate/email/requestToken`
+* `POST /_matrix/identity/api/v1/validate/email/submitToken`
+* `GET /_matrix/identity/api/v1/validate/email/submitToken`
+* `POST /_matrix/identity/api/v1/validate/msisdn/requestToken`
+* `POST /_matrix/identity/api/v1/validate/msisdn/submitToken`
+* `GET /_matrix/identity/api/v1/validate/msisdn/submitToken`
+* `GET /_matrix/identity/api/v1/3pid/getValidated3pid`
+* `POST /_matrix/identity/api/v1/3pid/bind`
+* `POST /_matrix/identity/api/v1/3pid/unbind`
+* `POST /_matrix/identity/api/v1/store-invite`
+* `POST /_matrix/identity/api/v1/sign-ed25519`
diff --git a/proposals/2732-olm-fallback-keys.md b/proposals/2732-olm-fallback-keys.md
new file mode 100644
index 00000000000..5ab90117cf3
--- /dev/null
+++ b/proposals/2732-olm-fallback-keys.md
@@ -0,0 +1,97 @@
+# MSC2732: Olm fallback keys
+
+Olm uses a set of one-time keys when initializing a session between two
+devices: Alice uploads one-time keys to her homeserver, and Bob claims one of
+them to perform a Diffie-Hellman to generate a shared key.  As implied by the
+name, a one-time key is only to be used once.  However, if all of Alice's
+one-time keys are claimed, Bob will not be able to create a session with Alice.
+
+This can be addressed by Alice uploading a fallback key that is used in place
+of a one-time key when no one-time keys are available.
+
+## Proposal
+
+A new request parameter, `fallback_keys`, is added to the body of the
+[`/keys/upload` client-server API](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-keys-upload), which is in the same format as the
+`one_time_keys` parameter with the exception that there must be at most one key
+per key algorithm.  If the user had previously uploaded a fallback key for a
+given algorithm, it is replaced -- the server will only keep one fallback key
+per algorithm for each user.
+
+When uploading fallback keys for algorithms whose key format is a signed JSON
+object, client should include a property named `fallback` with a value of
+`true`.
+
+Example:
+
+`POST /keys/upload`
+
+```json
+{
+  "fallback_keys": {
+    "signed_curve25519:AAAAAA": {
+      "key": "base64+public+key",
+      "fallback": true,
+      "signatures": {
+        "@alice:example.org": {
+          "ed25519:DEVICEID": "base64+signature"
+        }
+      }
+    }
+  }
+}
+```
+
+When Bob calls `/keys/claim` to claim one of Alice's one-time keys, but Alice
+has no one-time keys left, the homeserver will return the fallback key instead,
+if Alice had previously uploaded one.  Unlike with one-time keys, fallback keys
+are not deleted when they are returned by `/keys/claim`.  However, the server
+marks that they have been used.
+
+A new response parameter, `device_unused_fallback_key_types`, is added to
+`/sync`.  This is an array listing the key algorithms for which the server has
+an unused fallback key for the device.  If the client wants the server to have a
+fallback key for a given key algorithm, but that algorithm is not listed in
+`device_unused_fallback_key_types`, the client will upload a new key as above.
+
+The `device_unused_fallback_key_types` parameter must be present if the server
+supports fallback keys.  Clients can thus treat this field as an indication
+that the server supports fallback keys, and so only upload fallback keys to
+servers that support them.
+
+Example:
+
+`GET /sync`
+
+Response:
+
+```jsonc
+{
+  // other fields...
+  "device_unused_fallback_key_types": ["signed_curve25519"]
+}
+```
+
+## Security considerations
+
+Using a fallback key rather than a one-time key has security implications.  An
+attacker can replay a message that was originally sent with a fallback key, and
+the receiving client will accept it as a new message if the fallback key is
+still active.  Also, an attacker that compromises a client may be able to
+retrieve the private part of the fallback key to decrypt past messages if the
+client has still retained the private part of the fallback key.
+
+For this reason, clients should not store the private part of the fallback key
+indefinitely.  For example, client should only store at most two fallback keys:
+the current fallback key (that it has not yet received any messages for) and
+the previous fallback key, and should remove the previous fallback key once it
+is reasonably certain that it has received all the messages that use it (for
+example, one hour after receiving the first message that used it).
+
+For addressing replay attacks, clients can also keep track of inbound sessions
+to detect replays.
+
+## Unstable prefix
+
+The `fallback_keys` request parameter and the `device_unused_fallback_key_types`
+response parameter will be prefixed by `org.matrix.msc2732.`.
diff --git a/proposals/2758-textual-id-grammar.md b/proposals/2758-textual-id-grammar.md
new file mode 100644
index 00000000000..626f84aebe7
--- /dev/null
+++ b/proposals/2758-textual-id-grammar.md
@@ -0,0 +1,56 @@
+# MSC2758: Common grammar for textual identifiers
+
+The matrix specification uses textual identifiers for a wide range of
+concepts. Examples include "event types" and "room versions".
+
+In the past, these identifiers have often lacked a formal grammar, leaving
+servers and clients to make assumptions about questions such as which
+characters are permitted, minimum and maximum lengths, etc.
+
+This proposal suggests a common grammar which can be used as a basis for
+*future* identifier types, to reduce the work involved in future specification
+work.
+
+No attempt is made here to bring existing identifiers into line; however
+examples of identifiers which might have benefitted from such a grammar in the
+past include:
+
+ * [`capabilities`](https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-capabilities)
+   identifiers.
+ * authentication types for the [User-Interactive Authentication mechanism](https://matrix.org/docs/spec/client_server/r0.6.0#user-interactive-authentication-api).
+ * login types for [`/_matrix/client/r0/login`](https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-login).
+ * event types
+ * [`m.room.message` `msgtypes`](https://matrix.org/docs/spec/client_server/r0.6.0#m-room-message-msgtypes)
+ * `app_id` for [`POST /_matrix/client/r0/pushers/set`](https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-pushers-set).
+ * `rule_ids`, `actions` and `tweaks` for [push rules](https://matrix.org/docs/spec/client_server/r0.6.0#push-rules).
+ * [E2E messaging algorithm names](https://matrix.org/docs/spec/client_server/r0.6.0#messaging-algorithm-names).
+
+## Proposal
+
+We define a "common namespaced identifier grammar". This can then be referenced
+by other parts of the grammar, in much the same way as [Unpadded
+Base64](https://matrix.org/docs/spec/appendices#unpadded-base64) is defined
+today.
+
+The grammar is defined as follows:
+
+ * An identifier may not be less than one character or more than 255 characters
+   in length.
+ * Identifiers must start with one of the characters `[a-z]`, and be entirely
+   composed of the characters `[a-z]`, `[0-9]`, `-`, `_` and `.`.
+ * Identifiers starting with the characters `m.` are reserved for use by the
+   formal matrix specification.
+ * Implementations wishing to implement unspecified identifiers should follow
+   the Java Package Naming convention of starting with a reversed domain
+   name (with a dot after the domain name part). For example, for the 
+   organisation `example.com`, a valid identifier would be
+   `com.example.identifier`.
+
+This grammar is intended for use entirely by internal identifiers, and *not*
+for user-visible strings.
+
+### Rationale
+
+ * Avoiding non-ascii characters sidesteps any issues with homoglyphs or
+   altenative encodings of the same characters.
+ * Avoiding upper-case character sidesteps any concerns over case-sensitivity.
diff --git a/proposals/2765-widget-avatars.md b/proposals/2765-widget-avatars.md
new file mode 100644
index 00000000000..a9030d294a5
--- /dev/null
+++ b/proposals/2765-widget-avatars.md
@@ -0,0 +1,51 @@
+# MSC2765: Widget avatars
+
+Currently widgets have a name and title associated with them, though no opportunity for avatars
+for a favicon-like experience. This proposal introduces such a concept.
+
+## Proposal
+
+A new optional paramater named `avatar_url` is added to the widget definition. This parameter is
+an MXC URI to an image clients can use to associate with the widget, likely alongside the `name`
+and/or `title`.
+
+Widget avatars SHOULD be legible at small sizes, such as 20x20. The MXC URI in the `avatar_url`
+should be the source material to allow clients to use the `/thumbnail` API to get a size for their
+use case.
+
+Rendering avatars is optional for clients, much like how clients are not required to use the `name`
+or `title` of a widget.
+
+An example widget would be:
+
+```json
+{
+    "creatorUserId": "@alice:example.org",
+    "data": {
+        "custom_key": "This is a custom key",
+        "title": "This is a witty description for the widget"
+    },
+    "id": "20200827_WidgetExample",
+    "name": "My Cool Widget",
+    "type": "m.custom",
+    "url": "https://example.org/my/widget.html?roomId=$matrix_room_id",
+    "waitForIframeLoad": true,
+    "avatar_url": "mxc://example.org/abc123"
+}
+```
+
+## Alternatives
+
+We could define a whole structured system for different thumbnail sizes, though we have a thumbnail
+API which can be used to request whatever size is needed by the client.
+
+## Security considerations
+
+Widget avatars could be non-images. Clients should use the thumbnail API to encourage error responses
+from the server when a widget avatar is a non-image.
+
+## Unstable prefix
+
+While this MSC is not in a released version of the specification, clients should use an alternative
+event type for widgets or use `org.matrix.msc2765.avatar_url` when using `m.widget` or `m.widgets`
+as an event type.
diff --git a/proposals/2774-widget-id.md b/proposals/2774-widget-id.md
new file mode 100644
index 00000000000..41c67f8f760
--- /dev/null
+++ b/proposals/2774-widget-id.md
@@ -0,0 +1,54 @@
+# MSC2774: Giving widgets their ID so they can communicate
+
+Under the [current specification](https://github.com/matrix-org/matrix-doc/pull/2764), widgets are
+able to communicate with their client host, however doing so is a bit difficult if they don't already
+know their widget ID. Some widgets will be able to get their ID from another source like an
+integration manager, however this is not the case for all widgets.
+
+[MSC2762](https://github.com/matrix-org/matrix-doc/pull/2762) has a fair amount of background
+information on widgets, as does the current specification linked above.
+
+## Proposal
+
+Currently widgets can expect a `?widgetId` query parameter sent to them in clients like Element,
+however this has some issues and as such is not proposed to exist any further. One of the issues
+is that the widget must retain the query string, which isn't entirely possible for some frontends
+(they would instead prefer to use the fragment). It's also a privacy risk in that by being sent
+through the query string, the server can be made aware of the widget ID. The widget ID doesn't
+normally contain any useful information (it's an opaque string), however it's not required for
+the server to function under typical usage.
+
+The proposal is to introduce a `$matrix_widget_id` template variable for the URL, similar to the
+existing `$matrix_room_id` variable. Widgets can then have their widget ID wherever they want in
+the widget URL, making it easier on them to find and use.
+
+This carries the same risks as a room ID being passed to the widget: the client can easily lie about
+it, however there's no real risk involved in doing so because it's used for communication only. So
+long as the client is able to identify which widget is talking to it, it doesn't really matter. It's
+more of a problem if the client uses a widget ID from another widget as that could confuse the
+client, however this is believed to be a bug. Clients should also be performing origin checks to
+ensure the widget is talking from a sane origin and not somewhere else, like another tab or browser.
+
+## Potential issues
+
+This is not backwards compatible with the history of widgets so far, so clients and widgets will
+need to be modified to support it. Clients which currently use the `?widgetId` parameter are
+encouraged to continue supporting the parameter until sufficient adoption is reached.
+
+## Alternatives
+
+As mentioned, a query parameter could be used, though this has the issues previously covered. Another
+solution might be to allow a single widget API action which has no widget ID solely for the purpose
+of finding the widget ID, however clients are unlikely to be able to differentiate between two widgets
+if this were the case.
+
+Another solution would be to let the widget discover its widget ID by harvesting it out of the first
+widget API request it sees. This can't always be relied upon (some flows require the widget to
+speak first), and as the widget API becomes more capable it could become a security risk. A malicious
+browser extension could spam the widget with fake requests to try and convince it to talk to it
+instead of the client, thus redirecting some information to the wrong place.
+
+## Unstable prefix
+
+Implementations should use `$org.matrix.msc2774_widget_id` as a variable until this lands in a 
+released version of the specification.
diff --git a/proposals/2778-appservice-login.md b/proposals/2778-appservice-login.md
index 62bf5b04974..fd509ab8941 100644
--- a/proposals/2778-appservice-login.md
+++ b/proposals/2778-appservice-login.md
@@ -2,7 +2,7 @@
 
 Appservices within Matrix are increasingly attempting to support End-to-End Encryption. As such, they
 need a way to generate devices for their users so that they can participate in E2E rooms. In order to
-do so, this proposal suggests implementing an appservice extension to the 
+do so, this proposal suggests implementing an appservice extension to the
 [`POST /login` endpoint](https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-login).
 
 Appservice users do not usually need to log in as they do not need their own access token, and do not
@@ -47,7 +47,7 @@ If one of the following conditions are true:
 - The access token does not correspond to an appservice
 - Or the user has not previously been registered
 
-Then the servers MUST reject with HTTP 403, with an `errcode` of `"M_FORBIDDEN"`. 
+Then the servers MUST reject with HTTP 403, with an `errcode` of `"M_FORBIDDEN"`.
 
 If the access token DOES correspond to an appservice but the user is not inside its namespace,
 then the `errcode` must be `"M_EXCLUSIVE"`.
@@ -95,16 +95,8 @@ could store this information rather than calling `POST /login` at all. This does
 - If user tokens were lost or exposed, there is no way to programattically create new access tokens for these users.
 - Finally, if a user was registered externally and the appservice would like to masquerade as it, it would be unable to fetch
   an access token for that user.
-  
-While `POST /register` does work, it is impactical as the sole method of fetching an access token.
-  
 
-Most appservices
-which do not implement encryption do not store this information as neither the device_id or access_token are needed f However critically
-this means that bridges will need to be designed to store the access_token and device_id from the point of creating the user,
-so older bridges would be unable to get an access token for existing users as `POST /register` would fail.
-It would difficult to log out these tokens if they got exposed additionally, as the AS would not be able to fetch a new access token.
-Furthermore, the ability to generate access tokens for real users who registered elsewhere would not be possible with this mechanism. 
+While `POST /register` does work, it is impactical as the sole method of fetching an access token.
 
 ## Security considerations
 
@@ -116,7 +108,7 @@ this is not a problem because:
   to assume that the server admin is aware. There is no defense mechanism to stop a malicious server admin from creating new
   devices for a given user's account as they could also do so by simply modifying the database.
 
-- While an appservice *could* try to masquerade as a user maliciously without the server admin expecting it, it would still 
+- While an appservice *could* try to masquerade as a user maliciously without the server admin expecting it, it would still
   be bound by the restrictions of the namespace. Server admins are expected to be aware of the implications of adding new
   appservices to their server so the burden of responsibility lies with the server admin.
 
@@ -125,7 +117,7 @@ this is not a problem because:
   does make them unable to see encrypted messages, this is not designed to be a security mechanism.
 
 In conclusion this MSC only automates the creation of new devices for users inside an AS namespace, which is something
-a server admin could already do. Appservices should always be treated with care and so with these facts in mind the MSC should 
+a server admin could already do. Appservices should always be treated with care and so with these facts in mind the MSC should
 be considered secure.
 
 ## Unstable prefix
diff --git a/proposals/2788-v6-default-version.md b/proposals/2788-v6-default-version.md
new file mode 100644
index 00000000000..af9672a442b
--- /dev/null
+++ b/proposals/2788-v6-default-version.md
@@ -0,0 +1,29 @@
+# MSC2788: Room version 6 as a default
+
+Enough time has passed to allow the public federation to upgrade their servers to support room
+version 6. This proposal aims to make v6 the default room version.
+
+## Proposal
+
+The specification adopts v6 as the suggested default room version, making no changes to the stability
+of any room versions. As of writing, v5 is currently the suggested room version.
+
+Room version 6 has the following specification: https://matrix.org/docs/spec/rooms/v6
+
+## Potential issues
+
+Servers will be encouraged to update their config/internal defaults to use v6 instead of v5. This
+is considered a good problem to have.
+
+## Alternatives
+
+None relevant.
+
+## Security considerations
+
+None relevant.
+
+## Unstable prefix
+
+None relevant - servers can already choose a different default room version legally. This MSC
+just formalizes v6 as the default.
diff --git a/proposals/2801-untrusted-event-data.md b/proposals/2801-untrusted-event-data.md
new file mode 100644
index 00000000000..2b0d16aa6fc
--- /dev/null
+++ b/proposals/2801-untrusted-event-data.md
@@ -0,0 +1,190 @@
+# MSC2801: Make it explicit that event bodies are untrusted data
+
+As the Matrix Specification stands today, it is easy for client developers to
+assume that all events will be structured as documented. For example, the
+`displayname` key of an [`m.room.member`
+event](https://matrix.org/docs/spec/client_server/r0.6.1#m-room-member) is
+specified to be "`string` or `null`"; and the `info` key of an [`m.image`
+message event](https://matrix.org/docs/spec/client_server/r0.6.1#m-image) must
+be a Javascript object.
+
+In reality, these are not safe assumptions. This MSC proposes that the
+specification be updated to make it clear that developers should treat all
+event data as untrusted.
+
+## Reasons why events may not match the specification
+
+Firstly, let's examine the reasons why such malformed events can exist. Some of
+these reasons may appear to have trivial solutions; these are discussed below.
+
+ 1. Most obviously, Synapse as it currently stands does very little validation
+    of event bodies sent over the Client-Server API. There is nothing stopping
+    any user sending a malformed `m.room.message` event with a simple `curl`
+    command or Element-Web's `/devtools`.
+
+    Any event sent in this way will be returned to the clients of all the other
+    users in the room.
+
+ 2. Events may be encrypted. Any client implementing E2EE must be prepared to
+    deal with any encrypted content, since by definition a server cannot
+    validate it.
+
+ 3. In order to allow the Matrix protocol to be extensible, server
+    implementations must tolerate unknown event types, and allow them to be
+    passed between clients. It is obvious that a pair of custom clients
+    implementing a `com.example.special.event` event type cannot rely on a
+    standard server implementation to do any validation for them.
+
+    However, this problem extends to event types and keys which have been added
+    to the specification. For example, the [`m.room.encrypted` event
+    type](https://matrix.org/docs/spec/client_server/r0.6.1#m-room-encrypted)
+    was added in Client-Server API r0.4.0. It therefore follows that a server
+    implementing CS-API r0.3.0 would have no way to validate an
+    `m.room.encrypted` event, so if a client is connected to such a server, it
+    could receive malformed events.
+
+ 4. To extend from point 3, the problem is not even resolved by upgrading the
+    server. There may now be rooms which contain historical events which would
+    no longer be accepted, but these will still be served by the server.
+
+    This problem also applies to non-room data such as account data. For
+    example, Client-Server API r0.6.0 added the [`m.identity_server` account
+    data event
+    type](https://matrix.org/docs/spec/client_server/r0.6.1#m-identity-server).
+    It is possible, if unlikely, that a client could have uploaded an
+    `m.identity_server` event before the administrator upgraded the server.
+
+ 5. Event redaction removes certain keys from an event. This is a bit of a
+    trivial case, though it is worth noting that the rules for event redaction
+    vary between room versions, so it's possible to see a variety of "partial"
+    events.
+
+ 6. All the cases above can occur without federation. Federation adds
+    additional complexities due to the structure of Matrix rooms. In
+    particular, a server implementation cannot simply ignore any malformed
+    events since such events may either be critical to the structure of the
+    room (for example, they may be `m.room.membership` events), or at the very
+    least ignoring them would leave "holes" in the event graph which would
+    prevent correct back-pagination.
+
+## Ideas for mitigating the problem
+
+The problems above appear to have some easy solutions. Let's describe some of
+those ideas, before considering the fundamental problem that none of them can
+solve.
+
+### Validate all events when they are submitted
+
+In this idea, we would require all server implementations to strictly validate
+any data which is sent over the Client-Server API, to ensure that it complied
+with the specified formats.
+
+This evidently solves problem 1 above, in that it would prevent local users from
+creating malformed events of any event types that the server supports; however,
+it would do nothing to address any of the other problems.
+
+### Validate events at the point they are served to a client
+
+We could require that server implementations validate any data that they are
+about to serve to a client; we might recommend that malformed data be stripped
+out of the response, or redacted, or similar.
+
+It is worth mentioning that this would be tricky to implement efficiently on
+the server side, but it at least helps address most of the problems above, such
+as historical data, or malformed events received over federation.
+
+### Have servers re-validate data on upgrade
+
+Similar to the previous idea, but rather than validating data each time it is
+served to a client, any stored data could be re-validated to check that it
+complies with new validation requirements.
+
+This could be more efficient in the case that changes to validation rules are
+rare, but it could still be a huge amount of data processing on a large server.
+
+### Create new room versions which require events to be well-formed
+
+As outlined above, one of the big problems in this area is how we deal with
+events sent over federation; in particular, if subsets of the servers in a room
+have different ideas as to which events are "valid", then their concepts of the
+room state can begin to drift, and the room can eventually become
+"split-brained". This makes it hard to simply say, for example,
+"`m.room.member` events with a non-string `displayname` are invalid and should
+not form part of the room state": we have a risk that some servers will accept
+the event, and some will not.
+
+One approach to solving this is via [room
+versions](https://matrix.org/docs/spec/index#room-versions). By specifying that
+a change of rules only applies for a future room version, we can eliminate this
+potential disagreement.
+
+The process of changing a room from one version to another is intrusive, not
+least because it requires that all servers in a room support the new room
+version (or risk being locked out). For that reason, it is extremely
+undesirable that any new feature require a new room version: whenever possible,
+it should be possible to use new features in existing rooms. It therefore
+follows that we cannot rely on room versions to provide validation of event
+data.
+
+### Create a single new room version which applies all event validation rules
+
+This idea is included for completeness, though it is unclear how it would work
+in practice.
+
+It has been suggested that we create a new room version which explicitly states
+that events which fail the current event schema, whatever that is at that
+moment in time, should be rejected.
+
+Let's imagine that in future, the `m.room.member` event schema is extended to
+include an optional `location` key, which, if given, must be a string. The
+implication of this idea is that servers should reject any `m.room.member`
+event whose `location` is not a string. We now have a problem: any servers in
+the room which are updated to the latest spec will reject such malformed
+events, but any other servers yet to be upgraded will allow it. So is that user
+in the room or not?
+
+Even if all the servers in the room can be upgraded at once, what about any
+`m.room.member` events which were sent before the rule change?
+
+## The fundamental problem
+
+The ideas above all mitigate the problems discussed earlier to a greater or
+lesser extent, and may indeed be worth doing on their own merits. However, none
+of them can address the problem of outdated server implementations.
+
+For example, consider the case of a new key being added to an event body, say
+`m.relates_to`. Now, we may have decided as above that all new specced keys
+must be validated by the server, so `vN+1` of Synapse dutifully implements such
+validation and refuses to accept events with a malformed `m.relates_to`.
+
+The problem comes for users whose server is still Synapse `vN`. It knows
+nothing of `m.relates_to`, so accepts and passes it through even if
+malformed. The only potential solution is for clients seeking to implement
+`m.relates_to` to refuse to talk to servers which do not declare support for
+it.
+
+However, this is an entirely client-side feature: it is illogical to require
+that servers must be upgraded before it can be used. Consider that the hosted
+element-web at `https://app.element.io` is upgraded to support the new feature;
+in this scenario, that would lock out any user whose homeserver had not yet
+been upgraded. This is not an acceptable user experience.
+
+In short, we are left with the reality that clients must still handle the
+unvalidated data.
+
+## Conclusions
+
+Short of closely coupling server and client versions - which violates the
+fundamental ethos of the Matrix project - there is nothing that can completely
+prevent clients from having to handle untrusted data. In addition, encrypted
+events eliminate any possibility of server-side validation.
+
+With that in mind, the advantages of the ideas above are diminished. If clients
+must handle untrusted data in some circumstances, why not in all? "You can
+trust the content of this data structure, provided you have checked that the
+server knows how to validate it, in which case you need to treat it as
+untrusted" is not a useful message for a client developer.
+
+It may be possible to assert that specific, known cases can be treated as
+trusted data, but these should be called out as specific cases. The default
+message should be that clients must treat all event data as untrusted.
diff --git a/proposals/2844-global-versioning.md b/proposals/2844-global-versioning.md
new file mode 100644
index 00000000000..b6db20c190a
--- /dev/null
+++ b/proposals/2844-global-versioning.md
@@ -0,0 +1,211 @@
+# MSC2844: Using a global version number for the entire specification
+
+Currently we have 4 kinds of versions, all of which have slightly different use cases and semantics
+which apply:
+
+1. The individual API spec document versions, tracked as revisions (`r0.6.1`, for example).
+2. Individual endpoint versioning underneath an API spec document version (`/v1/`, `/v2/`, etc). Note
+   that the client-server API currently ties the major version of its spec document version to the
+   endpoint, thus making most endpoints under it `/r0/` (currently).
+3. Room versions which define a set of behaviour and algorithms on a per-room basis. These are well
+   defined in the spec and are not covered here: https://matrix.org/docs/spec/#room-versions
+4. An overarching "Matrix" version, largely for marketing purposes. So far we've only cut Matrix 1.0
+   back when we finalized the initial versions of the spec documents, but have not cut another one
+   since.
+
+This current system is slightly confusing, and has some drawbacks for being able to compile builds of
+the spec documents (published on matrix.org) and generally try and communicate what supported versions
+an implementation might have. For example, Synapse currently supports 4 different APIs, all of which
+have their own versions, and all of which would need to be considered and compared when validating
+another implementation of Matrix such as a client or push gateway. Instead, Synapse could say it
+supports "Matrix 1.1", making compatibility much easier to determine - this is what this proposal aims
+to define.
+
+## Proposal
+
+Instead of having per-API versions (`r0.6.1`, etc), we have a version that spans the entire specification.
+This version represents versioning for the index (which has quite a bit of unversioned specification on
+it currently), the APIs, room versions, and the appendices (which are also currently unversioned but
+contain specification). Room versions are a bit more nuanced though, and are covered later in this MSC.
+
+The version which covers the entire specification and all its parts is called the "Matrix version", and
+is a promotion of the previously marketing-only version number assigned to the spec. The first version
+after this proposal is expected to be Matrix 1.1, though the spec core team will make that decision.
+v1.0 would be left in the marketing era and recorded for posterity (though still retains no significant
+meaning).
+
+Doing this has the benefits previously alluded to:
+
+* Implementations of Matrix can now easily compare their supported versions using a single identifier
+  without having to (potentially) indicate which API they built support for.
+* Publishing the specification is less likely to contain broken or outdated links due to API versions
+  not matching up properly. This is currently an issue where if we want to release a new version of
+  the server-server specification then we must also either rebuild or manually fix the blob of HTML
+  known as the client-server API to account for the new version - we often forget this step, sometimes
+  because it's just too difficult.
+* Explaining to people what version Matrix or any of the documents is at becomes incredibly simplified.
+  No longer will we have to explain most of what the introduction to this proposal covers to every new
+  person who asks.
+
+### Full Matrix version grammar
+
+The Matrix versioning scheme takes heavy inspiration from semantic versioning, though intentionally does
+not follow it for reasons described throughout this proposal. Primarily, the argument against semantic
+versioning is held in the alternatives section below.
+
+Given a version number `MAJOR.MINOR`, incremement the:
+
+* `MAJOR` version when a substantial change is made to the core of the protocol. This is reserved for
+  interpretation by the Spec Core Team, though is intended to be for extremely invasive changes such
+  as switching away from JSON, introducing a number of features where a `MINOR` version increase just
+  doesn't feel good enough, or changes to the signing algorithms.
+* `MINOR` version when a feature is introduced, or a backwards incompatible change has been managed
+  through the specification. Later on, this proposal explains what it means to manage a breaking change.
+
+When present in the protocol itself, the Matrix version will always be prefixed with `v`. For example,
+`v1.1`.
+
+Additional information can be supplied in the version number by appending a dash (`-`) to the end of the
+version and including any relevant information. This is typically used to denote alpha, beta, unstable,
+or other similar off-cycle release builds. This MSC does not propose a scheme for RCs or pre-releases,
+though the Spec Core Team may wish to do so. This can also be used to represent patch builds for the
+documentation itself, such as correcting spelling mistakes. An example would be `v1.1-patch.20210109`.
+
+See the section on brewing Matrix versions for information on how the unstable version is decided.
+
+`MINOR` versions have a backwards compatibility scheme described later in this proposal. `MAJOR`
+versions are expected to have zero backwards compatibility guarantees to them.
+
+For clarity, `v1.2` will probably work with `v1.1`, though implementations should be wary if they
+depend on a version. As mentioned, the backwards compatibility scheme section goes into more detail on
+this.
+
+Most notably, this MSC does not propose including a patch version at all. The specifics of what would
+be included in a patch version (spelling changes, release process bug fixes, etc) do not impact any
+implementations of Matrix and thus are not needing of a patch version.
+
+### Structure changes and changelogs
+
+The API documents remain mostly unchanged. We'll still have a client-server API, server-server API, etc,
+but won't have versions associated with those particular documents. This also means they would lose their
+individual changelogs in favour of a more general changelog. An exception to this rule is room versions,
+which are covered later in this proposal.
+
+### Endpoint versioning
+
+Under this MSC, all HTTP endpoints in the specification are to be per-endpoint versioned. This is already
+the case for all APIs except the Client-Server API, and so this section deals specifically with that API.
+The deprecation of endpoints is handled later in this proposal.
+
+Under this proposal, all endpoints in the client-server API get assigned `v3` as their per-endpoint
+version as a starting point. This is primarily done to avoid confusion with the ancient client-server API
+versions which had `v1` and called the `rN` system "v2". Though many of the endpoints available today
+are not present in those older API editions, it is still proposed that they start at `v3` to avoid
+confusion with long-standing implementations.
+
+Servers would advertise support for the new Matrix version by appending it to the array in `/versions`.
+If the sever also supports an older `rN` version, it would include those too.
+For example: `["v1.1", "r0.6.1"]`.
+
+### Room versions
+
+*Author's note*: Having many things with the root word "version" can be confusing, so for this section
+"room versions" are called "room editions" and the Matrix version refers to what this proposal is
+introducing. This MSC does not propose renaming "room versions" - that is another MSC's problem.
+
+Room editions are a bit special in that they have their own versioning scheme as servers and, potentially,
+clients need to be aware of how to process the room. As such, a room edition's versioning scheme is not
+altered by this proposal, however the publishing of the (in)stability of a given edition is now covered by the
+newly proposed Matrix version.
+
+Whenever a room edition transitions from stable to unstable, or unstable to stable, or is introduced
+then it would get counted as a feature for a `MINOR` release of Matrix. We don't currently have a plan
+to remove any room editions, so they are not covered as a potential process for this MSC.
+
+### Deprecation approach
+
+Previous to this proposal the deprecation approach was largely undocumented - this MSC aims to codify
+a standardized approach.
+
+An MSC is required to transition something from stable (the default) to deprecated. Once something has
+been deprecated for suitably long enough (usually 1 version), it is eligible for removal from the
+specification with another MSC. Today's process is the same, though not defined explicitly.
+
+The present system for deprecation also allows implementations to skip implementation of deprecated
+endpoints. This proposal does not permit such behaviour: for an implementation to remain compliant
+with the specification, it must implement all endpoints (including deprecated ones) in the version(s)
+it wishes to target.
+
+As an example, if `/test` were introduced in v1.1, deprecated in v1.2, and removed in v1.3 then an
+implementation can support v1.1, v1.2, and v1.3 by implementing `/test` as it was defined in v1.2 (minus
+the deprecation flag). If the implementation wanted to support just v1.2 and v1.3, then it still must
+implement `/test`. If the implementation only wanted to support v1.3, then it *should not* implement
+`/test` at all because it was removed.
+
+Generally deprecation is paired with replacement or breaking changes. For example, if `/v3/sync` were
+to be modified such that it needed to be bumped to `v4`, the MSC which does so would deprecate `/v3/sync`
+in favour of its proposed `/v4/sync`. Because endpoints are versioned on a per-endpoint basis, `/v4/sync`
+will still work with a server that supports `/v3/profile` (for example) - the version number doesn't mean
+an implementation can only use v4 endpoints.
+
+## Potential issues
+
+None appear to be relevant to be discussed on their own - they are discussed in their respective
+sections above when raised.
+
+## Alternatives
+
+There are some strong opinions that we should use proper semantic versioning for the specification
+instead of the inspired system proposed here. So, why shouldn't we use semantic versioning?
+
+1. It's meant for software and library compatibility, not specifications. Though it could theoretically
+   be used as a specification version, the benefits of doing so are not immediately clear. The scheme
+   proposed here is simple enough where rudimentary comparisons are still possible between versions,
+   and existing semantic versioning libraries can still be made to work. Further, the specification's
+   version number should not be relied upon by a library for its versioning scheme - libraries,
+   applications, etc should have their own versioning scheme so they may work independently of the
+   spec's release schedule.
+
+2. It has potential for causing very high major version numbers. Though largely an aesthetic concern,
+   it can be hard to market Matrix v45 (or even Matrix v4) to potential ecosystem adopters due to
+   the apparant unstable-ness of the specification. Similarly, the major version is used for advertising
+   purposes which could be confusing or overly noisy to say there's a major version every few
+   releases. By instead staying in the 1.x series for a long period of time, the specification appears
+   stable and easy to work with, attracting potential adopters and making that 2.0 release feel all
+   that more special.
+
+3. The semantic versioning spec is not followed in practice. Most uses of semantic versioning are
+   actually off-spec adaptations which are largely compatible with the ideals of the system. This, however,
+   puts Matrix in a difficult spot as it would want to say we follow semantic versioning, but can't
+   because there's no relevant specification document to link to. Even if there was, it would appear
+   as though we were encouraging the idea of forking a specification as a specification ourselves,
+   which may be confusing if not sending the wrong message entirely. Though the system proposed here
+   is a reinvention of semantic versioning to a degree, this proposed system is different from how
+   semantic versioning works in so many ways it is not entirely comparable.
+
+4. The benefit of saying we use a well-popularized versioning system is not a strong enough argument
+   to be considered here.
+
+This MSC is also inherently incompatible with semantic versioning due to its approach to deprecation.
+Instead of encouraging breaking changes (removal of endpoints) be major version changes, this MSC
+says that happens at the minor version change level. As mentioned in the relevant section, this is
+not foreseen to be an issue for Matrix given its a system already used by the protocol and is common
+enough to at least be moderately familiar - the arguments for using semantic versioning in this respect
+do not hold up, per above.
+
+## Security considerations
+
+None relevant - if we need to make a security release for Matrix then we simply make a release and
+advertise accordingly.
+
+## Unstable prefix
+
+The author does not recommend that this MSC be implemented prior to it landing due to the complexity
+involved as well as the behavioural changes not being possible to implement. However, if an implementation
+wishes to try anyways, it should use `org.matrix.msc2844` in the `unstable_features` of `/versions`
+and use `/_matrix/client/unstable/org.matrix.msc2844` in place of `/_matrix/client/r0`.
+
+This MSC is largely proven as possible through an in-development build of the specification which uses
+an alternative toolchain for rendering the specification: https://adoring-einstein-5ea514.netlify.app/
+(see the 'releases' dropdown in the top right; link may not be available or even the same as described
+here due to development changes - sorry).
diff --git a/proposals/2858-Multiple-SSO-Identity-Providers.md b/proposals/2858-Multiple-SSO-Identity-Providers.md
new file mode 100644
index 00000000000..1e49d070cf0
--- /dev/null
+++ b/proposals/2858-Multiple-SSO-Identity-Providers.md
@@ -0,0 +1,247 @@
+# MSC2858: Multiple SSO Identity Providers
+
+Matrix already has generic SSO support, but it does not yield the best user experience especially for
+instances which wish to offer multiple identity providers (IdPs). This MSC provides a simple and fully
+backwards compatible way to extend the current spec which would allow clients to give users options
+like `Continue with Google` and `Continue with Github` side-by-side.
+
+Currently, Matrix supports `m.login.sso`, `m.login.token` and `/login/sso/redirect` for clients to
+pass their user to the configured Identity provider and for them to come back with something which
+is exchangeable for a Matrix access token. This flow offers no insight to the user as to what
+Identity providers are available: clients can offer only a very generic `Sign in with SSO`
+button. With the currently possible solutions and workarounds the experience is far from great
+and users have to blindly click `Sign in with SSO` without any clue as to what's hiding on the other
+side of the door. Some users will definitely not be familiar with `SSO` but will be with the concept of
+"Continue with Google" or similar.
+
+## Proposal
+
+We extend the [login
+flow](https://matrix.org/docs/spec/client_server/r0.6.1#login) to allow clients
+to choose an SSO Identity provider before control is handed over to the
+server. The following sequence diagram illustrates the proposed, updated, login flow:
+
+<!-- source for the following is in images/2858-seq-diagram.txt -->
+
+![Sequence diagram](https://user-images.githubusercontent.com/2403652/104897523-61fb4b00-5970-11eb-88f7-9fc0956b33a2.png)
+
+### Extensions to login flow discovery
+
+The response to [`GET /_matrix/client/r0/login`](https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-login)
+is extended to **optionally** include an `identity_providers` property for
+flows whose type `m.login.sso`. This would look like this:
+
+```json
+{
+    "flows": [
+        {
+            "type": "m.login.sso",
+            "identity_providers": [
+                {
+                    "id": "google",
+                    "name": "Google",
+                    "icon": "mxc://...",
+                    "brand": "google"
+                },
+                {
+                    "id": "github",
+                    "name": "Github",
+                    "icon": "mxc://...",
+                    "brand": "github"
+                }
+            ]
+        },
+        {
+            "type": "m.login.token"
+        }
+    ]
+}
+```
+
+The value of the `identity_providers` property is a list, each entry consisting
+of an object with the following fields:
+
+ * The `id` field is **required**. It is an opaque string chosen by the
+   homeserver implementation, and uniquely identifies the identity provider on
+   that server. Clients should not infer any semantic meaning from the
+   identifier. The identifier should be between 1 and 255 characters in length,
+   and should consist of the characters matching unreserved URI characters as
+   defined in [RFC3986](http://www.ietf.org/rfc/rfc3986.txt):
+
+   ```
+   ALPHA  DIGIT  "-" / "." / "_" / "~"
+   ```
+
+ * The `name` field is **required**. It should be a human readable string
+   intended for printing by the client. No explicit length limit or grammar is
+   specified.
+
+ * The `icon` field is **optional**. It should point to an icon representing
+   the IdP. If present then it must be an MXC URI to an image resource.
+
+ * The `brand` field is **optional**. It allows the client to style the login
+   button to suit a particular brand. It should be a string using the following
+   grammar:
+
+    * Must be at least one character and no more than 255 characters in length.
+    * Must start with one of the characters `[a-z]`, and be entirely composed
+      of the characters `[a-z]`, `[0-9]`, `-`, `_` and `.`.
+
+   To reduce confusion over which identifier should be used for each brand
+   (for example: should "Sign in with Microsoft" be `microsoft` or
+   `azure`?), it is proposed to maintain a registry of identifiers outside
+   the core specification document, avoiding the need for a full MSC to add
+   entries to the list. An initial list of proposed identifiers is given below.
+
+   [Rationale: this grammar is based on the
+   [MSC2758](https://github.com/matrix-org/matrix-doc/pull/2758), removing the
+   requirements for a namespaced heirarchy. In
+   [discussion](https://github.com/matrix-org/matrix-doc/pull/2858#discussion_r565506802),
+   it was agreed that a separate registry was seen as important for a
+   lightweight process by which implementations can agree on identifiers. The
+   registry makes the namespacing of MSC2758 redundant; the namespacing system
+   was also somewhat confusing.]
+
+   Server implementations are free to add additional brands, though they should
+   be mindful of clients which do not recognise any given brand.
+
+   Clients are free to implement any set of brands they wish, including all or
+   any of the brands listed in the registry, but are expected to apply a
+   sensible unbranded fallback for any brand they do not recognise/support.
+
+   Where `icon` and `brand` are both present, it is recommended that clients
+   which support the `brand` give precedence to `brand` over `icon`.
+
+### Extend the `/login/sso/redirect` endpoint
+
+A new endpoint is added to support redirecting directly to one of the IdPs:
+
+`GET /_matrix/client/r0/login/sso/redirect/{idp_id}`
+
+This would behave identically to the existing endpoint without the last argument
+except would allow the server to forward the user directly to the correct IdP.
+
+For the case of backwards compatibility the existing endpoint is to remain,
+and if the server supports multiple SSO IdPs it should offer the user a page
+which lets them choose between the available IdP options as a fallback.
+
+If the `idp_id` is unrecognised, the server should display some sort of error
+page to the user. (A protocol whereby an error can be returned to the original
+client could be a matter for a future improvement, but is out of scope for now.)
+
+### Notes on user-interactive auth
+
+No change is proposed to the SSO flow for User-Interactive Authentication.
+
+For a reauthentication operation, the server implementation is free to choose
+any suitable IdP to authenticate the user. (Often, this will simply be
+the IdP that the user logged in with.)
+
+### Proposed initial identifiers for the `brand` indentifier
+
+The following identifiers are proposed for the initial content of the `brand`
+identifier registry. The descriptions are guidelines to help server
+administrators pick a suitable brand identifier, and to help client authors
+style buttons in their clients.
+
+ * Identifier: `apple`
+
+   Description: Suitable for "Sign in with Apple": see
+   https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple/overview/buttons/.
+
+ * Identifier: `facebook`
+
+   Description: "Continue with Facebook": see
+   https://developers.facebook.com/docs/facebook-login/web/login-button/.
+
+ * Identifier: `github`
+
+   Description: Logos available at https://github.com/logos.
+
+ * Identifier: `gitlab`
+
+   Description: Logos available at https://about.gitlab.com/press/press-kit/.
+
+ * Identifier: `google`
+
+   Description: Suitable for "Google Sign-In": see
+   https://developers.google.com/identity/branding-guidelines.
+
+ * Identifier: `twitter`
+
+   Description: Suitable for "Log in with Twitter": see
+   https://developer.twitter.com/en/docs/authentication/guides/log-in-with-twitter#tab1.
+
+When considering a new identifier for private use, administrators should pick
+some sensible name following the advice of [RFC6648 sec
+3](https://tools.ietf.org/html/rfc6648#section-3).
+
+## Alternatives
+
+An alternative to the whole approach would be to allow `m.login.sso.$idp` but this forces
+treating an opaque identifier as hierarchical and offers worse backwards compatibility.
+
+An alternative to the proposed backwards compatibility plan where the server offers a
+fallback page which fills the gap and lets the user choose which SSO IdP they need is
+for the server to deterministically always pick one, maybe the first option and let
+old clients only auth via that one but that means potentially locking users out of their
+accounts.
+
+[MSC2964](https://github.com/matrix-org/matrix-doc/pull/2964) proposes
+replacing much of Matrix's authentication mechanism with OAuth2.0. If that is
+adopted, then the Matrix client would not be able to specify an authentication
+mechanism; rather it is left up to the server to host pages allowing the user
+to choose their authentication mechanism.
+
+### Styling information as an alternative to `brand`
+
+The `brand` field is intended to allow clients to style "login" buttons according
+to the identity provider in question. For example, a mobile application might
+show:
+
+![login buttons](images/2858-login.png)
+
+Some identity providers have very specific rules about how such buttons should
+be presented, so a fine level of control is important.
+
+An alternative way to achieve this would be for the server to give full details
+about the styling: icon, font colour, border colour, background colour,
+etc. However, this soon becomes unscalable. For example, it might be desirable
+to offer each logo at a range of resolutions to suit different screen sizes.
+Likewise, some brands need different styling depending on the background
+colour, so a complete second set of colours must be specified to account for
+dark or light themes.
+
+## Potential issues
+
+ * New Identity Providers added by server administators will be unbranded until
+   clients adopt support for the new brand.
+
+## Security considerations
+
+This could potentially aid phishing attacks by bad homeservers, where if the app says
+`Continue with Google` and then they are taken to a page which is styled to look like
+the Google login page they might be a tiny bit more susceptible to being phished as opposed
+as to when they click a more generic `Sign in with SSO` button, but this attack was possible
+anyhow using a different vector of a controlled Element/client instance which modifies
+the text.
+
+
+## Unstable prefix
+
+Whilst in development use `org.matrix.msc2858.identity_providers` for the flow
+discovery and
+`/_matrix/client/unstable/org.matrix.msc2858/login/sso/redirect/{idp_id}` for
+the new endpoints.
+
+When identity providers are listed under the experimental
+`org.matrix.msc2858.identity_providers` field of the response to `/login`,
+(instead of `identity_providers`), different values for the `brand` field are
+used. In particular the following were defined:
+
+  * `org.matrix.gitlab` (now `gitlab`).
+  * `org.matrix.github` (now `github`).
+  * `org.matrix.apple` (now `apple`).
+  * `org.matrix.google` (now `google`).
+  * `org.matrix.facebook` (now `facebook`).
+  * `org.matrix.twitter` (now `twitter`).
diff --git a/proposals/2874-single-ssss.md b/proposals/2874-single-ssss.md
new file mode 100644
index 00000000000..d7d312886f2
--- /dev/null
+++ b/proposals/2874-single-ssss.md
@@ -0,0 +1,62 @@
+# MSC2874: Single SSSS
+
+[Secure Secret Storage and
+Sharing](https://github.com/matrix-org/matrix-doc/pull/1946) (SSSS) was
+designed to allow the user to create multiple keys that would be able to
+decrypt different subsets of the secrets.  However, the vast majority of users
+do not need this feature.
+
+This proposal defines how clients should behave if they only wish to support a
+single key, by defining which key clients should use if multiple keys are
+present.  It also makes the `name` field in the `m.secret_storage.key.*` events
+optional, as this field was mainly added to allow a user to select between
+different keys.
+
+## Proposal
+
+If a client wants to present a simplified interface to users by not supporting
+multiple SSSS keys, then the client should use the default key (the key listed
+in the `m.secret_storage.default_key` account data event.)  If there is no
+default key the client may behave as if there is no SSSS key at all.  When such
+a client creates an SSSS key, it must mark that key as being the default key.
+
+The `name` field in the `m.secret_storage.key.*` account data events is
+optional, rather than required.  If a client wishes to display multiple keys to
+a user and a given key does not have a `name` field, the client may use a
+default name as the key's name, such as "Unnamed key", or "Default key" if the
+key is marked as default.
+
+For example, when a client creates a key with ID `abcdefg`, it will create an
+`m.secret_storage.key.abcdefg` account data event to store information about
+the key.  It will then mark it as the default key by setting the
+`m.secret_storage.default_key` account data to `{"key": "abcdefg"}`.  When
+another client logs in after this, it will see that the default key has been
+set, and will know to use that key as the SSSS key.
+
+## Potential issues
+
+If secrets are encrypted using a key that is not marked as default, a client
+might not decrypt the secrets, even if it would otherwise be able to.
+
+## Alternatives
+
+Rather than solely relying on the key marked as default, a client could guess
+at what key to use.  For example, it could look at the secrets that it needs,
+see what keys they are encrypted with, and if there is only one common key,
+then it could use that.  (This is what Element currently does.)  Or if there
+are multiple keys, it could use some sort of heuristic to pick a key.  However,
+this approach can be error-prone, and it is better to rely on an explicit
+marking.
+
+## Security considerations
+
+None
+
+## Unstable prefix
+
+An unstable prefix is not needed for a behaviour change in choosing the key to
+use as there are no event/endpoint changes.
+
+Some clients already omit the `name` field (notably, matrix-js-sdk
+unintentionally does this -- mea culpa), and this does not seem to be causing
+issues, so an unstable prefix seems unnecessary for this.
diff --git a/proposals/2918-refreshtokens.md b/proposals/2918-refreshtokens.md
new file mode 100644
index 00000000000..8caaef8fa6d
--- /dev/null
+++ b/proposals/2918-refreshtokens.md
@@ -0,0 +1,163 @@
+# MSC2918: Refresh tokens
+
+In Matrix, requests to the Client-Server API are currently authenticated using non-expiring, revocable access tokens.
+An access token might leak for various reasons, including:
+
+ - leaking from the server database (and its backups)
+ - intercepting it with a man-in-the-middle attack
+ - leaking from the client storage (and its backups)
+
+In the OAuth 2.0 world, this vector of attack is partly mitigated by having expiring access tokens with short lifetimes and rotating refresh tokens to renew them.
+This MSC adds support for expiring access tokens and introduces refresh tokens to renew them.
+A more [detailed rationale](#detailed-rationale) of what kind of attacks it mitigates lives at the end of this document.
+
+## Proposal
+
+Homeservers can choose to have access tokens expire after a short amount of time, forcing the client to renew them with a refresh token.
+A refresh token is issued on login and rotates on each usage.
+
+It allows homeservers to opt for signed and non-revocable access tokens (JWTs, Macaroon, etc.) for performance reasons if their expiration is short enough (less than 5 minutes).
+
+It is heavily recommended for clients to support refreshing tokens for additional security.
+They can advertise their support by adding a `"refresh_token": true` field in the request body on the `/login` and `/register` APIs.
+
+Handling of clients that do *not* support refreshing access tokens is up to individual homeserver deployments.
+For example, server administrators may choose to support such clients for backwards-compatibility, or to expire access tokens anyway for improved security at the cost of inferior user experience in legacy clients.
+
+If a client uses an access token that has expired, the server will respond with an `M_UNKNOWN_TOKEN` error, preferably with the `soft_logout` parameter set to `true` to improve the user experience in legacy clients.
+Thus, if a client receives an `M_UNKNOWN_TOKEN` error, and it has a refresh token available, it should no longer assume that it has been logged out, and instead attempt to refresh the token.
+If the client was in fact logged out, then the server will respond with an `M_UNKNOWN_TOKEN` error to the token refresh request, possibly with the `soft_logout` parameter set.
+
+### Login API changes
+
+The login API returns two additional fields:
+
+- `expires_in_ms`: The lifetime in milliseconds of the access token.
+- `refresh_token`: The refresh token, which can be used to obtain new access tokens.
+
+This also applies to logins done by application services.
+
+Both fields are optional.
+If `expires_in_ms` is missing, the client can assume the access token won't expire.
+If `refresh_token` is missing but `expires_in_ms` is present, the client can assume the access token will expire but it won't have a way to refresh the access token without re-logging in.
+
+Clients advertise their support for refreshing tokens by setting the `refresh_token` field to `true` in the request body.
+
+### Account registration API changes
+
+Unless `inhibit_login` is `true`, the account registration API returns two additional fields:
+
+- `expires_in_ms`: The lifetime in milliseconds of the access token.
+- `refresh_token`: The refresh token, which can be used to obtain new access tokens.
+
+This also applies to registrations done by application services.
+
+As in the login API, both field are optional.
+
+Clients advertise their support for refreshing tokens by setting the `refresh_token` field to `true` in the request body.
+
+### Token refresh API
+
+This API lets the client refresh the access token.
+A new refresh token is also issued.
+The existing refresh token remains valid until the new access token (or refresh token) is used, at which point it is revoked.
+This allows for the request to get lost in flight.
+The Matrix server can revoke the old access token right away, but does not have to since its lifetime is short enough that it will expire anyway soon after.
+
+`POST /_matrix/client/r0/refresh`
+
+```json
+{
+  "refresh_token": "aaaabbbbccccdddd"
+}
+```
+
+response:
+
+```json
+{
+  "access_token": "xxxxyyyyzzz",
+  "expires_in_ms": 60000,
+  "refresh_token": "eeeeffffgggghhhh"
+}
+```
+
+If the `refresh_token` is missing from the response, the client can assume the refresh token has not changed and use the same token in subsequent token refresh API requests.
+
+The `refresh_token` parameter can be invalid for two reasons:
+
+ - if it does not exist
+ - if it was already used once
+
+In both cases, the server must reply with a `401` HTTP status code and an `M_UNKNOWN_TOKEN` error code.
+This new use case of the `M_UNKNOWN_TOKEN` error code must be reflected in the spec.
+As with other endpoints, the server can include an extra `soft_logout` parameter in the response to signify the client it should do a soft logout.
+
+This new API should be rate-limited and does not require authentication since only the `refresh_token` parameter is needed.
+Identity assertion via the `user_id` query parameter as defined by the Application Service API specification is disabled on this endpoint.
+
+### Device handling
+
+The current spec states that "Matrix servers should record which device each access token is assigned to".
+This must be updated to reflect that devices are bound to a session, which are created during login and stays the same after refreshing the token.
+
+## Potential issues
+
+The refresh token being rotated on each refresh is strongly recommended in the OAuth 2.0 world for unauthenticated clients to avoid token replay attacks.
+This can however make the deployment of CLI tools for Matrix a bit harder, since the credentials can't be statically defined anymore.
+This is not an issue in OAuth 2.0 because usually CLI tools use the client credentials flow, also known as service accounts.
+An alternative would be to make the refresh token non-rotating for now but recommend clients to support rotation of refresh tokens and enforce it later on.
+
+## Alternatives
+
+This MSC defines a new endpoint for token refresh, but it could also be integrated as a new authentication mechanism.
+
+## Security considerations
+
+The time to live (TTL) of access tokens isn't enforced in this MSC but is advised to be kept relatively short.
+Servers might choose to have stateless, digitally signed access tokens (JWT are good examples of this), which makes them non-revocable.
+The TTL of access tokens should be around 15 minutes if they are revocable and should not exceed 5 minutes if they are not.
+
+## Unstable prefix
+
+While this MSC is not in a released version of the specification, clients should use the `org.matrix.msc2918.refresh_token` field in place of the `refresh_token` field in requests to the login and registration endpoints.
+The refresh token endpoint should be served and used using the unstable prefix: `POST /_matrix/client/unstable/org.matrix.msc2918/refresh`.
+
+## Detailed rationale
+
+This MSC does not aim to protect against a completely compromised client.
+More specifically, it does not protect against an attacker that managed to distribute an alternate, compromised version of the client to users.
+In contrast, it protects against a whole range of attacks where the access token and/or refresh token get leaked but the client isn't completely compromised.
+
+For example, those tokens can leak from user backups (user backs up his device on a NAS, the NAS gets compromised and leaks a backup of the client's secret storage), but one can assume those backups could be at least 5 min old.
+If the leak only includes the access token, it is useless to the attacker since it would have expired.
+If it also includes the refresh token, it is useless *if* the token was refreshed before (which will happen if the user just opens their Matrix client in between).
+
+Worst case scenario, the leaked refresh token is still valid: in this case, the attacker would consume the refresh token to get a valid access token, but when the original client tries to use the same refresh token, the homeserver can detect it, consider the session has been compromised, end the session and warn the user.
+
+This kind of attack also applies to leakage from the server, which could happen from database backups, for example.
+
+The important thing here is while it does not completely prevent attacks in case of a token leakage, it does make this range of attack a lot more time-sensitive and detectable.
+A homeserver will notice if a refresh token is being used twice.
+
+The IETF has interesting [guidelines for refresh tokens](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.13.2).
+They recommend that either:
+
+ - the refresh tokens are sender-bound and require client authentication (making token leakage completely useless if the client credentials are not leaked at the same time)
+ - or make them rotate to make the attack a lot harder, as described just above.
+
+Since all clients are "public" in the Matrix world, there are no client-bound credentials that could be used, hence the rotation of refresh tokens.
+
+---
+
+The other kind of scenario where this change makes sense is to help further changes in the homeservers.
+A good, recent example of this, is in Synapse v1.34.0 [they moved away from macaroons for access tokens](https://github.com/matrix-org/synapse/pull/5588) to random, shorter, saved in database tokens, similar to [what GitHub did recently](https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/).
+
+Because there is no refresh token mechanism in the C2S API, most Synapse instances now have a mix of the two formats of tokens, and for a long time.
+It makes it impossible to enforce the new format of tokens without invalidating all existing sessions, making it impossible to roll out changes like a web-app firewall in front of Synapse that verifies the shape and checksums of tokens even before reaching Synapse.
+
+---
+
+Lastly, expiring tokens already exist in Synapse (via the `session_lifetime` configuration parameter).
+Before this MSC, clients had no idea when the session would end and relied on the server replying with a 401 error with `soft_logout: true` in the response on a random request to trigger a soft logout and go through the authentication process again.
+A side effect of this MSC (although it could have been introduced separately) is that the login responses can now include a `expires_in_ms` to inform the clients when the token will expire.
diff --git a/proposals/2946-spaces-summary.md b/proposals/2946-spaces-summary.md
new file mode 100644
index 00000000000..fc0c136b8cc
--- /dev/null
+++ b/proposals/2946-spaces-summary.md
@@ -0,0 +1,389 @@
+# MSC2946: Spaces Summary
+
+This MSC depends on [MSC1772](https://github.com/matrix-org/matrix-doc/pull/1772), which
+describes why a Space is useful:
+
+> Collecting rooms together into groups is useful for a number of purposes. Examples include:
+>
+> * Allowing users to discover different rooms related to a particular topic: for example "official matrix.org rooms".
+> * Allowing administrators to manage permissions across a number of rooms: for example "a new employee has joined my company and needs access to all of our rooms".
+> * Letting users classify their rooms: for example, separating "work" from "personal" rooms.
+>
+> We refer to such collections of rooms as "spaces".
+
+This MSC attempts to solve how a member of a space discovers rooms in that space. This
+is useful for quickly exposing a user to many aspects of an entire community, using the
+examples above, joining the "official matrix.org rooms" space might suggest joining a few
+rooms:
+
+* A room to discuss development of the Matrix Spec.
+* An announcements room for news related to matrix.org.
+* An off-topic room for members of the space.
+
+## Proposal
+
+A new client-server API (and corresponding server-server API) is added which allows
+for querying for the rooms and spaces contained within a space. This allows a client
+to efficiently display a hierarchy of rooms to a user (i.e. without having
+to walk the full state of each room).
+
+### Client-server API
+
+An endpoint is provided to walk the space tree, starting at the provided room ID
+("the root room"), and visiting other rooms/spaces found via `m.space.child`
+events. It recurses into the children and into their children, etc.
+
+Any child room that the user is joined or is potentially joinable (per
+[MSC3173](https://github.com/matrix-org/matrix-doc/pull/3173)) is included in
+the response. When a room with a `type` of `m.space` is found, it is searched
+for valid `m.space.child` events to recurse into.
+
+In order to provide a consistent experience, the space tree should be walked in
+a depth-first manner, e.g. whenever a space is found it should be recursed into
+by sorting the children rooms and iterating through them.
+
+There could be loops in the returned child events; clients and servers should
+handle this gracefully. Similarly, note that a child room might appear multiple
+times (e.g. also be a grandchild). Clients and servers should handle this
+appropriately.
+
+This endpoint requires authentication and is subject to rate-limiting.
+
+#### Request format
+
+```text
+GET /_matrix/client/v1/rooms/{roomID}/hierarchy
+```
+
+Query Parameters:
+
+* **`suggested_only`**: Optional. If `true`, return only child events and rooms
+  where the `m.space.child` event has `suggested: true`.  Must be a  boolean,
+  defaults to `false`.
+
+  This applies transitively, i.e. if a `suggested_only` is `true` and a space is
+  not suggested then it should not be searched for children. The inverse is also
+  true, if a space is suggested, but a child of that space is not then the child
+  should not be included.
+* **`limit`**: Optional: a client-defined limit to the maximum
+  number of rooms to return per page. Must an integer greater than zero.
+
+  Server implementations should impose a maximum value to avoid resource
+  exhaustion.
+* **`max_depth`**: Optional: The maximum depth in the tree (from the root room)
+  to return. The deepest depth returned will not include children events. Defaults
+  to no-limit. Must be a non-negative integer.
+
+  Server implementations may wish to impose a maximum value to avoid resource
+  exhaustion.
+* **`from`**: Optional. Pagination token given to retrieve the next set of rooms.
+
+  Note that if a pagination token is provided, then the parameters given for
+  `suggested_only` and `max_depth` must be the same.
+
+#### Response Format
+
+* **`rooms`**: `[object]` For each room/space, starting with the root room, a
+  summary of that room. The fields are the same as those returned by
+  `/publicRooms` (see
+  [spec](https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-publicrooms)),
+  with the addition of:
+  * **`room_type`**: the value of the `m.type` field from the room's
+    `m.room.create` event, if any.
+  * **`children_state`**: The stripped state of the `m.space.child` events of
+    the room per [MSC3173](https://github.com/matrix-org/matrix-doc/pull/3173).
+    In addition to the standard stripped state fields, the following is included:
+    * **`origin_server_ts`**: `integer`. The `origin_server_ts` field from the
+      room's `m.space.child` event. This is required for sorting of rooms as
+      specified below.
+* **`next_batch`**: Optional `string`. The token to supply in the `from` param
+  of the next `/hierarchy` request in order to request more rooms. If this is absent,
+  there are no more results.
+
+#### Example request:
+
+```text
+GET /_matrix/client/v1/rooms/%21ol19s%3Ableecker.street/hierarchy?
+    limit=30&
+    suggested_only=true&
+    max_depth=4
+```
+
+#### Example response:
+
+```jsonc
+{
+    "rooms": [
+        {
+            "room_id": "!ol19s:bleecker.street",
+            "avatar_url": "mxc://bleecker.street/CHEDDARandBRIE",
+            "guest_can_join": false,
+            "name": "CHEESE",
+            "num_joined_members": 37,
+            "topic": "Tasty tasty cheese",
+            "world_readable": true,
+            "join_rules": "public",
+            "room_type": "m.space",
+            "children_state": [
+                {
+                    "type": "m.space.child",
+                    "state_key": "!efgh:example.com",
+                    "content": {
+                        "via": ["example.com"],
+                        "suggested": true
+                    },
+                    "room_id": "!ol19s:bleecker.street",
+                    "sender": "@alice:bleecker.street",
+                    "origin_server_ts": 1432735824653
+                },
+                { ... }
+            ]
+        },
+        { ... }
+    ],
+    "next_batch": "abcdef"
+}
+```
+
+#### Errors:
+
+An HTTP response with a status code of 403 and an error code of `M_FORBIDDEN`
+should be returned if the user doesn't have permission to view/peek the root room.
+This should also be returned if that room does not exist, which matches the
+behavior of other room endpoints (e.g.
+[`/_matrix/client/r0/rooms/{roomID}/aliases`](https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-rooms-roomid-aliases))
+to not divulge that a room exists which the user doesn't have permission to view.
+
+An HTTP response with a status code of 400 and an error code of `M_INVALID_PARAM`
+should be returned if the `from` token provided is unknown to the server or if
+the `suggested_only` or `max_depth` parameters are modified during pagination.
+
+#### Server behaviour
+
+The server should generate the response as discussed above, by doing a depth-first
+search (starting at the "root" room) for any `m.space.child` events. Any
+`m.space.child` with an invalid `via` are discarded (invalid is defined as in
+[MSC1772](https://github.com/matrix-org/matrix-doc/pull/1772): missing, not an
+array or an empty array).
+
+In the case of the homeserver not having access to the state of a room, the
+server-server API (see below) can be used to query for this information over
+federation from one of the servers provided in the `via` key of the
+`m.space.child` event. It is recommended to cache the federation response for a
+period of time. The federation results may contain information on a room
+that the requesting server is already participating in; the requesting server
+should use its local data for such rooms rather than the data returned over
+federation.
+
+When the current response page is full, the current state should be persisted
+and a pagination token should be generated (if there is more data to return).
+To prevent resource exhaustion, the server may expire persisted data that it
+deems to be stale.
+
+The persisted state will include:
+
+* The processed rooms.
+* Rooms to process (in depth-first order with rooms at the same depth
+  ordered [according to MSC1772, as updated to below](#msc1772-ordering)).
+* Room information from federation responses for rooms which have yet to be
+  processed.
+
+### Server-server API
+
+The Server-Server API has a similar interface to the Client-Server API, but a
+simplified response. It is used when a homeserver is not participating in a room
+(and cannot summarize room due to not having the state).
+
+The main difference is that it does *not* recurse into spaces and does not support
+pagination. This is somewhat equivalent to a Client-Server request with a `max_depth=1`.
+
+Additional federation requests are made to recurse into sub-spaces. This allows
+for trivially caching responses for a short period of time (since it is not
+easily known the room summary might have changed).
+
+Since the server-server API does not know the requesting user, the response should
+divulge information based on if any member of the requesting server could join
+the room. The requesting server is trusted to properly filter this information
+using the `world_readable`, `join_rules`, and `allowed_room_ids` fields from the
+response.
+
+If the target server is not a member of some children rooms (so would have to send
+another request over federation to inspect them), no attempt is made to recurse
+into them. They are simply omitted from the `children` key of the response.
+(Although they will still appear in the `children_state`key of the `room`.)
+
+Similarly, if a server-set limit on the size of the response is reached, additional
+rooms are not added to the response and can be queried individually.
+
+#### Request format
+
+```text
+GET /_matrix/federation/v1/hierarchy/{roomID}
+```
+
+Query Parameters:
+
+* **`suggested_only`**: The same as the Client-Server API.
+
+#### Response format
+
+The response format is similar to the Client-Server API:
+
+* **`room`**: `object` The summary of the requested room, see below for details.
+* **`children`**: `[object]` For each room/space, a summary of that room, see
+  below for details.
+* **`inaccessible_children`**: Optional `[string]`. A list of room IDs which are
+  children of the requested room, but are inaccessible to the requesting server.
+  Assuming the target server is non-malicious and well-behaved, then other
+  non-malicious servers should respond with the same set of inaccessible rooms.
+  Thus the requesting server can consider the rooms inaccessible from everywhere.
+
+  This is used to differentiate between rooms which the requesting server does
+  not have access to from those that the target server cannot include in the
+  response (which will simply be missing in the response).
+
+For both the `room` and `children` fields the summary of the room/space includes
+the fields returned by `/publicRooms` (see [spec](https://matrix.org/docs/spec/client_server/r0.6.0#post-matrix-client-r0-publicrooms)),
+with the addition of:
+
+* **`room_type`**: the value of the `m.type` field from the room's `m.room.create`
+  event, if any.
+* **`allowed_room_ids`**: A list of room IDs which give access to this room per
+  [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083).<sup id="a1">[1](#f1)</sup>
+
+#### Example request:
+
+```jsonc
+GET /_matrix/federation/v1/hierarchy/{roomID}?
+    suggested_only=true
+```
+
+#### Errors:
+
+An HTTP response with a status code of 404 and an error code of `M_NOT_FOUND` is
+returned if the target server is not a member of the requested room or the
+requesting server is not allowed to access the room.
+
+### MSC1772 Ordering
+
+[MSC1772](https://github.com/matrix-org/matrix-doc/pull/1772) defines the ordering
+of "default ordering of siblings in the room list" using the `order` key:
+
+> Rooms are sorted based on a lexicographic ordering of the Unicode codepoints
+> of the characters in `order` values. Rooms with no `order` come last, in
+> ascending numeric order of the `origin_server_ts` of their `m.room.create`
+> events, or ascending lexicographic order of their `room_id`s in case of equal
+> `origin_server_ts`. `order`s which are not strings, or do not consist solely
+> of ascii characters in the range `\x20` (space) to `\x7F` (~), or consist of
+> more than 50 characters, are forbidden and the field should be ignored if
+> received.
+
+Unfortunately there are situations when a homeserver comes across a reference to
+a child room that is unknown to it and must decide the ordering. Without being
+able to see the `m.room.create` event (which it might not have permission to see)
+no proper ordering can be given.
+
+Consider the following case of a space with 3 child rooms:
+
+```
+         Space A
+           |
+  +--------+--------+
+  |        |        |
+Room B   Room C   Room D
+```
+
+HS1 has users in Space A, Room B, and Room C, while HS2 has users in Room D. HS1 has no users
+in Room D (and thus has no state from it). Room B, C, and D do not have an
+`order` field set (and default to using the ordering rules above).
+
+When a user asks HS1 for the space summary with a `limit` equal to `2` it cannot
+fulfill this request since it is unsure how to order Room B, Room C, and Room D,
+but it can only return 2 of them. It *can* reach out over federation to HS2 and
+request a space summary for Room D, but this is undesirable:
+
+* HS1 might not have the permissions to know any  of the state of Room D, so might
+  receive a 404 error.
+* If we expand the example above to many rooms than this becomes expensive to
+  query a remote server simply for ordering.
+
+This proposes changing the ordering rules from MSC1772 to the following:
+
+> Rooms are sorted based on a lexicographic ordering of the Unicode codepoints
+> of the characters in `order` values. Rooms with no `order` come last, in
+> ascending numeric order of the `origin_server_ts` of their `m.space.child`
+> events, or ascending lexicographic order of their `room_id`s in case of equal
+> `origin_server_ts`. `order`s which are not strings, or do not consist solely
+> of ascii characters in the range `\x20` (space) to `\x7E` (~), or consist of
+> more than 50 characters, are forbidden and the field should be ignored if
+> received.
+
+This modifies the clause for calculating the order to use the `origin_server_ts`
+of the `m.space.child` event instead of the `m.room.create` event. This allows
+for a defined sorting of siblings based purely on the information available in
+the state of the space while still allowing for a natural ordering due to the
+age of the relationship.
+
+## Potential issues
+
+A large flat space (a single room with many `m.space.child` events) could cause
+a large federation response.
+
+Room version upgrades of rooms in a space are unsolved and left to a future MSC.
+When upgrading a room it is unclear if the old room should be removed (in which
+case users who have not yet joined the new room will no longer see it in the space)
+or leave the old room (in which case users who have joined the new room will see
+both). The current recommendation is for clients de-duplicate rooms which are
+known old versions of rooms in the space.
+
+## Alternatives
+
+Peeking to explore the room state could be used to build the tree of rooms/spaces,
+but this would be significantly more expensive for both clients and servers. It
+would also require peeking over federation (which is explored in
+[MSC2444](https://github.com/matrix-org/matrix-doc/pull/2444)).
+
+## Security considerations
+
+A space with many sub-spaces and rooms on different homeservers could cause
+a large number of federation requests. A carefully crafted space with inadequate
+server enforced limits could be used in a denial of service attack. Generally
+this is mitigated by enforcing server limits and caching of responses.
+
+The requesting server over federation is trusted to filter the response for the
+requesting user. The alternative, where the requesting server sends the requesting
+`user_id`, and the target server does the filtering, is unattractive because it
+rules out a caching of the result. This does not decrease security since a server
+could lie and make a request on behalf of a user in the proper space to see the
+given information. I.e. the calling server must be trusted anyway.
+
+## Unstable prefix
+
+During development of this feature it will be available at unstable endpoints.
+
+The client-server API will be:
+`/_matrix/client/unstable/org.matrix.msc2946/rooms/{roomID}/hierarchy`
+
+The server-server API will be:
+`/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/{roomID}`
+
+## Footnotes
+
+<a id="f1"/>[1]: As a worked example, in the context of
+[MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083), consider that Alice
+and Bob share a server; Alice is a member of a space, but Bob is not. A remote
+server will not know whether the request is on behalf of Alice or Bob (and hence
+whether it should share details of restricted rooms within that space).
+
+Consider if the space is modified to include a restricted room on a different server
+which allows access from the space. When summarizing the space, the homeserver must make
+a request over federation for information on the room. The response should include
+the room (since Alice is able to join it). Without additional information the
+calling server does not know *why* they received the room and cannot properly
+filter the returned results.
+
+Note that there are still potential situations where each server individually
+doesn't have enough information to properly return the full summary, but these
+do not seem reasonable in what is considered a normal structure of spaces. (E.g.
+in the above example, if the remote server is not in the space and does not know
+whether the server is in the space or not it cannot return the room.)[↩](#a1)
diff --git a/proposals/2998-rooms-v7.md b/proposals/2998-rooms-v7.md
new file mode 100644
index 00000000000..ec83793649e
--- /dev/null
+++ b/proposals/2998-rooms-v7.md
@@ -0,0 +1,26 @@
+# MSC2998: Room Version 7
+
+A new room version, `7`, is proposed using [room version 6](https://matrix.org/docs/spec/rooms/v6.html) as a base
+and incorporating the following MSCs:
+
+* [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403) - Add "knock" feature.
+
+Though other MSCs are capable of being included in this version, they do not have sufficient implementation to be
+considered for v7 rooms. A future room version may still include them.
+
+Room version 7 upon being added to the specification shall be considered stable. No other room versions are affected
+by this MSC. Before v7 can enter the specification, MSC2403 needs sufficient review to be eligible to enter the spec
+itself. This MSC is reserving the room version for use in broader testing of MSC2403 - this does not make MSC2403
+stable for use in most implementations.
+
+## A note on spec process
+
+The spec core team has accepted "knocking" as a concept, and is generally aligned on the ideas proposed by MSC2403. As
+such, we're going ahead with reserving a room version number early for some broader testing given MSC2403 is near to the
+point of being stable itself. Typically the team would declare a room version number once all the included MSCs are
+eligible for becoming stable, however in this case it's ideal to push ahead and reserve the version number.
+
+If MSC2403 were to be replaced or otherwise be rejected for some reason, we'd ultimately have a gap in room versions
+which might look weird but does not necessarily have an impact on the specification: room versions have no associative
+ordering, so skipping a perceived sequential version is valid. The sequential versioning is a human ideal, not one of
+the spec.
diff --git a/proposals/3069-guests-whoami.md b/proposals/3069-guests-whoami.md
new file mode 100644
index 00000000000..7666dfb2346
--- /dev/null
+++ b/proposals/3069-guests-whoami.md
@@ -0,0 +1,28 @@
+# MSC3069: Allow guests to use /account/whoami
+
+Currently the [/account/whoami](https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-account-whoami)
+endpoint does not mention anything about guests, which is a bit of an oversight. The implementation
+of the endpoint got created such that guest access was declined.
+
+## Proposal
+
+Guests are allowed to use `/account/whoami`. When a guest makes a request, the response will have
+an added `is_guest: true` field - this field is optional (default `false`) otherwise.
+
+## Potential issues
+
+None forseen. This corrects a mistake.
+
+## Alternatives
+
+None relevant.
+
+## Security considerations
+
+Guests will be able to know their user ID, as they would when they registered in the first place.
+
+## Unstable prefix
+
+While this MSC is not in a stable version of the specification, implementations should use
+`org.matrix.msc3069.is_guest` in place of `is_guest`. Callers should note that they might see
+`M_GUEST_ACCESS_FORBIDDEN` errors if the server is not implementing this MSC.
diff --git a/proposals/3083-restricted-rooms.md b/proposals/3083-restricted-rooms.md
new file mode 100644
index 00000000000..1caa9f97096
--- /dev/null
+++ b/proposals/3083-restricted-rooms.md
@@ -0,0 +1,291 @@
+# Restricting room membership based on membership in other rooms
+
+A desirable feature is to give room admins the power to restrict membership of
+their room based on the membership of one or more rooms.
+
+Potential usecases include:
+
+* Private spaces (allowing any member of a [MSC1772](https://github.com/matrix-org/matrix-doc/pull/1772)
+  space to join child rooms in that space), for example:
+
+  > members of the #doglovers:example.com space can join this room without an invitation<sup id="a1">[1](#f1)</sup>
+* Room upgrades for private rooms (instead of issuing invites to each user).
+* Allowing all users in a private room to be able to join a private breakout room.
+
+This does not preclude members from being directly invited to the room, which is
+still a useful discovery feature.
+
+## Proposal
+
+In a future room version a new `join_rule` (`restricted`) will be used to reflect
+a cross between `invite` and `public` join rules. The content of the join rules
+would include the rooms to trust for membership. For example:
+
+```json
+{
+    "type": "m.room.join_rules",
+    "state_key": "",
+    "content": {
+        "join_rule": "restricted",
+        "allow": [
+            {
+                "type": "m.room_membership",
+                "room_id": "!mods:example.org"
+            },
+            {
+                "type": "m.room_membership",
+                "room_id": "!users:example.org"
+            }
+        ]
+    }
+}
+```
+
+This means that a user must be a member of the `!mods:example.org` room or
+`!users:example.org` room in order to join without an invite<sup id="a2">[2](#f2)</sup>.
+Membership in a single allowed room is enough.
+
+If the `allow` key is an empty list (or not a list at all), then no users are
+allowed to join without an invite. Each entry is expected to be an object with the
+following keys:
+
+* `type`: `"m.room_membership"` to describe that we are allowing access via room
+  membership. Future MSCs may define other types.
+* `room_id`: The room ID to check the membership of.
+
+Any entries in the list which do not match the expected format are ignored. Thus,
+if all entries are invalid, the list behaves as if empty and all users without
+an invite are rejected.
+
+The `allow` key is to be protected when redacting an event.
+
+When a homeserver receives a `/join` request from a client or a `/make_join` /
+`/send_join` request from another homeserver, the request should only be permitted
+if the user is invited to this room, or is joined to one of the listed rooms. If
+the user is not a member of at least one of the rooms, the homeserver should return
+an error response with HTTP status code of 403 and an `errcode` of `M_FORBIDDEN`.
+
+It is possible for a resident homeserver (one which receives a `/make_join` /
+`/send_join` request) to not know if the user is in some of the allowed rooms (due
+to not participating in them). If the user is not in any of the allowed rooms that
+are known to the homeserver, and the homeserver is not participating in all listed
+rooms, then it should return an error response with HTTP status code of 400 with an `errcode` of `M_UNABLE_TO_AUTHORISE_JOIN`. The joining server should
+attempt to join via another resident homeserver. If the resident homeserver knows
+that the user is not in *any* of the allowed rooms it should return an error response
+with HTTP status code of 403 and an `errcode` of `M_FORBIDDEN`. Note that it is a
+configuration error if there are allowed rooms with no participating authorised
+servers.
+
+A chosen resident homeserver might also be unable to issue invites (which, as below,
+is a pre-requisite for generating a correctly-signed join event). In this case
+it should return an error response with HTTP status code of 400 and an `errcode`
+of `M_UNABLE_TO_GRANT_JOIN`. The joining server should attempt to join via another
+resident homeserver.
+
+From the perspective of the [auth rules](https://spec.matrix.org/unstable/rooms/v1/#authorization-rules),
+the `restricted` join rule has the same behavior as `public`, with the additional
+caveat that servers must ensure that, for `m.room.member` events with a `membership` of `join`:
+
+* The user's previous membership was `invite` or `join`, or
+* The join event has a valid signature from a homeserver whose users have the
+  power to issue invites.
+
+  When generating a join event for `/join` or `/make_join`, the server should
+  include the MXID of a local user who could issue an invite in the content with
+  the key `join_authorised_via_users_server`. The actual user chosen is arbitrary.
+
+The changes to the auth rules imply that:
+
+* A join event issued via `/send_join` is signed by not just the requesting
+  server, but also the resident server.<sup id="a3">[3](#f3)</sup>
+
+  In order for the joining server to receive the proper signatures the join
+  event will be returned via `/send_join` in the `event` field.
+* The auth chain of the join event needs to include events which prove
+  the homeserver can be issuing the join. This can be done by including:
+
+  * The `m.room.power_levels` event.
+  * The join event of the user specified in `join_authorised_via_users_server`.
+
+  It should be confirmed that the authorising user is in the room. (This
+  prevents situations where any homeserver could process the join, even if
+  they weren't in the room, under certain power level conditions.)
+
+The above creates a new restriction on the relationship between the resident
+servers used for `/make_join` and `/send_join` -- they must now both go to
+the same server (since the `join_authorised_via_users_server` is added in
+the call to `/make_join`, while the final signature is added during
+the call to `/send_join`). If a request to `/send_join` is received that includes
+an event from a different resident server it should return an error response with
+HTTP status code of 400.
+
+Note that the homeservers whose users can issue invites are trusted to confirm
+that the `allow` rules were properly checked (since this cannot easily be
+enforced over federation by event authorisation).<sup id="a4">[4](#f4)</sup>
+
+To better cope with joining via aliases, homeservers should use the list of
+authorised servers (not the list of candidate servers) when a user attempts to
+join a room.
+
+## Summary of the behaviour of join rules
+
+See the [join rules](https://matrix.org/docs/spec/client_server/r0.6.1#m-room-join-rules)
+specification for full details; the summary below is meant to highlight the differences
+between `public`, `invite`, and `restricted` from a user perspective. Note that
+all join rules are subject to `ban` and `server_acls`.
+
+* `public`: anyone can join, as today.
+* `invite`: only people with membership `invite` can join, as today.
+* `knock`: the same as `invite`, except anyone can knock. See
+  [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403).
+* `private`: This is reserved, but unspecified.
+* `restricted`: the same as `invite`, except users may also join if they are a
+  member of a room listed in the `allow` rules.
+
+## Security considerations
+
+Increased trust to enforce the join rules during calls to `/join`, `/make_join`,
+and `/send_join` is placed in the homeservers whose users can issue invites.
+Although it is possible for those homeservers to issue a join event in bad faith,
+there is no real-world benefit to doing this as those homeservers could easily
+side-step the restriction by issuing an invite first anyway.
+
+## Unstable prefix
+
+The `restricted` join rule will be included in a future room version to allow
+servers and clients to opt-into the new functionality.
+
+During development, an unstable room version of `org.matrix.msc3083.v2` will be used.
+Since the room version namespaces the behaviour, the `allow` key and value, as well
+as the `restricted` join rule value do not need unstable prefixes.
+
+An unstable key of `org.matrix.msc3083.v2.event` will be used in the response
+from `/send_join` in place of `event` during development.
+
+## Alternatives
+
+It may seem that just having the `allow` key with `public` join rules is enough
+(as originally suggested in [MSC2962](https://github.com/matrix-org/matrix-doc/pull/2962)),
+but there are concerns that changing the behaviour of a pre-existing `public`
+join rule may cause security issues in older implementations (that do not yet
+understand the new behaviour). This could be solved by introducing a new room
+version, thus it seems clearer to introduce a new join rule -- `restricted`.
+
+Using an `allow` key with the `invite` join rules to broaden who can join was rejected
+as an option since it requires weakening the [auth rules](https://spec.matrix.org/unstable/rooms/v1/#authorization-rules).
+From the perspective of the auth rules, the `restricted` join rule is identical
+to `public` with additional checks on the signature of the event.
+
+## Future extensions
+
+### Checking room membership over federation
+
+If a homeserver is not in an allowed room (and thus doesn't know the
+membership of it) then the server cannot enforce the membership checks while
+generating a join event. Peeking over federation, as described in
+[MSC2444](https://github.com/matrix-org/matrix-doc/pull/2444),
+could be used to establish if the user is in any of the proper rooms.
+
+This would then delegate power out to a (potentially) untrusted server, giving that
+peek server significant power. For example, a poorly chosen peek
+server could lie about the room membership and add an `@evil_user:example.org`
+to an allowed room to gain membership to a room.
+
+As iterated above, this MSC recommends rejecting the join, potentially allowing
+the requesting homeserver to retry via another homeserver.
+
+### Kicking users out when they leave the allowed room
+
+In the above example, suppose `@bob:server.example` leaves `!users:example.org`:
+should they be removed from the room? Likely not, by analogy with what happens
+when you switch the join rules from `public` to `invite`. Join rules currently govern
+joins, not existing room membership.
+
+It is left to a future MSC to consider this, but some potential thoughts are
+given below.
+
+If you assume that a user *should* be removed in this case, one option is to
+leave the departure up to Bob's server `server.example`, but this places a
+relatively high level of trust in that server. Additionally, if `server.example`
+were offline, other users in the room would still see Bob in the room (and their
+servers would attempt to send message traffic to it).
+
+Another consideration is that users may have joined via a direct invite, not via
+access through a room.
+
+Fixing this is thorny. Some sort of annotation on the membership events might
+help, but it's unclear what the desired semantics are:
+
+* Assuming that users in an allowed room are *not* kicked when that room is
+  removed from `allow`, are those users then given a pass to remain
+  in the room indefinitely? What happens if the room is added back to
+  `allow` and *then* the user leaves it?
+* Suppose a user joins a room via an allowed room (RoomA). Later, RoomB is added
+  to the `allow` list and RoomA is removed. What should happen when the
+  user leaves RoomB? Are they exempt from the kick?
+
+It is possible that completely different state should be kept, or a different
+`m.room.member` state could be used in a more reasonable way to track this.
+
+### Inheriting join rules
+
+If an allowed room is a space and you make a parent space invite-only, should that
+(optionally?) cascade into child rooms? This would have some of the same problems
+as inheriting power levels, as discussed in [MSC2962](https://github.com/matrix-org/matrix-doc/pull/2962).
+
+### Additional allow types
+
+Future MSCs may wish to define additional values for the `type` argument, potentially
+restricting access via:
+
+* MXIDs or servers.
+* A shared secret (room password).
+
+These are just examples and are not fully thought through for this MSC, but it should
+be possible to add these behaviors in the future.
+
+### Client considerations
+
+[MSC1772](https://github.com/matrix-org/matrix-doc/pull/1772) defines a `via`
+key in the content of `m.space.child` events:
+
+> the content must contain a via `key` which gives a list of candidate servers
+> that can be used to join the room.
+
+It is possible for the list of candidate servers and the list of authorised
+servers to diverge. It may not be possible for a user to join a room if there's
+no overlap between these lists.
+
+If there is some overlap between the lists of servers the join request should
+complete successfully.
+
+Clients should also consider the authorised servers when generating candidate
+servers to embed in links to the room, e.g. via matrix.to.
+
+A future MSC may define a way to override or update the `via` key in a coherent
+manner.
+
+## Footnotes
+
+<a id="f1"/>[1]: The converse restriction, "anybody can join, provided they are not members
+of the #catlovers:example.com space" is less useful since:
+
+1. Users in the banned room could simply leave it at any time
+2. This functionality is already partially provided by
+   [Moderation policy lists](https://matrix.org/docs/spec/client_server/r0.6.1#moderation-policy-lists). [↩](#a1)
+
+<a id="f2"/>[2]: Note that there is nothing stopping users sending and
+receiving invites in `public` rooms today, and they work as you might expect.
+The only difference is that you are not *required* to hold an invite when
+joining the room. [↩](#a2)
+
+<a id="f3"/>[3]: This seems like an improvement regardless since the resident server
+is accepting the event on behalf of the joining server and ideally this should be
+verifiable after the fact, even for current room versions. Requiring all events
+to be signed and verified in this way is left to a future MSC. [↩](#a3)
+
+<a id="f4"/>[4]: This has the downside of increased centralisation, as some
+homeservers that are already in the room may not issue a join event for another
+user on that server. (It must go through the `/make_join` / `/send_join` flow of
+a server whose users may issue invites.) This is considered a reasonable
+trade-off. [↩](#a4)
diff --git a/proposals/3122-deprecate-starting-verifications-without-request.md b/proposals/3122-deprecate-starting-verifications-without-request.md
new file mode 100644
index 00000000000..9a00699bd58
--- /dev/null
+++ b/proposals/3122-deprecate-starting-verifications-without-request.md
@@ -0,0 +1,40 @@
+# MSC3122: Deprecate starting key verifications without requesting first
+
+Currently, the [Key verification
+framework](https://spec.matrix.org/unstable/client-server-api/#key-verification-framework)
+allows a device to begin a verification via to-device messages by sending an
+`m.key.verification.start` event without first sending or receiving an
+`m.key.verification.request` message.  (The last sentence of the 5th paragraph
+of the Key verification framework in the unstable spec, as of the time of
+writing.)  However, doing so does not provide a good user experience, and
+allowing this adds unnecessary complexity to implementations.
+
+We propose to deprecate allowing this behaviour.
+
+Note that verifications in DMs do not allow this behaviour.  Currently, Element
+Web is the only client known to do this.
+
+## Proposal
+
+The ability to begin a key verification by sending an
+`m.key.verification.start` event as a to-device event without a prior
+`m.key.verification.request` is deprecated.  New clients should not begin
+verifications in this way, but will still need to accept verifications begun in
+this way, until it is removed from the spec.
+
+## Potential issues
+
+None.
+
+## Alternatives
+
+We could do nothing and leave it in the spec.  But we should clean up cruft when
+possible.
+
+## Security considerations
+
+None.
+
+## Unstable prefix
+
+No unstable prefix is required since we are simply deprecating behaviour.
diff --git a/proposals/3173-expose-stripped-state-events.md b/proposals/3173-expose-stripped-state-events.md
new file mode 100644
index 00000000000..830a9388a6c
--- /dev/null
+++ b/proposals/3173-expose-stripped-state-events.md
@@ -0,0 +1,195 @@
+# MSC3173: Expose stripped state events to any potential joiner
+
+It can be useful to view the partial state of a room before joining to allow a user
+to know *what* they're joining. For example, it improves the user experience to
+show the user the room name and avatar before joining.
+
+It is already allowed to partially view the room state without being joined to
+the room in some situations:
+
+* If the room has `history_visibility: world_readable`, then anyone can inspect
+  it (by calling `/state` on it).
+* Rooms in the [room directory](https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-publicrooms)
+  expose some of their state publicly.
+* [Invited users](https://matrix.org/docs/spec/server_server/r0.1.4#put-matrix-federation-v2-invite-roomid-eventid)
+  and [knocking users](https://github.com/matrix-org/matrix-doc/pull/2403)
+  receive stripped state events to display metadata to users.
+
+This MSC proposes formalizing that the stripped state that is currently available
+to invited and knocking users is available to any user who could potentially join
+a room. It also defines "stripped state" and consolidates the recommendation on
+which events to include in the stripped state.
+
+## Background
+
+When creating an invite it is [currently recommended](https://matrix.org/docs/spec/server_server/r0.1.4#put-matrix-federation-v2-invite-roomid-eventid)
+to include stripped state events which are useful for displaying the invite to a user:
+
+> An optional list of simplified events to help the receiver of the invite identify
+> the room. The recommended events to include are the join rules, canonical alias,
+> avatar, and name of the room.
+
+The invited user receives these [stripped state events](https://spec.matrix.org/unstable/client-server-api/#get_matrixclientr0sync)
+as part of the `/sync` response:
+
+> The state of a room that the user has been invited to. These state events may
+> only have the `sender`, `type`, `state_key` and `content` keys present. These
+> events do not replace any state that the client already has for the room, for
+> example if the client has archived the room.
+
+These are sent as part of the [`unsigned` content of the `m.room.member` event](https://spec.matrix.org/unstable/client-server-api/#mroommember)
+containing the invite.
+
+[MSC2403: Add "knock" feature](https://github.com/matrix-org/matrix-doc/pull/2403)
+extends this concept to also include the stripped state events in the `/sync` response
+for knocking users:
+
+> It is proposed to add a fourth possible key to rooms, called `knock`. Its value
+> is a mapping from room ID to room information. The room information is a mapping
+> from a key `knock_state` to another mapping with key events being a list of
+> `StrippedStateEvent`.
+
+It is also provides an extended rationale of why this is useful:
+
+> These stripped state events contain information about the room, most notably the
+> room's name and avatar. A client will need this information to show a nice
+> representation of pending knocked rooms. The recommended events to include are the
+> join rules, canonical alias, avatar, name and encryption state of the room, rather
+> than all room state. This behaviour matches the information sent to remote
+> homeservers when remote users are invited to a room.
+
+[MSC1772: Spaces](https://github.com/matrix-org/matrix-doc/pull/1772) additionally
+recommends including the `m.room.create` event as one of the stripped state events:
+
+> Join rules, invites and 3PID invites work as for a normal room, with the exception
+> that `invite_state` sent along with invites should be amended to include the
+> `m.room.create` event, to allow clients to discern whether an invite is to a
+> space-room or not.
+
+## Proposal
+
+The specification does not currently define what "stripped state" is or formally
+describe who can access it, instead it is specified that certain situations (e.g.
+an invite or knock) provide a potential joiner with the stripped state of a room.
+
+This MSC clarifies what "stripped state" is and formalizes who can access the
+stripped state of a room in future cases.
+
+Potential ways that a user might be able to join a room include, but are not
+limited to, the following mechanisms:
+
+* A room that has `join_rules` set to `public` or `knock`.
+* A room that the user is in possession of an invite to (regardless of the `join_rules`).
+
+This MSC proposes a formal definition for the stripped state of a room<sup id="a1">[1](#f1)</sup>:
+
+> The stripped state of a room is a list of simplified state events to help a
+> potential joiner identify the room. These state events may only have the
+> `sender`, `type`, `state_key` and `content` keys present.
+
+### Client behavior
+
+These events do not replace any state that the client already has for the room,
+for example if the client has archived the room. Instead the client should keep
+two separate copies of the state: the one from the stripped state and one from the
+archived state. If the client joins the room then the current state will be given
+as a delta against the archived state not the stripped state.
+
+### Server behavior
+
+It is recommended (although not required<sup id="a2">[2](#f2)</sup>) that
+homeserver implementations include the following events as part of the stripped
+state of a room:
+
+* Create event (`m.room.create`)<sup id="a3">[3](#f3)</sup>
+* Join rules (`m.room.join_rules`)
+* Canonical alias (`m.room.canonical_alias`)
+* Room avatar (`m.room.avatar`)
+* Room name (`m.room.name`)
+* Encryption information (`m.room.encryption`)<sup id="a4">[4](#f4)</sup>
+* Room topic (`m.room.topic`)<sup id="a5">[5](#f5)</sup>
+
+## Potential issues
+
+This is a formalization of current behavior and should not introduce new issues.
+
+## Alternatives
+
+A different approach would be to continue with what is done today for invites,
+knocking, the room directory: separately specify that a user is allowed to see
+the stripped state (and what events the stripped state should contain).
+
+## Security considerations
+
+This would allow for invisibly accessing the stripped state of a room with `public`
+or `knock` join rules.
+
+In the case of a public room, if the room has `history_visibility` set to `world_readable`
+then this is no change. Additionally, this information is already provided by the
+room directory (if the room is listed there). Otherwise, it is trivial to access
+the state of the room by joining, but currently users in the room would know
+that the join occurred.
+
+Similarly, in the case of knocking, a user is able to trivially access the
+stripped state of the room by knocking, but users in the room would know that
+the knock occurred.
+
+This does not seem to weaken the security expectations of either join rule.
+
+## Future extensions
+
+### Revisions to the room directory
+
+A future MSC could include additional information from the stripped state events
+in the [room directory](https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-publicrooms).
+The main missing piece seems to be the encryption information, but there may also
+be other pieces of information to include.
+
+### Additional ways to access the stripped state
+
+[MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946) proposes including
+the stripped state in the spaces summary. Not needing to rationalize what state
+can be included for a potential joiner would simplify this (and future) MSCs.
+
+### Additional ways to join a room
+
+[MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083) proposes a new
+join rule due to membership in a space. This MSC would clarify that the stripped
+state of a room is available to those joiners.
+
+### Dedicated API for accessing the stripped state
+
+Dedicated client-server and server-server APIs could be added to request the
+stripped state events, but that is considered out-of-scope for the current
+proposal.
+
+This API would allow any potential joiner to query for the stripped state. If
+the server does not know the room's state it would need to query other servers
+for it.
+
+## Unstable prefix
+
+N/A
+
+## Footnotes
+
+<a id="f1"/>[1]: No changes are proposed to
+[the definition of `history_visibility`](https://matrix.org/docs/spec/client_server/latest#room-history-visibility).
+The state of a room which is `world_readable` is available to anyone. This somewhat
+implies that the stripped state is also available to anyone, regardless of the join
+rules, but having a `world_readable`, `invite` room does not seem valuable. [↩](#a1)
+
+<a id="f2"/>[2]: Privacy conscious deployments may wish to limit the metadata
+available to users who are not in a room as the trade-off against user experience.
+There seems to be no reason to not allow this. [↩](#a2)
+
+<a id="f3"/>[3]: As updated in [MSC1772](https://github.com/matrix-org/matrix-doc/pull/1772). [↩](#a3)
+
+<a id="f4"/>[4]: The encryption information (`m.room.encryption`) is already sent
+from Synapse and generally seems useful for  a user to know before joining a room.
+[↩](#a4)
+
+<a id="f5"/>[5]: The room topic (`m.room.topic`) is included as part of the
+[room directory](https://matrix.org/docs/spec/client_server/latest#get-matrix-client-r0-publicrooms)
+response for public rooms. It is also planned to be included as part of [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)
+in the spaces summary response. [↩](#a5)
diff --git a/proposals/3231-token-authenticated-registration.md b/proposals/3231-token-authenticated-registration.md
new file mode 100644
index 00000000000..a86b9fbc53f
--- /dev/null
+++ b/proposals/3231-token-authenticated-registration.md
@@ -0,0 +1,138 @@
+# MSC3231: Token Authenticated Registration
+
+Currently, homeserver administrators must choose between allowing anyone to
+register and completely disabling registrations. This is a problem for
+administrators who want to let certain people have an account on their server,
+but do not want to register the accounts manually (possibly because the
+initial password may not be changed by the user).
+
+There are some existing external solutions (see the **Alternatives** section),
+but these require additional effort from administrators and are disconnected
+from Matrix clients. It would be useful for administrators to have a convenient
+method of limiting registrations to certain people which requires minimal setup
+and is integrated with existing clients.
+
+## Proposal
+
+The [/\_matrix/client/r0/register](https://matrix.org/docs/spec/client_server/r0.6.1#post-matrix-client-r0-register)
+endpoint uses the [User-Interactive Authentication API](https://matrix.org/docs/spec/client_server/r0.6.1#user-interactive-authentication-api).
+A new authentication type `m.login.registration_token` will be defined which requires
+a `token` key to be present in the submitted `auth` dict. The token will be a
+string of no more than 64 characters, and contain only characters matched by the
+regex `[A-Za-z0-9._~-]`.
+This will avoid URL encoding issues with the validity checking endpoint, and
+prevent DoS attacks from extremely long tokens.
+
+For example, when a client attempts registration with no `auth` dict, a server
+may respond with:
+
+```
+HTTP/1.1 401 Unauthorized
+
+{
+	"flows": [
+		{
+			"stages": [ "m.login.registration_token" ]
+		}
+	],
+	"params": {},
+	"session": "xxxxx"
+}
+```
+
+The client would then prompt the user to enter a token and send a new request
+with an `auth` dict:
+
+```
+POST /_matrix/client/r0/register
+
+{
+	"auth": {
+		"type": "m.login.registration_token",
+		"token": "fBVFdqVE",
+		"session": "xxxxx"
+	}
+	"device_id": "ABC",
+	"initial_device_display_name": "Some Client",
+	"password": "badpassword",
+	"username": "bob"
+}
+```
+
+If the server verifies that `fBVFdqVE` is a valid token then the account is
+registered as normal assuming all other required auth stages have been completed, otherwise a `401` status is returned. Once registration of
+the user has completed, the server may alter the validity of the token.
+For example, the token may be completely invalidated, or its number of permitted
+uses reduced. Management of the tokens is left to the server implementation.
+
+Using the User-Interactive Authentication API means clients' existing
+registration logic will be unaffected, with a fallback available for clients
+without native support for the new authentication type.
+
+
+### Checking the validity of a token
+
+A Client may wish to present username and password inputs only after it has
+checked the token is valid.
+
+Clients would be able to check the validity of a token in advance of
+registration with a `GET` request to
+`/_matrix/client/r0/register/m.login.registration_token/validity`.
+This endpoint would take a required `token` query parameter, and validity would be
+indicated by the boolean `valid` key in the response.
+
+For example, a client would send:
+
+```
+GET /_matrix/client/r0/register/m.login.registration_token/validity?token=abcd
+```
+
+If `abcd` is a valid token, the server would respond with:
+
+```
+HTTP/1.1 200 OK
+
+{
+	"valid": true
+}
+```
+
+This does not perform any actual authentication, and the validity of the token
+may change between the check and the User-Interactive Authentication.
+
+This endpoint should be rate limited in order to prevent dictionary attacks.
+
+## Potential issues
+
+The new authentication type would only apply to the
+`/_matrix/client/r0/register` endpoint. This should not cause problems, but it
+would be worth noting in any change to the specification.
+
+
+## Alternatives
+
+[matrix-registration](https://github.com/ZerataX/matrix-registration/) is an
+application which provides token management and a standalone web interface.
+It uses Synapse's admin API to do registrations.
+
+[Midnight](https://github.com/KombuchaPrivacy/midnight) sits in front of a
+homeserver and handles the `/_matrix/client/r0/register` endpoint. It provides
+token management and does additional checks on the requested username.
+Registration requests are forwarded to the homeserver once authenticated.
+It uses the User-Interactive Authentication API in a very similar way to this
+MSC, which could allow existing Matrix clients to be used.
+
+[matrix-register-bot](https://github.com/krombel/matrix-register-bot) is a
+Matrix bot which allows registrations done through the provided web interface
+to be accepted or denied by users in a certain room. When a registration is
+approved temporary credentials are sent to the user's verified email address.
+It can use Synapse's admin API or [matrix-synapse-rest-auth](https://github.com/kamax-matrix/matrix-synapse-rest-password-provider#integrate)
+to do the registration.
+
+
+## Unstable prefix
+
+Implementations should use `org.matrix.msc3231.login.registration_token` as the
+authentication type until this MSC has passed FCP and been merged.
+Similarly, `/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity`
+should be used as the endpoint for checking the validity of a token in advance.
diff --git a/proposals/3283-enable_set_displayname-capabilities.md b/proposals/3283-enable_set_displayname-capabilities.md
new file mode 100644
index 00000000000..e59746d8b5f
--- /dev/null
+++ b/proposals/3283-enable_set_displayname-capabilities.md
@@ -0,0 +1,46 @@
+# MSC3283: Expose enable_set_displayname, enable_set_avatar_url and enable_3pid_changes in capabilities response 
+
+Some home servers like [Synapse](https://github.com/matrix-org/synapse/blob/756fd513dfaebddd28bf783eafa95b4505ce8745/docs/sample_config.yaml#L1207) 
+can be configured to `enable_set_displayname: false`, `enable_set_avatar_url: false` or `enable_3pid_changes: false`. 
+To enable clients to handle that gracefully in the UI this setting should be exposed.
+
+## Proposal
+
+The `/_matrix/client/r0/capabilities` endpoint should be decorated to provide more information on capabilities.
+```jsonc
+{
+  "capabilities": {
+    "m.set_displayname": { "enabled": false },
+    "m.set_avatar_url": { "enabled": false },
+    "m.3pid_changes": { "enabled": false },
+    "m.room_versions": {...},
+  }
+}
+```
+As part of this MSC, a capability for each setting will be added that exposes the server setting:
+- `m.set_displayname`
+
+Whether users are allowed to change their displayname after it has been initially set. 
+Useful when provisioning users based on the contents of a third-party directory.
+
+- `m.set_avatar_url`
+
+Whether users are allowed to change their avatar after it has been initially set. 
+Useful when provisioning users based on the contents of a third-party directory.
+
+- `m.3pid_changes`
+
+Whether users can change the 3PIDs associated with their accounts
+(email address and msisdn).
+Useful when provisioning users based on the contents of a third-party directory.
+
+## Client recommendations
+When presenting profile settings, clients should use capabilities in order to display the correct UI.
+
+Capability should always be present.
+Servers should always send these capabilities. If they aren't (because the server does not support 
+a new enough spec version or for any other reason), clients should behave as if they were present and set to true.
+
+## Unstable prefix
+
+While this MSC is not considered stable, implementations should use `org.matrix.msc3283.` in place of `m.` throughout this proposal.
diff --git a/proposals/3288-pass_room_type_in_3pid_invite.md b/proposals/3288-pass_room_type_in_3pid_invite.md
new file mode 100644
index 00000000000..408573c08b1
--- /dev/null
+++ b/proposals/3288-pass_room_type_in_3pid_invite.md
@@ -0,0 +1,69 @@
+# MSC3288: Add room type to `/_matrix/identity/v2/store-invite` API
+
+Currently when inviting via 3pid, the Identity Server receives some information about the room,
+like for example the room name and avatar as well as the inviter name.
+This allows the identity server to generate a rich email to the invitee.
+
+Now that the matrix spec supports spaces, it would be nice to also provide this information to the identity server
+so that the email invite could be customized for spaces.  The current implementation would say wrongly that 
+you are invited to a room when the room is actually a space.
+
+The goal of this proposal is to make 3pid invites space aware.
+
+
+## Proposal
+
+Homeservers should also send the `room_type` to the identity server when performing a third party invite (__Invitation storage__).
+
+
+__Proposed change:__
+
+Add a new `room_type` field in json body of [`POST /_matrix/identity/v2/store-invite`](https://matrix.org/docs/spec/identity_service/r0.3.0#post-matrix-identity-v2-store-invite):
+
+| Parameter | Type | Description |
+|--|--|--|
+| room_type  | string  | The room type for the room to which the user is invited. This should be retrieved from the value of `type` in the `m.room.create` event's `content`. Do not include parameter if `type` is not present in `m.room.create`.
+
+````
+POST /_matrix/identity/v2/store-invite HTTP/1.1
+Content-Type: application/json
+
+{
+  "medium": "email",
+  "address": "foo@example.com",
+  "room_id": "!something:example.org",
+  "sender": "@bob:example.com",
+  "room_alias": "#somewhere:exmaple.org",
+  "room_avatar_url": "mxc://example.org/s0meM3dia",
+  "room_join_rules": "public",
+  "room_name": "The Bob Project",
+  "room_type": "m.space",
+  "sender_display_name": "Bob Smith",
+  "sender_avatar_url": "mxc://example.org/an0th3rM3dia"
+}
+````
+
+The identity server could then use room type to customize the email depending on the room type.
+
+__Email Generation__
+
+The link in the generated email should also pass over the `room_type` to clients ( like it is doing for 
+`inviter_name`, `room_name`, `room_avatar`)
+
+## Potential issues
+
+None.
+
+
+## Security considerations
+
+None.
+
+## Unstable prefix
+
+The following mapping will be used for identifiers in this MSC during development:
+
+
+Proposed final identifier       | Purpose | Development identifier
+------------------------------- | ------- | ----
+`room_type` | POST body | `org.matrix.msc3288.room_type`
diff --git a/proposals/3289-rooms-v8.md b/proposals/3289-rooms-v8.md
new file mode 100644
index 00000000000..7212e0a8cc3
--- /dev/null
+++ b/proposals/3289-rooms-v8.md
@@ -0,0 +1,15 @@
+# MSC3289: Room Version 8
+
+A new room version, `8`, is proposed using [room version 7](https://spec.matrix.org/unstable/rooms/v7/)
+as a base and incorporating the following MSCs:
+
+* [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083) - Restricting room
+  membership based on membership in other rooms
+
+Though other MSCs are capable of being included in this version, they do not have
+sufficient implementation to be considered for this room version. A future room
+version may include them.
+
+Room version `8` upon being added to the specification shall be considered stable.
+No other room versions are affected by this MSC. Before room version `8` can enter
+the specification, MSC3083 needs to complete its final comment period.
diff --git a/proposals/3316-appservice-timestamp-massaging.md b/proposals/3316-appservice-timestamp-massaging.md
new file mode 100644
index 00000000000..b954e59a12e
--- /dev/null
+++ b/proposals/3316-appservice-timestamp-massaging.md
@@ -0,0 +1,51 @@
+# Proposal to add timestamp massaging to the spec
+Bridges often want to override message timestamps to preserve the timestamps from
+the remote network. The spec used to have a concept of [timestamp massaging], but
+it was excluded from the release due to not being properly specified. Synapse
+still implements it and it is widely used in bridges.
+
+[MSC2716] was originally going to add timestamp massaging to the spec, but it
+pivoted to focusing solely on batch sending history. This MSC simply copies the
+proposed `ts` query param from the [original MSC2716].
+
+[timestamp massaging]: https://matrix.org/docs/spec/application_service/r0.1.2#timestamp-massaging
+[MSC2716]: https://github.com/matrix-org/matrix-doc/pull/2716
+[original MSC2716]: https://github.com/matrix-org/matrix-doc/blob/94514392b118dfae8ee6840b13b83d2f8ce8fcfc/proposals/2716-importing-history-into-existing-rooms.md
+
+## Proposal
+As per the original version of MSC2716:
+
+> We let the AS API override ('massage') the `origin_server_ts` timestamp
+> applied to sent events. We do this by adding a `ts` querystring parameter on
+> the `PUT /_matrix/client/r0/rooms/{roomId}/send/{eventType}/{txnId}`
+> and `PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}`
+> endpoints, specifying the value to apply to `origin_server_ts` on the event
+> (UNIX epoch milliseconds).
+>
+> We consciously don't support the `ts` parameter on the various helper
+> syntactic-sugar APIs like /kick and /ban. If a bridge/bot is smart enough to
+> be faking history, it is already in the business of dealing with raw events,
+> and should not be using the syntactic sugar APIs.
+
+The spec should also make it clear that the `ts` query param won't affect DAG
+ordering, and MSC2716's batch sending should be used when the intention is to
+insert history somewhere else than the end of the room.
+
+## Potential issues
+None.
+
+## Alternatives
+The new MSC2716 could technically be considered an alternative, but it can only
+be used for history, while this proposal also supports overriding timestamps of
+new messages. In practice, bridges will likely use both: Batch sending for
+filling history and timestamp massaging for new messages.
+
+## Security considerations
+Timestamps should already be considered untrusted over federation, and
+application services are trusted server components, so allowing appservices
+to override timestamps does not create any new security considerations.
+
+## Unstable prefix
+`org.matrix.msc3316.ts` may be used as the query parameter. However, the `ts`
+parameter is already used in production for the `/send` endpoint, which means
+the unstable prefix should only be used for the `/state` endpoint.
diff --git a/proposals/images/2858-login.png b/proposals/images/2858-login.png
new file mode 100644
index 00000000000..0d0a06f618c
Binary files /dev/null and b/proposals/images/2858-login.png differ
diff --git a/pyproject.toml b/pyproject.toml
index 060a44fc9db..19a6ee8b5ae 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,7 +1,7 @@
 [ tool.gilesbot ]
 
   [ tool.gilesbot.circleci_artifacts.docs ]
-    url = "gen/index.html"
+    url = "public/index.html"
     message = "Click details to preview the HTML documentation."
 
   [ tool.gilesbot.circleci_artifacts.swagger ]
diff --git a/event-schemas/check_examples.py b/scripts/check-event-schema-examples.py
similarity index 86%
rename from event-schemas/check_examples.py
rename to scripts/check-event-schema-examples.py
index 31daa478315..0eca7abf99d 100755
--- a/event-schemas/check_examples.py
+++ b/scripts/check-event-schema-examples.py
@@ -117,6 +117,11 @@ def check_example_dir(exampledir, schemadir):
             schemapath = examplepath.replace(exampledir, schemadir)
             if schemapath.find("$") >= 0:
                 schemapath = schemapath[:schemapath.find("$")]
+            # Automatically correct for file extension being stripped off
+            if not schemapath.endswith(".yaml"):
+                schemapath += ".yaml"
+            if not examplepath.endswith(".yaml"):
+                examplepath += ".yaml"
             try:
                 check_example_file(examplepath, schemapath)
             except Exception as e:
@@ -128,7 +133,14 @@ def check_example_dir(exampledir, schemadir):
 
 
 if __name__ == '__main__':
+    # Get the directory that this script is residing in
+    script_directory = os.path.dirname(os.path.realpath(__file__))
+
+    # Resolve the directories to check, relative to the script path
+    examples_directory = os.path.join(script_directory, "../data/event-schemas/examples")
+    schema_directory = os.path.join(script_directory, "../data/event-schemas/schema")
+
     try:
-        check_example_dir("examples", "schema")
+        check_example_dir(examples_directory, schema_directory)
     except:
         sys.exit(1)
diff --git a/api/check_examples.py b/scripts/check-swagger-sources.py
similarity index 69%
rename from api/check_examples.py
rename to scripts/check-swagger-sources.py
index 94f3495e3c6..df99b7c004d 100755
--- a/api/check_examples.py
+++ b/scripts/check-swagger-sources.py
@@ -108,13 +108,36 @@ def check_swagger_file(filepath):
 
 
 def resolve_references(path, schema):
+    """Recurse through a given schema until we find a $ref key. Upon doing so,
+    check that the referenced file exists, then load it up and check all of the
+    references in that file. Continue on until we've hit all dead ends.
+
+    $ref values are deleted from schemas as they are validated, to prevent
+    duplicate work.
+    """
     if isinstance(schema, dict):
         # do $ref first
         if '$ref' in schema:
-            value = schema['$ref']
-            path = os.path.abspath(os.path.join(os.path.dirname(path), value))
-            ref = load_file("file://" + path)
-            result = resolve_references(path, ref)
+            # Pull the referenced filepath from the schema
+            referenced_file = schema['$ref']
+
+            # Referenced filepaths are relative, so take the current path's
+            # directory and append the relative, referenced path to it.
+            inner_path = os.path.join(os.path.dirname(path), referenced_file)
+
+            # Then convert the path (which may contiain '../') into a
+            # normalised, absolute path
+            inner_path = os.path.abspath(inner_path)
+
+            # Load the referenced file
+            ref = load_file("file://" + inner_path)
+
+            # Check that the references in *this* file are valid
+            result = resolve_references(inner_path, ref)
+
+            # They were valid, and so were the sub-references. Delete
+            # the reference here to ensure we don't pass over it again
+            # when checking other files
             del schema['$ref']
         else:
             result = {}
@@ -143,15 +166,22 @@ def load_file(path):
 
 
 if __name__ == '__main__':
-    paths = sys.argv[1:]
-    if not paths:
-        paths = []
-        for (root, dirs, files) in os.walk(os.curdir):
-            for filename in files:
-                if filename.endswith(".yaml"):
-                    paths.append(os.path.join(root, filename))
-    for path in paths:
-        try:
-            check_swagger_file(path)
-        except Exception as e:
-            raise ValueError("Error checking file %r" % (path,), e)
+    # Get the directory that this script is residing in
+    script_directory = os.path.dirname(os.path.realpath(__file__))
+
+    # Resolve the directory containing the swagger sources,
+    # relative to the script path
+    source_files_directory = os.path.realpath(os.path.join(script_directory, "../data"))
+
+    # Walk the source path directory, looking for YAML files to check
+    for (root, dirs, files) in os.walk(source_files_directory):
+        for filename in files:
+            if not filename.endswith(".yaml"):
+                continue
+
+            path = os.path.join(root, filename)
+
+            try:
+                check_swagger_file(path)
+            except Exception as e:
+                raise ValueError("Error checking file %s" % (path,), e)
diff --git a/scripts/continuserv/README.md b/scripts/continuserv/README.md
deleted file mode 100644
index 40321bb6216..00000000000
--- a/scripts/continuserv/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-continuserv proactively re-generates the spec on filesystem changes, and serves
-it over HTTP. For notes on using it, see [the main
-readme](../../README.rst#continuserv).
diff --git a/scripts/continuserv/index.html b/scripts/continuserv/index.html
deleted file mode 100644
index 24ed7ecbb0e..00000000000
--- a/scripts/continuserv/index.html
+++ /dev/null
@@ -1,15 +0,0 @@
-<head>
-<script>
-window.onload = function() {
-    var url = new URL(window.location);
-    url.pathname += "api-docs.json";
-    var newLoc = "http://petstore.swagger.io/?url=" + encodeURIComponent(url);
-    document.getElementById("apidocs").href = newLoc;
-};
-</script>
-</head>
-<body><ul>
-<li><a id="apidocs">api docs</a></li>
-<li><a href="index.html">spec</a></li>
-</ul>
-</body>
diff --git a/scripts/continuserv/main.go b/scripts/continuserv/main.go
deleted file mode 100644
index 1bd07e6ef2f..00000000000
--- a/scripts/continuserv/main.go
+++ /dev/null
@@ -1,274 +0,0 @@
-// continuserv proactively re-generates the spec on filesystem changes, and serves it over HTTP.
-// It will always serve the most recent version of the spec, and may block an HTTP request until regeneration is finished.
-// It does not currently pre-empt stale generations, but will block until they are complete.
-package main
-
-import (
-	"bytes"
-	"flag"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	fsnotify "gopkg.in/fsnotify/fsnotify.v1"
-)
-
-var (
-	port = flag.Int("port", 8000, "Port on which to serve HTTP")
-
-	mu      sync.Mutex   // Prevent multiple updates in parallel.
-	toServe atomic.Value // Always contains a bytesOrErr. May be stale unless wg is zero.
-
-	wgMu sync.Mutex     // Prevent multiple calls to wg.Wait() or wg.Add(positive number) in parallel.
-	wg   sync.WaitGroup // Indicates how many updates are pending.
-)
-
-func main() {
-	flag.Parse()
-
-	w, err := fsnotify.NewWatcher()
-	if err != nil {
-		log.Fatalf("Error making watcher: %v", err)
-	}
-
-	dir, err := os.Getwd()
-	if err != nil {
-		log.Fatalf("Error getting wd: %v", err)
-	}
-	for ; !exists(path.Join(dir, ".git")); dir = path.Dir(dir) {
-		if dir == "/" {
-			log.Fatalf("Could not find git root")
-		}
-	}
-
-	walker := makeWalker(dir, w)
-	paths := []string{"api", "changelogs", "event-schemas", "scripts",
-		"specification", "schemas", "data-definitions"}
-
-	for _, p := range paths {
-		filepath.Walk(path.Join(dir, p), walker)
-	}
-
-	wg.Add(1)
-	populateOnce(dir)
-
-	ch := make(chan struct{}, 100) // Buffered to ensure we can multiple-increment wg for pending writes
-	go doPopulate(ch, dir)
-
-	go watchFS(ch, w)
-	fmt.Printf("Listening on port %d\n", *port)
-	http.HandleFunc("/", serve)
-	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
-
-}
-
-func watchFS(ch chan struct{}, w *fsnotify.Watcher) {
-	for {
-		select {
-		case e := <-w.Events:
-			if filter(e) {
-				fmt.Printf("Noticed change to %s, re-generating spec\n", e.Name)
-				ch <- struct{}{}
-			}
-		}
-	}
-}
-
-func makeWalker(base string, w *fsnotify.Watcher) filepath.WalkFunc {
-	return func(path string, i os.FileInfo, err error) error {
-		if err != nil {
-			log.Fatalf("Error walking: %v", err)
-		}
-		if !i.IsDir() {
-			// we set watches on directories, not files
-			return nil
-		}
-
-		rel, err := filepath.Rel(base, path)
-		if err != nil {
-			log.Fatalf("Failed to get relative path of %s: %v", path, err)
-		}
-
-		// Normalize slashes
-		rel = filepath.ToSlash(rel)
-
-		// skip a few things that we know don't form part of the spec
-		if rel == "api/node_modules" ||
-			rel == "scripts/gen" ||
-			rel == "scripts/tmp" {
-			return filepath.SkipDir
-		}
-
-		// log.Printf("Adding watch on %s", path)
-		if err := w.Add(path); err != nil {
-			log.Fatalf("Failed to add watch on %s: %v", path, err)
-		}
-		return nil
-	}
-}
-
-// Return true if event should trigger re-population
-func filter(e fsnotify.Event) bool {
-	// vim is *really* noisy about how it writes files
-	if e.Op != fsnotify.Write {
-		return false
-	}
-
-	_, fname := filepath.Split(e.Name)
-
-	// Avoid some temp files that vim or emacs writes
-	if strings.HasSuffix(e.Name, "~") || strings.HasSuffix(e.Name, ".swp") || strings.HasPrefix(fname, ".") ||
-		(strings.HasPrefix(fname, "#") && strings.HasSuffix(fname, "#")) {
-		return false
-	}
-
-	// Forcefully ignore directories we don't care about (Windows, at least, tries to notify about some directories)
-	filePath := filepath.ToSlash(e.Name) // normalize slashes
-	if strings.Contains(filePath, "/scripts/tmp") ||
-		strings.Contains(filePath, "/scripts/gen") ||
-		strings.Contains(filePath, "/api/node_modules") {
-		return false
-	}
-
-	return true
-}
-
-func serve(w http.ResponseWriter, req *http.Request) {
-	wgMu.Lock()
-	wg.Wait()
-	wgMu.Unlock()
-
-	m := toServe.Load().(bytesOrErr)
-	if m.err != nil {
-		w.Header().Set("Content-Type", "text/plain")
-		w.Write([]byte(m.err.Error()))
-		return
-	}
-
-	ok := true
-	var b []byte
-
-	file := req.URL.Path
-	if file[0] == '/' {
-		file = file[1:]
-	}
-	b, ok = m.bytes[filepath.FromSlash(file)] // de-normalize slashes
-
-	if ok && file == "api-docs.json" {
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-	}
-
-	if ok {
-		w.Header().Set("Content-Type", "text/html")
-		w.Write([]byte(b))
-		return
-	}
-	w.Header().Set("Content-Type", "text/plain")
-	w.WriteHeader(404)
-	w.Write([]byte("Not found"))
-}
-
-func generate(dir string) (map[string][]byte, error) {
-	cmd := exec.Command("python", "gendoc.py")
-	cmd.Dir = path.Join(dir, "scripts")
-	var b bytes.Buffer
-	cmd.Stderr = &b
-	err := cmd.Run()
-	if err != nil {
-		return nil, fmt.Errorf("error generating spec: %v\nOutput from gendoc:\n%v", err, b.String())
-	}
-
-	// cheekily dump the swagger docs into the gen directory so that it is
-	// easy to serve
-	cmd = exec.Command("python", "dump-swagger.py", "-o", "gen/api-docs.json")
-	cmd.Dir = path.Join(dir, "scripts")
-	cmd.Stderr = &b
-	if err := cmd.Run(); err != nil {
-		return nil, fmt.Errorf("error generating api docs: %v\nOutput from dump-swagger:\n%v", err, b.String())
-	}
-
-	files := make(map[string][]byte)
-	base := path.Join(dir, "scripts", "gen")
-	walker := func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if info.IsDir() {
-			return nil
-		}
-
-		rel, err := filepath.Rel(base, path)
-		if err != nil {
-			return fmt.Errorf("Failed to get relative path of %s: %v", path, err)
-		}
-
-		bytes, err := ioutil.ReadFile(path)
-		if err != nil {
-			return err
-		}
-		files[rel] = bytes
-		return nil
-	}
-
-	if err := filepath.Walk(base, walker); err != nil {
-		return nil, fmt.Errorf("error reading spec: %v", err)
-	}
-
-	// load the special index
-	indexpath := path.Join(dir, "scripts", "continuserv", "index.html")
-	bytes, err := ioutil.ReadFile(indexpath)
-	if err != nil {
-		return nil, fmt.Errorf("error reading index: %v", err)
-	}
-	files[""] = bytes
-
-	return files, nil
-}
-
-func populateOnce(dir string) {
-	defer wg.Done()
-	mu.Lock()
-	defer mu.Unlock()
-
-	files, err := generate(dir)
-	toServe.Store(bytesOrErr{files, err})
-}
-
-func doPopulate(ch chan struct{}, dir string) {
-	var pending int
-	for {
-		select {
-		case <-ch:
-			if pending == 0 {
-				wgMu.Lock()
-				wg.Add(1)
-				wgMu.Unlock()
-			}
-			pending++
-		case <-time.After(10 * time.Millisecond):
-			if pending > 0 {
-				pending = 0
-				populateOnce(dir)
-			}
-		}
-	}
-}
-
-func exists(path string) bool {
-	_, err := os.Stat(path)
-	return !os.IsNotExist(err)
-}
-
-type bytesOrErr struct {
-	bytes map[string][]byte // filename -> contents
-	err   error
-}
diff --git a/scripts/contrib/shell.nix b/scripts/contrib/shell.nix
deleted file mode 100644
index 7bdcdffabc3..00000000000
--- a/scripts/contrib/shell.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-with import <nixpkgs> {};
-
-(python.buildEnv.override {
-  extraLibs = with pythonPackages;
-    [ docutils pyyaml jinja2 pygments ];
-}).env
diff --git a/scripts/css/nature.css b/scripts/css/nature.css
index 771e40b221d..69169129566 100644
--- a/scripts/css/nature.css
+++ b/scripts/css/nature.css
@@ -290,3 +290,6 @@ div.admonition-example {
     border: 1px solid #ccc;
 }
 
+div#table-of-contents ul {
+    list-style-type: none;
+}
diff --git a/scripts/dump-swagger.py b/scripts/dump-swagger.py
index 232ca8adcce..68a9356aa32 100755
--- a/scripts/dump-swagger.py
+++ b/scripts/dump-swagger.py
@@ -31,7 +31,7 @@
 
 scripts_dir = os.path.dirname(os.path.abspath(__file__))
 templating_dir = os.path.join(scripts_dir, "templating")
-api_dir = os.path.join(os.path.dirname(scripts_dir), "api")
+api_dir = os.path.join(os.path.dirname(scripts_dir), "data", "api")
 
 sys.path.insert(0, templating_dir)
 
@@ -98,10 +98,9 @@
             path = (basePath + path).replace('%CLIENT_MAJOR_VERSION%',
                                              major_version)
             for method, spec in methods.items():
-                if "tags" in spec.keys():
-                    if path not in output["paths"]:
-                        output["paths"][path] = {}
-                    output["paths"][path][method] = spec
+                if path not in output["paths"]:
+                    output["paths"][path] = {}
+                output["paths"][path][method] = spec
 
 print("Generating %s" % output_file)
 
diff --git a/scripts/gendoc.py b/scripts/gendoc.py
deleted file mode 100755
index 7e68ccd7348..00000000000
--- a/scripts/gendoc.py
+++ /dev/null
@@ -1,561 +0,0 @@
-#! /usr/bin/env python
-
-# Copyright 2016 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from argparse import ArgumentParser
-from docutils.core import publish_file
-import copy
-import fileinput
-import glob
-import os
-import os.path
-import re
-import shutil
-import subprocess
-import sys
-import yaml
-
-script_dir = os.path.dirname(os.path.abspath(__file__))
-docs_dir = os.path.dirname(script_dir)
-spec_dir = os.path.join(docs_dir, "specification")
-tmp_dir = os.path.join(script_dir, "tmp")
-changelog_dir = os.path.join(docs_dir, "changelogs")
-
-VERBOSE = False
-
-"""
-Read a RST file and replace titles with a different title level if required.
-Args:
-    filename: The name of the file being read (for debugging)
-    file_stream: The open file stream to read from.
-    title_level: The integer which determines the offset to *start* from.
-    title_styles: An array of characters detailing the right title styles to use
-                  e.g. ["=", "-", "~", "+"]
-Returns:
-    string: The file contents with titles adjusted.
-Example:
-    Assume title_styles = ["=", "-", "~", "+"], title_level = 1, and the file
-    when read line-by-line encounters the titles "===", "---", "---", "===", "---".
-    This function will bump every title encountered down a sub-heading e.g.
-    "=" to "-" and "-" to "~" because title_level = 1, so the output would be
-    "---", "~~~", "~~~", "---", "~~~". There is no bumping "up" a title level.
-"""
-def load_with_adjusted_titles(filename, file_stream, title_level, title_styles):
-    rst_lines = []
-
-    prev_line_title_level = 0 # We expect the file to start with '=' titles
-    file_offset = None
-    prev_non_title_line = None
-    for i, line in enumerate(file_stream):
-        if (prev_non_title_line is None
-            or not is_title_line(prev_non_title_line, line, title_styles)
-        ):
-            rst_lines.append(line)
-            prev_non_title_line = line
-            continue
-
-        line_title_style = line[0]
-        line_title_level = title_styles.index(line_title_style)
-
-        # Not all files will start with "===" and we should be flexible enough
-        # to allow that. The first title we encounter sets the "file offset"
-        # which is added to the title_level desired.
-        if file_offset is None:
-            file_offset = line_title_level
-            if file_offset != 0:
-                logv(("     WARNING: %s starts with a title style of '%s' but '%s' " +
-                    "is preferable.") % (filename, line_title_style, title_styles[0]))
-
-        # Sanity checks: Make sure that this file is obeying the title levels
-        # specified and bail if it isn't.
-        # The file is allowed to go 1 deeper or any number shallower
-        if prev_line_title_level - line_title_level < -1:
-            raise Exception(
-                ("File '%s' line '%s' has a title " +
-                "style '%s' which doesn't match one of the " +
-                "allowed title styles of %s because the " +
-                "title level before this line was '%s'") %
-                (filename, (i + 1), line_title_style, title_styles,
-                title_styles[prev_line_title_level])
-            )
-        prev_line_title_level = line_title_level
-
-        adjusted_level = (
-            title_level + line_title_level - file_offset
-        )
-
-        # Sanity check: Make sure we can bump down the title and we aren't at the
-        # lowest level already
-        if adjusted_level >= len(title_styles):
-            raise Exception(
-                ("Files '%s' line '%s' has a sub-title level too low and it " +
-                "cannot be adjusted to fit. You can add another level to the " +
-                "'title_styles' key in targets.yaml to fix this.") %
-                (filename, (i + 1))
-            )
-
-        if adjusted_level == line_title_level:
-            # no changes required
-            rst_lines.append(line)
-            continue
-
-        # Adjusting line levels
-        logv(
-            "File: %s Adjusting %s to %s because file_offset=%s title_offset=%s" %
-            (filename, line_title_style, title_styles[adjusted_level],
-                file_offset, title_level)
-        )
-        rst_lines.append(line.replace(
-            line_title_style,
-            title_styles[adjusted_level]
-        ))
-
-    return "".join(rst_lines)
-
-
-def is_title_line(prev_line, line, title_styles):
-    # The title underline must match at a minimum the length of the title
-    if len(prev_line) > len(line):
-        return False
-
-    line = line.rstrip()
-
-    # must be at least 3 chars long
-    if len(line) < 3:
-        return False
-
-    # must start with a title char
-    title_char = line[0]
-    if title_char not in title_styles:
-        return False
-
-    # all characters must be the same
-    for char in line[1:]:
-        if char != title_char:
-            return False
-
-    # looks like a title line
-    return True
-
-
-def get_rst(file_info, title_level, title_styles, spec_dir, adjust_titles):
-    # string are file paths to RST blobs
-    if isinstance(file_info, str):
-        log("%s %s" % (">" * (1 + title_level), file_info))
-        with open(os.path.join(spec_dir, file_info), "r", encoding="utf-8") as f:
-            rst = None
-            if adjust_titles:
-                rst = load_with_adjusted_titles(
-                    file_info, f, title_level, title_styles
-                )
-            else:
-                rst = f.read()
-
-            rst += "\n\n"
-            return rst
-    # dicts look like {0: filepath, 1: filepath} where the key is the title level
-    elif isinstance(file_info, dict):
-        levels = sorted(file_info.keys())
-        rst = []
-        for l in levels:
-            rst.append(get_rst(file_info[l], l, title_styles, spec_dir, adjust_titles))
-        return "".join(rst)
-    # lists are multiple file paths e.g. [filepath, filepath]
-    elif isinstance(file_info, list):
-        rst = []
-        for f in file_info:
-            rst.append(get_rst(f, title_level, title_styles, spec_dir, adjust_titles))
-        return "".join(rst)
-    raise Exception(
-        "The following 'file' entry in this target isn't a string, list or dict. " +
-        "It really really should be. Entry: %s" % (file_info,)
-    )
-
-
-def build_spec(target, out_filename):
-    log("Building templated file %s" % out_filename)
-    with open(out_filename, "w", encoding="utf-8") as outfile:
-        for file_info in target["files"]:
-            section = get_rst(
-                file_info=file_info,
-                title_level=0,
-                title_styles=target["title_styles"],
-                spec_dir=spec_dir,
-                adjust_titles=True
-            )
-            outfile.write(section)
-
-
-"""
-Replaces relative title styles with actual title styles.
-
-The templating system has no idea what the right title style is when it produces
-RST because it depends on the build target. As a result, it uses relative title
-styles defined in targets.yaml to say "down a level, up a level, same level".
-
-This function replaces these relative titles with actual title styles from the
-array in targets.yaml.
-"""
-def fix_relative_titles(target, filename, out_filename):
-    log("Fix relative titles, %s -> %s" % (filename, out_filename))
-    title_styles = target["title_styles"]
-    relative_title_chars = [
-        target["relative_title_styles"]["subtitle"],
-        target["relative_title_styles"]["sametitle"],
-        target["relative_title_styles"]["supertitle"]
-    ]
-    relative_title_matcher = re.compile(
-        "^[" + re.escape("".join(relative_title_chars)) + "]{3,}$"
-    )
-    title_matcher = re.compile(
-        "^[" + re.escape("".join(title_styles)) + "]{3,}$"
-    )
-    current_title_style = None
-    with open(filename, "r", encoding="utf-8") as infile:
-        with open(out_filename, "w", encoding="utf-8") as outfile:
-            for line in infile.readlines():
-                if not relative_title_matcher.match(line):
-                    if title_matcher.match(line):
-                        current_title_style = line[0]
-                    outfile.write(line)
-                    continue
-                line_char = line[0]
-                replacement_char = None
-                current_title_level = title_styles.index(current_title_style)
-                if line_char == target["relative_title_styles"]["subtitle"]:
-                    if (current_title_level + 1) == len(title_styles):
-                        raise Exception(
-                            "Encountered sub-title line style but we can't go " +
-                            "any lower."
-                        )
-                    replacement_char = title_styles[current_title_level + 1]
-                elif line_char == target["relative_title_styles"]["sametitle"]:
-                    replacement_char = title_styles[current_title_level]
-                elif line_char == target["relative_title_styles"]["supertitle"]:
-                    if (current_title_level - 1) < 0:
-                        raise Exception(
-                            "Encountered super-title line style but we can't go " +
-                            "any higher."
-                        )
-                    replacement_char = title_styles[current_title_level - 1]
-                else:
-                    raise Exception(
-                        "Unknown relative line char %s" % (line_char,)
-                    )
-
-                outfile.write(
-                    line.replace(line_char, replacement_char)
-                )
-
-
-
-def rst2html(i, o, stylesheets):
-    log("rst2html %s -> %s" % (i, o))
-    with open(i, "r", encoding="utf-8") as in_file:
-        with open(o, "w", encoding="utf-8") as out_file:
-            publish_file(
-                source=in_file,
-                destination=out_file,
-                reader_name="standalone",
-                parser_name="restructuredtext",
-                writer_name="html",
-                settings_overrides={
-                    "stylesheet_path": stylesheets,
-                    "syntax_highlight": "short",
-                },
-            )
-
-
-def addAnchors(path):
-    log("add anchors %s" % path)
-
-    with open(path, "r", encoding="utf-8") as f:
-        lines = f.readlines()
-
-    replacement = r'<p><a class="anchor" id="\2"></a></p>\n\1'
-    with open(path, "w", encoding="utf-8") as f:
-        for line in lines:
-            line = re.sub(r'(<h\d id="#?(.*?)">)', replacement, line.rstrip())
-            line = re.sub(r'(<div class="section" id="(.*?)">)', replacement, line.rstrip())
-            f.write(line + "\n")
-
-
-def run_through_template(input_files, set_verbose, substitutions):
-    args = [
-        'python', script_dir+'/templating/build.py',
-        "-o", tmp_dir,
-        "-i", "matrix_templates",
-    ]
-
-    for k, v in substitutions.items():
-        args.append("--substitution=%s=%s" % (k, v))
-
-    if set_verbose:
-        args.insert(2, "-v")
-
-    args.extend(input_files)
-
-    log("EXEC: %s" % " ".join(args))
-    log(" ==== build.py output ==== ")
-    subprocess.check_call(args)
-
-"""
-Extract and resolve groups for the given target in the given targets listing.
-Args:
-    all_targets (dict): The parsed YAML file containing a list of targets
-    target_name (str): The name of the target to extract from the listings.
-Returns:
-    dict: Containing "filees" (a list of file paths), "relative_title_styles"
-          (a dict of relative style keyword to title character) and "title_styles"
-          (a list of characters which represent the global title style to follow,
-           with the top section title first, the second section second, and so on.)
-"""
-def get_build_target(all_targets, target_name):
-    build_target = {
-        "title_styles": [],
-        "relative_title_styles": {},
-        "files": []
-    }
-
-    build_target["title_styles"] = all_targets["title_styles"]
-    build_target["relative_title_styles"] = all_targets["relative_title_styles"]
-    target = all_targets["targets"].get(target_name)
-    if not target:
-        raise Exception(
-            "No target by the name '" + target_name + "' exists in '" +
-            targets_listing + "'."
-        )
-    if not isinstance(target.get("files"), list):
-        raise Exception(
-            "Found target but 'files' key is not a list."
-        )
-
-    def get_group(group_id, depth):
-        group_name = group_id[len("group:"):]
-        group = all_targets.get("groups", {}).get(group_name)
-        if not group:
-            raise Exception(
-                "Tried to find group '%s' but it doesn't exist." % group_name
-            )
-        if not isinstance(group, list):
-            raise Exception(
-                "Expected group '%s' to be a list but it isn't." % group_name
-            )
-        # deep copy so changes to depths don't contaminate multiple uses of this group
-        group = copy.deepcopy(group)
-        # swap relative depths for absolute ones
-        for i, entry in enumerate(group):
-            if isinstance(entry, dict):
-                group[i] = {
-                    (rel_depth + depth): v for (rel_depth, v) in entry.items()
-                }
-        return group
-
-    resolved_files = []
-    for file_entry in target["files"]:
-        # file_entry is a group id
-        if isinstance(file_entry, str) and file_entry.startswith("group:"):
-            group = get_group(file_entry, 0)
-            # The group may be resolved to a list of file entries, in which case
-            # we want to extend the array to insert each of them rather than
-            # insert the entire list as a single element (which is what append does)
-            if isinstance(group, list):
-                resolved_files.extend(group)
-            else:
-                resolved_files.append(group)
-        # file_entry is a dict which has more file entries as values
-        elif isinstance(file_entry, dict):
-            resolved_entry = {}
-            for (depth, entry) in file_entry.items():
-                if not isinstance(entry, str):
-                    raise Exception(
-                        "Double-nested depths are not supported. Entry: %s" % (file_entry,)
-                    )
-                if entry.startswith("group:"):
-                    resolved_entry[depth] = get_group(entry, depth)
-                else:
-                    # map across without editing (e.g. normal file path)
-                    resolved_entry[depth] = entry
-            resolved_files.append(resolved_entry)
-            continue
-        # file_entry is just a plain ol' file path
-        else:
-            resolved_files.append(file_entry)
-    build_target["files"] = resolved_files
-    return build_target
-
-def log(line):
-    print("gendoc: %s" % line)
-
-def logv(line):
-    if VERBOSE:
-        print("gendoc:V: %s" % line)
-
-
-def cleanup_env():
-    shutil.rmtree(tmp_dir)
-
-
-def mkdirp(d) :
-    if not os.path.exists(d):
-        os.makedirs(d)
-
-
-def main(targets, dest_dir, keep_intermediates, substitutions):
-    try:
-        mkdirp(dest_dir)
-    except Exception as e:
-        log("Error creating destination directory '%s': %s" % (dest_dir, str(e)))
-        return 1
-    try:
-        mkdirp(tmp_dir)
-    except Exception as e:
-        log("Error creating temporary directory '%s': %s" % (tmp_dir, str(e)))
-        return 1
-
-    with open(os.path.join(spec_dir, "targets.yaml"), "r") as targ_file:
-        target_defs = yaml.load(targ_file.read())
-
-    if targets == ["all"]:
-        targets = target_defs["targets"].keys()
-
-    log("Building spec [targets=%s]" % targets)
-
-    templated_files = {}  # map from target name to templated file
-
-    for target_name in targets:
-        templated_file = os.path.join(tmp_dir, "templated_%s.rst" % (target_name,))
-
-        target = get_build_target(target_defs, target_name)
-        build_spec(target=target, out_filename=templated_file)
-        templated_files[target_name] = templated_file
-
-    # we do all the templating at once, because it's slow
-    run_through_template(templated_files.values(), VERBOSE, substitutions)
-
-    stylesheets = glob.glob(os.path.join(script_dir, "css", "*.css"))
-
-    for target_name, templated_file in templated_files.items():
-        target = target_defs["targets"].get(target_name)
-        version_label = None
-        if target:
-            version_label = target.get("version_label")
-            if version_label:
-                for old, new in substitutions.items():
-                    version_label = version_label.replace(old, new)
-
-        rst_file = os.path.join(tmp_dir, "spec_%s.rst" % (target_name,))
-        if version_label:
-            d = os.path.join(dest_dir, target_name.split('@')[0])
-            if not os.path.exists(d):
-                os.mkdir(d)
-            html_file = os.path.join(d, "%s.html" % version_label)
-        else:
-            html_file = os.path.join(dest_dir, "%s.html" % (target_name, ))
-
-        fix_relative_titles(
-            target=target_defs, filename=templated_file,
-            out_filename=rst_file,
-        )
-        rst2html(rst_file, html_file, stylesheets=stylesheets)
-        addAnchors(html_file)
-
-    if not keep_intermediates:
-        cleanup_env()
-
-    return 0
-
-
-def list_targets():
-    with open(os.path.join(spec_dir, "targets.yaml"), "r") as targ_file:
-        target_defs = yaml.load(targ_file.read())
-    targets = target_defs["targets"].keys()
-    print("\n".join(targets))
-
-
-def extract_major(s):
-    major_version = s
-    match = re.match("^(r\d+)(\.\d+)*$", s)
-    if match:
-        major_version = match.group(1)
-    return major_version
-
-
-if __name__ == '__main__':
-    parser = ArgumentParser(
-        "gendoc.py - Generate the Matrix specification as HTML."
-    )
-    parser.add_argument(
-        "--nodelete", "-n", action="store_true",
-        help="Do not delete intermediate files. They will be found in scripts/tmp/"
-    )
-    parser.add_argument(
-        "--target", "-t", action="append",
-        help="Specify the build target to build from specification/targets.yaml. " +
-             "The value 'all' will build all of the targets therein."
-    )
-    parser.add_argument(
-        "--verbose", "-v", action="store_true",
-        help="Turn on verbose mode."
-    )
-    parser.add_argument(
-        "--client_release", "-c", action="store", default="unstable",
-        help="The client-server release tag to generate, e.g. r1.2"
-    )
-    parser.add_argument(
-        "--server_release", "-s", action="store", default="unstable",
-        help="The server-server release tag to generate, e.g. r1.2"
-    )
-    parser.add_argument(
-        "--appservice_release", "-a", action="store", default="unstable",
-        help="The appservice release tag to generate, e.g. r1.2"
-    )
-    parser.add_argument(
-        "--push_gateway_release", "-p", action="store", default="unstable",
-        help="The push gateway release tag to generate, e.g. r1.2"
-    )
-    parser.add_argument(
-        "--identity_release", "-i", action="store", default="unstable",
-        help="The identity service release tag to generate, e.g. r1.2"
-    )
-    parser.add_argument(
-        "--list_targets", action="store_true",
-        help="Do not update the specification. Instead print a list of targets.",
-    )
-    parser.add_argument(
-        "--dest", "-d", default=os.path.join(script_dir, "gen"),
-        help="Set destination directory (default: scripts/gen)",
-    )
-
-    args = parser.parse_args()
-    VERBOSE = args.verbose
-
-    if args.list_targets:
-        list_targets()
-        exit(0)
-
-    substitutions = {
-        "%CLIENT_RELEASE_LABEL%": args.client_release,
-        # we hardcode the major versions. This ends up in the example
-        # API URLs. When we have released a new major version, we'll
-        # have to bump them.
-        "%CLIENT_MAJOR_VERSION%": "r0",
-        "%SERVER_RELEASE_LABEL%": args.server_release,
-        "%APPSERVICE_RELEASE_LABEL%": args.appservice_release,
-        "%IDENTITY_RELEASE_LABEL%": args.identity_release,
-        "%PUSH_GATEWAY_RELEASE_LABEL%": args.push_gateway_release,
-    }
-
-    exit (main(args.target or ["all"], args.dest, args.nodelete, substitutions))
diff --git a/scripts/generate-matrix-org-assets b/scripts/generate-matrix-org-assets
index 76032850ab3..6b9881d1d36 100755
--- a/scripts/generate-matrix-org-assets
+++ b/scripts/generate-matrix-org-assets
@@ -8,19 +8,8 @@ cd `dirname $0`/..
 
 mkdir -p assets
 
-if [ "$CIRCLECI" != "true" ]
-then
-    # generate specification/proposals.rst
-    ./scripts/proposals.py
-fi
-
-# generate the spec docs
-./scripts/gendoc.py -d assets/spec
-
 # and the swagger
 ./scripts/dump-swagger.py -o assets/spec/client_server/unstable.json
 
-# create a tarball of the assets. Exclude the spec index for now, as
-# we want to leave it pointing at the release versions of the specs.
-# (XXX: how to maintain this?)
-tar -czf assets.tar.gz --exclude="assets/spec/index.html" assets
+# create a tarball of the assets.
+tar -czf assets.tar.gz assets
diff --git a/api/package.json b/scripts/package.json
similarity index 100%
rename from api/package.json
rename to scripts/package.json
diff --git a/scripts/proposals.js b/scripts/proposals.js
new file mode 100644
index 00000000000..af78ac91e43
--- /dev/null
+++ b/scripts/proposals.js
@@ -0,0 +1,219 @@
+"use strict";
+
+/**
+ * This Node script fetches MSC proposals and stores them in /data/msc,
+ * so they can be used by a Hugo template to render summary tables of them
+ * in the specification.
+ *
+ * In detail, it:
+ * - fetches all GitHub issues from matrix-doc that have the `proposal` label
+ * - groups them by their state in the MSC process
+ * - does some light massaging of them so it's easier for the Hugo template to work with them
+ * - store them at /data/msc
+ */
+
+// built-in modules
+const path = require('path');
+const fs = require('fs');
+
+// third-party modules
+const fetch = require('node-fetch');
+
+// We will write proposals into the /data/msc directory
+const outputDir = path.join(__dirname, "../data/msc");
+
+/**
+ * This defines the different proposal lifecycle states.
+ * Each state has:
+ * - `label`: a GitHub label used to identify issues in this state
+ * - `title`: used for things like headings in renderings of the proposals
+ */
+const states = [
+  {
+    label: "proposal-in-review",
+    title: "Proposal In Review"
+  },
+  {
+    label: "proposed-final-comment-period",
+    title: "Proposed Final Comment Period"
+  },
+  {
+    label: "final-comment-period",
+    title: "Final Comment Period"
+  },
+  {
+    label: "finished-final-comment-period",
+    title: "Finished Final Comment Period"
+  },
+  {
+    label: "spec-pr-missing",
+    title: "Spec PR Missing"
+  },
+  {
+    label: "spec-pr-in-review",
+    title: "Spec PR In Review"
+  },
+  {
+    label: "merged",
+    title: "Merged"
+  },
+  {
+    label: "proposal-postoned",
+    title: "Postponed"
+  },
+  {
+    label: "abandoned",
+    title: "Abandoned"
+  },
+  {
+    label: "obsolete",
+    title: "Obsolete"
+  }
+];
+
+let issues = [];
+
+/**
+ * Fetch all the MSC proposals from GitHub.
+ *
+ * GitHub only lets us fetch 100 items at a time, and it gives us a `link`
+ * response header containing the URL for the next batch.
+ * So we will keep fetching until the response doesn't contain the "next" link.
+ */
+async function getIssues() {
+
+  /**
+   * A pretty ugly function to get us the "next" link in the header if there
+   * was one, or `null` otherwise.
+   */
+  function getNextLink(header) {
+    const links = header.split(",");
+    for (const link of links) {
+      const linkPieces = link.split(";");
+      if (linkPieces[1] == ` rel=\"next\"`) {
+        const next = linkPieces[0].trim();
+        return next.substring(1, next.length-1);
+      }
+    }
+    return null;
+  }
+
+  let pageLink = "https://api.github.com/repos/matrix-org/matrix-doc/issues?state=all&labels=proposal&per_page=100";
+  while (pageLink) {
+    const response = await fetch(pageLink);
+    const issuesForPage = await response.json();
+    issues = issues.concat(issuesForPage);
+    const linkHeader = response.headers.get("link");
+    pageLink = getNextLink(linkHeader);
+  }
+}
+
+getIssues().then(processIssues);
+
+/**
+ * Rather than just store the complete issue, we'll extract
+ * only the pieces we need.
+ * We'll also do some transformation of the issues, jsut because
+ * it's easier to do in JS than in the template.
+ */
+function getProposalFromIssue(issue) {
+
+  /**
+   * A helper function to fetch the contents of special
+   * directives in the issue body.
+   * Looks for a directive in the format:
+   * `^${directiveName}: (.+?)$`, returning the matched
+   *  part or null if the directive wasn't found.
+   */
+  function getDirective(directiveName, issue) {
+    const re = new RegExp(`^${directiveName}: (.+?)$`, "m");
+    const found = issue.body.match(re);
+    return found? found[1]: null;
+  }
+
+  function getDocumentation(issue) {
+    const found = getDirective("Documentation", issue);
+    if (found) {
+      return found.split(",").map(a => a.trim());
+    } else {
+      return [];
+    }
+  }
+
+  function getAuthors(issue) {
+    const found = getDirective("Author", issue);
+    if (found) {
+      return found.split(",").map(a => a.trim().substr(1));
+    } else {
+      return [`${issue.user.login}`];
+    }
+  }
+
+  function getShepherd(issue) {
+    const found = getDirective("Shepherd", issue);
+    if (found) {
+      return found.substr(1);
+    } else {
+      return null;
+    }
+  }
+
+  return {
+    number: issue.number,
+    url: issue.html_url,
+    title: issue.title,
+    created_at: issue.created_at.substr(0, 10),
+    updated_at: issue.updated_at.substr(0, 10),
+    authors: getAuthors(issue),
+    shepherd: getShepherd(issue),
+    documentation: getDocumentation(issue)
+  }
+}
+
+/**
+ * Returns the intersection of two arrays.
+ */
+function intersection(array1, array2) {
+  return array1.filter(i => array2.includes(i));
+}
+
+/**
+ * Given all the GitHub issues with a "proposal" label:
+ * - group issues by the state they are in, and for each group:
+ *     - extract the bits we need from each issue
+ *     - write the result under /data/msc
+ */
+function processIssues()  {
+  if (!fs.existsSync(outputDir)){
+    fs.mkdirSync(outputDir);
+  }
+  const output = [];
+  // make a group of "work in progress" proposals,
+  // which are identified by not having any of the state labels
+  const stateLabels = states.map(s => s.label);
+  const worksInProgress = issues.filter(issue => {
+    const labelsForIssue = issue.labels.map(l => l.name);
+    return intersection(labelsForIssue, stateLabels).length === 0;
+  });
+  output.push({
+    title: "Work In Progress",
+    label: "work-in-progress",
+    proposals: worksInProgress.map(issue => getProposalFromIssue(issue))
+  });
+  // for each defined state
+  for (const state of states) {
+    // get the set of issues for that state
+    const issuesForState = issues.filter(msc => {
+      return msc.labels.some(l => l.name === state.label);
+    });
+    // store it in /data
+    output.push({
+      title: state.title,
+      label: state.label,
+      proposals: issuesForState.map(issue => getProposalFromIssue(issue))
+    });
+  }
+  const outputData = JSON.stringify(output, null, '\t');
+  const outputFile = path.join(outputDir, `proposals.json`);
+  fs.writeFileSync(outputFile, outputData);
+}
diff --git a/scripts/proposals.py b/scripts/proposals.py
deleted file mode 100755
index faa10a838a7..00000000000
--- a/scripts/proposals.py
+++ /dev/null
@@ -1,218 +0,0 @@
-#!/usr/bin/env python
-#
-# proposals.py: generate an RST file (proposals.rst) from queries to github.com/matrix.org/matrix-doc/issues.
-
-import requests
-import re
-from datetime import datetime
-
-# a list of the labels we care about
-LABELS_LIST=[
-    'proposal-in-review',
-    'proposed-final-comment-period',
-    'final-comment-period',
-    'finished-final-comment-period',
-    'spec-pr-missing',
-    'spec-pr-in-review',
-    'merged',
-    'proposal-postponed',
-    'abandoned',
-    'obsolete',
-]
-
-
-authors = set()
-prs = set()
-
-def getpage(url):
-    """Request the given URL, and extract the pagecount from the response headers
-
-    Args:
-        url (str): URL to fetch
-
-    Returns:
-        Tuple[int, list]: number of pages, and the list of items on this page
-    """
-    resp = requests.get(url)
-
-    pagecount = 1
-    for link in resp.links.values():
-        if link['rel'] == 'last':
-            # we extract the pagecount from the `page` param of the last url
-            # in the response, eg
-            # 'https://api.github.com/repositories/24998719/issues?state=all&labels=proposal&page=10'
-            pagecount = int(re.search('page=(\d+)', link['url']).group(1))
-
-    val = resp.json()
-    if not isinstance(val, list):
-        print(val) # Just dump the raw (likely error) response to the log
-        raise Exception("Error calling %s" % url)
-    return (pagecount, val)
-
-def getbylabel(label):
-    """Fetch all the issues with a given label
-
-    Args:
-        label (str): label to fetch
-
-    Returns:
-        Iterator[dict]: an iterator over the issue list.
-    """
-    urlbase = 'https://api.github.com/repos/matrix-org/matrix-doc/issues?state=all&labels=' + label + '&page='
-    page = 1
-    while True:
-        (pagecount, results) = getpage(urlbase + str(page))
-        for i in results:
-            yield i
-        page += 1
-        if page > pagecount:
-            return
-
-def print_issue_list(text_file, label, issues):
-    text_file.write(label + "\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n")
-
-    if (len(issues) == 0):
-        text_file.write("No proposals.\n\n")
-        return
-
-    text_file.write(".. list-table::\n   :header-rows: 1\n   :widths: auto\n   :stub-columns: 1\n\n")
-    text_file.write("   * - MSC\n")
-    text_file.write("     - Proposal Title\n")
-    text_file.write("     - Creation Date\n")
-    text_file.write("     - Update Date\n")
-    text_file.write("     - Documentation\n")
-    text_file.write("     - Author\n")
-    text_file.write("     - Shepherd\n")
-    text_file.write("     - PRs\n")
-
-    for item in issues:
-        # set the created date, find local field, otherwise Github
-        body = str(item['body'])
-        created = re.search('^Date: (.+?)\n', body, flags=re.MULTILINE)
-        if created is not None:
-            created = created.group(1).strip()
-            try:
-                created = datetime.strptime(created, "%d/%m/%Y")
-                created = created.strftime('%Y-%m-%d')
-            except:
-                pass
-            try:
-                created = datetime.strptime(created, "%Y-%m-%d")
-                created = created.strftime('%Y-%m-%d')
-            except:
-                pass
-        else :
-            created = datetime.strptime(item['created_at'], "%Y-%m-%dT%XZ")
-            created = created.strftime('%Y-%m-%d')
-        item['created'] = created
-
-    issues_to_print = sorted(issues, key=lambda issue_sort: issue_sort["created"])
-
-    for item in issues_to_print:
-        # MSC number
-        text_file.write("   * - `MSC" + str(item['number']) + " <" + item['html_url'] + ">`_\n")
-
-        # title from Github issue
-        text_file.write("     - " + item['title'] + "\n")
-
-        # created date
-        text_file.write("     - " + item['created'] + "\n")
-
-        # last updated, purely Github
-        updated = datetime.strptime(item['updated_at'], "%Y-%m-%dT%XZ")
-        text_file.write("     - " + updated.strftime('%Y-%m-%d') + "\n")
-
-        # list of document links (urls comma-separated)
-        maindoc = re.search('^Documentation: (.+?)$', str(item['body']), flags=re.MULTILINE)
-        if maindoc is not None:
-            maindoc = maindoc.group(1)
-            doc_list_formatted = ["`" + str(item['number']) + "-" + str(i) + " <" + x.strip() + ">`_" for i, x in enumerate(maindoc.split(','),1)]
-            text_file.write("     - " + ', '.join(doc_list_formatted))
-        else:
-            text_file.write("     - ")
-        text_file.write("\n")
-
-        # author list, if missing just use Github issue creator
-        author = re.search('^Author: (.+?)$', str(item['body']), flags=re.MULTILINE)
-        if author is not None:
-            author_list_formatted = set()
-            author_list = author.group(1)
-            for a in author_list.split(","):
-                authors.add(a.strip())
-                author_list_formatted.add("`" + str(a.strip()) + "`_")
-            text_file.write("     - " + ', '.join(author_list_formatted))
-        else:
-            author = "@" + item['user']['login']
-            authors.add(author)
-            text_file.write("     - `" + str(author) + "`_")
-        text_file.write("\n")
-
-        # shepherd (currently only one)
-        shepherd = re.search('Shepherd: (.+?)\n', str(item['body']))
-        if shepherd is not None:
-            authors.add(shepherd.group(1).strip())
-            shepherd = "`" + shepherd.group(1).strip() + "`_"
-        text_file.write("     - " + str(shepherd) + "\n")
-
-        # PRs
-        try:
-            pr_list = re.search('PRs: (.+?)$', str(item['body']))
-            if pr_list is not None:
-                pr_list_formatted = set()
-                pr_list = pr_list.group(1)
-                for p in pr_list.split(","):
-                    if re.match(r"#\d", p.strip()):
-                        prs.add(p.strip())
-                        pr_list_formatted.add("`PR" + str(p.strip()) + "`_")
-                    elif re.match(r"https://github.com/matrix-org/matrix-doc/pulls/\d", p.strip()):
-                        pr = "#" + p.strip().replace('https://github.com/matrix-org/matrix-doc/pulls/', '')
-                        prs.add(pr)
-                        pr_list_formatted.add("`PR" + str(pr) + "`_")
-                    else:
-                        raise RuntimeWarning
-                text_file.write("     - " + ', '.join(pr_list_formatted))
-                text_file.write("\n")
-            else:
-                text_file.write("     - \n")
-        except:
-            print("exception parsing PRs for MSC" + str(item['number']))
-            text_file.write("     - \n")
-
-    text_file.write("\n\n\n")
-
-
-# first get all of the issues, filtering by label
-issues = {n: [] for n in LABELS_LIST}
-# use the magic 'None' key for a proposal in progress
-issues[None] = []
-
-for prop in getbylabel('proposal'):
-    print("%s: %s" % (prop['number'], [l['name'] for l in prop['labels']]))
-    found_label = False
-    for label in prop['labels']:
-        label_name = label['name']
-        if label_name in issues:
-            issues[label_name].append(prop)
-            found_label = True
-
-    # if it doesn't have any other label, assume it's work-in-progress
-    if not found_label:
-        issues[None].append(prop)
-
-text_file = open("specification/proposals.rst", "w")
-
-text_file.write("Tables of Tracked Proposals\n---------------------------\n\n")
-
-print_issue_list(text_file, "<work-in-progress>", issues[None])
-for label in LABELS_LIST:
-    print_issue_list(text_file, label, issues[label])
-
-text_file.write("\n")
-
-for author in authors:
-    text_file.write("\n.. _" + author + ": https://github.com/" + author[1:])
-
-for pr in prs:
-    text_file.write("\n.. _PR" + pr + ": https://github.com/matrix-org/matrix-doc/pull/" + pr.replace('#', ''))
-
-text_file.close()
diff --git a/scripts/speculator/main.go b/scripts/speculator/main.go
index 12ec2aec2ba..e09846a855c 100644
--- a/scripts/speculator/main.go
+++ b/scripts/speculator/main.go
@@ -337,7 +337,7 @@ func (s *server) serveSpec(w http.ResponseWriter, req *http.Request) {
 		log.Printf("Serving pr %s (%s)\n", branchName, sha)
 	} else if strings.ToLower(branchName) == "head" ||
 		branchName == "master" ||
-		strings.HasPrefix(branchName, "drafts/") {
+		strings.HasPrefix(branchName, "attic/drafts/") {
 		branchSHA, err := s.lookupBranch(branchName)
 		if err != nil {
 			writeError(w, 400, err)
diff --git a/scripts/templating/build.py b/scripts/templating/build.py
old mode 100755
new mode 100644
diff --git a/scripts/test-and-build.sh b/scripts/test-and-build.sh
deleted file mode 100755
index f45e2da612e..00000000000
--- a/scripts/test-and-build.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#! /bin/bash
-
-set -ex
-
-cd `dirname $0`/..
-
-virtualenv -p python3 env
-. env/bin/activate
-
-# Print out the python versions for debugging purposes
-python --version
-pip --version
-
-pip install -r scripts/requirements.txt
-
-# do sanity checks on the examples and swagger
-(cd event-schemas/ && ./check_examples.py)
-(cd api && ./check_examples.py)
-(cd api && npm install && node validator.js -s "client-server")
-
-: ${GOPATH:=${WORKSPACE}/.gopath}
-mkdir -p "${GOPATH}"
-export GOPATH
-go get github.com/hashicorp/golang-lru
-go get gopkg.in/fsnotify/fsnotify.v1
-
-# make sure that the scripts build
-(cd scripts/continuserv && go build)
-(cd scripts/speculator && go build)
-
-# build the spec for matrix.org.
-# (we don't actually use it on travis, but it's still useful to check we
-# can build it. On Buildkite, this is then used to deploy to matrix.org).
-./scripts/generate-matrix-org-assets
diff --git a/api/validator.js b/scripts/validator.js
similarity index 100%
rename from api/validator.js
rename to scripts/validator.js
diff --git a/specification/appendices.rst b/specification/appendices.rst
deleted file mode 100644
index 4a106a3a5e3..00000000000
--- a/specification/appendices.rst
+++ /dev/null
@@ -1,19 +0,0 @@
-.. Copyright 2015 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Appendices
-==========
-
-.. contents:: Table of Contents
-.. sectnum::
diff --git a/specification/appendices/base64.rst b/specification/appendices/base64.rst
deleted file mode 100644
index a918c2f9c29..00000000000
--- a/specification/appendices/base64.rst
+++ /dev/null
@@ -1,57 +0,0 @@
-.. Copyright 2017 Vector Creations Limited
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Unpadded Base64
----------------
-
-*Unpadded* Base64 refers to 'standard' Base64 encoding as defined in `RFC
-4648`_, without "=" padding. Specifically, where RFC 4648 requires that encoded
-data be padded to a multiple of four characters using ``=`` characters,
-unpadded Base64 omits this padding.
-
-For reference, RFC 4648 uses the following alphabet for Base 64::
-
-     Value Encoding  Value Encoding  Value Encoding  Value Encoding
-         0 A            17 R            34 i            51 z
-         1 B            18 S            35 j            52 0
-         2 C            19 T            36 k            53 1
-         3 D            20 U            37 l            54 2
-         4 E            21 V            38 m            55 3
-         5 F            22 W            39 n            56 4
-         6 G            23 X            40 o            57 5
-         7 H            24 Y            41 p            58 6
-         8 I            25 Z            42 q            59 7
-         9 J            26 a            43 r            60 8
-        10 K            27 b            44 s            61 9
-        11 L            28 c            45 t            62 +
-        12 M            29 d            46 u            63 /
-        13 N            30 e            47 v
-        14 O            31 f            48 w
-        15 P            32 g            49 x
-        16 Q            33 h            50 y
-
-Examples of strings encoded using unpadded Base64::
-
-   UNPADDED_BASE64("") = ""
-   UNPADDED_BASE64("f") = "Zg"
-   UNPADDED_BASE64("fo") = "Zm8"
-   UNPADDED_BASE64("foo") = "Zm9v"
-   UNPADDED_BASE64("foob") = "Zm9vYg"
-   UNPADDED_BASE64("fooba") = "Zm9vYmE"
-   UNPADDED_BASE64("foobar") = "Zm9vYmFy"
-
-When decoding Base64, implementations SHOULD accept input with or without
-padding characters wherever possible, to ensure maximum interoperability.
-
-.. _`RFC 4648`: https://tools.ietf.org/html/rfc4648
diff --git a/specification/appendices/identifier_grammar.rst b/specification/appendices/identifier_grammar.rst
deleted file mode 100644
index 95c22fb1934..00000000000
--- a/specification/appendices/identifier_grammar.rst
+++ /dev/null
@@ -1,408 +0,0 @@
-.. Copyright 2016 Openmarket Ltd.
-.. Copyright 2017, 2018 New Vector Ltd.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Identifier Grammar
-------------------
-
-Some identifiers are specific to given room versions, please refer to the
-`room versions specification`_ for more information.
-
-.. _`room versions specification`: index.html#room-versions
-
-
-Server Name
-~~~~~~~~~~~
-
-A homeserver is uniquely identified by its server name. This value is used in a
-number of identifiers, as described below.
-
-The server name represents the address at which the homeserver in question can
-be reached by other homeservers. All valid server names are included by the
-following grammar::
-
-    server_name = hostname [ ":" port ]
-
-    port        = 1*5DIGIT
-
-    hostname    = IPv4address / "[" IPv6address "]" / dns-name
-
-    IPv4address = 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT
-
-    IPv6address = 2*45IPv6char
-
-    IPv6char    = DIGIT / %x41-46 / %x61-66 / ":" / "."
-                      ; 0-9, A-F, a-f, :, .
-
-    dns-name    = 1*255dns-char
-
-    dns-char    = DIGIT / ALPHA / "-" / "."
-
-— in other words, the server name is the hostname, followed by an optional
-numeric port specifier. The hostname may be a dotted-quad IPv4 address literal,
-an IPv6 address literal surrounded with square brackets, or a DNS name.
-
-IPv4 literals must be a sequence of four decimal numbers in the
-range 0 to 255, separated by ``.``. IPv6 literals must be as specified by
-`RFC3513, section 2.2 <https://tools.ietf.org/html/rfc3513#section-2.2>`_.
-
-DNS names for use with Matrix should follow the conventional restrictions for
-internet hostnames: they should consist of a series of labels separated by
-``.``, where each label consists of the alphanumeric characters or hyphens.
-
-Examples of valid server names are:
-
-* ``matrix.org``
-* ``matrix.org:8888``
-* ``1.2.3.4`` (IPv4 literal)
-* ``1.2.3.4:1234`` (IPv4 literal with explicit port)
-* ``[1234:5678::abcd]`` (IPv6 literal)
-* ``[1234:5678::abcd]:5678`` (IPv6 literal with explicit port)
-
-.. Note::
-
-   This grammar is based on the standard for internet host names, as specified
-   by `RFC1123, section 2.1 <https://tools.ietf.org/html/rfc1123#page-13>`_,
-   with an extension for IPv6 literals.
-
-Server names must be treated case-sensitively: in other words,
-``@user:matrix.org`` is a different person from ``@user:MATRIX.ORG``.
-
-Some recommendations for a choice of server name follow:
-
-* The length of the complete server name should not exceed 230 characters.
-* Server names should not use upper-case characters.
-
-Common Identifier Format
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-The Matrix protocol uses a common format to assign unique identifiers to a
-number of entities, including users, events and rooms. Each identifier takes
-the form::
-
-  &string
-
-where ``&`` represents a 'sigil' character; ``string`` is the string which makes
-up the identifier.
-
-The sigil characters are as follows:
-
-* ``@``: User ID
-* ``!``: Room ID
-* ``$``: Event ID
-* ``+``: Group ID
-* ``#``: Room alias
-
-User IDs, group IDs, room IDs, room aliases, and sometimes event IDs take the form::
-
-  &localpart:domain
-
-where ``domain`` is the `server name`_ of the homeserver which allocated the
-identifier, and ``localpart`` is an identifier allocated by that homeserver.
-
-The precise grammar defining the allowable format of an identifier depends on
-the type of identifier. For example, event IDs can sometimes be represented with
-a ``domain`` component under some conditions - see the `Event IDs <#room-ids-and-event-ids>`_
-section below for more information.
-
-User Identifiers
-++++++++++++++++
-
-Users within Matrix are uniquely identified by their Matrix user ID. The user
-ID is namespaced to the homeserver which allocated the account and has the
-form::
-
-  @localpart:domain
-
-The ``localpart`` of a user ID is an opaque identifier for that user. It MUST
-NOT be empty, and MUST contain only the characters ``a-z``, ``0-9``, ``.``,
-``_``, ``=``, ``-``, and ``/``.
-
-The ``domain`` of a user ID is the `server name`_ of the homeserver which
-allocated the account.
-
-The length of a user ID, including the ``@`` sigil and the domain, MUST NOT
-exceed 255 characters.
-
-The complete grammar for a legal user ID is::
-
-  user_id = "@" user_id_localpart ":" server_name
-  user_id_localpart = 1*user_id_char
-  user_id_char = DIGIT
-               / %x61-7A                   ; a-z
-               / "-" / "." / "=" / "_" / "/"
-
-.. admonition:: Rationale
-
-  A number of factors were considered when defining the allowable characters
-  for a user ID.
-
-  Firstly, we chose to exclude characters outside the basic US-ASCII character
-  set. User IDs are primarily intended for use as an identifier at the protocol
-  level, and their use as a human-readable handle is of secondary
-  benefit. Furthermore, they are useful as a last-resort differentiator between
-  users with similar display names. Allowing the full unicode character set
-  would make very difficult for a human to distinguish two similar user IDs. The
-  limited character set used has the advantage that even a user unfamiliar with
-  the Latin alphabet should be able to distinguish similar user IDs manually, if
-  somewhat laboriously.
-
-  We chose to disallow upper-case characters because we do not consider it
-  valid to have two user IDs which differ only in case: indeed it should be
-  possible to reach ``@user:matrix.org`` as ``@USER:matrix.org``. However,
-  user IDs are necessarily used in a number of situations which are inherently
-  case-sensitive (notably in the ``state_key`` of ``m.room.member``
-  events). Forbidding upper-case characters (and requiring homeservers to
-  downcase usernames when creating user IDs for new users) is a relatively simple
-  way to ensure that ``@USER:matrix.org`` cannot refer to a different user to
-  ``@user:matrix.org``.
-
-  Finally, we decided to restrict the allowable punctuation to a very basic set
-  to reduce the possibility of conflicts with special characters in various
-  situations. For example, "*" is used as a wildcard in some APIs (notably the
-  filter API), so it cannot be a legal user ID character.
-
-  The length restriction is derived from the limit on the length of the
-  ``sender`` key on events; since the user ID appears in every event sent by the
-  user, it is limited to ensure that the user ID does not dominate over the actual
-  content of the events.
-
-Matrix user IDs are sometimes informally referred to as MXIDs.
-
-Historical User IDs
-<<<<<<<<<<<<<<<<<<<
-
-Older versions of this specification were more tolerant of the characters
-permitted in user ID localparts. There are currently active users whose user
-IDs do not conform to the permitted character set, and a number of rooms whose
-history includes events with a ``sender`` which does not conform. In order to
-handle these rooms successfully, clients and servers MUST accept user IDs with
-localparts from the expanded character set::
-
-  extended_user_id_char = %x21-39 / %x3B-7E  ; all ascii printing chars except :
-
-Mapping from other character sets
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-In certain circumstances it will be desirable to map from a wider character set
-onto the limited character set allowed in a user ID localpart. Examples include
-a homeserver creating a user ID for a new user based on the username passed to
-``/register``, or a bridge mapping user ids from another protocol.
-
-.. TODO-spec
-
-   We need to better define the mechanism by which homeservers can allow users
-   to have non-Latin login credentials. The general idea is for clients to pass
-   the non-Latin in the ``username`` field to ``/register`` and ``/login``, and
-   the HS then maps it onto the MXID space when turning it into the
-   fully-qualified ``user_id`` which is returned to the client and used in
-   events.
-
-Implementations are free to do this mapping however they choose. Since the user
-ID is opaque except to the implementation which created it, the only
-requirement is that the implementation can perform the mapping
-consistently. However, we suggest the following algorithm:
-
-1. Encode character strings as UTF-8.
-
-2. Convert the bytes ``A-Z`` to lower-case.
-
-   * In the case where a bridge must be able to distinguish two different users
-     with ids which differ only by case, escape upper-case characters by
-     prefixing with ``_`` before downcasing. For example, ``A`` becomes
-     ``_a``. Escape a real ``_`` with a second ``_``.
-
-3. Encode any remaining bytes outside the allowed character set, as well as
-   ``=``, as their hexadecimal value, prefixed with ``=``. For example, ``#``
-   becomes ``=23``; ``á`` becomes ``=c3=a1``.
-
-.. admonition:: Rationale
-
-  The suggested mapping is an attempt to preserve human-readability of simple
-  ASCII identifiers (unlike, for example, base-32), whilst still allowing
-  representation of *any* character (unlike punycode, which provides no way to
-  encode ASCII punctuation).
-
-
-Room IDs and Event IDs
-++++++++++++++++++++++
-
-A room has exactly one room ID. A room ID has the format::
-
-  !opaque_id:domain
-
-An event has exactly one event ID. The format of an event ID depends upon the
-`room version specification <index.html#room-versions>`_.
-
-The ``domain`` of a room ID is the `server name`_ of the homeserver which
-created the room/event. The domain is used only for namespacing to avoid the
-risk of clashes of identifiers between different homeservers. There is no
-implication that the room or event in question is still available at the
-corresponding homeserver.
-
-Event IDs and Room IDs are case-sensitive. They are not meant to be human
-readable. They are intended to be treated as fully opaque strings by clients.
-
-.. TODO-spec
-  What is the grammar for the opaque part? https://matrix.org/jira/browse/SPEC-389
-
-
-Group Identifiers
-+++++++++++++++++
-
-Groups within Matrix are uniquely identified by their group ID. The group
-ID is namespaced to the group server which hosts this group and has the
-form::
-
-  +localpart:domain
-
-The ``localpart`` of a group ID is an opaque identifier for that group. It MUST
-NOT be empty, and MUST contain only the characters ``a-z``, ``0-9``, ``.``,
-``_``, ``=``, ``-``, and ``/``.
-
-The ``domain`` of a group ID is the `server name`_ of the group server which
-hosts this group.
-
-The length of a group ID, including the ``+`` sigil and the domain, MUST NOT
-exceed 255 characters.
-
-The complete grammar for a legal group ID is::
-
-  group_id = "+" group_id_localpart ":" server_name
-  group_id_localpart = 1*group_id_char
-  group_id_char = DIGIT
-               / %x61-7A                   ; a-z
-               / "-" / "." / "=" / "_" / "/"
-
-
-Room Aliases
-++++++++++++
-
-A room may have zero or more aliases. A room alias has the format::
-
-      #room_alias:domain
-
-The ``domain`` of a room alias is the `server name`_ of the homeserver which
-created the alias. Other servers may contact this homeserver to look up the
-alias.
-
-Room aliases MUST NOT exceed 255 bytes (including the ``#`` sigil and the
-domain).
-
-.. TODO-spec
-  - Need to specify precise grammar for Room Aliases. https://matrix.org/jira/browse/SPEC-391
-
-matrix.to navigation
-++++++++++++++++++++
-
-.. NOTE::
-   This namespacing is in place pending a ``matrix://`` (or similar) URI scheme.
-   This is **not** meant to be interpreted as an available web service - see
-   below for more details.
-
-Rooms, users, aliases, and groups may be represented as a "matrix.to" URI.
-This URI can be used to reference particular objects in a given context, such
-as mentioning a user in a message or linking someone to a particular point
-in the room's history (a permalink).
-
-A matrix.to URI has the following format, based upon the specification defined
-in RFC 3986:
-
-  https://matrix.to/#/<identifier>/<extra parameter>?<additional arguments>
-
-The identifier may be a room ID, room alias, user ID, or group ID. The extra
-parameter is only used in the case of permalinks where an event ID is referenced.
-The matrix.to URI, when referenced, must always start with ``https://matrix.to/#/``
-followed by the identifier.
-
-The ``<additional arguments>`` and the preceeding question mark are optional and
-only apply in certain circumstances, documented below.
-
-Clients should not rely on matrix.to URIs falling back to a web server if accessed
-and instead should perform some sort of action within the client. For example, if
-the user were to click on a matrix.to URI for a room alias, the client may open
-a view for the user to participate in the room.
-
-The components of the matrix.to URI (``<identifier>`` and ``<extra parameter>``)
-are to be percent-encoded as per RFC 3986.
-
-Examples of matrix.to URIs are:
-
-* Room alias: ``https://matrix.to/#/%23somewhere%3Aexample.org``
-* Room: ``https://matrix.to/#/!somewhere%3Aexample.org``
-* Permalink by room: ``https://matrix.to/#/!somewhere%3Aexample.org/%24event%3Aexample.org``
-* Permalink by room alias: ``https://matrix.to/#/%23somewhere:example.org/%24event%3Aexample.org``
-* User: ``https://matrix.to/#/%40alice%3Aexample.org``
-* Group: ``https://matrix.to/#/%2Bexample%3Aexample.org``
-
-.. Note::
-   Historically, clients have not produced URIs which are fully encoded. Clients should
-   try to interpret these cases to the best of their ability. For example, an unencoded
-   room alias should still work within the client if possible.
-
-.. Note::
-   Clients should be aware that decoding a matrix.to URI may result in extra slashes
-   appearing due to some `room versions <index.html#room-versions>`_. These slashes
-   should normally be encoded when producing matrix.to URIs, however.
-
-Routing
-<<<<<<<
-
-Room IDs are not routable on their own as there is no reliable domain to send requests
-to. This is partially mitigated with the addition of a ``via`` argument on a matrix.to
-URI, however the problem of routability is still present. Clients should do their best
-to route Room IDs to where they need to go, however they should also be aware of
-`issue #1579 <https://github.com/matrix-org/matrix-doc/issues/1579>`_.
-
-A room (or room permalink) which isn't using a room alias should supply at least one
-server using ``via`` in the ``<additional arguments>``, like so:
-``https://matrix.to/!somewhere%3Aexample.org?via=example.org&via=alt.example.org``. The
-parameter can be supplied multiple times to specify multiple servers to try.
-
-The values of ``via`` are intended to be passed along as the ``server_name`` parameters
-on the Client Server ``/join`` API.
-
-When generating room links and permalinks, the application should pick servers which
-have a high probability of being in the room in the distant future. How these servers
-are picked is left as an implementation detail, however the current recommendation is
-to pick 3 unique servers based on the following criteria:
-
-* The first server should be the server of the highest power level user in the room,
-  provided they are at least power level 50. If no user meets this criteria, pick the
-  most popular server in the room (most joined users). The rationale for not picking
-  users with power levels under 50 is that they are unlikely to be around into the
-  distant future while higher ranking users (and therefore servers) are less likely
-  to give up their power and move somewhere else. Most rooms in the public federation
-  have a power level 100 user and have not deviated from the default structure where
-  power level 50 users have moderator-style privileges.
-
-* The second server should be the next highest server by population, or the first
-  highest by population if the first server was based on a user's power level. The
-  rationale for picking popular servers is that the server is unlikely to be removed
-  as the room naturally grows in membership due to that server joining users. The
-  server could be refused participation in the future due to server ACLs or similar,
-  however the chance of that happening to a server which is organically joining the
-  room is unlikely.
-
-* The third server should be the next highest server by population.
-
-* Servers which are blocked due to server ACLs should never be chosen.
-
-* Servers which are IP addresses should never be chosen. Servers which use a domain
-  name are less likely to be unroutable in the future whereas IP addresses cannot be
-  pointed to a different location and therefore higher risk options.
-
-* All 3 servers should be unique from each other. If the room does not have enough users
-  to supply 3 servers, the application should only specify the servers it can. For example,
-  a room with only 2 users in it would result in maximum 2 ``via`` parameters.
diff --git a/specification/appendices/signing_json.rst b/specification/appendices/signing_json.rst
deleted file mode 100644
index fbeb0010179..00000000000
--- a/specification/appendices/signing_json.rst
+++ /dev/null
@@ -1,327 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Signing JSON
-------------
-
-Various points in the Matrix specification require JSON objects to be
-cryptographically signed. This requires us to encode the JSON as a binary
-string. Unfortunately the same JSON can be encoded in different ways by
-changing how much white space is used or by changing the order of keys within
-objects.
-
-Signing an object therefore requires it to be encoded as a sequence of bytes
-using `Canonical JSON`_, computing the signature for that sequence and then
-adding the signature to the original JSON object.
-
-Canonical JSON
-~~~~~~~~~~~~~~
-
-We define the canonical JSON encoding for a value to be the shortest UTF-8 JSON
-encoding with dictionary keys lexicographically sorted by unicode codepoint.
-Numbers in the JSON must be integers in the range ``[-(2**53)+1, (2**53)-1]``.
-
-We pick UTF-8 as the encoding as it should be available to all platforms and
-JSON received from the network is likely to be already encoded using UTF-8.
-We sort the keys to give a consistent ordering. We force integers to be in the
-range where they can be accurately represented using IEEE double precision
-floating point numbers since a number of JSON libraries represent all numbers
-using this representation.
-
-.. WARNING::
-   Events in room versions 1, 2, 3, 4, and 5 might not be fully compliant with
-   these restrictions. Servers SHOULD be capable of handling JSON which is considered
-   invalid by these restrictions where possible.
-
-   The most notable consideration is that integers might not be in the range
-   specified above.
-
-.. Note::
-   Float values are not permitted by this encoding.
-
-.. code:: python
-
- import json
-
- def canonical_json(value):
-     return json.dumps(
-         value,
-         # Encode code-points outside of ASCII as UTF-8 rather than \u escapes
-         ensure_ascii=False,
-         # Remove unnecessary white space.
-         separators=(',',':'),
-         # Sort the keys of dictionaries.
-         sort_keys=True,
-         # Encode the resulting unicode as UTF-8 bytes.
-     ).encode("UTF-8")
-
-Grammar
-+++++++
-
-Adapted from the grammar in http://tools.ietf.org/html/rfc7159 removing
-insignificant whitespace, fractions, exponents and redundant character escapes.
-
-.. code::
-
- value     = false / null / true / object / array / number / string
- false     = %x66.61.6c.73.65
- null      = %x6e.75.6c.6c
- true      = %x74.72.75.65
- object    = %x7B [ member *( %x2C member ) ] %7D
- member    = string %x3A value
- array     = %x5B [ value *( %x2C value ) ] %5B
- number    = [ %x2D ] int
- int       = %x30 / ( %x31-39 *digit )
- digit     = %x30-39
- string    = %x22 *char %x22
- char      = unescaped / %x5C escaped
- unescaped = %x20-21 / %x23-5B / %x5D-10FFFF
- escaped   = %x22 ; "    quotation mark  U+0022
-           / %x5C ; \    reverse solidus U+005C
-           / %x62 ; b    backspace       U+0008
-           / %x66 ; f    form feed       U+000C
-           / %x6E ; n    line feed       U+000A
-           / %x72 ; r    carriage return U+000D
-           / %x74 ; t    tab             U+0009
-           / %x75.30.30.30 (%x30-37 / %x62 / %x65-66) ; u000X
-           / %x75.30.30.31 (%x30-39 / %x61-66)        ; u001X
-
-Examples
-++++++++
-
-To assist in the development of compatible implementations, the following test
-values may be useful for verifying the canonical transformation code.
-
-Given the following JSON object:
-
-.. code:: json
-
-    {}
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "one": 1,
-        "two": "Two"
-    }
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"one":1,"two":"Two"}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "b": "2",
-        "a": "1"
-    }
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"a":"1","b":"2"}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {"b":"2","a":"1"}
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"a":"1","b":"2"}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "auth": {
-            "success": true,
-            "mxid": "@john.doe:example.com",
-            "profile": {
-                "display_name": "John Doe",
-                "three_pids": [
-                    {
-                        "medium": "email",
-                        "address": "john.doe@example.org"
-                    },
-                    {
-                        "medium": "msisdn",
-                        "address": "123456789"
-                    }
-                ]
-            }
-        }
-    }
-
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"auth":{"mxid":"@john.doe:example.com","profile":{"display_name":"John Doe","three_pids":[{"address":"john.doe@example.org","medium":"email"},{"address":"123456789","medium":"msisdn"}]},"success":true}}
-
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "a": "日本語"
-    }
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"a":"日本語"}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "本": 2,
-        "日": 1
-    }
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"日":1,"本":2}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "a": "\u65E5"
-    }
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"a":"日"}
-
-Given the following JSON object:
-
-.. code:: json
-
-    {
-        "a": null
-    }
-
-The following canonical JSON should be produced:
-
-.. code:: json
-
-    {"a":null}
-
-Signing Details
-~~~~~~~~~~~~~~~
-
-JSON is signed by encoding the JSON object without ``signatures`` or keys grouped
-as ``unsigned``, using the canonical encoding described above. The JSON bytes are then signed using the
-signature algorithm and the signature is encoded using `unpadded Base64`_.
-The resulting base64 signature is added to an object under the
-*signing key identifier* which is added to the ``signatures`` object under the
-name of the entity signing it which is added back to the original JSON object
-along with the ``unsigned`` object.
-
-The *signing key identifier* is the concatenation of the *signing algorithm*
-and a *key identifier*. The *signing algorithm* identifies the algorithm used
-to sign the JSON. The currently supported value for *signing algorithm* is
-``ed25519`` as implemented by NACL (http://nacl.cr.yp.to/). The *key identifier*
-is used to distinguish between different signing keys used by the same entity.
-
-The ``unsigned`` object and the ``signatures`` object are not covered by the
-signature. Therefore intermediate entities can add unsigned data such as
-timestamps and additional signatures.
-
-
-.. code:: json
-
-  {
-     "name": "example.org",
-     "signing_keys": {
-       "ed25519:1": "XSl0kuyvrXNj6A+7/tkrB9sxSbRi08Of5uRhxOqZtEQ"
-     },
-     "unsigned": {
-        "age_ts": 922834800000
-     },
-     "signatures": {
-        "example.org": {
-           "ed25519:1": "s76RUgajp8w172am0zQb/iPTHsRnb4SkrzGoeCOSFfcBY2V/1c8QfrmdXHpvnc2jK5BD1WiJIxiMW95fMjK7Bw"
-        }
-     }
-  }
-
-.. code:: python
-
-  def sign_json(json_object, signing_key, signing_name):
-      signatures = json_object.pop("signatures", {})
-      unsigned = json_object.pop("unsigned", None)
-
-      signed = signing_key.sign(encode_canonical_json(json_object))
-      signature_base64 = encode_base64(signed.signature)
-
-      key_id = "%s:%s" % (signing_key.alg, signing_key.version)
-      signatures.setdefault(signing_name, {})[key_id] = signature_base64
-
-      json_object["signatures"] = signatures
-      if unsigned is not None:
-          json_object["unsigned"] = unsigned
-
-      return json_object
-
-Checking for a Signature
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-To check if an entity has signed a JSON object an implementation does the
-following:
-
-1. Checks if the ``signatures`` member of the object contains an entry with
-   the name of the entity. If the entry is missing then the check fails.
-2. Removes any *signing key identifiers* from the entry with algorithms it
-   doesn't understand. If there are no *signing key identifiers* left then the
-   check fails.
-3. Looks up *verification keys* for the remaining *signing key identifiers*
-   either from a local cache or by consulting a trusted key server. If it
-   cannot find a *verification key* then the check fails.
-4. Decodes the base64 encoded signature bytes. If base64 decoding fails then
-   the check fails.
-5. Removes the ``signatures`` and ``unsigned`` members of the object.
-6. Encodes the remainder of the JSON object using the `Canonical JSON`_
-   encoding.
-7. Checks the signature bytes against the encoded object using the
-   *verification key*. If this fails then the check fails. Otherwise the check
-   succeeds.
diff --git a/specification/appendices/test_vectors.rst b/specification/appendices/test_vectors.rst
deleted file mode 100644
index 05b115db8cb..00000000000
--- a/specification/appendices/test_vectors.rst
+++ /dev/null
@@ -1,182 +0,0 @@
-.. Copyright 2015 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-
-Cryptographic Test Vectors
---------------------------
-
-To assist in the development of compatible implementations, the following test
-values may be useful for verifying the cryptographic event signing code.
-
-Signing Key
-~~~~~~~~~~~
-
-The following test vectors all use the 32-byte value given by the following
-Base64-encoded string as the seed for generating the ``ed25519`` signing key:
-
-.. code::
-
-    SIGNING_KEY_SEED = decode_base64(
-        "YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1"
-    )
-
-In each case, the server name and key ID are as follows:
-
-.. code::
-
-    SERVER_NAME = "domain"
-
-    KEY_ID = "ed25519:1"
-
-JSON Signing
-~~~~~~~~~~~~
-
-Given an empty JSON object:
-
-.. code:: json
-
-    {}
-
-The JSON signing algorithm should emit the following signed data:
-
-.. code:: json
-
-    {
-        "signatures": {
-            "domain": {
-                "ed25519:1": "K8280/U9SSy9IVtjBuVeLr+HpOB4BQFWbg+UZaADMtTdGYI7Geitb76LTrr5QV/7Xg4ahLwYGYZzuHGZKM5ZAQ"
-            }
-        }
-    }
-
-Given the following JSON object with data values in it:
-
-.. code:: json
-
-    {
-        "one": 1,
-        "two": "Two"
-    }
-
-The JSON signing algorithm should emit the following signed JSON:
-
-.. code:: json
-
-    {
-        "one": 1,
-        "signatures": {
-            "domain": {
-                "ed25519:1": "KqmLSbO39/Bzb0QIYE82zqLwsA+PDzYIpIRA2sRQ4sL53+sN6/fpNSoqE7BP7vBZhG6kYdD13EIMJpvhJI+6Bw"
-            }
-        },
-        "two": "Two"
-    }
-
-Event Signing
-~~~~~~~~~~~~~
-
-Given the following minimally-sized event:
-
-.. code:: json
-
-    {
-        "room_id": "!x:domain",
-        "sender": "@a:domain",
-        "origin": "domain",
-        "origin_server_ts": 1000000,
-        "signatures": {},
-        "hashes": {},
-        "type": "X",
-        "content": {},
-        "prev_events": [],
-        "auth_events": [],
-        "depth": 3,
-        "unsigned": {
-            "age_ts": 1000000
-        }
-    }
-
-The event signing algorithm should emit the following signed event:
-
-.. code:: json
-
-    {
-        "auth_events": [],
-        "content": {},
-        "depth": 3,
-        "hashes": {
-            "sha256": "5jM4wQpv6lnBo7CLIghJuHdW+s2CMBJPUOGOC89ncos"
-        },
-        "origin": "domain",
-        "origin_server_ts": 1000000,
-        "prev_events": [],
-        "room_id": "!x:domain",
-        "sender": "@a:domain",
-        "signatures": {
-            "domain": {
-                "ed25519:1": "KxwGjPSDEtvnFgU00fwFz+l6d2pJM6XBIaMEn81SXPTRl16AqLAYqfIReFGZlHi5KLjAWbOoMszkwsQma+lYAg"
-            }
-        },
-        "type": "X",
-        "unsigned": {
-            "age_ts": 1000000
-        }
-    }
-
-Given the following event containing redactable content:
-
-.. code:: json
-
-    {
-        "content": {
-            "body": "Here is the message content"
-        },
-        "event_id": "$0:domain",
-        "origin": "domain",
-        "origin_server_ts": 1000000,
-        "type": "m.room.message",
-        "room_id": "!r:domain",
-        "sender": "@u:domain",
-        "signatures": {},
-        "unsigned": {
-            "age_ts": 1000000
-        }
-    }
-
-The event signing algorithm should emit the following signed event:
-
-.. code:: json
-
-    {
-        "content": {
-            "body": "Here is the message content"
-        },
-        "event_id": "$0:domain",
-        "hashes": {
-            "sha256": "onLKD1bGljeBWQhWZ1kaP9SorVmRQNdN5aM2JYU2n/g"
-        },
-        "origin": "domain",
-        "origin_server_ts": 1000000,
-        "type": "m.room.message",
-        "room_id": "!r:domain",
-        "sender": "@u:domain",
-        "signatures": {
-            "domain": {
-                "ed25519:1": "Wm+VzmOUOz08Ds+0NTWb1d4CZrVsJSikkeRxh6aCcUwu6pNC78FunoD7KNWzqFn241eYHYMGCA5McEiVPdhzBA"
-            }
-        },
-        "unsigned": {
-            "age_ts": 1000000
-        }
-    }
diff --git a/specification/appendices/threat_model.rst b/specification/appendices/threat_model.rst
deleted file mode 100644
index 9ad5fef80b7..00000000000
--- a/specification/appendices/threat_model.rst
+++ /dev/null
@@ -1,140 +0,0 @@
-.. Copyright 2015 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Security Threat Model
-----------------------
-
-Denial of Service
-~~~~~~~~~~~~~~~~~
-
-The attacker could attempt to prevent delivery of messages to or from the
-victim in order to:
-
-* Disrupt service or marketing campaign of a commercial competitor.
-* Censor a discussion or censor a participant in a discussion.
-* Perform general vandalism.
-
-Threat: Resource Exhaustion
-+++++++++++++++++++++++++++
-
-An attacker could cause the victims server to exhaust a particular resource
-(e.g. open TCP connections, CPU, memory, disk storage)
-
-Threat: Unrecoverable Consistency Violations
-++++++++++++++++++++++++++++++++++++++++++++
-
-An attacker could send messages which created an unrecoverable "split-brain"
-state in the cluster such that the victim's servers could no longer derive a
-consistent view of the chatroom state.
-
-Threat: Bad History
-+++++++++++++++++++
-
-An attacker could convince the victim to accept invalid messages which the
-victim would then include in their view of the chatroom history. Other servers
-in the chatroom would reject the invalid messages and potentially reject the
-victims messages as well since they depended on the invalid messages.
-
-.. TODO-spec
-  Track trustworthiness of HS or users based on if they try to pretend they
-  haven't seen recent events, and fake a splitbrain... --M
-
-Threat: Block Network Traffic
-+++++++++++++++++++++++++++++
-
-An attacker could try to firewall traffic between the victim's server and some
-or all of the other servers in the chatroom.
-
-Threat: High Volume of Messages
-+++++++++++++++++++++++++++++++
-
-An attacker could send large volumes of messages to a chatroom with the victim
-making the chatroom unusable.
-
-Threat: Banning users without necessary authorisation
-+++++++++++++++++++++++++++++++++++++++++++++++++++++
-
-An attacker could attempt to ban a user from a chatroom without the necessary
-authorisation.
-
-Spoofing
-~~~~~~~~
-
-An attacker could try to send a message claiming to be from the victim without
-the victim having sent the message in order to:
-
-* Impersonate the victim while performing illicit activity.
-* Obtain privileges of the victim.
-
-Threat: Altering Message Contents
-+++++++++++++++++++++++++++++++++
-
-An attacker could try to alter the contents of an existing message from the
-victim.
-
-Threat: Fake Message "origin" Field
-+++++++++++++++++++++++++++++++++++
-
-An attacker could try to send a new message purporting to be from the victim
-with a phony "origin" field.
-
-Spamming
-~~~~~~~~
-
-The attacker could try to send a high volume of solicited or unsolicited
-messages to the victim in order to:
-
-* Find victims for scams.
-* Market unwanted products.
-
-Threat: Unsolicited Messages
-++++++++++++++++++++++++++++
-
-An attacker could try to send messages to victims who do not wish to receive
-them.
-
-Threat: Abusive Messages
-++++++++++++++++++++++++
-
-An attacker could send abusive or threatening messages to the victim
-
-Spying
-~~~~~~
-
-The attacker could try to access message contents or metadata for messages sent
-by the victim or to the victim that were not intended to reach the attacker in
-order to:
-
-* Gain sensitive personal or commercial information.
-* Impersonate the victim using credentials contained in the messages.
-  (e.g. password reset messages)
-* Discover who the victim was talking to and when.
-
-Threat: Disclosure during Transmission
-++++++++++++++++++++++++++++++++++++++
-
-An attacker could try to expose the message contents or metadata during
-transmission between the servers.
-
-Threat: Disclosure to Servers Outside Chatroom
-++++++++++++++++++++++++++++++++++++++++++++++
-
-An attacker could try to convince servers within a chatroom to send messages to
-a server it controls that was not authorised to be within the chatroom.
-
-Threat: Disclosure to Servers Within Chatroom
-+++++++++++++++++++++++++++++++++++++++++++++
-
-An attacker could take control of a server within a chatroom to expose message
-contents or metadata for messages in that room.
diff --git a/specification/appendices/threepids.rst b/specification/appendices/threepids.rst
deleted file mode 100644
index 84860740c30..00000000000
--- a/specification/appendices/threepids.rst
+++ /dev/null
@@ -1,48 +0,0 @@
-.. Copyright 2017 Kamax.io
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-3PID Types
-----------
-Third Party Identifiers (3PIDs) represent identifiers on other namespaces that
-might be associated with a particular person. They comprise a tuple of ``medium``
-which is a string that identifies the namespace in which the identifier exists,
-and an ``address``: a string representing the identifier in that namespace. This
-must be a canonical form of the identifier, *i.e.* if multiple strings could
-represent the same identifier, only one of these strings must be used in a 3PID
-address, in a well-defined manner.
-
-For example, for e-mail, the ``medium`` is 'email' and the ``address`` would be the
-email address, *e.g.* the string ``bob@example.com``. Since domain resolution is
-case-insensitive, the email address ``bob@Example.com`` is also has the 3PID address
-of ``bob@example.com`` (without the capital 'e') rather than ``bob@Example.com``.
-
-The namespaces defined by this specification are listed below. More namespaces
-may be defined in future versions of this specification.
-
-E-Mail
-~~~~~~
-Medium: ``email``
-
-Represents E-Mail addresses. The ``address`` is the raw email address in
-``user@domain`` form with the domain in lowercase. It must not contain other text
-such as real name, angle brackets or a mailto: prefix.
-
-PSTN Phone numbers
-~~~~~~~~~~~~~~~~~~
-Medium: ``msisdn``
-
-Represents telephone numbers on the public switched telephone network.  The
-``address`` is the telephone number represented as a MSISDN (Mobile Station
-International Subscriber Directory Number) as defined by the E.164 numbering
-plan. Note that MSISDNs do not include a leading '+'.
diff --git a/specification/application_service_api.rst b/specification/application_service_api.rst
deleted file mode 100644
index 302f0980ffc..00000000000
--- a/specification/application_service_api.rst
+++ /dev/null
@@ -1,447 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2018 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Application Service API
-=======================
-
-{{unstable_warning_block_APPSERVICE_RELEASE_LABEL}}
-
-The Matrix client-server API and server-server APIs provide the means to
-implement a consistent self-contained federated messaging fabric. However, they
-provide limited means of implementing custom server-side behaviour in Matrix
-(e.g. gateways, filters, extensible hooks etc). The Application Service API (AS API)
-defines a standard API to allow such extensible functionality to be implemented
-irrespective of the underlying homeserver implementation.
-
-.. TODO-spec
-  Add in Client-Server services? Overview of bots? Seems weird to be in the spec
-  given it is VERY implementation specific.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Changelog
----------
-
-
-.. topic:: Version: %APPSERVICE_RELEASE_LABEL%
-{{application_service_changelog}}
-
-This version of the specification is generated from
-`matrix-doc <https://github.com/matrix-org/matrix-doc>`_ as of Git commit
-`{{git_version}} <https://github.com/matrix-org/matrix-doc/tree/{{git_rev}}>`_.
-
-For the full historical changelog, see
-https://github.com/matrix-org/matrix-doc/blob/master/changelogs/application_service.rst
-
-Other versions of this specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following other versions are also available, in reverse chronological order:
-
-- `HEAD <https://matrix.org/docs/spec/application_service/unstable.html>`_: Includes all changes since the latest versioned release.
-- `r0.1.1 <https://matrix.org/docs/spec/application_service/r0.1.1.html>`_
-- `r0.1.0 <https://matrix.org/docs/spec/application_service/r0.1.0.html>`_
-
-
-Application Services
---------------------
-Application services are passive and can only observe events from homeserver.
-They can inject events into rooms they are participating in.
-They cannot prevent events from being sent, nor can they modify the content of
-the event being sent. In order to observe events from a homeserver, the
-homeserver needs to be configured to pass certain types of traffic to the
-application service.  This is achieved by manually configuring the homeserver
-with information about the application service.
-
-Registration
-~~~~~~~~~~~~
-
-.. NOTE::
-  Previously, application services could register with a homeserver via HTTP
-  APIs. This was removed as it was seen as a security risk. A compromised
-  application service could re-register for a global ``*`` regex and sniff
-  *all* traffic on the homeserver. To protect against this, application
-  services now have to register via configuration files which are linked to
-  the homeserver configuration file. The addition of configuration files
-  allows homeserver admins to sanity check the registration for suspicious
-  regex strings.
-
-.. TODO
-  Removing the API entirely is probably a mistake - having a standard cross-HS
-  way of doing this stops ASes being coupled to particular HS implementations.
-  A better solution would be to somehow mandate that the API done to avoid
-  abuse.
-
-Application services register "namespaces" of user IDs, room aliases and room IDs.
-These namespaces are represented as regular expressions. An application service
-is said to be "interested" in a given event if one of the IDs in the event match
-the regular expression provided by the application service, such as the room having
-an alias or ID in the relevant namespaces. Similarly, the application service is
-said to be interested in a given event if one of the application service's namespaced
-users is the target of the event, or is a joined member of the room where the event
-occurred.
-
-An application service can also state whether they should be the only ones who
-can manage a specified namespace. This is referred to as an "exclusive"
-namespace. An exclusive namespace prevents humans and other application
-services from creating/deleting entities in that namespace. Typically,
-exclusive namespaces are used when the rooms represent real rooms on
-another service (e.g. IRC). Non-exclusive namespaces are used when the
-application service is merely augmenting the room itself (e.g. providing
-logging or searching facilities). Namespaces are represented by POSIX extended
-regular expressions and look like:
-
-.. code-block:: yaml
-
-   users:
-     - exclusive: true
-       regex: "@_irc_bridge_.*"
-
-Application services may define the following namespaces (with none being explicitly required):
-
-+------------------+-----------------------------------------------------------+
-| Name             | Description                                               |
-+==================+===========================================================+
-| users            | Events which are sent from certain users.                 |
-+------------------+-----------------------------------------------------------+
-| aliases          | Events which are sent in rooms with certain room aliases. |
-+------------------+-----------------------------------------------------------+
-| rooms            | Events which are sent in rooms with certain room IDs.     |
-+------------------+-----------------------------------------------------------+
-
-Each individual namespace MUST declare the following fields:
-
-+------------------+-----------------------------------------------------------------------------------------------------------------------------------+
-| Name             | Description                                                                                                                       |
-+==================+===================================================================================================================================+
-| exclusive        | **Required** A true or false value stating whether this application service has exclusive access to events within this namespace. |
-+------------------+-----------------------------------------------------------------------------------------------------------------------------------+
-| regex            | **Required** A regular expression defining which values this namespace includes.                                                  |
-+------------------+-----------------------------------------------------------------------------------------------------------------------------------+
-
-Exclusive user and alias namespaces should begin with an underscore after the
-sigil to avoid collisions with other users on the homeserver. Application
-services should additionally attempt to identify the service they represent
-in the reserved namespace. For example, ``@_irc_.*`` would be a good namespace
-to register for an application service which deals with IRC.
-
-The registration is represented by a series of key-value pairs, which this
-specification will present as YAML. See below for the possible options along
-with their explanation:
-
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| Name             | Description                                                                                                                                        |
-+==================+====================================================================================================================================================+
-| id               | **Required.** A unique, user-defined ID of the application service which will never change.                                                        |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| url              | **Required.** The URL for the application service. May include a path after the domain name. Optionally set to ``null`` if no traffic is required. |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| as_token         | **Required.** A unique token for application services to use to authenticate requests to Homeservers.                                              |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| hs_token         | **Required.** A unique token for Homeservers to use to authenticate requests to application services.                                              |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| sender_localpart | **Required.** The localpart of the user associated with the application service.                                                                   |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| namespaces       | **Required.** A list of ``users``, ``aliases`` and ``rooms`` namespaces that the application service controls.                                     |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| rate_limited     | Whether requests from masqueraded users are rate-limited. The sender is excluded.                                                                  |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-| protocols        | The external protocols which the application service provides (e.g. IRC).                                                                          |
-+------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+
-
-An example registration file for an IRC-bridging application service is below:
-
-.. code-block:: yaml
-
-    id: "IRC Bridge"
-    url: "http://127.0.0.1:1234"
-    as_token: "30c05ae90a248a4188e620216fa72e349803310ec83e2a77b34fe90be6081f46"
-    hs_token: "312df522183efd404ec1cd22d2ffa4bbc76a8c1ccf541dd692eef281356bb74e"
-    sender_localpart: "_irc_bot" # Will result in @_irc_bot:example.org
-    namespaces:
-      users:
-        - exclusive: true
-          regex: "@_irc_bridge_.*"
-      aliases:
-        - exclusive: false
-          regex: "#_irc_bridge_.*"
-      rooms: []
-
-.. WARNING::
-  If the homeserver in question has multiple application services, each
-  ``as_token`` and ``id`` MUST be unique per application service as these are
-  used to identify the application service. The homeserver MUST enforce this.
-
-Homeserver -> Application Service API
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Authorization
-+++++++++++++
-
-Homeservers MUST include a query parameter named ``access_token`` containing the
-``hs_token`` from the application service's registration when making requests to
-the application service. Application services MUST verify the provided ``access_token``
-matches their known ``hs_token``, failing the request with a ``M_FORBIDDEN`` error
-if it does not match.
-
-Legacy routes
-+++++++++++++
-
-Previous drafts of the application service specification had a mix of endpoints
-that have been used in the wild for a significant amount of time. The application
-service specification now defines a version on all endpoints to be more compatible
-with the rest of the Matrix specification and the future.
-
-Homeservers should attempt to use the specified endpoints first when communicating
-with application services. However, if the application service receives an http status
-code that does not indicate success (ie: 404, 500, 501, etc) then the homeserver
-should fall back to the older endpoints for the application service.
-
-The older endpoints have the exact same request body and response format, they
-just belong at a different path. The equivalent path for each is as follows:
-
-* ``/_matrix/app/v1/transactions/{txnId}`` should fall back to ``/transactions/{txnId}``
-* ``/_matrix/app/v1/users/{userId}`` should fall back to ``/users/{userId}``
-* ``/_matrix/app/v1/rooms/{roomAlias}`` should fall back to ``/rooms/{roomAlias}``
-* ``/_matrix/app/v1/thirdparty/protocol/{protocol}`` should fall back to ``/_matrix/app/unstable/thirdparty/protocol/{protocol}``
-* ``/_matrix/app/v1/thirdparty/user/{user}`` should fall back to ``/_matrix/app/unstable/thirdparty/user/{user}``
-* ``/_matrix/app/v1/thirdparty/location/{location}`` should fall back to ``/_matrix/app/unstable/thirdparty/location/{location}``
-* ``/_matrix/app/v1/thirdparty/user`` should fall back to ``/_matrix/app/unstable/thirdparty/user``
-* ``/_matrix/app/v1/thirdparty/location`` should fall back to ``/_matrix/app/unstable/thirdparty/location``
-
-Homeservers should periodically try again for the newer endpoints because the
-application service may have been updated.
-
-Pushing events
-++++++++++++++
-
-The application service API provides a transaction API for sending a list of
-events. Each list of events includes a transaction ID, which works as follows:
-
-::
-
- Typical
- HS ---> AS : Homeserver sends events with transaction ID T.
-    <---    : Application Service sends back 200 OK.
-
- AS ACK Lost
- HS ---> AS : Homeserver sends events with transaction ID T.
-    <-/-    : AS 200 OK is lost.
- HS ---> AS : Homeserver retries with the same transaction ID of T.
-    <---    : Application Service sends back 200 OK. If the AS had processed these
-              events already, it can NO-OP this request (and it knows if it is the
-              same events based on the transaction ID).
-
-The events sent to the application service should be linearised, as if they were
-from the event stream. The homeserver MUST maintain a queue of transactions to
-send to the application service. If the application service cannot be reached, the
-homeserver SHOULD backoff exponentially until the application service is reachable again.
-As application services cannot *modify* the events in any way, these requests can
-be made without blocking other aspects of the homeserver. Homeservers MUST NOT
-alter (e.g. add more) events they were going to send within that transaction ID
-on retries, as the application service may have already processed the events.
-
-{{transactions_as_http_api}}
-
-Querying
-++++++++
-
-The application service API includes two querying APIs: for room aliases and for
-user IDs. The application service SHOULD create the queried entity if it desires.
-During this process, the application service is blocking the homeserver until the
-entity is created and configured. If the homeserver does not receive a response
-to this request, the homeserver should retry several times before timing out. This
-should result in an HTTP status 408 "Request Timeout" on the client which initiated
-this request (e.g. to join a room alias).
-
-.. admonition:: Rationale
-
-  Blocking the homeserver and expecting the application service to create the entity
-  using the client-server API is simpler and more flexible than alternative methods
-  such as returning an initial sync style JSON blob and get the HS to provision
-  the room/user. This also meant that there didn't need to be a "backchannel" to inform
-  the application service about information about the entity such as room ID to
-  room alias mappings.
-
-{{query_user_as_http_api}}
-
-{{query_room_as_http_api}}
-
-
-Third party networks
-++++++++++++++++++++
-
-Application services may declare which protocols they support via their registration
-configuration for the homeserver. These networks are generally for third party services
-such as IRC that the application service is managing. Application services may populate
-a Matrix room directory for their registered protocols, as defined in the Client-Server
-API Extensions.
-
-Each protocol may have several "locations" (also known as "third party locations" or "3PLs").
-A location within a protocol is a place in the third party network, such as an IRC channel.
-Users of the third party network may also be represented by the application service.
-
-Locations and users can be searched by fields defined by the application service, such
-as by display name or other attribute. When clients request the homeserver to search
-in a particular "network" (protocol), the search fields will be passed along to the
-application service for filtering.
-
-{{protocols_as_http_api}}
-
-
-.. _create the user: `sect:asapi-permissions`_
-
-Client-Server API Extensions
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Application services can use a more powerful version of the
-client-server API by identifying itself as an application service to the
-homeserver.
-
-Endpoints defined in this section MUST be supported by homeservers in the
-client-server API as accessible only by application services.
-
-Identity assertion
-++++++++++++++++++
-The client-server API infers the user ID from the ``access_token`` provided in
-every request. To avoid the application service from having to keep track of each
-user's access token, the application service should identify itself to the Client-Server
-API by providing its ``as_token`` for the ``access_token`` alongside the user the
-application service would like to masquerade as.
-
-Inputs:
- - Application service token (``as_token``)
- - User ID in the AS namespace to act as.
-
-Notes:
- - This applies to all aspects of the Client-Server API, except for Account Management.
- - The ``as_token`` is inserted into ``access_token`` which is usually where the
-   client token is, such as via the query string or ``Authorization`` header. This
-   is done on purpose to allow application services to reuse client SDKs.
- - The ``access_token`` should be supplied through the ``Authorization`` header where
-   possible to prevent the token appearing in HTTP request logs by accident.
-
-The application service may specify the virtual user to act as through use of a
-``user_id`` query string parameter on the request. The user specified in the query
-string must be covered by one of the application service's ``user`` namespaces. If
-the parameter is missing, the homeserver is to assume the application service intends
-to act as the user implied by the ``sender_localpart`` property of the registration.
-
-An example request would be::
-
- GET /_matrix/client/%CLIENT_MAJOR_VERSION%/account/whoami?user_id=@_irc_user:example.org
- Authorization: Bearer YourApplicationServiceTokenHere
-
-.. TODO-TravisR: Temporarily take out timestamp massaging while we're releasing r0.
-   See https://github.com/matrix-org/matrix-doc/issues/1585
-.. Timestamp massaging
-   +++++++++++++++++++
-   The application service may want to inject events at a certain time (reflecting
-   the time on the network they are tracking e.g. irc, xmpp). Application services
-   need to be able to adjust the ``origin_server_ts`` value to do this.
-
-   Inputs:
-   - Application service token (``as_token``)
-   - Desired timestamp (in milliseconds since the unix epoch)
-
-   Notes:
-   - This will only apply when sending events.
-
-   ::
-
-    PUT /_matrix/client/r0/rooms/!somewhere:example.org/send/m.room.message/txnId?ts=1534535223283
-    Authorization: Bearer YourApplicationServiceTokenHere
-
-    Content: The event to send, as per the Client-Server API.
-
-Timestamp massaging
-+++++++++++++++++++
-
-Previous drafts of the Application Service API permitted application services
-to alter the timestamp of their sent events by providing a ``ts`` query parameter
-when sending an event. This API has been excluded from the first release due to
-design concerns, however some servers may still support the feature. Please visit
-`issue #1585 <https://github.com/matrix-org/matrix-doc/issues/1585>`_ for more
-information.
-
-Server admin style permissions
-++++++++++++++++++++++++++++++
-
-.. _sect:asapi-permissions:
-
-The homeserver needs to give the application service *full control* over its
-namespace, both for users and for room aliases. This means that the AS should
-be able to create/edit/delete any room alias in its namespace, as well as
-create/delete any user in its namespace. No additional API changes need to be
-made in order for control of room aliases to be granted to the AS. Creation of
-users needs API changes in order to:
-
-- Work around captchas.
-- Have a 'passwordless' user.
-
-This involves bypassing the registration flows entirely. This is achieved by
-including the ``as_token`` on a ``/register`` request, along with a login type of
-``m.login.application_service`` to set the desired user ID without a password.
-
-::
-
-  POST /_matrix/client/%CLIENT_MAJOR_VERSION%/register
-  Authorization: Bearer YourApplicationServiceTokenHere
-
-  Content:
-  {
-    type: "m.login.application_service",
-    username: "_irc_example"
-  }
-
-Application services which attempt to create users or aliases *outside* of
-their defined namespaces will receive an error code ``M_EXCLUSIVE``. Similarly,
-normal users who attempt to create users or aliases *inside* an application
-service-defined namespace will receive the same ``M_EXCLUSIVE`` error code,
-but only if the application service has defined the namespace as ``exclusive``.
-
-Using ``/sync`` and ``/events``
-+++++++++++++++++++++++++++++++
-
-Application services wishing to use ``/sync`` or ``/events`` from the Client-Server
-API MUST do so with a virtual user (provide a ``user_id`` via the query string). It
-is expected that the application service use the transactions pushed to it to
-handle events rather than syncing with the user implied by ``sender_localpart``.
-
-Application service room directories
-++++++++++++++++++++++++++++++++++++
-
-Application services can maintain their own room directories for their defined
-third party protocols. These room directories may be accessed by clients through
-additional parameters on the ``/publicRooms`` client-server endpoint.
-
-{{appservice_room_directory_cs_http_api}}
-
-Referencing messages from a third party network
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Application services should include an ``external_url`` in the ``content`` of
-events it emits to indicate where the message came from. This typically applies
-to application services that bridge other networks into Matrix, such as IRC,
-where an HTTP URL may be available to reference.
-
-Clients should provide users with a way to access the ``external_url`` if it
-is present. Clients should additionally ensure the URL has a scheme of ``https``
-or ``http`` before making use of it.
-
-The presence of an ``external_url`` on an event does not necessarily mean the
-event was sent from an application service. Clients should be wary of the URL
-contained within, as it may not be a legitimate reference to the event's source.
diff --git a/specification/client_server_api.rst b/specification/client_server_api.rst
deleted file mode 100644
index 4847d837117..00000000000
--- a/specification/client_server_api.rst
+++ /dev/null
@@ -1,2085 +0,0 @@
-.. Copyright 2016-2020 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Client-Server API
-=================
-
-{{unstable_warning_block_CLIENT_RELEASE_LABEL}}
-
-The client-server API provides a simple lightweight API to let clients send
-messages, control rooms and synchronise conversation history. It is designed to
-support both lightweight clients which store no state and lazy-load data from
-the server as required - as well as heavyweight clients which maintain a full
-local persistent copy of server state.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Changelog
----------
-
-.. topic:: Version: %CLIENT_RELEASE_LABEL%
-{{client_server_changelog}}
-
-This version of the specification is generated from
-`matrix-doc <https://github.com/matrix-org/matrix-doc>`_ as of Git commit
-`{{git_version}} <https://github.com/matrix-org/matrix-doc/tree/{{git_rev}}>`_.
-
-For the full historical changelog, see
-https://github.com/matrix-org/matrix-doc/blob/master/changelogs/client_server.rst
-
-Other versions of this specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following other versions are also available, in reverse chronological order:
-
-- `HEAD <https://matrix.org/docs/spec/client_server/unstable.html>`_: Includes all changes since the latest versioned release.
-- `r0.6.1 <https://matrix.org/docs/spec/client_server/r0.6.1.html>`_
-- `r0.6.0 <https://matrix.org/docs/spec/client_server/r0.6.0.html>`_
-- `r0.5.0 <https://matrix.org/docs/spec/client_server/r0.5.0.html>`_
-- `r0.4.0 <https://matrix.org/docs/spec/client_server/r0.4.0.html>`_
-- `r0.3.0 <https://matrix.org/docs/spec/client_server/r0.3.0.html>`_
-- `r0.2.0 <https://matrix.org/docs/spec/client_server/r0.2.0.html>`_
-- `r0.1.0 <https://matrix.org/docs/spec/client_server/r0.1.0.html>`_
-- `r0.0.1 <https://matrix.org/docs/spec/r0.0.1/client_server.html>`_
-- `r0.0.0 <https://matrix.org/docs/spec/r0.0.0/client_server.html>`_
-- `Legacy <https://matrix.org/docs/spec/legacy/#client-server-api>`_: The last draft before the spec was formally released in version r0.0.0.
-
-
-API Standards
--------------
-
-.. TODO: Move a lot of this to a common area for all specs.
-
-.. TODO
-  Need to specify any HMAC or access_token lifetime/ratcheting tricks
-  We need to specify capability negotiation for extensible transports
-
-The mandatory baseline for client-server communication in Matrix is exchanging
-JSON objects over HTTP APIs. HTTPS is recommended for communication, although
-HTTP may be supported as a fallback to support basic
-HTTP clients. More efficient optional transports
-will in future be supported as optional extensions - e.g. a
-packed binary encoding over stream-cipher encrypted TCP socket for
-low-bandwidth/low-roundtrip mobile usage. For the default HTTP transport, all
-API calls use a Content-Type of ``application/json``.  In addition, all strings
-MUST be encoded as UTF-8. Clients are authenticated using opaque
-``access_token`` strings (see `Client Authentication`_ for details), passed as a
-query string parameter on all requests.
-
-The names of the API endpoints for the HTTP transport follow a convention of
-using underscores to separate words (for example ``/delete_devices``). The key
-names in JSON objects passed over the API also follow this convention.
-
-.. NOTE::
-   There are a few historical exceptions to this rule, such as
-   ``/createRoom``. A future version of this specification will address the
-   inconsistency.
-
-Any errors which occur at the Matrix API level MUST return a "standard error
-response". This is a JSON object which looks like:
-
-.. code:: json
-
-  {
-    "errcode": "<error code>",
-    "error": "<error message>"
-  }
-
-The ``error`` string will be a human-readable error message, usually a sentence
-explaining what went wrong. The ``errcode`` string will be a unique string
-which can be used to handle an error message e.g. ``M_FORBIDDEN``. These error
-codes should have their namespace first in ALL CAPS, followed by a single _ to
-ease separating the namespace from the error code. For example, if there was a
-custom namespace ``com.mydomain.here``, and a
-``FORBIDDEN`` code, the error code should look like
-``COM.MYDOMAIN.HERE_FORBIDDEN``. There may be additional keys depending on the
-error, but the keys ``error`` and ``errcode`` MUST always be present.
-
-Errors are generally best expressed by their error code rather than the HTTP
-status code returned. When encountering the error code ``M_UNKNOWN``, clients
-should prefer the HTTP status code as a more reliable reference for what the
-issue was. For example, if the client receives an error code of ``M_NOT_FOUND``
-but the request gave a 400 Bad Request status code, the client should treat
-the error as if the resource was not found. However, if the client were to
-receive an error code of ``M_UNKNOWN`` with a 400 Bad Request, the client
-should assume that the request being made was invalid.
-
-The common error codes are:
-
-:``M_FORBIDDEN``:
-  Forbidden access, e.g. joining a room without permission, failed login.
-
-:``M_UNKNOWN_TOKEN``:
-  The access token specified was not recognised.
-
-  An additional response parameter, ``soft_logout``, might be present on the response
-  for 401 HTTP status codes. See `the soft logout section <#soft-logout>`_ for more
-  information.
-
-:``M_MISSING_TOKEN``:
-  No access token was specified for the request.
-
-:``M_BAD_JSON``:
-  Request contained valid JSON, but it was malformed in some way, e.g. missing
-  required keys, invalid values for keys.
-
-:``M_NOT_JSON``:
-  Request did not contain valid JSON.
-
-:``M_NOT_FOUND``:
-  No resource was found for this request.
-
-:``M_LIMIT_EXCEEDED``:
-  Too many requests have been sent in a short period of time. Wait a while then
-  try again.
-
-:``M_UNKNOWN``:
-  An unknown error has occurred.
-
-Other error codes the client might encounter are:
-
-:``M_UNRECOGNIZED``:
-  The server did not understand the request.
-
-:``M_UNAUTHORIZED``:
-  The request was not correctly authorized. Usually due to login failures.
-
-:``M_USER_DEACTIVATED``:
-  The user ID associated with the request has been deactivated. Typically for
-  endpoints that prove authentication, such as ``/login``.
-
-:``M_USER_IN_USE``:
-  Encountered when trying to register a user ID which has been taken.
-
-:``M_INVALID_USERNAME``:
-  Encountered when trying to register a user ID which is not valid.
-
-:``M_ROOM_IN_USE``:
-  Sent when the room alias given to the ``createRoom`` API is already in use.
-
-:``M_INVALID_ROOM_STATE``:
-  Sent when the initial state given to the ``createRoom`` API is invalid.
-
-:``M_THREEPID_IN_USE``:
-  Sent when a threepid given to an API cannot be used because the same threepid is already in use.
-
-:``M_THREEPID_NOT_FOUND``:
-  Sent when a threepid given to an API cannot be used because no record matching the threepid was found.
-
-:``M_THREEPID_AUTH_FAILED``:
-  Authentication could not be performed on the third party identifier.
-
-:``M_THREEPID_DENIED``:
-  The server does not permit this third party identifier. This may happen if the server only
-  permits, for example, email addresses from a particular domain.
-
-:``M_SERVER_NOT_TRUSTED``:
-  The client's request used a third party server, eg. identity server, that this server does not trust.
-
-:``M_UNSUPPORTED_ROOM_VERSION``:
-  The client's request to create a room used a room version that the server does not support.
-
-:``M_INCOMPATIBLE_ROOM_VERSION``:
-  The client attempted to join a room that has a version the server does not support. Inspect the
-  ``room_version`` property of the error response for the room's version.
-
-:``M_BAD_STATE``:
-  The state change requested cannot be performed, such as attempting to unban
-  a user who is not banned.
-
-:``M_GUEST_ACCESS_FORBIDDEN``:
-  The room or resource does not permit guests to access it.
-
-:``M_CAPTCHA_NEEDED``:
-  A Captcha is required to complete the request.
-
-:``M_CAPTCHA_INVALID``:
-  The Captcha provided did not match what was expected.
-
-:``M_MISSING_PARAM``:
-  A required parameter was missing from the request.
-
-:``M_INVALID_PARAM``:
-  A parameter that was specified has the wrong value. For example, the server
-  expected an integer and instead received a string.
-
-:``M_TOO_LARGE``:
-  The request or entity was too large.
-
-:``M_EXCLUSIVE``:
-  The resource being requested is reserved by an application service, or the
-  application service making the request has not created the resource.
-
-:``M_RESOURCE_LIMIT_EXCEEDED``:
-  The request cannot be completed because the homeserver has reached a resource
-  limit imposed on it. For example, a homeserver held in a shared hosting environment
-  may reach a resource limit if it starts using too much memory or disk space. The
-  error MUST have an ``admin_contact`` field to provide the user receiving the error
-  a place to reach out to. Typically, this error will appear on routes which attempt
-  to modify state (eg: sending messages, account data, etc) and not routes which only
-  read state (eg: ``/sync``, get account data, etc).
-
-:``M_CANNOT_LEAVE_SERVER_NOTICE_ROOM``:
-  The user is unable to reject an invite to join the server notices room. See the
-  `Server Notices <#server-notices>`_ module for more information.
-
-.. TODO: More error codes (covered by other issues)
-.. * M_CONSENT_NOT_GIVEN                - GDPR: https://github.com/matrix-org/matrix-doc/issues/1512
-
-.. _sect:txn_ids:
-
-The client-server API typically uses ``HTTP PUT`` to submit requests with a
-client-generated transaction identifier. This means that these requests are
-idempotent. The scope of a transaction identifier is a particular access token.
-It **only** serves to identify new
-requests from retransmits. After the request has finished, the ``{txnId}``
-value should be changed (how is not specified; a monotonically increasing
-integer is recommended).
-
-Some API endpoints may allow or require the use of ``POST`` requests without a
-transaction ID. Where this is optional, the use of a ``PUT`` request is strongly
-recommended.
-
-{{versions_cs_http_api}}
-
-
-.. _`CORS`:
-
-Web Browser Clients
--------------------
-
-It is realistic to expect that some clients will be written to be run within a
-web browser or similar environment. In these cases, the homeserver should respond
-to pre-flight requests and supply Cross-Origin Resource Sharing (CORS) headers on
-all requests.
-
-Servers MUST expect that clients will approach them with ``OPTIONS`` requests,
-allowing clients to discover the CORS headers. All endpoints in this specification s
-upport the ``OPTIONS`` method, however the server MUST NOT perform any logic defined
-for the endpoints when approached with an ``OPTIONS`` request.
-
-When a client approaches the server with a request, the server should respond with
-the CORS headers for that route. The recommended CORS headers to be returned by
-servers on all requests are:
-
-.. code::
-
-  Access-Control-Allow-Origin: *
-  Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
-  Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
-
-Server Discovery
-----------------
-
-In order to allow users to connect to a Matrix server without needing to
-explicitly specify the homeserver's URL or other parameters, clients SHOULD use
-an auto-discovery mechanism to determine the server's URL based on a user's
-Matrix ID. Auto-discovery should only be done at login time.
-
-In this section, the following terms are used with specific meanings:
-
-``PROMPT``
-  Retrieve the specific piece of information from the user in a way which
-  fits within the existing client user experience, if the client is inclined to
-  do so. Failure can take place instead if no good user experience for this is
-  possible at this point.
-
-``IGNORE``
-  Stop the current auto-discovery mechanism. If no more auto-discovery
-  mechanisms are available, then the client may use other methods of
-  determining the required parameters, such as prompting the user, or using
-  default values.
-
-``FAIL_PROMPT``
-  Inform the user that auto-discovery failed due to invalid/empty data and
-  ``PROMPT`` for the parameter.
-
-``FAIL_ERROR``
-  Inform the user that auto-discovery did not return any usable URLs. Do not
-  continue further with the current login process. At this point, valid data
-  was obtained, but no server is available to serve the client. No further
-  guess should be attempted and the user should make a conscientious decision
-  what to do next.
-
-Well-known URI
-~~~~~~~~~~~~~~
-
-.. Note::
-  Servers hosting the ``.well-known`` JSON file SHOULD offer CORS headers, as
-  per the `CORS`_ section in this specification.
-
-The ``.well-known`` method uses a JSON file at a predetermined location to
-specify parameter values. The flow for this method is as follows:
-
-1. Extract the server name from the user's Matrix ID by splitting the Matrix ID
-   at the first colon.
-2. Extract the hostname from the server name.
-3. Make a GET request to ``https://hostname/.well-known/matrix/client``.
-
-   a. If the returned status code is 404, then ``IGNORE``.
-   b. If the returned status code is not 200, or the response body is empty,
-      then ``FAIL_PROMPT``.
-   c. Parse the response body as a JSON object
-
-      i. If the content cannot be parsed, then ``FAIL_PROMPT``.
-
-   d. Extract the ``base_url`` value from the ``m.homeserver`` property. This
-      value is to be used as the base URL of the homeserver.
-
-      i. If this value is not provided, then ``FAIL_PROMPT``.
-
-   e. Validate the homeserver base URL:
-
-      i. Parse it as a URL. If it is not a URL, then ``FAIL_ERROR``.
-      ii. Clients SHOULD validate that the URL points to a valid homeserver
-          before accepting it by connecting to the |/_matrix/client/versions|_
-          endpoint, ensuring that it does not return an error, and parsing and
-          validating that the data conforms with the expected response
-          format. If any step in the validation fails, then
-          ``FAIL_ERROR``. Validation is done as a simple check against
-          configuration errors, in order to ensure that the discovered address
-          points to a valid homeserver.
-
-   f. If the ``m.identity_server`` property is present, extract the
-      ``base_url`` value for use as the base URL of the identity server.
-      Validation for this URL is done as in the step above, but using
-      ``/_matrix/identity/api/v1`` as the endpoint to connect to. If the
-      ``m.identity_server`` property is present, but does not have a
-      ``base_url`` value, then ``FAIL_ERROR``.
-
-{{wellknown_cs_http_api}}
-
-Client Authentication
----------------------
-
-Most API endpoints require the user to identify themselves by presenting
-previously obtained credentials in the form of an ``access_token`` query
-parameter or through an Authorization Header of ``Bearer $access_token``.
-An access token is typically obtained via the `Login`_ or `Registration`_ processes.
-
-.. NOTE::
-
-   This specification does not mandate a particular format for the access
-   token. Clients should treat it as an opaque byte sequence. Servers are free
-   to choose an appropriate format. Server implementors may like to investigate
-   `macaroons <macaroon_>`_.
-
-Using access tokens
-~~~~~~~~~~~~~~~~~~~
-
-Access tokens may be provided in two ways, both of which the homeserver MUST
-support:
-
-1. Via a query string parameter, ``access_token=TheTokenHere``.
-#. Via a request header, ``Authorization: Bearer TheTokenHere``.
-
-Clients are encouraged to use the ``Authorization`` header where possible
-to prevent the access token being leaked in access/HTTP logs. The query
-string should only be used in cases where the ``Authorization`` header is
-inaccessible for the client.
-
-When credentials are required but missing or invalid, the HTTP call will
-return with a status of 401 and the error code, ``M_MISSING_TOKEN`` or
-``M_UNKNOWN_TOKEN`` respectively.
-
-Relationship between access tokens and devices
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Client `devices`_ are closely related to access tokens.  Matrix servers should
-record which device each access token is assigned to, so that subsequent
-requests can be handled correctly.
-
-By default, the `Login`_ and `Registration`_ processes auto-generate a new
-``device_id``. A client is also free to generate its own ``device_id`` or,
-provided the user remains the same, reuse a device: in either case the client
-should pass the ``device_id`` in the request body. If the client sets the
-``device_id``, the server will invalidate any access token previously assigned
-to that device. There is therefore at most one active access token assigned to
-each device at any one time.
-
-Soft logout
-~~~~~~~~~~~
-
-When a request fails due to a 401 status code per above, the server can
-include an extra response parameter, ``soft_logout``, to indicate if the client's
-persisted information can be retained. This defaults to ``false``, indicating
-that the server has destroyed the session. Any persisted state held by the client,
-such as encryption keys and device information, must not be reused and must be discarded.
-
-When ``soft_logout`` is true, the client can acquire a new access token by
-specifying the device ID it is already using to the login API. In most cases
-a ``soft_logout: true`` response indicates that the user's session has expired
-on the server-side and the user simply needs to provide their credentials again.
-
-In either case, the client's previously known access token will no longer function.
-
-.. _`user-interactive authentication`:
-
-User-Interactive Authentication API
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Overview
-<<<<<<<<
-
-Some API endpoints require authentication that interacts with the user. The
-homeserver may provide many different ways of authenticating, such as
-user/password auth, login via a single-sign-on server (SSO), etc. This
-specification does not define how homeservers should authorise their users but
-instead defines the standard interface which implementations should follow so
-that ANY client can login to ANY homeserver.
-
-The process takes the form of one or more 'stages'. At each stage the client
-submits a set of data for a given authentication type and awaits a response
-from the server, which will either be a final success or a request to perform
-an additional stage. This exchange continues until the final success.
-
-For each endpoint, a server offers one or more 'flows' that the client can use
-to authenticate itself. Each flow comprises a series of stages, as described
-above. The client is free to choose which flow it follows, however the flow's
-stages must be completed in order. Failing to follow the flows in order must
-result in an HTTP 401 response, as defined below. When all stages in a flow
-are complete, authentication is complete and the API call succeeds.
-
-User-interactive API in the REST API
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-In the REST API described in this specification, authentication works by the
-client and server exchanging JSON dictionaries. The server indicates what
-authentication data it requires via the body of an HTTP 401 response, and the
-client submits that authentication data via the ``auth`` request parameter.
-
-A client should first make a request with no ``auth`` parameter [#]_. The
-homeserver returns an HTTP 401 response, with a JSON body, as follows:
-
-.. code::
-
-  HTTP/1.1 401 Unauthorized
-  Content-Type: application/json
-
-  {
-    "flows": [
-      {
-        "stages": [ "example.type.foo", "example.type.bar" ]
-      },
-      {
-        "stages": [ "example.type.foo", "example.type.baz" ]
-      }
-    ],
-    "params": {
-        "example.type.baz": {
-            "example_key": "foobar"
-        }
-    },
-    "session": "xxxxxx"
-  }
-
-In addition to the ``flows``, this object contains some extra
-information:
-
-params
-  This section contains any information that the client will need to know in
-  order to use a given type of authentication. For each authentication type
-  presented, that type may be present as a key in this dictionary. For example,
-  the public part of an OAuth client ID could be given here.
-session
-  This is a session identifier that the client must pass back to the homeserver,
-  if one is provided, in subsequent attempts to authenticate in the same API call.
-
-The client then chooses a flow and attempts to complete the first stage. It
-does this by resubmitting the same request with the addition of an ``auth``
-key in the object that it submits. This dictionary contains a ``type`` key whose
-value is the name of the authentication type that the client is attempting to complete.
-It must also contain a ``session`` key with the value of the session key given
-by the homeserver, if one was given. It also contains other keys dependent on
-the auth type being attempted. For example, if the client is attempting to
-complete auth type ``example.type.foo``, it might submit something like this:
-
-.. code::
-
-  POST /_matrix/client/r0/endpoint HTTP/1.1
-  Content-Type: application/json
-
-  {
-    "a_request_parameter": "something",
-    "another_request_parameter": "something else",
-    "auth": {
-        "type": "example.type.foo",
-        "session": "xxxxxx",
-        "example_credential": "verypoorsharedsecret"
-    }
-  }
-
-If the homeserver deems the authentication attempt to be successful but still
-requires more stages to be completed, it returns HTTP status 401 along with the
-same object as when no authentication was attempted, with the addition of the
-``completed`` key which is an array of auth types the client has completed
-successfully:
-
-.. code::
-
-  HTTP/1.1 401 Unauthorized
-  Content-Type: application/json
-
-  {
-    "completed": [ "example.type.foo" ],
-    "flows": [
-      {
-        "stages": [ "example.type.foo", "example.type.bar" ]
-      },
-      {
-        "stages": [ "example.type.foo", "example.type.baz" ]
-      }
-    ],
-    "params": {
-        "example.type.baz": {
-            "example_key": "foobar"
-        }
-    },
-    "session": "xxxxxx"
-  }
-
-Individual stages may require more than one request to complete, in which case
-the response will be as if the request was unauthenticated with the addition of
-any other keys as defined by the auth type.
-
-If the homeserver decides that an attempt on a stage was unsuccessful, but the
-client may make a second attempt, it returns the same HTTP status 401 response
-as above, with the addition of the standard ``errcode`` and ``error`` fields
-describing the error. For example:
-
-.. code::
-
-  HTTP/1.1 401 Unauthorized
-  Content-Type: application/json
-
-  {
-    "errcode": "M_FORBIDDEN",
-    "error": "Invalid password",
-    "completed": [ "example.type.foo" ],
-    "flows": [
-      {
-        "stages": [ "example.type.foo", "example.type.bar" ]
-      },
-      {
-        "stages": [ "example.type.foo", "example.type.baz" ]
-      }
-    ],
-    "params": {
-        "example.type.baz": {
-            "example_key": "foobar"
-        }
-    },
-    "session": "xxxxxx"
-  }
-
-If the request fails for a reason other than authentication, the server returns an error
-message in the standard format. For example:
-
-.. code::
-
-  HTTP/1.1 400 Bad request
-  Content-Type: application/json
-
-  {
-    "errcode": "M_EXAMPLE_ERROR",
-    "error": "Something was wrong"
-  }
-
-If the client has completed all stages of a flow, the homeserver performs the
-API call and returns the result as normal. Completed stages cannot be retried
-by clients, therefore servers must return either a 401 response with the completed
-stages, or the result of the API call if all stages were completed when a client
-retries a stage.
-
-Some authentication types may be completed by means other than through the
-Matrix client, for example, an email confirmation may be completed when the user
-clicks on the link in the email. In this case, the client retries the request
-with an auth dict containing only the session key. The response to this will be
-the same as if the client were attempting to complete an auth state normally,
-i.e. the request will either complete or request auth, with the presence or
-absence of that auth type in the 'completed' array indicating whether
-that stage is complete.
-
-.. [#] A request to an endpoint that uses User-Interactive Authentication never
-       succeeds without auth. Homeservers may allow requests that don't require
-       auth by offering a stage with only the ``m.login.dummy`` auth type, but
-       they must still give a 401 response to requests with no auth data.
-
-Example
-+++++++
-At a high level, the requests made for an API call completing an auth flow with
-three stages will resemble the following diagram::
-
-   _______________________
-  |       Stage 0         |
-  | No auth               |
-  |  ___________________  |
-  | |_Request_1_________| | <-- Returns "session" key which is used throughout.
-  |_______________________|
-            |
-            |
-   _________V_____________
-  |       Stage 1         |
-  | type: "<auth type1>"  |
-  |  ___________________  |
-  | |_Request_1_________| |
-  |_______________________|
-            |
-            |
-   _________V_____________
-  |       Stage 2         |
-  | type: "<auth type2>"  |
-  |  ___________________  |
-  | |_Request_1_________| |
-  |  ___________________  |
-  | |_Request_2_________| |
-  |  ___________________  |
-  | |_Request_3_________| |
-  |_______________________|
-            |
-            |
-   _________V_____________
-  |       Stage 3         |
-  | type: "<auth type3>"  |
-  |  ___________________  |
-  | |_Request_1_________| | <-- Returns API response
-  |_______________________|
-
-
-Authentication types
-++++++++++++++++++++
-
-This specification defines the following auth types:
- - ``m.login.password``
- - ``m.login.recaptcha``
- - ``m.login.sso``
- - ``m.login.email.identity``
- - ``m.login.msisdn``
- - ``m.login.dummy``
-
-Password-based
-<<<<<<<<<<<<<<
-:Type:
-  ``m.login.password``
-:Description:
-  The client submits an identifier and secret password, both sent in plain-text.
-
-To use this authentication type, clients should submit an auth dict as follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.password",
-    "identifier": {
-      ...
-    },
-    "password": "<password>",
-    "session": "<session ID>"
-  }
-
-where the ``identifier`` property is a user identifier object, as described in
-`Identifier types`_.
-
-For example, to authenticate using the user's Matrix ID, clients would submit:
-
-.. code:: json
-
-  {
-    "type": "m.login.password",
-    "identifier": {
-      "type": "m.id.user",
-      "user": "<user_id or user localpart>"
-    },
-    "password": "<password>",
-    "session": "<session ID>"
-  }
-
-Alternatively reply using a 3PID bound to the user's account on the homeserver
-using the |/account/3pid|_ API rather then giving the ``user`` explicitly as
-follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.password",
-    "identifier": {
-      "type": "m.id.thirdparty",
-      "medium": "<The medium of the third party identifier.>",
-      "address": "<The third party address of the user>"
-    },
-    "password": "<password>",
-    "session": "<session ID>"
-  }
-
-In the case that the homeserver does not know about the supplied 3PID, the
-homeserver must respond with 403 Forbidden.
-
-Google ReCaptcha
-<<<<<<<<<<<<<<<<
-:Type:
-  ``m.login.recaptcha``
-:Description:
-  The user completes a Google ReCaptcha 2.0 challenge
-
-To use this authentication type, clients should submit an auth dict as follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.recaptcha",
-    "response": "<captcha response>",
-    "session": "<session ID>"
-  }
-
-Single Sign-On
-<<<<<<<<<<<<<<
-:Type:
-  ``m.login.sso``
-:Description:
-  Authentication is supported by authorising with an external single sign-on
-  provider.
-
-A client wanting to complete authentication using SSO should use the
-`Fallback`_ mechanism. See `SSO during User-Interactive Authentication`_ for
-more information.
-
-Email-based (identity / homeserver)
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-:Type:
-  ``m.login.email.identity``
-:Description:
-  Authentication is supported by authorising an email address with an identity
-  server, or homeserver if supported.
-
-Prior to submitting this, the client should authenticate with an identity
-server (or homeserver). After authenticating, the session information should
-be submitted to the homeserver.
-
-To use this authentication type, clients should submit an auth dict as follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.email.identity",
-    "threepidCreds": [
-      {
-        "sid": "<identity server session id>",
-        "client_secret": "<identity server client secret>",
-        "id_server": "<url of identity server authed with, e.g. 'matrix.org:8090'>",
-        "id_access_token": "<access token previously registered with the identity server>"
-      }
-    ],
-    "session": "<session ID>"
-  }
-
-Note that ``id_server`` (and therefore ``id_access_token``) is optional if the
-``/requestToken`` request did not include them.
-
-Phone number/MSISDN-based (identity / homeserver)
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-:Type:
-  ``m.login.msisdn``
-:Description:
-  Authentication is supported by authorising a phone number with an identity
-  server, or homeserver if supported.
-
-Prior to submitting this, the client should authenticate with an identity
-server (or homeserver). After authenticating, the session information should
-be submitted to the homeserver.
-
-To use this authentication type, clients should submit an auth dict as follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.msisdn",
-    "threepidCreds": [
-      {
-        "sid": "<identity server session id>",
-        "client_secret": "<identity server client secret>",
-        "id_server": "<url of identity server authed with, e.g. 'matrix.org:8090'>",
-        "id_access_token": "<access token previously registered with the identity server>"
-      }
-    ],
-    "session": "<session ID>"
-  }
-
-Note that ``id_server`` (and therefore ``id_access_token``) is optional if the
-``/requestToken`` request did not include them.
-
-Dummy Auth
-<<<<<<<<<<
-:Type:
-  ``m.login.dummy``
-:Description:
-  Dummy authentication always succeeds and requires no extra parameters. Its
-  purpose is to allow servers to not require any form of User-Interactive
-  Authentication to perform a request. It can also be used to differentiate
-  flows where otherwise one flow would be a subset of another flow. eg. if
-  a server offers flows ``m.login.recaptcha`` and ``m.login.recaptcha,
-  m.login.email.identity`` and the client completes the recaptcha stage first,
-  the auth would succeed with the former flow, even if the client was intending
-  to then complete the email auth stage. A server can instead send flows
-  ``m.login.recaptcha, m.login.dummy`` and ``m.login.recaptcha,
-  m.login.email.identity`` to fix the ambiguity.
-
-To use this authentication type, clients should submit an auth dict with just
-the type and session, if provided:
-
-.. code:: json
-
-  {
-    "type": "m.login.dummy",
-    "session": "<session ID>"
-  }
-
-
-Fallback
-++++++++
-Clients cannot be expected to be able to know how to process every single login
-type. If a client does not know how to handle a given login type, it can direct
-the user to a web browser with the URL of a fallback page which will allow the
-user to complete that login step out-of-band in their web browser. The URL it
-should open is::
-
-  /_matrix/client/%CLIENT_MAJOR_VERSION%/auth/<auth type>/fallback/web?session=<session ID>
-
-Where ``auth type`` is the type name of the stage it is attempting and
-``session ID`` is the ID of the session given by the homeserver.
-
-.. _`user-interactive authentication fallback completion`:
-
-This MUST return an HTML page which can perform this authentication stage. This
-page must use the following JavaScript when the authentication has been
-completed:
-
-.. code:: javascript
-
-   if (window.onAuthDone) {
-       window.onAuthDone();
-   } else if (window.opener && window.opener.postMessage) {
-       window.opener.postMessage("authDone", "*");
-   }
-
-This allows the client to either arrange for the global function ``onAuthDone``
-to be defined in an embedded browser, or to use the HTML5 `cross-document
-messaging <https://www.w3.org/TR/webmessaging/#web-messaging>`_ API, to receive
-a notification that the authentication stage has been completed.
-
-Once a client receives the notificaton that the authentication stage has been
-completed, it should resubmit the request with an auth dict with just the
-session ID:
-
-.. code:: json
-
-  {
-    "session": "<session ID>"
-  }
-
-
-Example
-<<<<<<<
-A client webapp might use the following javascript to open a popup window which will
-handle unknown login types:
-
-.. code:: javascript
-
-  /**
-   * Arguments:
-   *     homeserverUrl: the base url of the homeserver (eg "https://matrix.org")
-   *
-   *     apiEndpoint: the API endpoint being used (eg
-   *        "/_matrix/client/%CLIENT_MAJOR_VERSION%/account/password")
-   *
-   *     loginType: the loginType being attempted (eg "m.login.recaptcha")
-   *
-   *     sessionID: the session ID given by the homeserver in earlier requests
-   *
-   *     onComplete: a callback which will be called with the results of the request
-   */
-  function unknownLoginType(homeserverUrl, apiEndpoint, loginType, sessionID, onComplete) {
-      var popupWindow;
-
-      var eventListener = function(ev) {
-          // check it's the right message from the right place.
-          if (ev.data !== "authDone" || ev.origin !== homeserverUrl) {
-              return;
-          }
-
-          // close the popup
-          popupWindow.close();
-          window.removeEventListener("message", eventListener);
-
-          // repeat the request
-          var requestBody = {
-              auth: {
-                  session: sessionID,
-              },
-          };
-
-          request({
-              method:'POST', url:apiEndpint, json:requestBody,
-          }, onComplete);
-      };
-
-      window.addEventListener("message", eventListener);
-
-      var url = homeserverUrl +
-          "/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/" +
-          encodeURIComponent(loginType) +
-          "/fallback/web?session=" +
-          encodeURIComponent(sessionID);
-
-
-     popupWindow = window.open(url);
-  }
-
-
-Identifier types
-++++++++++++++++
-
-Some authentication mechanisms use a user identifier object to identify a
-user.  The user identifier object has a ``type`` field to indicate the type of
-identifier being used, and depending on the type, has other fields giving the
-information required to identify the user as described below.
-
-This specification defines the following identifier types:
- - ``m.id.user``
- - ``m.id.thirdparty``
- - ``m.id.phone``
-
-Matrix User ID
-<<<<<<<<<<<<<<
-:Type:
-  ``m.id.user``
-:Description:
-  The user is identified by their Matrix ID.
-
-A client can identify a user using their Matrix ID.  This can either be the
-fully qualified Matrix user ID, or just the localpart of the user ID.
-
-.. code:: json
-
-  "identifier": {
-    "type": "m.id.user",
-    "user": "<user_id or user localpart>"
-  }
-
-Third-party ID
-<<<<<<<<<<<<<<
-:Type:
-  ``m.id.thirdparty``
-:Description:
-  The user is identified by a third-party identifier in canonicalised form.
-
-A client can identify a user using a 3PID associated with the user's account on
-the homeserver, where the 3PID was previously associated using the
-|/account/3pid|_ API.  See the `3PID Types`_ Appendix for a list of Third-party
-ID media.
-
-.. code:: json
-
-  "identifier": {
-    "type": "m.id.thirdparty",
-    "medium": "<The medium of the third party identifier>",
-    "address": "<The canonicalised third party address of the user>"
-  }
-
-Phone number
-<<<<<<<<<<<<
-:Type:
-  ``m.id.phone``
-:Description:
-  The user is identified by a phone number.
-
-A client can identify a user using a phone number associated with the user's
-account, where the phone number was previously associated using the
-|/account/3pid|_ API.  The phone number can be passed in as entered by the
-user; the homeserver will be responsible for canonicalising it.  If the client
-wishes to canonicalise the phone number, then it can use the
-``m.id.thirdparty`` identifier type with a ``medium`` of ``msisdn`` instead.
-
-.. code:: json
-
-  "identifier": {
-    "type": "m.id.phone",
-    "country": "<The country that the phone number is from>",
-    "phone": "<The phone number>"
-  }
-
-The ``country`` is the two-letter uppercase ISO-3166-1 alpha-2 country code
-that the number in ``phone`` should be parsed as if it were dialled from.
-
-Login
-~~~~~
-
-A client can obtain access tokens using the ``/login`` API.
-
-Note that this endpoint does `not` currently use the `User-Interactive Authentication API`_.
-
-For a simple username/password login, clients should submit a ``/login``
-request as follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.password",
-    "identifier": {
-      "type": "m.id.user",
-      "user": "<user_id or user localpart>"
-    },
-    "password": "<password>"
-  }
-
-Alternatively, a client can use a 3PID bound to the user's account on the
-homeserver using the |/account/3pid|_ API rather then giving the ``user``
-explicitly, as follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.password",
-    "identifier": {
-      "medium": "<The medium of the third party identifier>",
-      "address": "<The canonicalised third party address of the user>"
-    },
-    "password": "<password>"
-  }
-
-In the case that the homeserver does not know about the supplied 3PID, the
-homeserver must respond with ``403 Forbidden``.
-
-To log in using a login token, clients should submit a ``/login`` request as
-follows:
-
-.. code:: json
-
-  {
-    "type": "m.login.token",
-    "token": "<login token>"
-  }
-
-As with `token-based`_ interactive login, the ``token`` must encode the
-user ID. In the case that the token is not valid, the homeserver must respond
-with ``403 Forbidden`` and an error code of ``M_FORBIDDEN``.
-
-If the homeserver advertises ``m.login.sso`` as a viable flow, and the client
-supports it, the client should redirect the user to the ``/redirect`` endpoint
-for `client login via SSO`_. After authentication is complete, the
-client will need to submit a ``/login`` request matching ``m.login.token``.
-
-{{login_cs_http_api}}
-
-{{logout_cs_http_api}}
-
-Login Fallback
-<<<<<<<<<<<<<<
-
-If a client does not recognize any or all login flows it can use the fallback
-login API::
-
-    GET /_matrix/static/client/login/
-
-This returns an HTML and JavaScript page which can perform the entire login
-process. The page will attempt to call the JavaScript function
-``window.onLogin`` when login has been successfully completed.
-
-Non-credential parameters valid for the ``/login`` endpoint can be provided as query
-string parameters here. These are to be forwarded to the login endpoint during the login
-process. For example::
-
-    GET /_matrix/static/client/login/?device_id=GHTYAJCE
-
-.. _Registration:
-
-Account registration and management
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-{{registration_cs_http_api}}
-
-Notes on password management
-++++++++++++++++++++++++++++
-
-.. WARNING::
-  Clients SHOULD enforce that the password provided is suitably complex. The
-  password SHOULD include a lower-case letter, an upper-case letter, a number
-  and a symbol and be at a minimum 8 characters in length. Servers MAY reject
-  weak passwords with an error code ``M_WEAK_PASSWORD``.
-
-
-Adding Account Administrative Contact Information
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-A homeserver may keep some contact information for administrative use.
-This is independent of any information kept by any identity servers, though
-can be proxied (bound) to the identity server in many cases.
-
-.. Note::
-  This section deals with two terms: "add" and "bind". Where "add" (or "remove")
-  is used, it is speaking about an identifier that was not bound to an identity
-  server. As a result, "bind" (or "unbind") references an identifier that is found
-  in an identity server. Note that an identifer can be added and bound at the same
-  time, depending on context.
-
-{{administrative_contact_cs_http_api}}
-
-Current account information
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-{{whoami_cs_http_api}}
-
-Notes on identity servers
-+++++++++++++++++++++++++
-
-Identity servers in Matrix store bindings (relationships) between a user's third
-party identifier, typically email or phone number, and their user ID. Once a user
-has chosen an identity server, that identity server should be used by all clients.
-
-Clients can see which identity server the user has chosen through the ``m.identity_server``
-account data event, as described below. Clients SHOULD refrain from making requests
-to any identity server until the presence of ``m.identity_server`` is confirmed as
-(not) present. If present, the client SHOULD check for the presence of the ``base_url``
-property in the event's content. If the ``base_url`` is present, the client SHOULD
-use the identity server in that property as the identity server for the user. If the
-``base_url`` is missing, or the account data event is not present, the client SHOULD
-use whichever default value it normally would for an identity server, if applicable.
-Clients SHOULD NOT update the account data with the default identity server when the
-user is missing an identity server in their account data.
-
-Clients SHOULD listen for changes to the ``m.identity_server`` account data event
-and update the identity server they are contacting as a result.
-
-If the client offers a way to set the identity server to use, it MUST update the
-value of ``m.identity_server`` accordingly. A ``base_url`` of ``null`` MUST be
-treated as though the user does not want to use an identity server, disabling all
-related functionality as a result.
-
-Clients SHOULD refrain from populating the account data as a migration step for users
-who are lacking the account data, unless the user sets the identity server within
-the client to a value. For example, a user which has no ``m.identity_server`` account
-data event should not end up with the client's default identity server in their
-account data, unless the user first visits their account settings to set the identity
-server.
-
-{{m_identity_server_event}}
-
-Capabilities negotiation
-------------------------
-
-A homeserver may not support certain operations and clients must be able to
-query for what the homeserver can and can't offer. For example, a homeserver
-may not support users changing their password as it is configured to perform
-authentication against an external system.
-
-The capabilities advertised through this system are intended to advertise
-functionality which is optional in the API, or which depend in some way on
-the state of the user or server. This system should not be used to advertise
-unstable or experimental features - this is better done by the ``/versions``
-endpoint.
-
-Some examples of what a reasonable capability could be are:
-
-* Whether the server supports user presence.
-
-* Whether the server supports optional features, such as the user or room
-  directories.
-
-* The rate limits or file type restrictions imposed on clients by the server.
-
-Some examples of what should **not** be a capability are:
-
-* Whether the server supports a feature in the ``unstable`` specification.
-
-* Media size limits - these are handled by the ``/media/%CLIENT_MAJOR_VERSION%/config``
-  API.
-
-* Optional encodings or alternative transports for communicating with the
-  server.
-
-Capabilities prefixed with ``m.`` are reserved for definition in the Matrix
-specification while other values may be used by servers using the Java package
-naming convention. The capabilities supported by the Matrix specification are
-defined later in this section.
-
-{{capabilities_cs_http_api}}
-
-
-``m.change_password`` capability
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This capability has a single flag, ``enabled``, which indicates whether or not
-the user can use the ``/account/password`` API to change their password. If not
-present, the client should assume that password changes are possible via the
-API. When present, clients SHOULD respect the capability's ``enabled`` flag
-and indicate to the user if they are unable to change their password.
-
-An example of the capability API's response for this capability is::
-
-  {
-    "capabilities": {
-      "m.change_password": {
-        "enabled": false
-      }
-    }
-  }
-
-
-``m.room_versions`` capability
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This capability describes the default and available room versions a server
-supports, and at what level of stability. Clients should make use of this
-capability to determine if users need to be encouraged to upgrade their rooms.
-
-An example of the capability API's response for this capability is::
-
-  {
-    "capabilities": {
-      "m.room_versions": {
-        "default": "1",
-        "available": {
-          "1": "stable",
-          "2": "stable",
-          "3": "unstable",
-          "custom-version": "unstable"
-        }
-      }
-    }
-  }
-
-This capability mirrors the same restrictions of `room versions`_ to describe
-which versions are stable and unstable. Clients should assume that the ``default``
-version is ``stable``. Any version not explicitly labelled as ``stable`` in the
-``available`` versions is to be treated as ``unstable``. For example, a version
-listed as ``future-stable`` should be treated as ``unstable``.
-
-The ``default`` version is the version the server is using to create new rooms.
-Clients should encourage users with sufficient permissions in a room to upgrade
-their room to the ``default`` version when the room is using an ``unstable``
-version.
-
-When this capability is not listed, clients should use ``"1"`` as the default
-and only stable ``available`` room version.
-
-.. _`room versions`: ../index.html#room-versions
-
-
-Pagination
-----------
-
-.. NOTE::
-  The paths referred to in this section are not actual endpoints. They only
-  serve as examples to explain how pagination functions.
-
-Pagination is the process of dividing a dataset into multiple discrete pages.
-Matrix makes use of pagination to allow clients to view extremely large datasets.
-These datasets are not limited to events in a room (for example clients may want
-to paginate a list of rooms in addition to events within those rooms). Regardless
-of what is being paginated, there is a common approach which is used to give
-clients an easy way of selecting subsets of a potentially changing dataset. Each
-endpoint that uses pagination may use different parameters. However the theme
-among them is that they take a ``from`` and ``to`` token, and occasionally
-a ``limit`` and ``dir``. Together, these parameters describe the position in a
-data set, where ``from`` and ``to`` are known as "stream tokens" matching the
-regular expression ``[a-zA-Z0-9.=_-]+``. If supported, the ``dir`` defines the
-direction of events to return: either forwards (``f``) or backwards (``b``).
-The response may contain tokens that can be used for retrieving results before
-or after the returned set. These tokens may be called `start` or `prev_batch`
-for retrieving the previous result set, or `end`, `next_batch` or `next_token`
-for retrieving the next result set.
-
-In the following examples, 'START' and 'END' are placeholders to signify the
-start and end of the data sets respectively.
-
-For example, if an endpoint had events E1 -> E15. The client wants the last 5
-events and doesn't know any previous events::
-
-    S                                                    E
-    |-E1-E2-E3-E4-E5-E6-E7-E8-E9-E10-E11-E12-E13-E14-E15-|
-    |                               |                    |
-    |                          _____|  <--backwards--    |
-    |__________________       |         |        ________|
-                       |      |         |        |
-     GET /somepath?to=START&limit=5&dir=b&from=END
-     Returns:
-       E15,E14,E13,E12,E11
-
-
-Another example: a public room list has rooms R1 -> R17. The client is showing 5
-rooms at a time on screen, and is on page 2. They want to now show page 3 (rooms
-R11 -> 15)::
-
-    S                                                           E
-    |  0  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16 | stream token
-    |-R1-R2-R3-R4-R5-R6-R7-R8-R9-R10-R11-R12-R13-R14-R15-R16-R17| room
-                      |____________| |________________|
-                            |                |
-                        Currently            |
-                        viewing              |
-                                             |
-                             GET /roomslist?from=9&to=END&limit=5
-                             Returns: R11,R12,R13,R14,R15
-
-Note that tokens are treated in an *exclusive*, not inclusive, manner. The end
-token from the initial request was '9' which corresponded to R10. When the 2nd
-request was made, R10 did not appear again, even though from=9 was specified. If
-you know the token, you already have the data.
-
-Responses for pagination-capable endpoints SHOULD have a ``chunk`` array alongside
-the applicable stream tokens to represent the result set.
-
-In general, when the end of a result set is reached the applicable stream token
-will be excluded from the response. For example, if a user was backwards-paginating
-events in a room they'd eventually reach the first event in the room. In this scenario,
-the ``prev_batch`` token would be excluded from the response. Some paginated
-endpoints are open-ended in one direction, such as endpoints which expose an event
-stream for an active room. In this case, it is not possible for the client to reach
-the true "end" of the data set and therefore should always be presented with a token
-to keep moving forwards.
-
-.. _`filter`:
-
-Filtering
----------
-
-Filters can be created on the server and can be passed as a parameter to APIs
-which return events. These filters alter the data returned from those APIs.
-Not all APIs accept filters.
-
-Lazy-loading room members
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Membership events often take significant resources for clients to track. In an
-effort to reduce the number of resources used, clients can enable "lazy-loading"
-for room members. By doing this, servers will attempt to only send membership events
-which are relevant to the client.
-
-It is important to understand that lazy-loading is not intended to be a
-perfect optimisation, and that it may not be practical for the server to
-calculate precisely which membership events are relevant to the client.  As a
-result, it is valid for the server to send redundant membership events to the
-client to ease implementation, although such redundancy should be minimised
-where possible to conserve bandwidth.
-
-In terms of filters, lazy-loading is enabled by enabling ``lazy_load_members``
-on a ``RoomEventFilter`` (or a ``StateFilter`` in the case of ``/sync`` only).
-When enabled, lazy-loading aware endpoints (see below) will only include
-membership events for the ``sender`` of events being included in the response.
-For example, if a client makes a ``/sync`` request with lazy-loading enabled,
-the server will only return membership events for the ``sender`` of events in
-the timeline, not all members of a room.
-
-When processing a sequence of events (e.g. by looping on ``/sync`` or
-paginating ``/messages``), it is common for blocks of events in the sequence
-to share a similar set of senders.  Rather than responses in the sequence
-sending duplicate membership events for these senders to the client, the
-server MAY assume that clients will remember membership events they have
-already been sent, and choose to skip sending membership events for members
-whose membership has not changed.  These are called 'redundant membership
-events'. Clients may request that redundant membership events are always
-included in responses by setting ``include_redundant_members`` to true in the
-filter.
-
-The expected pattern for using lazy-loading is currently:
-
-* Client performs an initial /sync with lazy-loading enabled, and receives
-  only the membership events which relate to the senders of the events it
-  receives.
-* Clients which support display-name tab-completion or other operations which
-  require rapid access to all members in a room should call /members for the
-  currently selected room, with an ``?at`` parameter set to the /sync
-  response's from token. The member list for the room is then maintained by
-  the state in subsequent incremental /sync responses.
-* Clients which do not support tab-completion may instead pull in profiles for
-  arbitrary users (e.g. read receipts, typing notifications) on demand by
-  querying the room state or ``/profile``.
-
-.. TODO-spec
-  This implies that GET /state should also take an ``?at`` param
-
-The current endpoints which support lazy-loading room members are:
-
-* |/sync|_
-* |/rooms/<room_id>/messages|_
-* |/rooms/{roomId}/context/{eventId}|_
-
-API endpoints
-~~~~~~~~~~~~~
-
-{{filter_cs_http_api}}
-
-Events
-------
-
-.. _sect:events:
-
-The model of conversation history exposed by the client-server API can be
-considered as a list of events. The server 'linearises' the
-eventually-consistent event graph of events into an 'event stream' at any given
-point in time::
-
-  [E0]->[E1]->[E2]->[E3]->[E4]->[E5]
-
-.. WARNING::
-
-   The format of events can change depending on room version. Check the
-   `room version specification`_ for specific details on what to expect for
-   event formats. Examples contained within the client-server specification
-   are expected to be compatible with all specified room versions, however
-   some differences may still apply.
-
-   For this version of the specification, clients only need to worry about
-   the event ID format being different depending on room version. Clients
-   should not be parsing the event ID, and instead be treating it as an
-   opaque string. No changes should be required to support the currently
-   available room versions.
-
-.. _`room version specification`: ../index.html#room-versions
-
-Types of room events
-~~~~~~~~~~~~~~~~~~~~
-
-Room events are split into two categories:
-
-:State Events:
-  These are events which update the metadata state of the room (e.g. room topic,
-  room membership etc). State is keyed by a tuple of event ``type`` and a
-  ``state_key``. State in the room with the same key-tuple will be overwritten.
-
-:Message events:
-  These are events which describe transient "once-off" activity in a room:
-  typically communication such as sending an instant message or setting up a
-  VoIP call.
-
-This specification outlines several events, all with the event type prefix
-``m.``. (See `Room Events`_ for the m. event specification.) However,
-applications may wish to add their own type of event, and this can be achieved
-using the REST API detailed in the following sections. If new events are added,
-the event ``type`` key SHOULD follow the Java package naming convention,
-e.g. ``com.example.myapp.event``.  This ensures event types are suitably
-namespaced for each application and reduces the risk of clashes.
-
-.. Note::
-  Events are not limited to the types defined in this specification. New or custom
-  event types can be created on a whim using the Java package naming convention.
-  For example, a ``com.example.game.score`` event can be sent by clients and other
-  clients would receive it through Matrix, assuming the client has access to the
-  ``com.example`` namespace.
-
-Note that the structure of these events may be different than those in the
-server-server API.
-
-{{common_event_fields}}
-
-{{common_room_event_fields}}
-
-.. This is normally where we'd put the common_state_event_fields variable for the
-.. magic table of what makes up a state event, however the table is verbose in our
-.. custom rendering of swagger. To combat this, we just hardcode this particular
-.. table.
-
-State Event Fields
-++++++++++++++++++
-
-In addition to the fields of a Room Event, State Events have the following fields.
-
-+--------------+--------------+-------------------------------------------------------------+
-| Key          | Type         | Description                                                 |
-+==============+==============+=============================================================+
-| state_key    | string       | **Required.** A unique key which defines the overwriting    |
-|              |              | semantics for this piece of room state. This value is often |
-|              |              | a zero-length string. The presence of this key makes this   |
-|              |              | event a State Event. State keys starting with an ``@`` are  |
-|              |              | reserved for referencing user IDs, such as room members.    |
-|              |              | With the exception of a few events, state events set with   |
-|              |              | a given user's ID as the state key MUST only be set by that |
-|              |              | user.                                                       |
-+--------------+--------------+-------------------------------------------------------------+
-| prev_content | EventContent | Optional. The previous ``content`` for this event. If there |
-|              |              | is no previous content, this key will be missing.           |
-+--------------+--------------+-------------------------------------------------------------+
-
-
-Size limits
-~~~~~~~~~~~
-
-The complete event MUST NOT be larger than 65535 bytes, when formatted as a
-`PDU for the Server-Server protocol <../server_server/%SERVER_RELEASE_LABEL%#pdus>`_,
-including any signatures, and encoded as `Canonical JSON`_.
-
-There are additional restrictions on sizes per key:
-
-- ``sender`` MUST NOT exceed 255 bytes (including domain).
-- ``room_id`` MUST NOT exceed 255 bytes.
-- ``state_key`` MUST NOT exceed 255 bytes.
-- ``type`` MUST NOT exceed 255 bytes.
-- ``event_id`` MUST NOT exceed 255 bytes.
-
-Some event types have additional size restrictions which are specified in
-the description of the event. Additional keys have no limit other than that
-implied by the total 65 KB limit on events.
-
-.. _`Canonical JSON`: ../appendices.html#canonical-json
-
-Room Events
-~~~~~~~~~~~
-.. NOTE::
-  This section is a work in progress.
-
-This specification outlines several standard event types, all of which are
-prefixed with ``m.``
-
-{{m_room_canonical_alias_event}}
-
-{{m_room_create_event}}
-
-{{m_room_join_rules_event}}
-
-{{m_room_member_event}}
-
-{{m_room_power_levels_event}}
-
-{{m_room_redaction_event}}
-
-Historical events
-+++++++++++++++++
-
-Some events within the ``m.`` namespace might appear in rooms, however they
-serve no significant meaning in this version of the specification. They are:
-
-* ``m.room.aliases``
-
-Previous versions of the specification have more information on these events.
-
-Syncing
-~~~~~~~
-
-To read events, the intended flow of operation is for clients to first call the
-|/sync|_ API without a ``since`` parameter. This returns the most recent
-message events for each room, as well as the state of the room at the start of
-the returned timeline. The response also includes a ``next_batch`` field, which
-should be used as the value of the ``since`` parameter in the next call to
-``/sync``. Finally, the response includes, for each room, a ``prev_batch``
-field, which can be passed as a ``start`` parameter to the
-|/rooms/<room_id>/messages|_ API to retrieve earlier messages.
-
-You can visualise the range of events being returned as::
-
-  [E0]->[E1]->[E2]->[E3]->[E4]->[E5]
-             ^                      ^
-             |                      |
-       prev_batch: '1-2-3'        next_batch: 'a-b-c'
-
-
-Clients then receive new events by "long-polling" the homeserver via the
-``/sync`` API, passing the value of the ``next_batch`` field from the response
-to the previous call as the ``since`` parameter. The client should also pass a
-``timeout`` parameter. The server will then hold open the HTTP connection for a
-short period of time waiting for new events, returning early if an event
-occurs. Only the ``/sync`` API (and the deprecated ``/events`` API) support
-long-polling in this way.
-
-The response for such an incremental sync can be visualised as::
-
-  [E0]->[E1]->[E2]->[E3]->[E4]->[E5]->[E6]
-                                    ^     ^
-                                    |     |
-                                    |  next_batch: 'x-y-z'
-                                  prev_batch: 'a-b-c'
-
-
-Normally, all new events which are visible to the client will appear in the
-response to the ``/sync`` API. However, if a large number of events arrive
-between calls to ``/sync``, a "limited" timeline is returned, containing only
-the most recent message events. A state "delta" is also returned, summarising
-any state changes in the omitted part of the timeline. The client may therefore
-end up with "gaps" in its knowledge of the message timeline. The client can
-fill these gaps using the |/rooms/<room_id>/messages|_ API. This situation
-looks like this::
-
-                                     | gap |
-                                     | <-> |
-   [E0]->[E1]->[E2]->[E3]->[E4]->[E5]->[E6]->[E7]->[E8]->[E9]->[E10]
-                                           ^                        ^
-                                           |                        |
-                                      prev_batch: 'd-e-f'       next_batch: 'u-v-w'
-
-
-.. Warning::
-  Events are ordered in this API according to the arrival time of the event on
-  the homeserver. This can conflict with other APIs which order events based on
-  their partial ordering in the event graph. This can result in duplicate events
-  being received (once per distinct API called). Clients SHOULD de-duplicate
-  events based on the event ID when this happens.
-
-.. NOTE::
-
-  The ``/sync`` API returns a ``state`` list which is separate from the
-  ``timeline``. This ``state`` list allows clients to keep their model of the
-  room state in sync with that on the server. In the case of an initial
-  (``since``-less) sync, the ``state`` list represents the complete state of
-  the room at the **start** of the returned timeline (so in the case of a
-  recently-created room whose state fits entirely in the ``timeline``, the
-  ``state`` list will be empty).
-
-  In the case of an incremental sync, the ``state`` list gives a delta
-  between the state of the room at the ``since`` parameter and that at the
-  start of the returned ``timeline``. (It will therefore be empty
-  unless the timeline was ``limited``.)
-
-  In both cases, it should be noted that the events returned in the ``state``
-  list did **not** necessarily take place just before the returned
-  ``timeline``, so clients should not display them to the user in the timeline.
-
-.. admonition:: Rationale
-
-  An early design of this specification made the ``state`` list represent the
-  room state at the end of the returned timeline, instead of the start. This
-  was unsatisfactory because it led to duplication of events between the
-  ``state`` list and the ``timeline``, but more importantly, it made it
-  difficult for clients to show the timeline correctly.
-
-  In particular, consider a returned timeline [M0, S1, M2], where M0 and M2 are
-  both messages sent by the same user, and S1 is a state event where that user
-  changes their displayname. If the ``state`` list represents the room state at
-  the end of the timeline, the client must take a copy of the state dictionary,
-  and *rewind* S1, in order to correctly calculate the display name for M0.
-
-.. TODO-spec
-  Do we ever support streaming requests? Why not websockets?
-
-{{sync_cs_http_api}}
-
-{{old_sync_cs_http_api}}
-
-
-Getting events for a room
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-There are several APIs provided to ``GET`` events for a room:
-
-{{rooms_cs_http_api}}
-
-{{message_pagination_cs_http_api}}
-
-{{room_initial_sync_cs_http_api}}
-
-
-Sending events to a room
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-{{room_state_cs_http_api}}
-
-
-**Examples**
-
-Valid requests look like::
-
-    PUT /rooms/!roomid:domain/state/m.example.event
-    { "key" : "without a state key" }
-
-    PUT /rooms/!roomid:domain/state/m.another.example.event/foo
-    { "key" : "with 'foo' as the state key" }
-
-In contrast, these requests are invalid::
-
-  POST /rooms/!roomid:domain/state/m.example.event/
-  { "key" : "cannot use POST here" }
-
-  PUT /rooms/!roomid:domain/state/m.another.example.event/foo/11
-  { "key" : "txnIds are not supported" }
-
-Care should be taken to avoid setting the wrong ``state key``::
-
-  PUT /rooms/!roomid:domain/state/m.another.example.event/11
-  { "key" : "with '11' as the state key, but was probably intended to be a txnId" }
-
-The ``state_key`` is often used to store state about individual users, by using
-the user ID as the ``state_key`` value. For example::
-
-  PUT /rooms/!roomid:domain/state/m.favorite.animal.event/%40my_user%3Aexample.org
-  { "animal" : "cat", "reason": "fluffy" }
-
-In some cases, there may be no need for a ``state_key``, so it can be omitted::
-
-  PUT /rooms/!roomid:domain/state/m.room.bgd.color
-  { "color": "red", "hex": "#ff0000" }
-
-{{room_send_cs_http_api}}
-
-
-Redactions
-~~~~~~~~~~
-Since events are extensible it is possible for malicious users and/or servers
-to add keys that are, for example offensive or illegal. Since some events
-cannot be simply deleted, e.g. membership events, we instead 'redact' events.
-This involves removing all keys from an event that are not required by the
-protocol. This stripped down event is thereafter returned anytime a client or
-remote server requests it. Redacting an event cannot be undone, allowing server
-owners to delete the offending content from the databases. Events that have been
-redacted include a ``redacted_because`` key whose value is the event that caused
-it to be redacted, which may include a reason.
-
-
-The exact algorithm to apply against an event is defined in the `room version specification`_.
-
-The server should add the event causing the redaction to the ``unsigned``
-property of the redacted event, under the ``redacted_because`` key. When a
-client receives a redaction event it should change the redacted event in the
-same way a server does.
-
-.. NOTE::
-
-    Redacted events can still affect the state of the room. When redacted,
-    state events behave as though their properties were simply not specified,
-    except those protected by the redaction algorithm. For example,
-    a redacted ``join`` event will still result in the user being considered joined.
-    Similarly, a redacted topic does not necessarily cause the topic to revert to
-    what is was prior to the event - it causes the topic to be removed from the room.
-
-
-Events
-++++++
-
-{{m_room_redaction_event}}
-
-Client behaviour
-++++++++++++++++
-
-{{redaction_cs_http_api}}
-
-Rooms
------
-
-Creation
-~~~~~~~~
-The homeserver will create an ``m.room.create`` event when a room is created,
-which serves as the root of the event graph for this room. This event also has a
-``creator`` key which contains the user ID of the room creator. It will also
-generate several other events in order to manage permissions in this room. This
-includes:
-
-- ``m.room.power_levels`` : Sets the power levels of users and required power
-   levels for various actions within the room such as sending events.
-- ``m.room.join_rules`` : Whether the room is "invite-only" or not.
-
-See `Room Events`_ for more information on these events. To create a room, a
-client has to use the following API.
-
-{{create_room_cs_http_api}}
-
-Room aliases
-~~~~~~~~~~~~
-
-Servers may host aliases for rooms with human-friendly names. Aliases take the
-form ``#friendlyname:server.name``.
-
-As room aliases are scoped to a particular homeserver domain name, it is
-likely that a homeserver will reject attempts to maintain aliases on other
-domain names. This specification does not provide a way for homeservers to
-send update requests to other servers. However, homeservers MUST handle
-``GET`` requests to resolve aliases on other servers; they should do this using
-the federation API if necessary.
-
-Rooms do not store a list of all aliases present on a room, though members
-of the room with relevant permissions may publish preferred aliases through
-the ``m.room.canonical_alias`` state event. The aliases in the state event
-should point to the room ID they are published within, however room aliases
-can and do drift to other room IDs over time. Clients SHOULD NOT treat the
-aliases as accurate. They SHOULD be checked before they are used or shared
-with another user. If a room appears to have a room alias of ``#alias:example.com``,
-this SHOULD be checked to make sure that the room's ID matches the ``room_id``
-returned from the request.
-
-{{directory_cs_http_api}}
-
-
-Permissions
-~~~~~~~~~~~
-.. NOTE::
-  This section is a work in progress.
-
-Permissions for rooms are done via the concept of power levels - to do any
-action in a room a user must have a suitable power level. Power levels are
-stored as state events in a given room. The power levels required for operations
-and the power levels for users are defined in ``m.room.power_levels``, where
-both a default and specific users' power levels can be set.
-By default all users have a power level of 0, other than the room creator whose
-power level defaults to 100. Users can grant other users increased power levels
-up to their own power level. For example, user A with a power level of 50 could
-increase the power level of user B to a maximum of level 50. Power levels for
-users are tracked per-room even if the user is not present in the room.
-The keys contained in ``m.room.power_levels`` determine the levels required for
-certain operations such as kicking, banning and sending state events. See
-`m.room.power_levels`_ for more information.
-
-Clients may wish to assign names to particular power levels. A suggested mapping is as follows:
-- 0   User
-- 50  Moderator
-- 100 Admin
-
-
-Room membership
-~~~~~~~~~~~~~~~
-Users need to be a member of a room in order to send and receive events in that
-room. There are several states in which a user may be, in relation to a room:
-
-- Unrelated (the user cannot send or receive events in the room)
-- Invited (the user has been invited to participate in the room, but is not
-  yet participating)
-- Joined (the user can send and receive events in the room)
-- Banned (the user is not allowed to join the room)
-
-There is an exception to the requirement that a user join a room before sending
-events to it: users may send an ``m.room.member`` event to a room with
-``content.membership`` set to ``leave`` to reject an invitation if they have
-currently been invited to a room but have not joined it.
-
-Some rooms require that users be invited to it before they can join; others
-allow anyone to join. Whether a given room is an "invite-only" room is
-determined by the room config key ``m.room.join_rules``. It can have one of the
-following values:
-
-``public``
-  This room is free for anyone to join without an invite.
-
-``invite``
-  This room can only be joined if you were invited.
-
-The allowable state transitions of membership are::
-
-                                       /ban
-                  +------------------------------------------------------+
-                  |                                                      |
-                  |  +----------------+  +----------------+              |
-                  |  |    /leave      |  |                |              |
-                  |  |                v  v                |              |
-    /invite    +--------+           +-------+             |              |
-  ------------>| invite |<----------| leave |----+        |              |
-               +--------+  /invite  +-------+    |        |              |
-                 |                   |    ^      |        |              |
-                 |                   |    |      |        |              |
-           /join |   +---------------+    |      |        |              |
-                 |   | /join if           |      |        |              |
-                 |   | join_rules         |      | /ban   | /unban       |
-                 |   | public      /leave |      |        |              |
-                 v   v               or   |      |        |              |
-               +------+            /kick  |      |        |              |
-  ------------>| join |-------------------+      |        |              |
-   /join       +------+                          v        |              |
-   if             |                           +-----+     |              |
-   join_rules     +-------------------------->| ban |-----+              |
-   public                   /ban              +-----+                    |
-                                                ^ ^                      |
-                                                | |                      |
-  ----------------------------------------------+ +----------------------+
-                  /ban
-
-{{list_joined_rooms_cs_http_api}}
-
-Joining rooms
-+++++++++++++
-
-{{inviting_cs_http_api}}
-
-{{joining_cs_http_api}}
-
-Leaving rooms
-+++++++++++++
-A user can leave a room to stop receiving events for that room. A user must
-have been invited to or have joined the room before they are eligible to leave
-the room. Leaving a room to which the user has been invited rejects the invite.
-Once a user leaves a room, it will no longer appear in the response to the
-|/sync|_ API unless it is explicitly requested via a filter with the
-``include_leave`` field set to ``true``.
-
-Whether or not they actually joined the room, if the room is an "invite-only"
-room the user will need to be re-invited before they can re-join the room.
-
-A user can also forget a room which they have left. Rooms which have been
-forgotten will never appear the response to the |/sync|_ API, until the user
-re-joins or is re-invited.
-
-A user may wish to force another user to leave a room. This can be done by
-'kicking' the other user. To do so, the user performing the kick MUST have the
-required power level. Once a user has been kicked, the behaviour is the same as
-if they had left of their own accord. In particular, the user is free to
-re-join if the room is not "invite-only".
-
-{{leaving_cs_http_api}}
-
-{{kicking_cs_http_api}}
-
-Banning users in a room
-+++++++++++++++++++++++
-A user may decide to ban another user in a room. 'Banning' forces the target
-user to leave the room and prevents them from re-joining the room. A banned
-user will not be treated as a joined user, and so will not be able to send or
-receive events in the room. In order to ban someone, the user performing the
-ban MUST have the required power level. To ban a user, a request should be made
-to |/rooms/<room_id>/ban|_ with::
-
-  {
-    "user_id": "<user id to ban>"
-    "reason": "string: <reason for the ban>"
-  }
-
-Banning a user adjusts the banned member's membership state to ``ban``.
-Like with other membership changes, a user can directly adjust the target
-member's state, by making a request to
-``/rooms/<room id>/state/m.room.member/<user id>``::
-
-  {
-    "membership": "ban"
-  }
-
-A user must be explicitly unbanned with a request to |/rooms/<room_id>/unban|_
-before they can re-join the room or be re-invited.
-
-{{banning_cs_http_api}}
-
-
-
-Listing rooms
-~~~~~~~~~~~~~
-
-{{list_public_rooms_cs_http_api}}
-
-
-User Data
----------
-
-User Directory
-~~~~~~~~~~~~~~
-
-{{users_cs_http_api}}
-
-
-Profiles
-~~~~~~~~
-
-{{profile_cs_http_api}}
-
-Events on Change of Profile Information
-+++++++++++++++++++++++++++++++++++++++
-Because the profile display name and avatar information are likely to be used in
-many places of a client's display, changes to these fields cause an automatic
-propagation event to occur, informing likely-interested parties of the new
-values. This change is conveyed using two separate mechanisms:
-
-- a ``m.room.member`` event (with a ``join`` membership) is sent to every room
-  the user is a member of, to update the ``displayname`` and ``avatar_url``.
-- a ``m.presence`` presence status update is sent, again containing the new
-  values of the ``displayname`` and ``avatar_url`` keys, in addition to the
-  required ``presence`` key containing the current presence state of the user.
-
-Both of these should be done automatically by the homeserver when a user
-successfully changes their display name or avatar URL fields.
-
-Additionally, when homeservers emit room membership events for their own
-users, they should include the display name and avatar URL fields in these
-events so that clients already have these details to hand, and do not have to
-perform extra round trips to query it.
-
-Security
---------
-
-Rate limiting
-~~~~~~~~~~~~~
-Homeservers SHOULD implement rate limiting to reduce the risk of being
-overloaded. If a request is refused due to rate limiting, it should return a
-standard error response of the form::
-
-  {
-    "errcode": "M_LIMIT_EXCEEDED",
-    "error": "string",
-    "retry_after_ms": integer (optional)
-  }
-
-The ``retry_after_ms`` key SHOULD be included to tell the client how long they
-have to wait in milliseconds before they can try again.
-
-.. TODO-spec
-  - Surely we should recommend an algorithm for the rate limiting, rather than letting every
-    homeserver come up with their own idea, causing totally unpredictable performance over
-    federated rooms?
-
-.. References
-
-.. _`macaroon`: http://research.google.com/pubs/pub41892.html
-.. _`devices`: ../index.html#devices
-
-.. Links through the external API docs are below
-.. =============================================
-
-.. |/initialSync| replace:: ``/initialSync``
-.. _/initialSync: #get-matrix-client-%CLIENT_MAJOR_VERSION%-initialsync
-
-.. |/sync| replace:: ``/sync``
-.. _/sync: #get-matrix-client-%CLIENT_MAJOR_VERSION%-sync
-
-.. |/events| replace:: ``/events``
-.. _/events: #get-matrix-client-%CLIENT_MAJOR_VERSION%-events
-
-.. |/createRoom| replace:: ``/createRoom``
-.. _/createRoom: #post-matrix-client-%CLIENT_MAJOR_VERSION%-createroom
-
-.. |/rooms/<room_id>/initialSync| replace:: ``/rooms/<room_id>/initialSync``
-.. _/rooms/<room_id>/initialSync: #get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-initialsync
-
-.. |/rooms/<room_id>/messages| replace:: ``/rooms/<room_id>/messages``
-.. _/rooms/<room_id>/messages: #get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-messages
-
-.. |/rooms/<room_id>/members| replace:: ``/rooms/<room_id>/members``
-.. _/rooms/<room_id>/members: #get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-members
-
-.. |/rooms/<room_id>/state| replace:: ``/rooms/<room_id>/state``
-.. _/rooms/<room_id>/state: #get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-state
-
-.. |/rooms/<room_id>/send| replace:: ``/rooms/<room_id>/send``
-.. _/rooms/<room_id>/send: #put-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-send-eventtype-txnid
-
-.. |/rooms/<room_id>/invite| replace:: ``/rooms/<room_id>/invite``
-.. _/rooms/<room_id>/invite: #post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-invite
-
-.. |/rooms/<room_id>/join| replace:: ``/rooms/<room_id>/join``
-.. _/rooms/<room_id>/join: #post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-join
-
-.. |/rooms/<room_id>/leave| replace:: ``/rooms/<room_id>/leave``
-.. _/rooms/<room_id>/leave: #post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-leave
-
-.. |/rooms/<room_id>/ban| replace:: ``/rooms/<room_id>/ban``
-.. _/rooms/<room_id>/ban: #post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-ban
-
-.. |/rooms/<room_id>/unban| replace:: ``/rooms/<room_id>/unban``
-.. _/rooms/<room_id>/unban: #post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-unban
-
-.. |/rooms/{roomId}/context/{eventId}| replace:: ``/rooms/{roomId}/context/{eventId}``
-.. _/rooms/{roomId}/context/{eventId}: #get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-context-eventid
-
-.. |/rooms/{roomId}/event/{eventId}| replace:: ``/rooms/{roomId}/event/{eventId}``
-.. _/rooms/{roomId}/event/{eventId}: #get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-event-eventid
-
-.. |/account/3pid| replace:: ``/account/3pid``
-.. _/account/3pid: #post-matrix-client-%CLIENT_MAJOR_VERSION%-account-3pid
-
-.. |/user/<user_id>/account_data/<type>| replace:: ``/user/<user_id>/account_data/<type>``
-.. _/user/<user_id>/account_data/<type>: #put-matrix-client-%CLIENT_MAJOR_VERSION%-user-userid-account-data-type
-
-.. |/_matrix/client/versions| replace:: ``/_matrix/client/versions``
-.. _/_matrix/client/versions: #get-matrix-client-versions
-
-.. _`Unpadded Base64`:  ../appendices.html#unpadded-base64
-.. _`3PID Types`:  ../appendices.html#pid-types
diff --git a/specification/feature_profiles.rst b/specification/feature_profiles.rst
deleted file mode 100644
index 8a3caf87cbb..00000000000
--- a/specification/feature_profiles.rst
+++ /dev/null
@@ -1,149 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Feature Profiles
-================
-
-.. _sect:feature-profiles:
-
-Matrix supports many different kinds of clients: from embedded IoT devices to
-desktop clients. Not all clients can provide the same feature sets as other
-clients e.g. due to lack of physical hardware such as not having a screen.
-Clients can fall into one of several profiles and each profile contains a set
-of features that the client MUST support. This section details a set of
-"feature profiles". Clients are expected to implement a profile in its entirety
-in order for it to be classified as that profile.
-
-Summary
--------
-
-===================================== ========== ========== ========== ========== ==========
-  Module / Profile                       Web       Mobile    Desktop       CLI     Embedded
-===================================== ========== ========== ========== ========== ==========
- `Instant Messaging`_                  Required   Required   Required   Required   Optional
- `Direct Messaging`_                   Required   Required   Required   Required   Optional
- `Mentions`_                           Required   Required   Required   Optional   Optional
- `Presence`_                           Required   Required   Required   Required   Optional
- `Push Notifications`_                 Optional   Required   Optional   Optional   Optional
- `Receipts`_                           Required   Required   Required   Required   Optional
- `Fully read markers`_                 Optional   Optional   Optional   Optional   Optional
- `Typing Notifications`_               Required   Required   Required   Required   Optional
- `VoIP`_                               Required   Required   Required   Optional   Optional
- `Ignoring Users`_                     Required   Required   Required   Optional   Optional
- `Reporting Content`_                  Optional   Optional   Optional   Optional   Optional
- `Content Repository`_                 Required   Required   Required   Optional   Optional
- `Managing History Visibility`_        Required   Required   Required   Required   Optional
- `Server Side Search`_                 Optional   Optional   Optional   Optional   Optional
- `Room Upgrades`_                      Required   Required   Required   Required   Optional
- `Server Administration`_              Optional   Optional   Optional   Optional   Optional
- `Event Context`_                      Optional   Optional   Optional   Optional   Optional
- `Third Party Networks`_               Optional   Optional   Optional   Optional   Optional
- `Send-to-Device Messaging`_           Optional   Optional   Optional   Optional   Optional
- `Device Management`_                  Optional   Optional   Optional   Optional   Optional
- `End-to-End Encryption`_              Optional   Optional   Optional   Optional   Optional
- `Guest Accounts`_                     Optional   Optional   Optional   Optional   Optional
- `Room Previews`_                      Optional   Optional   Optional   Optional   Optional
- `Client Config`_                      Optional   Optional   Optional   Optional   Optional
- `SSO Login`_                          Optional   Optional   Optional   Optional   Optional
- `OpenID`_                             Optional   Optional   Optional   Optional   Optional
- `Stickers`_                           Optional   Optional   Optional   Optional   Optional
- `Server ACLs`_                        Optional   Optional   Optional   Optional   Optional
- `Server Notices`_                     Optional   Optional   Optional   Optional   Optional
- `Moderation policies`_                Optional   Optional   Optional   Optional   Optional
-===================================== ========== ========== ========== ========== ==========
-
-*Please see each module for more details on what clients need to implement.*
-
-.. _Instant Messaging: `module:im`_
-.. _Direct Messaging: `module:dm`_
-.. _Mentions: `module:mentions`_
-.. _Presence: `module:presence`_
-.. _Push Notifications: `module:push`_
-.. _Receipts: `module:receipts`_
-.. _Fully read markers: `module:read-markers`_
-.. _Typing Notifications: `module:typing`_
-.. _VoIP: `module:voip`_
-.. _Ignoring Users: `module:ignore_users`_
-.. _Reporting Content: `module:report_content`_
-.. _Content Repository: `module:content`_
-.. _Managing History Visibility: `module:history-visibility`_
-.. _Server Side Search: `module:search`_
-.. _Room Upgrades: `module:room-upgrades`_
-.. _Server Administration: `module:admin`_
-.. _Event Context: `module:event-context`_
-.. _Third Party Networks: `module:third-party-networks`_
-.. _Send-to-Device Messaging: `module:to_device`_
-.. _Device Management: `module:device-management`_
-.. _End-to-End Encryption: `module:e2e`_
-.. _Guest Accounts: `module:guest-access`_
-.. _Room Previews: `module:room-previews`_
-.. _Client Config: `module:account_data`_
-.. _SSO Login: `module:sso_login`_
-.. _OpenID: `module:openid`_
-.. _Stickers: `module:stickers`_
-.. _Server ACLs: `module:server-acls`_
-.. Server Notices already has a link elsewhere.
-.. _Moderation Policies: `module:moderation-policies`_
-
-Clients
--------
-
-Stand-alone web (``Web``)
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This is a web page which heavily uses Matrix for communication. Single-page web
-apps would be classified as a stand-alone web client, as would multi-page web
-apps which use Matrix on nearly every page.
-
-Mobile (``Mobile``)
-~~~~~~~~~~~~~~~~~~~
-
-This is a Matrix client specifically designed for consumption on mobile devices.
-This is typically a mobile app but need not be so provided the feature set can
-be reached (e.g. if a mobile site could display push notifications it could be
-classified as a mobile client).
-
-Desktop (``Desktop``)
-~~~~~~~~~~~~~~~~~~~~~
-
-This is a native GUI application which can run in its own environment outside a
-browser.
-
-Command Line Interface (``CLI``)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This is a client which is used via a text-based terminal.
-
-Embedded (``Embedded``)
-~~~~~~~~~~~~~~~~~~~~~~~
-
-This is a client which is embedded into another application or an embedded
-device.
-
-Application
-+++++++++++
-
-This is a Matrix client which is embedded in another website, e.g. using
-iframes. These embedded clients are typically for a single purpose
-related to the website in question, and are not intended to be fully-fledged
-communication apps.
-
-Device
-++++++
-
-This is a client which is typically running on an embedded device such as a
-kettle, fridge or car. These clients tend to perform a few operations and run
-in a resource constrained environment. Like embedded applications, they are
-not intended to be fully-fledged communication systems.
diff --git a/specification/identity_service_api.rst b/specification/identity_service_api.rst
deleted file mode 100644
index 704f763e8a3..00000000000
--- a/specification/identity_service_api.rst
+++ /dev/null
@@ -1,499 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2017 Kamax.io
-.. Copyright 2017 New Vector Ltd
-.. Copyright 2018 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Identity Service API
-====================
-
-{{unstable_warning_block_IDENTITY_RELEASE_LABEL}}
-
-The Matrix client-server and server-server APIs are largely expressed in Matrix
-user identifiers. From time to time, it is useful to refer to users by other
-("third-party") identifiers, or "3PID"s, e.g. their email address or phone
-number. This Identity Service Specification describes how mappings between
-third-party identifiers and Matrix user identifiers can be established,
-validated, and used. This description technically may apply to any 3PID, but in
-practice has only been applied specifically to email addresses and phone numbers.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Changelog
----------
-
-.. topic:: Version: %IDENTITY_RELEASE_LABEL%
-{{identity_service_changelog}}
-
-This version of the specification is generated from
-`matrix-doc <https://github.com/matrix-org/matrix-doc>`_ as of Git commit
-`{{git_version}} <https://github.com/matrix-org/matrix-doc/tree/{{git_rev}}>`_.
-
-For the full historical changelog, see
-https://github.com/matrix-org/matrix-doc/blob/master/changelogs/identity_service.rst
-
-
-Other versions of this specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following other versions are also available, in reverse chronological order:
-
-- `HEAD <https://matrix.org/docs/spec/identity_service/unstable.html>`_: Includes all changes since the latest versioned release.
-- `r0.3.0 <https://matrix.org/docs/spec/identity_service/r0.3.0.html>`_
-- `r0.2.1 <https://matrix.org/docs/spec/identity_service/r0.2.1.html>`_
-- `r0.2.0 <https://matrix.org/docs/spec/identity_service/r0.2.0.html>`_
-- `r0.1.0 <https://matrix.org/docs/spec/identity_service/r0.1.0.html>`_
-
-General principles
-------------------
-
-The purpose of an identity server is to validate, store, and answer questions
-about the identities of users. In particular, it stores associations of the form
-"identifier X represents the same user as identifier Y", where identities may
-exist on different systems (such as email addresses, phone numbers,
-Matrix user IDs, etc).
-
-The identity server has some private-public keypairs. When asked about an
-association, it will sign details of the association with its private key.
-Clients may validate the assertions about associations by verifying the signature
-with the public key of the identity server.
-
-In general, identity servers are treated as reliable oracles. They do not
-necessarily provide evidence that they have validated associations, but claim to
-have done so. Establishing the trustworthiness of an individual identity server
-is left as an exercise for the client.
-
-3PID types are described in `3PID Types`_ Appendix.
-
-API standards
--------------
-
-The mandatory baseline for identity server communication in Matrix is exchanging
-JSON objects over HTTP APIs. HTTPS is required for communication, and all API calls
-use a Content-Type of ``application/json``. In addition, strings MUST be encoded as
-UTF-8.
-
-Any errors which occur at the Matrix API level MUST return a "standard error response".
-This is a JSON object which looks like:
-
-.. code:: json
-
-  {
-    "errcode": "<error code>",
-    "error": "<error message>"
-  }
-
-The ``error`` string will be a human-readable error message, usually a sentence
-explaining what went wrong. The ``errcode`` string will be a unique string
-which can be used to handle an error message e.g. ``M_FORBIDDEN``. There may be
-additional keys depending on the error, but the keys ``error`` and ``errcode``
-MUST always be present.
-
-Some standard error codes are below:
-
-:``M_NOT_FOUND``:
-  The resource requested could not be located.
-
-:``M_MISSING_PARAMS``:
-  The request was missing one or more parameters.
-
-:``M_INVALID_PARAM``:
-  The request contained one or more invalid parameters.
-
-:``M_SESSION_NOT_VALIDATED``:
-  The session has not been validated.
-
-:``M_NO_VALID_SESSION``:
-  A session could not be located for the given parameters.
-
-:``M_SESSION_EXPIRED``:
-  The session has expired and must be renewed.
-
-:``M_INVALID_EMAIL``:
-  The email address provided was not valid.
-
-:``M_EMAIL_SEND_ERROR``:
-  There was an error sending an email. Typically seen when attempting to verify
-  ownership of a given email address.
-
-:``M_INVALID_ADDRESS``:
-  The provided third party address was not valid.
-
-:``M_SEND_ERROR``:
-  There was an error sending a notification. Typically seen when attempting to
-  verify ownership of a given third party address.
-
-:``M_UNRECOGNIZED``:
-  The request contained an unrecognised value, such as an unknown token or medium.
-
-:``M_THREEPID_IN_USE``:
-  The third party identifier is already in use by another user. Typically this
-  error will have an additional ``mxid`` property to indicate who owns the
-  third party identifier.
-
-:``M_UNKNOWN``:
-  An unknown error has occurred.
-
-Privacy
--------
-
-Identity is a privacy-sensitive issue. While the identity server exists to
-provide identity information, access should be restricted to avoid leaking
-potentially sensitive data. In particular, being able to construct large-scale
-connections between identities should be avoided. To this end, in general APIs
-should allow a 3PID to be mapped to a Matrix user identity, but not in the other
-direction (i.e. one should not be able to get all 3PIDs associated with a Matrix
-user ID, or get all 3PIDs associated with a 3PID).
-
-Version 1 API deprecation
--------------------------
-
-.. TODO: Remove this section when the v1 API is removed.
-
-As described on each of the version 1 endpoints, the v1 API is deprecated in
-favour of the v2 API described here. The major difference, with the exception
-of a few isolated cases, is that the v2 API requires authentication to ensure
-the user has given permission for the identity server to operate on their data.
-
-The v1 API is planned to be removed from the specification in a future version.
-
-Clients SHOULD attempt the v2 endpoints first, and if they receive a ``404``,
-``400``, or similar error they should try the v1 endpoint or fail the operation.
-Clients are strongly encouraged to warn the user of the risks in using the v1 API,
-if they are planning on using it.
-
-Web browser clients
--------------------
-
-It is realistic to expect that some clients will be written to be run within a web
-browser or similar environment. In these cases, the identity server should respond to
-pre-flight requests and supply Cross-Origin Resource Sharing (CORS) headers on all
-requests.
-
-When a client approaches the server with a pre-flight (OPTIONS) request, the server
-should respond with the CORS headers for that route. The recommended CORS headers
-to be returned by servers on all requests are::
-
-  Access-Control-Allow-Origin: *
-  Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
-  Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
-
-Authentication
---------------
-
-Most ``v2`` endpoints in the Identity Service API require authentication in order
-to ensure that the requesting user has accepted all relevant policies and is otherwise
-permitted to make the request. The ``v1`` API (currently deprecated) does not require
-this authentication, however using ``v1`` is strongly discouraged as it will be removed
-in a future release.
-
-Identity Servers use a scheme similar to the Client-Server API's concept of access
-tokens to authenticate users. The access tokens provided by an Identity Server cannot
-be used to authenticate Client-Server API requests.
-
-An access token is provided to an endpoint in one of two ways:
-
-1. Via a query string parameter, ``access_token=TheTokenHere``.
-2. Via a request header, ``Authorization: Bearer TheTokenHere``.
-
-Clients are encouraged to the use the ``Authorization`` header where possible to prevent
-the access token being leaked in access/HTTP logs. The query string should only be used
-in cases where the ``Authorization`` header is inaccessible for the client.
-
-When credentials are required but missing or invalid, the HTTP call will return with a
-status of 401 and the error code ``M_UNAUTHORIZED``.
-
-{{v2_auth_is_http_api}}
-
-
-.. _`agree to more terms`:
-
-Terms of service
-----------------
-
-Identity Servers are encouraged to have terms of service (or similar policies) to
-ensure that users have agreed to their data being processed by the server. To facilitate
-this, an identity server can respond to almost any authenticated API endpoint with a
-HTTP 403 and the error code ``M_TERMS_NOT_SIGNED``. The error code is used to indicate
-that the user must accept new terms of service before being able to continue.
-
-All endpoints which support authentication can return the ``M_TERMS_NOT_SIGNED`` error.
-When clients receive the error, they are expected to make a call to ``GET /terms`` to
-find out what terms the server offers. The client compares this to the ``m.accepted_terms``
-account data for the user (described later) and presents the user with option to accept
-the still-missing terms of service. After the user has made their selection, if applicable,
-the client sends a request to ``POST /terms`` to indicate the user's acceptance. The
-server cannot expect that the client will send acceptance for all pending terms, and the
-client should not expect that the server will not respond with another ``M_TERMS_NOT_SIGNED``
-on their next request. The terms the user has just accepted are appended to ``m.accepted_terms``.
-
-{{m_accepted_terms_event}}
-
-{{v2_terms_is_http_api}}
-
-
-Status check
-------------
-
-{{ping_is_http_api}}
-
-{{v2_ping_is_http_api}}
-
-Key management
---------------
-
-An identity server has some long-term public-private keypairs. These are named
-in a scheme ``algorithm:identifier``, e.g. ``ed25519:0``. When signing an
-association, the standard `Signing JSON`_ algorithm applies.
-
-.. TODO: Actually allow identity servers to revoke all keys
-         See: https://github.com/matrix-org/matrix-doc/issues/1633
-.. In the event of key compromise, the identity server may revoke any of its keys.
-   An HTTP API is offered to get public keys, and check whether a particular key is
-   valid.
-
-The identity server may also keep track of some short-term public-private
-keypairs, which may have different usage and lifetime characteristics than the
-service's long-term keys.
-
-{{pubkey_is_http_api}}
-
-{{v2_pubkey_is_http_api}}
-
-Association lookup
-------------------
-
-{{lookup_is_http_api}}
-
-{{v2_lookup_is_http_api}}
-
-Client behaviour
-~~~~~~~~~~~~~~~~
-
-.. TODO: Remove this note when v1 is removed completely
-.. Note::
-   This section only covers the v2 lookup endpoint. The v1 endpoint is described
-   in isolation above.
-
-Prior to performing a lookup clients SHOULD make a request to the ``/hash_details``
-endpoint to determine what algorithms the server supports (described in more detail
-below). The client then uses this information to form a ``/lookup`` request and
-receive known bindings from the server.
-
-Clients MUST support at least the ``sha256`` algorithm.
-
-Server behaviour
-~~~~~~~~~~~~~~~~
-
-.. TODO: Remove this note when v1 is removed completely
-.. Note::
-   This section only covers the v2 lookup endpoint. The v1 endpoint is described
-   in isolation above.
-
-Servers, upon receipt of a ``/lookup`` request, will compare the query against
-known bindings it has, hashing the identifiers it knows about as needed to
-verify exact matches to the request.
-
-Servers MUST support at least the ``sha256`` algorithm.
-
-Algorithms
-~~~~~~~~~~
-
-Some algorithms are defined as part of the specification, however other formats
-can be negotiated between the client and server using ``/hash_details``.
-
-``sha256``
-++++++++++
-
-This algorithm MUST be supported by clients and servers at a minimum. It is
-additionally the preferred algorithm for lookups.
-
-When using this algorithm, the client converts the query first into strings
-separated by spaces in the format ``<address> <medium> <pepper>``. The ``<pepper>``
-is retrieved from ``/hash_details``, the ``<medium>`` is typically ``email`` or
-``msisdn`` (both lowercase), and the ``<address>`` is the 3PID to search for.
-For example, if the client wanted to know about ``alice@example.org``'s bindings,
-it would first format the query as ``alice@example.org email ThePepperGoesHere``.
-
-.. admonition:: Rationale
-
-   Mediums and peppers are appended to the address to prevent a common prefix
-   for each 3PID, helping prevent attackers from pre-computing the internal state
-   of the hash function.
-
-After formatting each query, the string is run through SHA-256 as defined by
-`RFC 4634 <https://tools.ietf.org/html/rfc4634>`_. The resulting bytes are then
-encoded using URL-Safe `Unpadded Base64`_ (similar to `room version 4's
-event ID format <../rooms/v4.html#event-ids>`_).
-
-An example set of queries when using the pepper ``matrixrocks`` would be::
-
-  "alice@example.com email matrixrocks" -> "4kenr7N9drpCJ4AfalmlGQVsOn3o2RHjkADUpXJWZUc"
-  "bob@example.com email matrixrocks"   -> "LJwSazmv46n0hlMlsb_iYxI0_HXEqy_yj6Jm636cdT8"
-  "18005552067 msisdn matrixrocks"      -> "nlo35_T5fzSGZzJApqu8lgIudJvmOQtDaHtr-I4rU7I"
-
-
-The set of hashes is then given as the ``addresses`` array in ``/lookup``. Note
-that the pepper used MUST be supplied as ``pepper`` in the ``/lookup`` request.
-
-``none``
-++++++++
-
-This algorithm performs plaintext lookups on the identity server. Typically this
-algorithm should not be used due to the security concerns of unhashed identifiers,
-however some scenarios (such as LDAP-backed identity servers) prevent the use of
-hashed identifiers. Identity servers (and optionally clients) can use this algorithm
-to perform those kinds of lookups.
-
-Similar to the ``sha256`` algorithm, the client converts the queries into strings
-separated by spaces in the format ``<address> <medium>`` - note the lack of ``<pepper>``.
-For example, if the client wanted to know about ``alice@example.org``'s bindings,
-it would format the query as ``alice@example.org email``.
-
-The formatted strings are then given as the ``addresses`` in ``/lookup``. Note that
-the ``pepper`` is still required, and must be provided to ensure the client has made
-an appropriate request to ``/hash_details`` first.
-
-Security considerations
-~~~~~~~~~~~~~~~~~~~~~~~
-
-.. Note::
-   `MSC2134 <https://github.com/matrix-org/matrix-doc/pull/2134>`_ has much more
-   information about the security considerations made for this section of the
-   specification. This section covers the high-level details for why the specification
-   is the way it is.
-
-Typically the lookup endpoint is used when a client has an unknown 3PID it wants to
-find a Matrix User ID for. Clients normally do this kind of lookup when inviting new
-users to a room or searching a user's address book to find any Matrix users they may
-not have discovered yet. Rogue or malicious identity servers could harvest this
-unknown information and do nefarious things with it if it were sent in plain text.
-In order to protect the privacy of users who might not have a Matrix identifier bound
-to their 3PID addresses, the specification attempts to make it difficult to harvest
-3PIDs.
-
-.. admonition:: Rationale
-
-   Hashing identifiers, while not perfect, helps make the effort required to harvest
-   identifiers significantly higher. Phone numbers in particular are still difficult
-   to protect with hashing, however hashing is objectively better than not.
-
-   An alternative to hashing would be using bcrypt or similar with many rounds, however
-   by nature of needing to serve mobile clients and clients on limited hardware the
-   solution needs be kept relatively lightweight.
-
-Clients should be cautious of servers not rotating their pepper very often, and
-potentially of servers which use a weak pepper - these servers may be attempting to
-brute force the identifiers or use rainbow tables to mine the addresses. Similarly,
-clients which support the ``none`` algorithm should consider at least warning the user
-of the risks in sending identifiers in plain text to the identity server.
-
-Addresses are still potentially reversable using a calculated rainbow table given
-some identifiers, such as phone numbers, common email address domains, and leaked
-addresses are easily calculated. For example, phone numbers can have roughly 12
-digits to them, making them an easier target for attack than email addresses.
-
-
-Establishing associations
--------------------------
-
-The flow for creating an association is session-based.
-
-Within a session, one may prove that one has ownership of a 3PID.
-Once this has been established, the user can form an association between that
-3PID and a Matrix user ID. Note that this association is only proved one way;
-a user can associate *any* Matrix user ID with a validated 3PID,
-i.e. I can claim that any email address I own is associated with
-@billg:microsoft.com.
-
-Sessions are time-limited; a session is considered to have been modified when
-it was created, and then when a validation is performed within it. A session can
-only be checked for validation, and validation can only be performed within a
-session, within a 24 hour period since its most recent modification. Any
-attempts to perform these actions after the expiry will be rejected, and a new
-session should be created and used instead.
-
-To start a session, the client makes a request to the appropriate
-``/requestToken`` endpoint. The identity server then sends a validation token
-to the user, and the user provides the token to the client. The client then
-provides the token to the appropriate ``/submitToken`` endpoint, completing the
-session. At this point, the client should ``/bind`` the third party identifier
-or leave it for another entity to bind.
-
-Format of a validation token
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The format of the validation token is left up to the identity server: it
-should choose one appropriate to the 3PID type. (For example, it would be
-inappropriate to expect a user to copy a long passphrase including punctuation
-from an SMS message into a client.)
-
-Whatever format the identity server uses, the validation token must consist of
-at most 255 Unicode codepoints. Clients must pass the token through without
-modification.
-
-Email associations
-~~~~~~~~~~~~~~~~~~
-
-{{email_associations_is_http_api}}
-
-{{v2_email_associations_is_http_api}}
-
-Phone number associations
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-{{phone_associations_is_http_api}}
-
-{{v2_phone_associations_is_http_api}}
-
-General
-~~~~~~~
-
-{{associations_is_http_api}}
-
-{{v2_associations_is_http_api}}
-
-Invitation storage
-------------------
-
-An identity server can store pending invitations to a user's 3PID, which will
-be retrieved and can be either notified on or look up when the 3PID is
-associated with a Matrix user ID.
-
-At a later point, if the owner of that particular 3PID binds it with a Matrix user
-ID, the identity server will attempt to make an HTTP POST to the Matrix user's
-homeserver via the `/3pid/onbind`_ endpoint. The request MUST be signed with a
-long-term private key for the identity server.
-
-{{store_invite_is_http_api}}
-
-{{v2_store_invite_is_http_api}}
-
-Ephemeral invitation signing
-----------------------------
-
-To aid clients who may not be able to perform crypto themselves, the identity
-server offers some crypto functionality to help in accepting invitations.
-This is less secure than the client doing it itself, but may be useful where
-this isn't possible.
-
-{{invitation_signing_is_http_api}}
-
-{{v2_invitation_signing_is_http_api}}
-
-.. _`Unpadded Base64`:  ../appendices.html#unpadded-base64
-.. _`3PID Types`:  ../appendices.html#pid-types
-.. _`Signing JSON`: ../appendices.html#signing-json
-.. _`/3pid/onbind`: ../server_server/%SERVER_RELEASE_LABEL%.html#put-matrix-federation-v1-3pid-onbind
diff --git a/specification/index.rst b/specification/index.rst
deleted file mode 100644
index aa8a4641a98..00000000000
--- a/specification/index.rst
+++ /dev/null
@@ -1,575 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Matrix Specification
-====================
-
-.. Note that this file is specifically unversioned because we don't want to
-.. have to add Yet Another version number, and the commentary on what specs we
-.. have should hopefully not get complex enough that we need to worry about
-.. versioning it.
-
-Matrix defines a set of open APIs for decentralised communication, suitable for
-securely publishing, persisting and subscribing to data over a global open
-federation of servers with no single point of control.  Uses include Instant Messaging (IM),
-Voice over IP (VoIP) signalling, Internet of Things (IoT) communication, and bridging
-together existing communication silos - providing the basis of a new open real-time
-communication ecosystem.
-
-To propose a change to the Matrix Spec, see the explanations at
-`Proposals for Spec Changes to Matrix <proposals>`_.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Matrix APIs
------------
-
-The specification consists of the following parts:
-
-{{apis}}
-
-Additionally, this introduction page contains the key baseline information required to
-understand the specific APIs, including the sections on `room versions`_
-and `overall architecture <#architecture>`_.
-
-The `Appendices <appendices.html>`_ contain supplemental information not specific to
-one of the above APIs.
-
-The `Matrix Client-Server API Swagger Viewer <https://matrix.org/docs/api/client-server/>`_
-is useful for browsing the Client-Server API.
-
-
-Matrix versions
-~~~~~~~~~~~~~~~
-
-.. Note::
-  As of June 10th 2019, the Matrix specification is considered out of beta -
-  indicating that all currently released APIs are considered stable and secure
-  to the best of our knowledge, and the spec should contain the complete
-  information necessary to develop production-grade implementations of Matrix
-  without the need for external reference.
-
-Matrix 1.0 (released June 10th, 2019) consists of the following minimum API
-versions:
-
-=======================  =======
-API/Specification        Version
-=======================  =======
-Client-Server API        r0.5.0
-Server-Server API        r0.1.2
-Application Service API  r0.1.1
-Identity Service API     r0.1.1
-Push Gateway API         r0.1.0
-Room Version             v5
-=======================  =======
-
-
-Introduction to the Matrix APIs
--------------------------------
-
-Matrix is a set of open APIs for open-federated Instant Messaging (IM), Voice
-over IP (VoIP) and Internet of Things (IoT) communication, designed to create
-and support a new global real-time communication ecosystem. The intention is to
-provide an open decentralised pubsub layer for the internet for securely
-persisting and publishing/subscribing JSON objects. This specification is the
-ongoing result of standardising the APIs used by the various components of the
-Matrix ecosystem to communicate with one another.
-
-The principles that Matrix attempts to follow are:
-
-- Pragmatic Web-friendly APIs (i.e. JSON over REST)
-- Keep It Simple & Stupid
-
-  + provide a simple architecture with minimal third-party dependencies.
-
-- Fully open:
-
-  + Fully open federation - anyone should be able to participate in the global
-    Matrix network
-  + Fully open standard - publicly documented standard with no IP or patent
-    licensing encumbrances
-  + Fully open source reference implementation - liberally-licensed example
-    implementations with no IP or patent licensing encumbrances
-
-- Empowering the end-user
-
-  + The user should be able to choose the server and clients they use
-  + The user should be able to control how private their communication is
-  + The user should know precisely where their data is stored
-
-- Fully decentralised - no single points of control over conversations or the
-  network as a whole
-- Learning from history to avoid repeating it
-
-  + Trying to take the best aspects of XMPP, SIP, IRC, SMTP, IMAP and NNTP
-    whilst trying to avoid their failings
-
-
-The functionality that Matrix provides includes:
-
-- Creation and management of fully distributed chat rooms with no
-  single points of control or failure
-- Eventually-consistent cryptographically secure synchronisation of room
-  state across a global open network of federated servers and services
-- Sending and receiving extensible messages in a room with (optional)
-  end-to-end encryption
-- Extensible user management (inviting, joining, leaving, kicking, banning)
-  mediated by a power-level based user privilege system.
-- Extensible room state management (room naming, aliasing, topics, bans)
-- Extensible user profile management (avatars, display names, etc)
-- Managing user accounts (registration, login, logout)
-- Use of 3rd Party IDs (3PIDs) such as email addresses, phone numbers,
-  Facebook accounts to authenticate, identify and discover users on Matrix.
-- Trusted federation of identity servers for:
-
-  + Publishing user public keys for PKI
-  + Mapping of 3PIDs to Matrix IDs
-
-
-The end goal of Matrix is to be a ubiquitous messaging layer for synchronising
-arbitrary data between sets of people, devices and services - be that for
-instant messages, VoIP call setups, or any other objects that need to be
-reliably and persistently pushed from A to B in an interoperable and federated
-manner.
-
-
-Spec Change Proposals
-~~~~~~~~~~~~~~~~~~~~~
-To propose a change to the Matrix Spec, see the explanations at `Proposals
-for Spec Changes to Matrix <proposals>`_.
-
-
-.. _`architecture`:
-
-Architecture
-------------
-
-Matrix defines APIs for synchronising extensible JSON objects known as
-"events" between compatible clients, servers and services. Clients are
-typically messaging/VoIP applications or IoT devices/hubs and communicate by
-synchronising communication history with their "homeserver" using the
-"Client-Server API". Each homeserver stores the communication history and
-account information for all of its clients, and shares data with the wider
-Matrix ecosystem by synchronising communication history with other homeservers
-and their clients.
-
-Clients typically communicate with each other by emitting events in the
-context of a virtual "room". Room data is replicated across *all of the
-homeservers* whose users are participating in a given room. As such, *no
-single homeserver has control or ownership over a given room*. Homeservers
-model communication history as a partially ordered graph of events known as
-the room's "event graph", which is synchronised with eventual consistency
-between the participating servers using the "Server-Server API". This process
-of synchronising shared conversation history between homeservers run by
-different parties is called "Federation". Matrix optimises for the
-Availability and Partitioned properties of CAP theorem at
-the expense of Consistency.
-
-For example, for client A to send a message to client B, client A performs an
-HTTP PUT of the required JSON event on its homeserver (HS) using the
-client-server API. A's HS appends this event to its copy of the room's event
-graph, signing the message in the context of the graph for integrity. A's HS
-then replicates the message to B's HS by performing an HTTP PUT using the
-server-server API. B's HS authenticates the request, validates the event's
-signature, authorises the event's contents and then adds it to its copy of the
-room's event graph. Client B then receives the message from his homeserver via
-a long-lived GET request.
-
-::
-
-                         How data flows between clients
-                         ==============================
-
-       { Matrix client A }                             { Matrix client B }
-           ^          |                                    ^          |
-           |  events  |  Client-Server API                 |  events  |
-           |          V                                    |          V
-       +------------------+                            +------------------+
-       |                  |---------( HTTPS )--------->|                  |
-       |   homeserver     |                            |   homeserver     |
-       |                  |<--------( HTTPS )----------|                  |
-       +------------------+      Server-Server API     +------------------+
-                              History Synchronisation
-                                  (Federation)
-
-
-Users
-~~~~~
-
-Each client is associated with a user account, which is identified in Matrix
-using a unique "user ID". This ID is namespaced to the homeserver which
-allocated the account and has the form::
-
-  @localpart:domain
-
-See `'Identifier Grammar' in the appendices <appendices.html#identifier-grammar>`_ for full details of
-the structure of user IDs.
-
-Devices
-~~~~~~~
-
-The Matrix specification has a particular meaning for the term "device". As a
-user, I might have several devices: a desktop client, some web browsers, an
-Android device, an iPhone, etc. They broadly relate to a real device in the
-physical world, but you might have several browsers on a physical device, or
-several Matrix client applications on a mobile device, each of which would be
-its own device.
-
-Devices are used primarily to manage the keys used for end-to-end encryption
-(each device gets its own copy of the decryption keys), but they also help
-users manage their access - for instance, by revoking access to particular
-devices.
-
-When a user first uses a client, it registers itself as a new device. The
-longevity of devices might depend on the type of client. A web client will
-probably drop all of its state on logout, and create a new device every time
-you log in, to ensure that cryptography keys are not leaked to a new user.  In
-a mobile client, it might be acceptable to reuse the device if a login session
-expires, provided the user is the same.
-
-Devices are identified by a ``device_id``, which is unique within the scope of
-a given user.
-
-A user may assign a human-readable display name to a device, to help them
-manage their devices.
-
-Events
-~~~~~~
-
-All data exchanged over Matrix is expressed as an "event". Typically each client
-action (e.g. sending a message) correlates with exactly one event. Each event
-has a ``type`` which is used to differentiate different kinds of data. ``type``
-values MUST be uniquely globally namespaced following Java's `package naming
-conventions`_, e.g.
-``com.example.myapp.event``. The special top-level namespace ``m.`` is reserved
-for events defined in the Matrix specification - for instance ``m.room.message``
-is the event type for instant messages. Events are usually sent in the context
-of a "Room".
-
-.. _package naming conventions: https://en.wikipedia.org/wiki/Java_package#Package_naming_conventions
-
-Event Graphs
-~~~~~~~~~~~~
-
-.. _sect:event-graph:
-
-Events exchanged in the context of a room are stored in a directed acyclic graph
-(DAG) called an "event graph". The partial ordering of this graph gives the
-chronological ordering of events within the room. Each event in the graph has a
-list of zero or more "parent" events, which refer to any preceding events
-which have no chronological successor from the perspective of the homeserver
-which created the event.
-
-Typically an event has a single parent: the most recent message in the room at
-the point it was sent. However, homeservers may legitimately race with each
-other when sending messages, resulting in a single event having multiple
-successors. The next event added to the graph thus will have multiple parents.
-Every event graph has a single root event with no parent.
-
-To order and ease chronological comparison between the events within the graph,
-homeservers maintain a ``depth`` metadata field on each event. An event's
-``depth`` is a positive integer that is strictly greater than the depths of any
-of its parents. The root event should have a depth of 1. Thus if one event is
-before another, then it must have a strictly smaller depth.
-
-Room structure
-~~~~~~~~~~~~~~
-
-A room is a conceptual place where users can send and receive events. Events are
-sent to a room, and all participants in that room with sufficient access will
-receive the event. Rooms are uniquely identified internally via "Room IDs",
-which have the form::
-
-  !opaque_id:domain
-
-There is exactly one room ID for each room. Whilst the room ID does contain a
-domain, it is simply for globally namespacing room IDs. The room does NOT
-reside on the domain specified.
-
-See `'Identifier Grammar' in the appendices <appendices.html#identifier-grammar>`_ for full details of
-the structure of a room ID.
-
-The following conceptual diagram shows an
-``m.room.message`` event being sent to the room ``!qporfwt:matrix.org``::
-
-       { @alice:matrix.org }                             { @bob:example.org }
-               |                                                 ^
-               |                                                 |
-      [HTTP POST]                                  [HTTP GET]
-      Room ID: !qporfwt:matrix.org                 Room ID: !qporfwt:matrix.org
-      Event type: m.room.message                   Event type: m.room.message
-      Content: { JSON object }                     Content: { JSON object }
-               |                                                 |
-               V                                                 |
-       +------------------+                          +------------------+
-       |   homeserver     |                          |   homeserver     |
-       |   matrix.org     |                          |   example.org    |
-       +------------------+                          +------------------+
-               |                                                 ^
-               |         [HTTP PUT]                              |
-               |         Room ID: !qporfwt:matrix.org            |
-               |         Event type: m.room.message              |
-               |         Content: { JSON object }                |
-               `-------> Pointer to the preceding message  ------`
-                         PKI signature from matrix.org
-                         Transaction-layer metadata
-                         PKI Authorization header
-
-                     ....................................
-                    |           Shared Data              |
-                    | State:                             |
-                    |   Room ID: !qporfwt:matrix.org     |
-                    |   Servers: matrix.org, example.org |
-                    |   Members:                         |
-                    |    - @alice:matrix.org             |
-                    |    - @bob:example.org              |
-                    | Messages:                          |
-                    |   - @alice:matrix.org              |
-                    |     Content: { JSON object }       |
-                    |....................................|
-
-Federation maintains *shared data structures* per-room between multiple
-homeservers. The data is split into ``message events`` and ``state events``.
-
-Message events:
-  These describe transient 'once-off' activity in a room such as an
-  instant messages, VoIP call setups, file transfers, etc. They generally
-  describe communication activity.
-
-State events:
-  These describe updates to a given piece of persistent information
-  ('state') related to a room, such as the room's name, topic, membership,
-  participating servers, etc. State is modelled as a lookup table of key/value
-  pairs per room, with each key being a tuple of ``state_key`` and ``event type``.
-  Each state event updates the value of a given key.
-
-The state of the room at a given point is calculated by considering all events
-preceding and including a given event in the graph. Where events describe the
-same state, a merge conflict algorithm is applied. The state resolution
-algorithm is transitive and does not depend on server state, as it must
-consistently select the same event irrespective of the server or the order the
-events were received in. Events are signed by the originating server (the
-signature includes the parent relations, type, depth and payload hash) and are
-pushed over federation to the participating servers in a room, currently using
-full mesh topology. Servers may also request backfill of events over federation
-from the other servers participating in a room.
-
-.. Note::
-  Events are not limited to the types defined in this specification. New or custom
-  event types can be created on a whim using the Java package naming convention.
-  For example, a ``com.example.game.score`` event can be sent by clients and other
-  clients would receive it through Matrix, assuming the client has access to the
-  ``com.example`` namespace.
-
-Room Aliases
-++++++++++++
-
-Each room can also have multiple "Room Aliases", which look like::
-
-  #room_alias:domain
-
-See `'Identifier Grammar' in the appendices <appendices.html#identifier-grammar>`_ for full details of
-the structure of a room alias.
-
-A room alias "points" to a room ID and is the human-readable label by which
-rooms are publicised and discovered.  The room ID the alias is pointing to can
-be obtained by visiting the domain specified. Note that the mapping from a room
-alias to a room ID is not fixed, and may change over time to point to a
-different room ID. For this reason, Clients SHOULD resolve the room alias to a
-room ID once and then use that ID on subsequent requests.
-
-When resolving a room alias the server will also respond with a list of servers
-that are in the room that can be used to join via.
-
-::
-
-        HTTP GET
-   #matrix:example.org      !aaabaa:matrix.org
-           |                    ^
-           |                    |
-    _______V____________________|____
-   |          example.org           |
-   | Mappings:                      |
-   | #matrix >> !aaabaa:matrix.org  |
-   | #golf   >> !wfeiofh:sport.com  |
-   | #bike   >> !4rguxf:matrix.org  |
-   |________________________________|
-
-Identity
-~~~~~~~~
-
-Users in Matrix are identified via their Matrix user ID. However,
-existing 3rd party ID namespaces can also be used in order to identify Matrix
-users. A Matrix "Identity" describes both the user ID and any other existing IDs
-from third party namespaces *linked* to their account.
-Matrix users can *link* third-party IDs (3PIDs) such as email addresses, social
-network accounts and phone numbers to their user ID. Linking 3PIDs creates a
-mapping from a 3PID to a user ID. This mapping can then be used by Matrix
-users in order to discover the user IDs of their contacts.
-In order to ensure that the mapping from 3PID to user ID is genuine, a globally
-federated cluster of trusted "identity servers" (IS) are used to verify the 3PID
-and persist and replicate the mappings.
-
-Usage of an IS is not required in order for a client application to be part of
-the Matrix ecosystem. However, without one clients will not be able to look up
-user IDs using 3PIDs.
-
-
-Profiles
-~~~~~~~~
-
-Users may publish arbitrary key/value data associated with their account - such
-as a human readable display name, a profile photo URL, contact information
-(email address, phone numbers, website URLs etc).
-
-.. TODO
-  Actually specify the different types of data - e.g. what format are display
-  names allowed to be?
-
-Private User Data
-~~~~~~~~~~~~~~~~~
-
-Users may also store arbitrary private key/value data in their account - such as
-client preferences, or server configuration settings which lack any other
-dedicated API.  The API is symmetrical to managing Profile data.
-
-.. TODO
-  Would it really be overengineered to use the same API for both profile &
-  private user data, but with different ACLs?
-
-
-Common concepts
----------------
-
-Various things are common throughout all of the Matrix APIs. They are
-documented here.
-
-.. TODO: Some words about trailing slashes. See https://github.com/matrix-org/matrix-doc/issues/2107
-
-Namespacing
-~~~~~~~~~~~
-
-Namespacing helps prevent conflicts between multiple applications and the specification
-itself. Where namespacing is used, ``m.`` prefixes are used by the specification to
-indicate that the field is controlled by the specification. Custom or non-specified
-namespaces used in the wild MUST use the Java package naming convention to prevent
-conflicts.
-
-As an example, event types defined in the specification are namespaced under the
-special ``m.`` prefix, however any client can send a custom event type, such as
-``com.example.game.score`` (assuming the client has rights to the ``com.example``
-namespace) without needing to put the event into the ``m.`` namespace.
-
-Timestamps
-~~~~~~~~~~
-
-Unless otherwise stated, timestamps are measured as milliseconds since the Unix epoch.
-Throughout the specification this may be referred to as POSIX, Unix, or just "time in
-milliseconds".
-
-
-.. _`room versions`:
-
-Room Versions
--------------
-
-Rooms are central to how Matrix operates, and have strict rules for what
-is allowed to be contained within them. Rooms can also have various
-algorithms that handle different tasks, such as what to do when two or
-more events collide in the underlying DAG. To allow rooms to be improved
-upon through new algorithms or rules, "room versions" are employed to
-manage a set of expectations for each room. New room versions are assigned
-as needed.
-
-There is no implicit ordering or hierarchy to room versions, and their principles
-are immutable once placed in the specification. Although there is a recommended
-set of versions, some rooms may benefit from features introduced by other versions.
-Rooms move between different versions by "upgrading" to the desired version. Due
-to versions not being ordered or hierarchical, this means a room can "upgrade"
-from version 2 to version 1, if it is so desired.
-
-Room version grammar
-~~~~~~~~~~~~~~~~~~~~
-
-Room versions are used to change properties of rooms that may not be compatible
-with other servers. For example, changing the rules for event authorization would
-cause older servers to potentially end up in a split-brain situation due to not
-understanding the new rules.
-
-A room version is defined as a string of characters which MUST NOT exceed 32
-codepoints in length. Room versions MUST NOT be empty and SHOULD contain only
-the characters ``a-z``, ``0-9``, ``.``, and ``-``.
-
-Room versions are not intended to be parsed and should be treated as opaque
-identifiers. Room versions consisting only of the characters ``0-9`` and ``.``
-are reserved for future versions of the Matrix protocol.
-
-The complete grammar for a legal room version is::
-
-  room_version = 1*room_version_char
-  room_version_char = DIGIT
-                    / %x61-7A         ; a-z
-                    / "-" / "."
-
-Examples of valid room versions are:
-
-* ``1`` (would be reserved by the Matrix protocol)
-* ``1.2`` (would be reserved by the Matrix protocol)
-* ``1.2-beta``
-* ``com.example.version``
-
-Complete list of room versions
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Room versions are divided into two distinct groups: stable and unstable. Stable
-room versions may be used by rooms safely. Unstable room versions are everything
-else which is either not listed in the specification or flagged as unstable for
-some other reason. Versions can switch between stable and unstable periodically
-for a variety of reasons, including discovered security vulnerabilities and age.
-
-Clients should not ask room administrators to upgrade their rooms if the room is
-running a stable version. Servers SHOULD use room version 5 as the default room
-version when creating new rooms.
-
-The available room versions are:
-
-* `Version 1 <rooms/v1.html>`_ - **Stable**. The current version of most rooms.
-* `Version 2 <rooms/v2.html>`_ - **Stable**. Implements State Resolution Version 2.
-* `Version 3 <rooms/v3.html>`_ - **Stable**. Introduces events whose IDs are the event's hash.
-* `Version 4 <rooms/v4.html>`_ - **Stable**. Builds on v3 by using URL-safe base64 for event IDs.
-* `Version 5 <rooms/v5.html>`_ - **Stable**. Introduces enforcement of signing key validity periods.
-* `Version 6 <rooms/v6.html>`_ - **Stable**. Alters several authorization rules for events.
-
-Specification Versions
-----------------------
-
-The specification for each API is versioned in the form ``rX.Y.Z``.
- * A change to ``X`` reflects a breaking change: a client implemented against
-   ``r1.0.0`` may need changes to work with a server which supports (only)
-   ``r2.0.0``.
- * A change to ``Y`` represents a change which is backwards-compatible for
-   existing clients, but not necessarily existing servers: a client implemented
-   against ``r1.1.0`` will work without changes against a server which supports
-   ``r1.2.0``; but a client which requires ``r1.2.0`` may not work correctly
-   with a server which implements only ``r1.1.0``.
- * A change to ``Z`` represents a change which is backwards-compatible on both
-   sides. Typically this implies a clarification to the specification, rather
-   than a change which must be implemented.
-
-License
--------
-
-The Matrix specification is licensed under the `Apache License, Version 2.0
-<http://www.apache.org/licenses/LICENSE-2.0>`_.
diff --git a/specification/modules.rst b/specification/modules.rst
deleted file mode 100644
index 1bc8844592d..00000000000
--- a/specification/modules.rst
+++ /dev/null
@@ -1,27 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Modules
-=======
-
-Modules are parts of the Client-Server API which are not universal to all
-endpoints. Modules are strictly defined within this specification and
-should not be mistaken for experimental extensions or optional features.
-A compliant server implementation MUST support all modules and supporting
-specification (unless the implementation only targets clients of certain
-profiles, in which case only the required modules for those feature profiles
-MUST be implemented). A compliant client implementation MUST support all
-the required modules and supporting specification for the `Feature Profile <#feature-profiles>`_
-it targets.
diff --git a/specification/modules/_template.rst b/specification/modules/_template.rst
deleted file mode 100644
index d1fef7f5f1b..00000000000
--- a/specification/modules/_template.rst
+++ /dev/null
@@ -1,70 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Module Heading
-==============
-
-.. NOTE: Prefer to identify-modules-with-dashes despite historical examples.
-.. _module:short-name:
-
-A short summary of the module. What features does this module provide? An anchor
-should be specified at the top of the module using the format ``module:name``.
-
-Complicated modules may wish to have architecture diagrams or event flows
-(e.g. VoIP call flows) here. Custom subsections can be included but they should
-be used *sparingly* to reduce the risk of putting client or server behaviour
-information in these custom sections.
-
-Events
-------
-List the new event types introduced by this module, if any. If there are no
-new events, this section can be omitted. Event types should be done as
-subsections. This section is intended to document the "common shared event
-structure" between client and server. Deviations from this shared structure
-should be documented in the relevant behaviour section.
-
-``m.example.event.type``
-~~~~~~~~~~~~~~~~~~~~~~~~
-There should be JSON Schema docs for this event. Once there is JSON schema,
-there will be a template variable with dots in the event type replaced with
-underscores and the suffix ``_event``. You can insert a template like so:
-
-{{m_example_event_type_event}}
-
-Client behaviour
-----------------
-List any new HTTP endpoints. These endpoints should be documented using Swagger.
-Once there is Swagger, there will be a template variable based on the name of
-the YAML file with the suffix ``_cs_http_api``. You can insert a template for
-swagger docs like so:
-
-{{name-of-yaml-file-without-file-ext_cs_http_api}}
-
-List the steps the client needs to take to
-correctly process this module. List what data structures the client should be
-storing in order to aid implementation.
-
-Server behaviour
-----------------
-Does the server need to handle any of the new events in a special way (e.g.
-typing timeouts, presence). Advice on how to persist events and/or requests are
-recommended to aid implementation. Federation-specific logic should be included
-here.
-
-Security considerations
------------------------
-This includes privacy leaks: for example leaking presence info. How do
-misbehaving clients or servers impact this module? This section should always be
-included, if only to say "we've thought about it but there isn't anything to do
-here".
diff --git a/specification/modules/account_data.rst b/specification/modules/account_data.rst
deleted file mode 100644
index a67e503a677..00000000000
--- a/specification/modules/account_data.rst
+++ /dev/null
@@ -1,48 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Client Config
-=============
-
-.. _module:account_data:
-
-Clients can store custom config data for their account on their homeserver.
-This account data will be synced between different devices and can persist
-across installations on a particular device. Users may only view the account
-data for their own account
-
-The account_data may be either global or scoped to a particular rooms.
-
-Events
-------
-
-The client receives the account data as events in the ``account_data`` sections
-of a ``/sync``.
-
-These events can also be received in a ``/events`` response or in the
-``account_data`` section of a room in ``/sync``. ``m.tag``
-events appearing in ``/events`` will have a ``room_id`` with the room
-the tags are for.
-
-Client Behaviour
-----------------
-
-{{account_data_cs_http_api}}
-
-
-Server Behaviour
-----------------
-
-Servers MUST reject clients from setting account data for event types that
-the server manages. Currently, this only includes `m.fully_read`_.
diff --git a/specification/modules/admin.rst b/specification/modules/admin.rst
deleted file mode 100644
index c4465675ea1..00000000000
--- a/specification/modules/admin.rst
+++ /dev/null
@@ -1,26 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Server Administration
-=====================
-
-.. _module:admin:
-
-This module adds capabilities for server administrators to inspect server state
-and data.
-
-Client Behaviour
-----------------
-
-{{admin_cs_http_api}}
diff --git a/specification/modules/anonymous_access.rst b/specification/modules/anonymous_access.rst
deleted file mode 100644
index a6ffbfb6ec6..00000000000
--- a/specification/modules/anonymous_access.rst
+++ /dev/null
@@ -1,64 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Guest access
-================
-
-.. _module:guest-access:
-
-It may be desirable to allow users without a fully registered user account to
-ephemerally access Matrix rooms. This module specifies limited ways of doing so.
-
-Note that this is not currently a complete anonymous access solution; in
-particular, it only allows servers to provided anonymous access to rooms in
-which they are already participating, and relies on individual homeservers to
-adhere to the conventions which this module sets, rather than allowing all
-participating homeservers to enforce them.
-
-Events
-------
-
-{{m_room_guest_accessibility}}
-
-Client behaviour
-----------------
-A client can register for guest access using the FOO endpoint. From that point
-on, they can interact with a limited subset of the existing client-server API,
-as if they were a fully registered user, using the access token granted to them
-by the server.
-
-These users are only allowed to make calls in relation to rooms which have the
-``m.room.history_visibility`` event set to ``world_readable``.
-
-The APIs they are allowed to hit are:
-
-/rooms/{roomId}/messages
-/rooms/{roomId}/state
-/rooms/{roomId}/state/{eventType}/{stateKey}
-/events
-
-Server behaviour
-----------------
-Does the server need to handle any of the new events in a special way (e.g.
-typing timeouts, presence). Advice on how to persist events and/or requests are
-recommended to aid implementation. Federation-specific logic should be included
-here.
-
-Security considerations
------------------------
-This includes privacy leaks: for example leaking presence info. How do
-misbehaving clients or servers impact this module? This section should always be
-included, if only to say "we've thought about it but there isn't anything to do
-here".
-
diff --git a/specification/modules/content_repo.rst b/specification/modules/content_repo.rst
deleted file mode 100644
index 192250d22bf..00000000000
--- a/specification/modules/content_repo.rst
+++ /dev/null
@@ -1,136 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Content repository
-==================
-
-.. _module:content:
-
-The content repository (or "media repository") allows users to upload
-files to their homeserver for later use. For example, files which the
-user wants to send to a room would be uploaded here, as would an avatar
-the user wants to use.
-
-Uploads are POSTed to a resource on the user's local homeserver which
-returns a MXC URI which can later be used to GET the download. Content
-is downloaded from the recipient's local homeserver, which must first
-transfer the content from the origin homeserver using the same API
-(unless the origin and destination homeservers are the same).
-
-When serving content, the server SHOULD provide a ``Content-Security-Policy``
-header. The recommended policy is ``sandbox; default-src 'none'; script-src
-'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src
-'self';``.
-
-Matrix Content (MXC) URIs
--------------------------
-
-.. _`MXC URI`:
-
-Content locations are represented as Matrix Content (MXC) URIs. They look
-like::
-
-  mxc://<server-name>/<media-id>
-
-  <server-name> : The name of the homeserver where this content originated, e.g. matrix.org
-  <media-id> : An opaque ID which identifies the content.
-
-
-Client behaviour
-----------------
-
-Clients can upload and download content using the following HTTP APIs.
-
-{{content_repo_cs_http_api}}
-
-Thumbnails
-~~~~~~~~~~
-The homeserver SHOULD be able to supply thumbnails for uploaded images and
-videos. The exact file types which can be thumbnailed are not currently
-specified - see `Issue #1938 <https://github.com/matrix-org/matrix-doc/issues/1938>`_
-for more information.
-
-The thumbnail methods are "crop" and "scale". "scale" tries to return an
-image where either the width or the height is smaller than the requested
-size. The client should then scale and letterbox the image if it needs to
-fit within a given rectangle. "crop" tries to return an image where the
-width and height are close to the requested size and the aspect matches
-the requested size. The client should scale the image if it needs to fit
-within a given rectangle.
-
-The dimensions given to the thumbnail API are the minimum size the client
-would prefer. Servers must never return thumbnails smaller than the client's
-requested dimensions, unless the content being thumbnailed is smaller than
-the dimensions. When the content is smaller than the requested dimensions,
-servers should return the original content rather than thumbnail it.
-
-Servers SHOULD produce thumbnails with the following dimensions and methods:
-
-* 32x32, crop
-* 96x96, crop
-* 320x240, scale
-* 640x480, scale
-* 800x600, scale
-
-In summary:
- * "scale" maintains the original aspect ratio of the image
- * "crop" provides an image in the aspect ratio of the sizes given in the request
- * The server will return an image larger than or equal to the dimensions requested
-   where possible.
-
-Servers MUST NOT upscale thumbnails under any circumstance. Servers MUST NOT
-return a smaller thumbnail than requested, unless the original content makes
-that impossible.
-
-Security considerations
------------------------
-
-The HTTP GET endpoint does not require any authentication. Knowing the URL of
-the content is sufficient to retrieve the content, even if the entity isn't in
-the room.
-
-MXC URIs are vulnerable to directory traversal attacks such as
-``mxc://127.0.0.1/../../../some_service/etc/passwd``. This would cause the target
-homeserver to try to access and return this file. As such, homeservers MUST
-sanitise MXC URIs by allowing only alphanumeric (``A-Za-z0-9``), ``_``
-and  ``-`` characters in the ``server-name`` and ``media-id`` values. This set
-of whitelisted characters allows URL-safe base64 encodings specified in RFC 4648.
-Applying this character whitelist is preferable to blacklisting ``.`` and ``/``
-as there are techniques around blacklisted characters (percent-encoded characters,
-UTF-8 encoded traversals, etc).
-
-Homeservers have additional content-specific concerns:
-
-- Clients may try to upload very large files. Homeservers should not store files
-  that are too large and should not serve them to clients, returning a HTTP 413
-  error with the ``M_TOO_LARGE`` code.
-
-- Clients may try to upload very large images. Homeservers should not attempt to
-  generate thumbnails for images that are too large, returning a HTTP 413 error
-  with the ``M_TOO_LARGE`` code.
-
-- Remote homeservers may host very large files or images. Homeservers should not
-  proxy or thumbnail large files or images from remote homeservers, returning a
-  HTTP 502 error with the ``M_TOO_LARGE`` code.
-
-- Clients may try to upload a large number of files. Homeservers should limit the
-  number and total size of media that can be uploaded by clients, returning a
-  HTTP 403 error with the ``M_FORBIDDEN`` code.
-
-- Clients may try to access a large number of remote files through a homeserver.
-  Homeservers should restrict the number and size of remote files that it caches.
-
-- Clients or remote homeservers may try to upload malicious files targeting
-  vulnerabilities in either the homeserver thumbnailing or the client decoders.
diff --git a/specification/modules/device_management.rst b/specification/modules/device_management.rst
deleted file mode 100644
index 3f9c84529bf..00000000000
--- a/specification/modules/device_management.rst
+++ /dev/null
@@ -1,41 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Device Management
-=================
-
-.. _module:device-management:
-
-This module provides a means for a user to manage their `devices`_.
-
-Client behaviour
-----------------
-Clients that implement this module should offer the user a list of registered
-devices, as well as the means to update their display names. Clients should
-also allow users to delete disused devices.
-
-{{device_management_cs_http_api}}
-
-Security considerations
------------------------
-
-Deleting devices has security implications: it invalidates the access_token
-assigned to the device, so an attacker could use it to log out the real user
-(and do it repeatedly every time the real user tries to log in to block the
-attacker). Servers should require additional authentication beyond the access
-token when deleting devices (for example, requiring that the user resubmit
-their password).
-
-The display names of devices are publicly visible. Clients should consider
-advising the user of this.
diff --git a/specification/modules/dm.rst b/specification/modules/dm.rst
deleted file mode 100644
index a89d3522aca..00000000000
--- a/specification/modules/dm.rst
+++ /dev/null
@@ -1,58 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Direct Messaging
-================
-
-.. _module:dm:
-
-All communication over Matrix happens within a room. It is sometimes
-desirable to offer users the concept of speaking directly to one
-particular person. This module defines a way of marking certain rooms
-as 'direct chats' with a given person. This does not restrict the chat
-to being between exactly two people since this would preclude the
-presence of automated 'bot' users or even a 'personal assistant' who is
-able to answer direct messages on behalf of the user in their absence.
-
-A room may not necessarily be considered 'direct' by all members of the
-room, but a signalling mechanism exists to propagate the information of
-whether a chat is 'direct' to an invitee.
-
-Events
-------
-
-{{m_direct_event}}
-
-Client behaviour
-----------------
-To start a direct chat with another user, the inviting user's client
-should set the ``is_direct`` flag to |/createRoom|_. The client should do 
-this whenever the flow the user has followed is one where their
-intention is to speak directly with another person, as opposed to bringing that
-person in to a shared room. For example, clicking on 'Start Chat' beside a
-person's profile picture would imply the ``is_direct`` flag should be set.
-
-The invitee's client may use the ``is_direct`` flag in the `m.room.member`_
-event to automatically mark the room as a direct chat but this is not
-required: it may for example, prompt the user, or ignore the flag altogether.
-
-Both the inviting client and the invitee's client should record the fact that
-the room is a direct chat by storing an ``m.direct`` event in the account data
-using |/user/<user_id>/account_data/<type>|_.
-
-Server behaviour
-----------------
-When the ``is_direct`` flag is given to |/createRoom|_, the home
-server must set the ``is_direct`` flag in the invite member event for any users
-invited in the |/createRoom|_ call.
diff --git a/specification/modules/end_to_end_encryption.rst b/specification/modules/end_to_end_encryption.rst
deleted file mode 100644
index 0e57636f521..00000000000
--- a/specification/modules/end_to_end_encryption.rst
+++ /dev/null
@@ -1,1361 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-End-to-End Encryption
-=====================
-
-.. _module:e2e:
-
-Matrix optionally supports end-to-end encryption, allowing rooms to be created
-whose conversation contents are not decryptable or interceptable on any of the
-participating homeservers.
-
-Key Distribution
-----------------
-Encryption and Authentication in Matrix is based around public-key
-cryptography. The Matrix protocol provides a basic mechanism for exchange of
-public keys, though an out-of-band channel is required to exchange fingerprints
-between users to build a web of trust.
-
-Overview
-~~~~~~~~
-
-.. code::
-
-    1) Bob publishes the public keys and supported algorithms for his
-       device. This may include long-term identity keys, and/or one-time
-       keys.
-
-                                          +----------+  +--------------+
-                                          | Bob's HS |  | Bob's Device |
-                                          +----------+  +--------------+
-                                                |              |
-                                                |<=============|
-                                                  /keys/upload
-
-    2) Alice requests Bob's public identity keys and supported algorithms.
-
-      +----------------+  +------------+  +----------+
-      | Alice's Device |  | Alice's HS |  | Bob's HS |
-      +----------------+  +------------+  +----------+
-             |                  |               |
-             |=================>|==============>|
-               /keys/query        <federation>
-
-    3) Alice selects an algorithm and claims any one-time keys needed.
-
-      +----------------+  +------------+  +----------+
-      | Alice's Device |  | Alice's HS |  | Bob's HS |
-      +----------------+  +------------+  +----------+
-             |                  |               |
-             |=================>|==============>|
-               /keys/claim         <federation>
-
-
-Key algorithms
-~~~~~~~~~~~~~~
-
-The name ``ed25519`` corresponds to the `Ed25519`_ signature algorithm. The key
-is a 32-byte Ed25519 public key, encoded using `unpadded Base64`_. Example:
-
-.. code:: json
-
-   "SogYyrkTldLz0BXP+GYWs0qaYacUI0RleEqNT8J3riQ"
-
-The name ``curve25519`` corresponds to the `Curve25519`_ ECDH algorithm. The
-key is a 32-byte Curve25519 public key, encoded using `unpadded
-Base64`_. Example:
-
-.. code:: json
-
-  "JGLn/yafz74HB2AbPLYJWIVGnKAtqECOBf11yyXac2Y"
-
-The name ``signed_curve25519`` also corresponds to the Curve25519 algorithm,
-but a key using this algorithm is represented by an object with a the following
-properties:
-
-``KeyObject``
-
-========== ================ =====================================================
-Parameter  Type             Description
-========== ================ =====================================================
-key        string           **Required.** The unpadded Base64-encoded 32-byte
-                            Curve25519 public key.
-signatures Signatures       **Required.** Signatures of the key object.
-
-                            The signature is calculated using the process described
-                            at `Signing JSON`_.
-========== ================ =====================================================
-
-Example:
-
-.. code:: json
-
-  {
-    "key":"06UzBknVHFMwgi7AVloY7ylC+xhOhEX4PkNge14Grl8",
-    "signatures": {
-      "@user:example.com": {
-        "ed25519:EGURVBUNJP": "YbJva03ihSj5mPk+CHMJKUKlCXCPFXjXOK6VqBnN9nA2evksQcTGn6hwQfrgRHIDDXO2le49x7jnWJHMJrJoBQ"
-      }
-    }
-  }
-
-Device keys
-~~~~~~~~~~~
-
-Each device should have one Ed25519 signing key. This key should be generated
-on the device from a cryptographically secure source, and the private part of
-the key should never be exported from the device. This key is used as the
-fingerprint for a device by other clients.
-
-A device will generally need to generate a number of additional keys. Details
-of these will vary depending on the messaging algorithm in use.
-
-Algorithms generally require device identity keys as well as signing keys. Some
-algorithms also require one-time keys to improve their secrecy and deniability.
-These keys are used once during session establishment, and are then thrown
-away.
-
-For Olm version 1, each device requires a single Curve25519 identity key, and a
-number of signed Curve25519 one-time keys.
-
-Uploading keys
-~~~~~~~~~~~~~~
-
-A device uploads the public parts of identity keys to their homeserver as a
-signed JSON object, using the |/keys/upload|_ API.
-The JSON object must include the public part of the device's Ed25519 key, and
-must be signed by that key, as described in `Signing JSON`_.
-
-One-time keys are also uploaded to the homeserver using the |/keys/upload|_
-API.
-
-Devices must store the private part of each key they upload. They can
-discard the private part of a one-time key when they receive a message using
-that key. However it's possible that a one-time key given out by a homeserver
-will never be used, so the device that generates the key will never know that
-it can discard the key. Therefore a device could end up trying to store too
-many private keys. A device that is trying to store too many private keys may
-discard keys starting with the oldest.
-
-Tracking the device list for a user
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Before Alice can send an encrypted message to Bob, she needs a list of each of
-his devices and the associated identity keys, so that she can establish an
-encryption session with each device. This list can be obtained by calling
-|/keys/query|_, passing Bob's user ID in the ``device_keys`` parameter.
-
-From time to time, Bob may add new devices, and Alice will need to know this so
-that she can include his new devices for later encrypted messages. A naive
-solution to this would be to call |/keys/query|_ before sending each message -
-however, the number of users and devices may be large and this would be
-inefficient.
-
-It is therefore expected that each client will maintain a list of devices for a
-number of users (in practice, typically each user with whom we share an
-encrypted room). Furthermore, it is likely that this list will need to be
-persisted between invocations of the client application (to preserve device
-verification data and to alert Alice if Bob suddenly gets a new
-device).
-
-Alice's client can maintain a list of Bob's devices via the following
-process:
-
-#. It first sets a flag to record that it is now tracking Bob's device list,
-   and a separate flag to indicate that its list of Bob's devices is
-   outdated. Both flags should be in storage which persists over client
-   restarts.
-
-#. It then makes a request to |/keys/query|_, passing Bob's user ID in the
-   ``device_keys`` parameter. When the request completes, it stores the
-   resulting list of devices in persistent storage, and clears the 'outdated'
-   flag.
-
-#. During its normal processing of responses to |/sync|_, Alice's client
-   inspects the ``changed`` property of the |device_lists|_ field. If it is
-   tracking the device lists of any of the listed users, then it marks the
-   device lists for those users outdated, and initiates another request to
-   |/keys/query|_ for them.
-
-#. Periodically, Alice's client stores the ``next_batch`` field of the result
-   from |/sync|_ in persistent storage. If Alice later restarts her client, it
-   can obtain a list of the users who have updated their device list while it
-   was offline by calling |/keys/changes|_, passing the recorded ``next_batch``
-   field as the ``from`` parameter. If the client is tracking the device list
-   of any of the users listed in the response, it marks them as outdated. It
-   combines this list with those already flagged as outdated, and initiates a
-   |/keys/query|_ request for all of them.
-
-.. Warning::
-
-   Bob may update one of his devices while Alice has a request to
-   ``/keys/query`` in flight. Alice's client may therefore see Bob's user ID in
-   the ``device_lists`` field of the ``/sync`` response while the first request
-   is in flight, and initiate a second request to ``/keys/query``. This may
-   lead to either of two related problems.
-
-   The first problem is that, when the first request completes, the client will
-   clear the 'outdated' flag for Bob's devices. If the second request fails, or
-   the client is shut down before it completes, this could lead to Alice using
-   an outdated list of Bob's devices.
-
-   The second possibility is that, under certain conditions, the second request
-   may complete *before* the first one. When the first request completes, the
-   client could overwrite the later results from the second request with those
-   from the first request.
-
-   Clients MUST guard against these situations. For example, a client could
-   ensure that only one request to ``/keys/query`` is in flight at a time for
-   each user, by queuing additional requests until the first completes.
-   Alternatively, the client could make a new request immediately, but ensure
-   that the first request's results are ignored (possibly by cancelling the
-   request).
-
-.. Note::
-
-  When Bob and Alice share a room, with Bob tracking Alice's devices, she may leave
-  the room and then add a new device. Bob will not be notified of this change,
-  as he doesn't share a room anymore with Alice. When they start sharing a
-  room again, Bob has an out-of-date list of Alice's devices. In order to address
-  this issue, Bob's homeserver will add Alice's user ID to the ``changed`` property of
-  the ``device_lists`` field, thus Bob will update his list of Alice's devices as part
-  of his normal processing. Note that Bob can also be notified when he stops sharing
-  any room with Alice by inspecting the ``left`` property of the ``device_lists``
-  field, and as a result should remove her from its list of tracked users.
-
-.. |device_lists| replace:: ``device_lists``
-.. _`device_lists`: `device_lists_sync`_
-
-
-Sending encrypted attachments
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When encryption is enabled in a room, files should be uploaded encrypted on
-the homeserver.
-
-In order to achieve this, a client should generate a single-use 256-bit AES
-key, and encrypt the file using AES-CTR. The counter should be 64-bit long,
-starting at 0 and prefixed by a random 64-bit Initialization Vector (IV), which
-together form a 128-bit unique counter block.
-
-.. Warning::
-  An IV must never be used multiple times with the same key. This implies that
-  if there are multiple files to encrypt in the same message, typically an
-  image and its thumbnail, the files must not share both the same key and IV.
-
-Then, the encrypted file can be uploaded to the homeserver.
-The key and the IV must be included in the room event along with the resulting
-``mxc://`` in order to allow recipients to decrypt the file. As the event
-containing those will be Megolm encrypted, the server will never have access to
-the decrypted file.
-
-A hash of the ciphertext must also be included, in order to prevent the homeserver from
-changing the file content.
-
-A client should send the data as an encrypted ``m.room.message`` event, using
-either ``m.file`` as the msgtype, or the appropriate msgtype for the file
-type. The key is sent using the `JSON Web Key`_ format, with a `W3C
-extension`_.
-
-.. anchor for link from m.message api spec
-.. |encrypted_files| replace:: End-to-end encryption
-.. _encrypted_files:
-
-Extensions to ``m.message`` msgtypes
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-This module adds ``file`` and ``thumbnail_file`` properties, of type
-``EncryptedFile``, to ``m.message`` msgtypes that reference files, such as
-`m.file`_ and `m.image`_, replacing the ``url`` and ``thumbnail_url``
-properties.
-
-.. todo: generate this from a swagger definition?
-
-``EncryptedFile``
-
-========= ================ =====================================================
-Parameter Type             Description
-========= ================ =====================================================
-url       string           **Required.** The URL to the file.
-key       JWK              **Required.** A `JSON Web Key`_ object.
-iv        string           **Required.** The 128-bit unique counter block used by
-                           AES-CTR, encoded as unpadded base64.
-hashes    {string: string} **Required.** A map from an algorithm name to a hash
-                           of the ciphertext, encoded as unpadded base64. Clients
-                           should support the SHA-256 hash, which uses the key
-                           ``sha256``.
-v         string           **Required.** Version of the encrypted attachments
-                           protocol. Must be ``v2``.
-========= ================ =====================================================
-
-``JWK``
-
-========= ========= ============================================================
-Parameter Type      Description
-========= ========= ============================================================
-kty       string    **Required.** Key type. Must be ``oct``.
-key_ops   [string]  **Required.** Key operations. Must at least contain
-                    ``encrypt`` and ``decrypt``.
-alg       string    **Required.** Algorithm. Must be ``A256CTR``.
-k         string    **Required.** The key, encoded as urlsafe unpadded base64.
-ext       boolean   **Required.** Extractable. Must be ``true``. This is a
-                    `W3C extension`_.
-========= ========= ============================================================
-
-Example:
-
-.. code :: json
-
-  {
-    "content": {
-      "body": "something-important.jpg",
-      "file": {
-        "url": "mxc://example.org/FHyPlCeYUSFFxlgbQYZmoEoe",
-        "mimetype": "image/jpeg",
-        "v": "v2",
-        "key": {
-          "alg": "A256CTR",
-          "ext": true,
-          "k": "aWF6-32KGYaC3A_FEUCk1Bt0JA37zP0wrStgmdCaW-0",
-          "key_ops": ["encrypt","decrypt"],
-          "kty": "oct"
-        },
-        "iv": "w+sE15fzSc0AAAAAAAAAAA",
-        "hashes": {
-          "sha256": "fdSLu/YkRx3Wyh3KQabP3rd6+SFiKg5lsJZQHtkSAYA"
-        }
-      },
-      "info": {
-        "mimetype": "image/jpeg",
-        "h": 1536,
-        "size": 422018,
-        "thumbnail_file": {
-          "hashes": {
-            "sha256": "/NogKqW5bz/m8xHgFiH5haFGjCNVmUIPLzfvOhHdrxY"
-          },
-          "iv": "U+k7PfwLr6UAAAAAAAAAAA",
-          "key": {
-            "alg": "A256CTR",
-            "ext": true,
-            "k": "RMyd6zhlbifsACM1DXkCbioZ2u0SywGljTH8JmGcylg",
-            "key_ops": ["encrypt", "decrypt"],
-            "kty": "oct"
-          },
-          "mimetype": "image/jpeg",
-          "url": "mxc://example.org/pmVJxyxGlmxHposwVSlOaEOv",
-          "v": "v2"
-        },
-        "thumbnail_info": {
-          "h": 768,
-          "mimetype": "image/jpeg",
-          "size": 211009,
-          "w": 432
-        },
-        "w": 864
-      },
-      "msgtype": "m.image"
-    },
-    "event_id": "$143273582443PhrSn:example.org",
-    "origin_server_ts": 1432735824653,
-    "room_id": "!jEsUZKDJdhlrceRyVU:example.org",
-    "sender": "@example:example.org",
-    "type": "m.room.message",
-    "unsigned": {
-        "age": 1234
-    }
-  }
-
-Claiming one-time keys
-~~~~~~~~~~~~~~~~~~~~~~
-
-A client wanting to set up a session with another device can claim a one-time
-key for that device. This is done by making a request to the |/keys/claim|_
-API.
-
-A homeserver should rate-limit the number of one-time keys that a given user or
-remote server can claim. A homeserver should discard the public part of a one
-time key once it has given that key to another user.
-
-Device verification
--------------------
-
-Before Alice sends Bob encrypted data, or trusts data received from him, she
-may want to verify that she is actually communicating with him, rather than a
-man-in-the-middle. This verification process requires an out-of-band channel:
-there is no way to do it within Matrix without trusting the administrators of
-the homeservers.
-
-In Matrix, verification works by Alice meeting Bob in person, or contacting him
-via some other trusted medium, and use `SAS Verification`_ to interactively
-verify Bob's devices. Alice and Bob may also read aloud their unpadded base64
-encoded Ed25519 public key, as returned by ``/keys/query``.
-
-Device verification may reach one of several conclusions. For example:
-
-* Alice may "accept" the device. This means that she is satisfied that the
-  device belongs to Bob. She can then encrypt sensitive material for that
-  device, and knows that messages received were sent from that device.
-
-* Alice may "reject" the device. She will do this if she knows or suspects
-  that Bob does not control that device (or equivalently, does not trust
-  Bob). She will not send sensitive material to that device, and cannot trust
-  messages apparently received from it.
-
-* Alice may choose to skip the device verification process. She is not able
-  to verify that the device actually belongs to Bob, but has no reason to
-  suspect otherwise. The encryption protocol continues to protect against
-  passive eavesdroppers.
-
-.. NOTE::
-
-   Once the signing key has been verified, it is then up to the encryption
-   protocol to verify that a given message was sent from a device holding that
-   Ed25519 private key, or to encrypt a message so that it may only be
-   decrypted by such a device. For the Olm protocol, this is documented at
-   https://matrix.org/docs/olm_signing.html.
-
-
-Key verification framework
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Verifying keys manually by reading out the Ed25519 key is not very user friendly,
-and can lead to errors. In order to help mitigate errors, and to make the process
-easier for users, some verification methods are supported by the specification.
-The methods all use a common framework for negotiating the key verification.
-
-To use this framework, Alice's client would send ``m.key.verification.request``
-events to Bob's devices. All of the ``to_device`` messages sent to Bob MUST have
-the same ``transaction_id`` to indicate they are part of the same request. This
-allows Bob to reject the request on one device, and have it apply to all of his
-devices. Similarly, it allows Bob to process the verification on one device without
-having to involve all of his devices.
-
-When Bob's device receives a ``m.key.verification.request``, it should prompt Bob
-to verify keys with Alice using one of the supported methods in the request. If
-Bob's device does not understand any of the methods, it should not cancel the request
-as one of his other devices may support the request. Instead, Bob's device should
-tell Bob that an unsupported method was used for starting key verification. The
-prompt for Bob to accept/reject Alice's request (or the unsupported method prompt)
-should be automatically dismissed 10 minutes after the ``timestamp`` field or 2
-minutes after Bob's client receives the message, whichever comes first, if Bob
-does not interact with the prompt. The prompt should additionally be hidden if
-an appropriate ``m.key.verification.cancel`` message is received.
-
-If Bob rejects the request, Bob's client must send a ``m.key.verification.cancel``
-message to Alice's device. Upon receipt, Alice's device should tell her that Bob
-does not want to verify her device and send ``m.key.verification.cancel`` messages
-to all of Bob's devices to notify them that the request was rejected.
-
-If Bob accepts the request, Bob's device starts the key verification process by
-sending a ``m.key.verification.start`` message to Alice's device. Upon receipt
-of this message, Alice's device should send a ``m.key.verification.cancel`` message
-to all of Bob's other devices to indicate the process has been started. The start
-message must use the same ``transaction_id`` from the original key verification
-request if it is in response to the request. The start message can be sent indepdently
-of any request.
-
-Individual verification methods may add additional steps, events, and properties to
-the verification messages. Event types for methods defined in this specification must
-be under the ``m.key.verification`` namespace and any other event types must be namespaced
-according to the Java package naming convention.
-
-Any of Alice's or Bob's devices can cancel the key verification request or process
-at any time with a ``m.key.verification.cancel`` message to all applicable devices.
-
-This framework yields the following handshake, assuming both Alice and Bob each have
-2 devices, Bob's first device accepts the key verification request, and Alice's second
-device initiates the request. Note how Alice's first device is not involved in the
-request or verification process.
-
-::
-
-  +---------------+ +---------------+                    +-------------+ +-------------+
-  | AliceDevice1  | | AliceDevice2  |                    | BobDevice1  | | BobDevice2  |
-  +---------------+ +---------------+                    +-------------+ +-------------+
-          |                 |                                   |               |
-          |                 | m.key.verification.request        |               |
-          |                 |---------------------------------->|               |
-          |                 |                                   |               |
-          |                 | m.key.verification.request        |               |
-          |                 |-------------------------------------------------->|
-          |                 |                                   |               |
-          |                 |          m.key.verification.start |               |
-          |                 |<----------------------------------|               |
-          |                 |                                   |               |
-          |                 | m.key.verification.cancel         |               |
-          |                 |-------------------------------------------------->|
-          |                 |                                   |               |
-
-
-After the handshake, the verification process begins.
-
-{{m_key_verification_request_event}}
-
-{{m_key_verification_start_event}}
-
-{{m_key_verification_cancel_event}}
-
-
-.. _`SAS Verification`:
-
-Short Authentication String (SAS) verification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-SAS verification is a user-friendly key verification process built off the common
-framework outlined above. SAS verification is intended to be a highly interactive
-process for users, and as such exposes verfiication methods which are easier for
-users to use.
-
-The verification process is heavily inspired by Phil Zimmermann's ZRTP key agreement
-handshake. A key part of key agreement in ZRTP is the hash commitment: the party that
-begins the Diffie-Hellman key sharing sends a hash of their part of the Diffie-Hellman
-exchange, and does not send their part of the Diffie-Hellman exchange until they have
-received the other party's part. Thus an attacker essentially only has one attempt to
-attack the Diffie-Hellman exchange, and hence we can verify fewer bits while still
-achieving a high degree of security: if we verify n bits, then an attacker has a 1 in
-2\ :sup:`n` chance of success.  For example, if we verify 40 bits, then an attacker has
-a 1 in 1,099,511,627,776 chance (or less than 1 in 10\ :sup:`12` chance) of success. A failed
-attack would result in a mismatched Short Authentication String, alerting users to the
-attack.
-
-The verification process takes place over `to-device`_ messages in two phases:
-
-1. Key agreement phase (based on `ZRTP key agreement <https://tools.ietf.org/html/rfc6189#section-4.4.1>`_).
-#. Key verification phase (based on HMAC).
-
-The process between Alice and Bob verifying each other would be:
-
-.. |AlicePublicKey| replace:: :math:`K_{A}^{public}`
-.. |AlicePrivateKey| replace:: :math:`K_{A}^{private}`
-.. |AliceCurve25519| replace:: :math:`K_{A}^{private},K_{A}^{public}`
-.. |BobPublicKey| replace:: :math:`K_{B}^{public}`
-.. |BobPrivateKey| replace:: :math:`K_{B}^{private}`
-.. |BobCurve25519| replace:: :math:`K_{B}^{private},K_{B}^{public}`
-.. |BobAliceCurve25519| replace:: :math:`K_{B}^{private}K_{A}^{public}`
-.. |AliceBobECDH| replace:: :math:`ECDH(K_{A}^{private},K_{B}^{public})`
-
-1. Alice and Bob establish a secure out-of-band connection, such as meeting
-   in-person or a video call. "Secure" here means that either party cannot be
-   impersonated, not explicit secrecy.
-#. Alice and Bob communicate which devices they'd like to verify with each other.
-#. Alice selects Bob's device from the device list and begins verification.
-#. Alice's client ensures it has a copy of Bob's device key.
-#. Alice's device sends Bob's device a ``m.key.verification.start`` message.
-#. Bob's device receives the message and selects a key agreement protocol, hash
-   algorithm, message authentication code, and SAS method supported by Alice's
-   device.
-#. Bob's device ensures it has a copy of Alice's device key.
-#. Bob's device creates an ephemeral Curve25519 key pair (|BobCurve25519|), and
-   calculates the hash (using the chosen algorithm) of the public key |BobPublicKey|.
-#. Bob's device replies to Alice's device with a ``m.key.verification.accept`` message.
-#. Alice's device receives Bob's message and stores the commitment hash for later use.
-#. Alice's device creates an ephemeral Curve25519 key pair (|AliceCurve25519|) and
-   replies to Bob's device with a ``m.key.verification.key``, sending only the public
-   key |AlicePublicKey|.
-#. Bob's device receives Alice's message and replies with its own ``m.key.verification.key``
-   message containing its public key |BobPublicKey|.
-#. Alice's device receives Bob's message and verifies the commitment hash from earlier
-   matches the hash of the key Bob's device just sent and the content of Alice's
-   ``m.key.verification.start`` message.
-#. Both Alice and Bob's devices perform an Elliptic-curve Diffie-Hellman (|AliceBobECDH|),
-   using the result as the shared secret.
-#. Both Alice and Bob's devices display a SAS to their users, which is derived
-   from the shared key using one of the methods in this section. If multiple SAS
-   methods are available, clients should allow the users to select a method.
-#. Alice and Bob compare the strings shown by their devices, and tell their devices if
-   they match or not.
-#. Assuming they match, Alice and Bob's devices calculate the HMAC of their own device keys
-   and a comma-separated sorted list of of the key IDs that they wish the other user
-   to verify, using SHA-256 as the hash function. HMAC is defined in `RFC 2104 <https://tools.ietf.org/html/rfc2104>`_.
-   The key for the HMAC is different for each item and is calculated by generating
-   32 bytes (256 bits) using `the key verification HKDF <#sas-hkdf>`_.
-#. Alice's device sends Bob's device a ``m.key.verification.mac`` message containing the
-   MAC of Alice's device keys and the MAC of her key IDs to be verified. Bob's device does
-   the same for Bob's device keys and key IDs concurrently with Alice.
-#. When the other device receives the ``m.key.verification.mac`` message, the device
-   calculates the HMAC of its copies of the other device's keys given in the message,
-   as well as the HMAC of the comma-separated, sorted, list of key IDs in the message.
-   The device compares these with the HMAC values given in the message, and if everything
-   matches then the device keys are verified.
-
-The wire protocol looks like the following between Alice and Bob's devices::
-
-  +-------------+                    +-----------+
-  | AliceDevice |                    | BobDevice |
-  +-------------+                    +-----------+
-        |                                 |
-        | m.key.verification.start        |
-        |-------------------------------->|
-        |                                 |
-        |       m.key.verification.accept |
-        |<--------------------------------|
-        |                                 |
-        | m.key.verification.key          |
-        |-------------------------------->|
-        |                                 |
-        |          m.key.verification.key |
-        |<--------------------------------|
-        |                                 |
-        | m.key.verification.mac          |
-        |-------------------------------->|
-        |                                 |
-        |          m.key.verification.mac |
-        |<--------------------------------|
-        |                                 |
-
-Error and exception handling
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-At any point the interactive verfication can go wrong. The following describes what
-to do when an error happens:
-
-* Alice or Bob can cancel the verification at any time. A ``m.key.verification.cancel``
-  message must be sent to signify the cancellation.
-* The verification can time out. Clients should time out a verification that does not
-  complete within 10 minutes. Additionally, clients should expire a ``transaction_id``
-  which goes unused for 10 minutes after having last sent/received it. The client should
-  inform the user that the verification timed out, and send an appropriate
-  ``m.key.verification.cancel`` message to the other device.
-* When the same device attempts to intiate multiple verification attempts, the receipient
-  should cancel all attempts with that device.
-* When a device receives an unknown ``transaction_id``, it should send an appropriate
-  ``m.key.verfication.cancel`` message to the other device indicating as such. This
-  does not apply for inbound ``m.key.verification.start`` or ``m.key.verification.cancel``
-  messages.
-* If the two devices do not share a common key share, hash, HMAC, or SAS method then
-  the device should notify the other device with an appropriate ``m.key.verification.cancel``
-  message.
-* If the user claims the Short Authentication Strings do not match, the device should
-  send an appropriate ``m.key.verification.cancel`` message to the other device.
-* If the device receives a message out of sequence or that it was not expecting, it should
-  notify the other device with an appropriate ``m.key.verification.cancel`` message.
-
-
-Verification messages specific to SAS
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-Building off the common framework, the following events are involved in SAS verification.
-
-The ``m.key.verification.cancel`` event is unchanged, however the following error codes
-are used in addition to those already specified:
-
-* ``m.unknown_method``: The devices are unable to agree on the key agreement, hash, MAC,
-  or SAS method.
-* ``m.mismatched_commitment``: The hash commitment did not match.
-* ``m.mismatched_sas``: The SAS did not match.
-
-
-{{m_key_verification_start_m_sas_v1_event}}
-
-{{m_key_verification_accept_event}}
-
-{{m_key_verification_key_event}}
-
-{{m_key_verification_mac_event}}
-
-
-.. _sas-hkdf:
-
-HKDF calculation
-<<<<<<<<<<<<<<<<
-
-In all of the SAS methods, HKDF is as defined in `RFC 5869 <https://tools.ietf.org/html/rfc5869>`_
-and uses the previously agreed-upon hash function for the hash function. The shared
-secret is supplied as the input keying material. No salt is used. When the
-``key_agreement_protocol`` is ``curve25519-hkdf-sha256``, the info parameter is
-the concatenation of:
-
-  * The string ``MATRIX_KEY_VERIFICATION_SAS|``.
-  * The Matrix ID of the user who sent the ``m.key.verification.start`` message,
-    followed by ``|``.
-  * The Device ID of the device which sent the ``m.key.verification.start``
-    message, followed by ``|``.
-  * The public key from the ``m.key.verification.key`` message sent by the device
-    which sent the ``m.key.verification.start`` message, followed by ``|``.
-  * The Matrix ID of the user who sent the ``m.key.verification.accept`` message,
-    followed by ``|``.
-  * The Device ID of the device which sent the ``m.key.verification.accept``
-    message, followed by ``|``.
-  * The public key from the ``m.key.verification.key`` message sent by the device
-    which sent the ``m.key.verification.accept`` message, followed by ``|``.
-  * The ``transaction_id`` being used.
-
-When the ``key_agreement_protocol`` is the deprecated method ``curve25519``,
-the info parameter is the concatenation of:
-
-  * The string ``MATRIX_KEY_VERIFICATION_SAS``.
-  * The Matrix ID of the user who sent the ``m.key.verification.start`` message.
-  * The Device ID of the device which sent the ``m.key.verification.start`` message.
-  * The Matrix ID of the user who sent the ``m.key.verification.accept`` message.
-  * The Device ID of the device which sent the ``m.key.verification.accept`` message.
-  * The ``transaction_id`` being used.
-
-New implementations are discouraged from implementing the ``curve25519`` method.
-
-.. admonition:: Rationale
-
-  HKDF is used over the plain shared secret as it results in a harder attack
-  as well as more uniform data to work with.
-
-For verification of each party's device keys, HKDF is as defined in RFC 5869 and
-uses SHA-256 as the hash function. The shared secret is supplied as the input keying
-material. No salt is used, and in the info parameter is the concatenation of:
-
-  * The string ``MATRIX_KEY_VERIFICATION_MAC``.
-  * The Matrix ID of the user whose key is being MAC-ed.
-  * The Device ID of the device sending the MAC.
-  * The Matrix ID of the other user.
-  * The Device ID of the device receiving the MAC.
-  * The ``transaction_id`` being used.
-  * The Key ID of the key being MAC-ed, or the string ``KEY_IDS`` if the item
-    being MAC-ed is the list of key IDs.
-
-SAS method: ``decimal``
-<<<<<<<<<<<<<<<<<<<<<<<
-
-Generate 5 bytes using `HKDF <#sas-hkdf>`_ then take sequences of 13 bits to
-convert to decimal numbers (resulting in 3 numbers between 0 and 8191 inclusive
-each). Add 1000 to each calculated number.
-
-The bitwise operations to get the numbers given the 5 bytes
-:math:`B_{0}, B_{1}, B_{2}, B_{3}, B_{4}` would be:
-
-* First: :math:`(B_{0} \ll 5 | B_{1} \gg 3) + 1000`
-* Second: :math:`((B_{1} \& 0x7) \ll 10 | B_{2} \ll 2 | B_{3} \gg 6) + 1000`
-* Third: :math:`((B_{3} \& 0x3F) \ll 7 | B_{4} \gg 1) + 1000`
-
-The digits are displayed to the user either with an appropriate separator,
-such as dashes, or with the numbers on individual lines.
-
-SAS method: ``emoji``
-<<<<<<<<<<<<<<<<<<<<<
-
-Generate 6 bytes using `HKDF <#sas-hkdf>`_ then split the first 42 bits into
-7 groups of 6 bits, similar to how one would base64 encode something. Convert
-each group of 6 bits to a number and use the following table to get the corresponding
-emoji:
-
-{{sas_emoji_table}}
-
-.. Note::
-   This table is available as JSON at
-   https://github.com/matrix-org/matrix-doc/blob/master/data-definitions/sas-emoji.json
-
-.. admonition:: Rationale
-
-   The emoji above were chosen to:
-
-   * Be recognisable without colour.
-   * Be recognisable at a small size.
-   * Be recognisable by most cultures.
-   * Be distinguishable from each other.
-   * Easily described by a few words.
-   * Avoid symbols with negative connotations.
-   * Be likely similar across multiple platforms.
-
-Clients SHOULD show the emoji with the descriptions from the table, or appropriate
-translation of those descriptions. Client authors SHOULD collaborate to create a
-common set of translations for all languages.
-
-.. Note::
-   Known translations for the emoji are available from
-   https://github.com/matrix-org/matrix-doc/blob/master/data-definitions/ and can be
-   translated online: https://translate.riot.im/projects/matrix-doc/sas-emoji-v1
-
-
-.. section name changed, so make sure that old links keep working
-.. _key-sharing:
-
-Sharing keys between devices
-----------------------------
-
-If Bob has an encrypted conversation with Alice on his computer, and then logs in
-through his phone for the first time, he may want to have access to the previously
-exchanged messages. To address this issue, several methods are provided to
-allow users to transfer keys from one device to another.
-
-Key requests
-~~~~~~~~~~~~
-
-When a device is missing keys to decrypt messages, it can request the keys by
-sending `m.room_key_request`_ to-device messages to other devices with
-``action`` set to ``request``. If a device wishes to share the keys with that
-device, it can forward the keys to the first device by sending an encrypted
-`m.forwarded_room_key`_ to-device message. The first device should then send an
-`m.room_key_request`_ to-device message with ``action`` set to
-``request_cancellation`` to the other devices that it had originally sent the key
-request to; a device that receives a ``request_cancellation`` should disregard any
-previously-received ``request`` message with the same ``request_id`` and
-``requesting_device_id``.
-
-.. NOTE::
-
-  Key sharing can be a big attack vector, thus it must be done very carefully.
-  A reasonable strategy is for a user's client to only send keys requested by the
-  verified devices of the same user.
-
-Server-side key backups
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Devices may upload encrypted copies of keys to the server. When a device tries
-to read a message that it does not have keys for, it may request the key from
-the server and decrypt it. Backups are per-user, and users may replace backups
-with new backups.
-
-In contrast with `Key requests`_, Server-side key backups do not require another
-device to be online from which to request keys. However, as the session keys are
-stored on the server encrypted, it requires users to enter a decryption key to
-decrypt the session keys.
-
-To create a backup, a client will call `POST
-/_matrix/client/r0/room_keys/version`_ and define how the keys are to be
-encrypted through the backup's ``auth_data``; other clients can discover the
-backup by calling `GET /_matrix/client/r0/room_keys/version`_.  Keys are
-encrypted according to the backup's ``auth_data`` and added to the backup by
-calling `PUT /_matrix/client/r0/room_keys/keys`_ or one of its variants, and
-can be retrieved by calling `GET /_matrix/client/r0/room_keys/keys`_ or one of
-its variants.  Keys can only be written to the most recently created version of
-the backup.  Backups can also be deleted using `DELETE
-/_matrix/client/r0/room_keys/version/{version}`_, or individual keys can be
-deleted using `DELETE /_matrix/client/r0/room_keys/keys`_ or one of its
-variants.
-
-Clients must only store keys in backups after they have ensured that the
-``auth_data`` is trusted, either by checking the signatures on it, or by
-deriving the public key from a private key that it obtained from a trusted
-source.
-
-When a client uploads a key for a session that the server already has a key
-for, the server will choose to either keep the existing key or replace it with
-the new key based on the key metadata as follows:
-
-- if the keys have different values for ``is_verified``, then it will keep the
-  key that has ``is_verified`` set to ``true``;
-- if they have the same values for ``is_verified``, then it will keep the key
-  with a lower ``first_message_index``;
-- and finally, is ``is_verified`` and ``first_message_index`` are equal, then
-  it will keep the key with a lower ``forwarded_count``.
-
-Recovery key
-<<<<<<<<<<<<
-
-If the recovery key (the private half of the backup encryption key) is
-presented to the user to save, it is presented as a string constructed as
-follows:
-
-1. The 256-bit curve25519 private key is prepended by the bytes ``0x8B`` and
-   ``0x01``
-2. All the bytes in the string above, including the two header bytes, are XORed
-   together to form a parity byte. This parity byte is appended to the byte
-   string.
-3. The byte string is encoded using base58, using the same `mapping as is used
-   for Bitcoin addresses
-   <https://en.bitcoin.it/wiki/Base58Check_encoding#Base58_symbol_chart>`_,
-   that is, using the alphabet
-   ``123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz``.
-4. A space should be added after every 4th character.
-
-When reading in a recovery key, clients must disregard whitespace, and perform
-the reverse of steps 1 through 3.
-
-Backup algorithm: ``m.megolm_backup.v1.curve25519-aes-sha2``
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-When a backup is created with the ``algorithm`` set to
-``m.megolm_backup.v1.curve25519-aes-sha2``, the ``auth_data`` should have the
-following format:
-
-``AuthData``
-
-.. table::
-   :widths: auto
-
-   ========== =========== ======================================================
-   Parameter  Type        Description
-   ========== =========== ======================================================
-   public_key string      **Required.** The curve25519 public key used to encrypt
-                          the backups, encoded in unpadded base64.
-   signatures Signatures  Optional. Signatures of the ``auth_data``, as Signed
-                          JSON
-   ========== =========== ======================================================
-
-The ``session_data`` field in the backups is constructed as follows:
-
-1. Encode the session key to be backed up as a JSON object with the properties:
-
-   .. table::
-      :widths: auto
-
-      =============================== ======== =========================================
-      Parameter                       Type     Description
-      =============================== ======== =========================================
-      algorithm                       string   **Required.** The end-to-end message
-                                               encryption algorithm that the key is
-                                               for.  Must be ``m.megolm.v1.aes-sha2``.
-      forwarding_curve25519_key_chain [string] **Required.** Chain of Curve25519 keys
-                                               through which this session was
-                                               forwarded, via
-                                               `m.forwarded_room_key`_ events.
-      sender_key                      string   **Required.** Unpadded base64-encoded
-                                               device curve25519 key.
-      sender_claimed_keys             {string: **Required.** A map from algorithm name
-                                      string}  (``ed25519``) to the identity key
-                                               for the sending device.
-      session_key                     string   **Required.** Unpadded base64-encoded
-                                               session key in `session-sharing format
-                                               <https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#session-sharing-format>`_.
-      =============================== ======== =========================================
-
-2. Generate an ephemeral curve25519 key, and perform an ECDH with the ephemeral
-   key and the backup's public key to generate a shared secret.  The public
-   half of the ephemeral key, encoded using unpadded base64, becomes the ``ephemeral``
-   property of the ``session_data``.
-3. Using the shared secret, generate 80 bytes by performing an HKDF using
-   SHA-256 as the hash, with a salt of 32 bytes of 0, and with the empty string
-   as the info.  The first 32 bytes are used as the AES key, the next 32 bytes
-   are used as the MAC key, and the last 16 bytes are used as the AES
-   initialization vector.
-4. Stringify the JSON object, and encrypt it using AES-CBC-256 with PKCS#7
-   padding.  This encrypted data, encoded using unpadded base64, becomes the
-   ``ciphertext`` property of the ``session_data``.
-5. Pass the raw encrypted data (prior to base64 encoding) through HMAC-SHA-256
-   using the MAC key generated above.  The first 8 bytes of the resulting MAC
-   are base64-encoded, and become the ``mac`` property of the ``session_data``.
-
-{{key_backup_cs_http_api}}
-
-Key exports
-~~~~~~~~~~~
-
-Keys can be manually exported from one device to an encrypted file, copied to
-another device, and imported. The file is encrypted using a user-supplied
-passphrase, and is created as follows:
-
-1. Encode the sessions as a JSON object, formatted as described in `Key export
-   format`_.
-2. Generate a 512-bit key from the user-entered passphrase by computing
-   `PBKDF2`_\(HMAC-SHA-512, passphrase, S, N, 512), where S is a 128-bit
-   cryptographically-random salt and N is the number of rounds.  N should be at
-   least 100,000.  The keys K and K' are set to the first and last 256 bits of
-   this generated key, respectively.  K is used as an AES-256 key, and K' is
-   used as an HMAC-SHA-256 key.
-3. Serialize the JSON object as a UTF-8 string, and encrypt it using
-   AES-CTR-256 with the key K generated above, and with a 128-bit
-   cryptographically-random initialization vector, IV, that has bit 63 set to
-   zero. (Setting bit 63 to zero in IV is needed to work around differences in
-   implementations of AES-CTR.)
-4. Concatenate the following data:
-
-   ============ ===============================================================
-   Size (bytes) Description
-   ============ ===============================================================
-   1            Export format version, which must be ``0x01``.
-   16           The salt S.
-   16           The initialization vector IV.
-   4            The number of rounds N, as a big-endian unsigned 32-bit integer.
-   variable     The encrypted JSON object.
-   32           The HMAC-SHA-256 of all the above string concatenated together,
-                using K' as the key.
-   ============ ===============================================================
-
-5. Base64-encode the string above. Newlines may be added to avoid overly long
-   lines.
-6. Prepend the resulting string with ``-----BEGIN MEGOLM SESSION DATA-----``,
-   with a trailing newline, and append ``-----END MEGOLM SESSION DATA-----``,
-   with a leading and trailing newline.
-
-Key export format
-<<<<<<<<<<<<<<<<<
-
-The exported sessions are formatted as a JSON array of ``SessionData`` objects
-described as follows:
-
-``SessionData``
-
-.. table::
-   :widths: auto
-
-   =============================== =========== ====================================
-   Parameter                       Type        Description
-   =============================== =========== ====================================
-   algorithm                       string      Required. The encryption algorithm
-                                               that the session uses. Must be
-                                               ``m.megolm.v1.aes-sha2``.
-   forwarding_curve25519_key_chain [string]    Required. Chain of Curve25519 keys
-                                               through which this session was
-                                               forwarded, via
-                                               `m.forwarded_room_key`_ events.
-   room_id                         string      Required. The room where the
-                                               session is used.
-   sender_key                      string      Required. The Curve25519 key of the
-                                               device which initiated the session
-                                               originally.
-   sender_claimed_keys             {string:    Required. The Ed25519 key of the
-                                   string}     device which initiated the session
-                                               originally.
-   session_id                      string      Required. The ID of the session.
-   session_key                     string      Required. The key for the session.
-   =============================== =========== ====================================
-
-This is similar to the format before encryption used for the session keys in
-`Server-side key backups`_ but adds the ``room_id`` and ``session_id`` fields.
-
-Example:
-
-.. code:: json
-
-    [
-        {
-            "algorithm": "m.megolm.v1.aes-sha2",
-            "forwarding_curve25519_key_chain": [
-                "hPQNcabIABgGnx3/ACv/jmMmiQHoeFfuLB17tzWp6Hw"
-            ],
-            "room_id": "!Cuyf34gef24t:localhost",
-            "sender_key": "RF3s+E7RkTQTGF2d8Deol0FkQvgII2aJDf3/Jp5mxVU",
-            "sender_claimed_keys": {
-                "ed25519": "<device ed25519 identity key>",
-            },
-            "session_id": "X3lUlvLELLYxeTx4yOVu6UDpasGEVO0Jbu+QFnm0cKQ",
-            "session_key": "AgAAAADxKHa9uFxcXzwYoNueL5Xqi69IkD4sni8Llf..."
-        },
-        ...
-    ]
-
-Messaging Algorithms
---------------------
-
-Messaging Algorithm Names
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Messaging algorithm names use the extensible naming scheme used throughout this
-specification. Algorithm names that start with ``m.`` are reserved for
-algorithms defined by this specification. Implementations wanting to experiment
-with new algorithms must be uniquely globally namespaced following Java's package
-naming conventions.
-
-Algorithm names should be short and meaningful, and should list the primitives
-used by the algorithm so that it is easier to see if the algorithm is using a
-broken primitive.
-
-A name of ``m.olm.v1`` is too short: it gives no information about the primitives
-in use, and is difficult to extend for different primitives. However a name of
-``m.olm.v1.ecdh-curve25519-hdkfsha256.hmacsha256.hkdfsha256-aes256-cbc-hmac64sha256``
-is too long despite giving a more precise description of the algorithm: it adds
-to the data transfer overhead and sacrifices clarity for human readers without
-adding any useful extra information.
-
-``m.olm.v1.curve25519-aes-sha2``
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The name ``m.olm.v1.curve25519-aes-sha2`` corresponds to version 1 of the Olm
-ratchet, as defined by the `Olm specification`_. This uses:
-
-* Curve25519 for the initial key agreement.
-* HKDF-SHA-256 for ratchet key derivation.
-* Curve25519 for the root key ratchet.
-* HMAC-SHA-256 for the chain key ratchet.
-* HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated HMAC-SHA-256 for authenticated encryption.
-
-Devices that support Olm must include "m.olm.v1.curve25519-aes-sha2" in their
-list of supported messaging algorithms, must list a Curve25519 device key, and
-must publish Curve25519 one-time keys.
-
-An event encrypted using Olm has the following format:
-
-.. code:: json
-
-    {
-      "type": "m.room.encrypted",
-      "content": {
-        "algorithm": "m.olm.v1.curve25519-aes-sha2",
-        "sender_key": "<sender_curve25519_key>",
-        "ciphertext": {
-          "<device_curve25519_key>": {
-            "type": 0,
-            "body": "<encrypted_payload_base_64>"
-          }
-        }
-      }
-    }
-
-``ciphertext`` is a mapping from device Curve25519 key to an encrypted payload
-for that device. ``body`` is a Base64-encoded Olm message body. ``type`` is an
-integer indicating the type of the message body: 0 for the initial pre-key
-message, 1 for ordinary messages.
-
-Olm sessions will generate messages with a type of 0 until they receive a
-message. Once a session has decrypted a message it will produce messages with
-a type of 1.
-
-When a client receives a message with a type of 0 it must first check if it
-already has a matching session. If it does then it will use that session to
-try to decrypt the message. If there is no existing session then the client
-must create a new session and use the new session to decrypt the message. A
-client must not persist a session or remove one-time keys used by a session
-until it has successfully decrypted a message using that session.
-
-Messages with type 1 can only be decrypted with an existing session. If there
-is no matching session, the client must treat this as an invalid message.
-
-The plaintext payload is of the form:
-
-.. code:: json
-
-   {
-     "type": "<type of the plaintext event>",
-     "content": "<content for the plaintext event>",
-     "sender": "<sender_user_id>",
-     "recipient": "<recipient_user_id>",
-     "recipient_keys": {
-       "ed25519": "<our_ed25519_key>"
-     },
-     "keys": {
-       "ed25519": "<sender_ed25519_key>"
-     }
-   }
-
-The type and content of the plaintext message event are given in the payload.
-
-Other properties are included in order to prevent an attacker from publishing
-someone else's curve25519 keys as their own and subsequently claiming to have
-sent messages which they didn't.
-``sender`` must correspond to the user who sent the event, ``recipient`` to
-the local user, and ``recipient_keys`` to the local ed25519 key.
-
-Clients must confirm that the ``sender_key`` and the ``ed25519`` field value
-under the ``keys`` property match the keys returned by |/keys/query|_ for
-the given user, and must also verify the signature of the payload. Without
-this check, a client cannot be sure that the sender device owns the private
-part of the ed25519 key it claims to have in the Olm payload.
-This is crucial when the ed25519 key corresponds to a verified device.
-
-If a client has multiple sessions established with another device, it should
-use the session from which it last received and successfully decrypted a
-message. For these purposes, a session that has not received any messages
-should use its creation time as the time that it last received a message.
-A client may expire old sessions by defining a maximum number of olm sessions
-that it will maintain for each device, and expiring sessions on a Least Recently
-Used basis.  The maximum number of olm sessions maintained per device should
-be at least 4.
-
-Recovering from undecryptable messages
-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-
-Occasionally messages may be undecryptable by clients due to a variety of reasons.
-When this happens to an Olm-encrypted message, the client should assume that the Olm
-session has become corrupted and create a new one to replace it.
-
-.. Note::
-   Megolm-encrypted messages generally do not have the same problem. Usually the key
-   for an undecryptable Megolm-encrypted message will come later, allowing the client
-   to decrypt it successfully. Olm does not have a way to recover from the failure,
-   making this session replacement process required.
-
-To establish a new session, the client sends a `m.dummy <#m-dummy>`_ to-device event
-to the other party to notify them of the new session details.
-
-Clients should rate-limit the number of sessions it creates per device that it receives
-a message from. Clients should not create a new session with another device if it has
-already created one for that given device in the past 1 hour.
-
-Clients should attempt to mitigate loss of the undecryptable messages. For example,
-Megolm sessions that were sent using the old session would have been lost. The client
-can attempt to retrieve the lost sessions through ``m.room_key_request`` messages.
-
-
-``m.megolm.v1.aes-sha2``
-~~~~~~~~~~~~~~~~~~~~~~~~
-
-The name ``m.megolm.v1.aes-sha2`` corresponds to version 1 of the Megolm
-ratchet, as defined by the `Megolm specification`_. This uses:
-
-* HMAC-SHA-256 for the hash ratchet.
-* HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated HMAC-SHA-256 for authenticated encryption.
-* Ed25519 for message authenticity.
-
-Devices that support Megolm must support Olm, and include "m.megolm.v1.aes-sha2" in
-their list of supported messaging algorithms.
-
-An event encrypted using Megolm has the following format:
-
-.. code:: json
-
-    {
-      "type": "m.room.encrypted",
-      "content": {
-        "algorithm": "m.megolm.v1.aes-sha2",
-        "sender_key": "<sender_curve25519_key>",
-        "device_id": "<sender_device_id>",
-        "session_id": "<outbound_group_session_id>",
-        "ciphertext": "<encrypted_payload_base_64>"
-      }
-    }
-
-The encrypted payload can contain any message event. The plaintext is of the form:
-
-.. code:: json
-
-    {
-      "type": "<event_type>",
-      "content": "<event_content>",
-      "room_id": "<the room_id>"
-    }
-
-We include the room ID in the payload, because otherwise the homeserver would
-be able to change the room a message was sent in.
-
-Clients must guard against replay attacks by keeping track of the ratchet indices
-of Megolm sessions. They should reject messages with a ratchet index that they
-have already decrypted. Care should be taken in order to avoid false positives, as a
-client may decrypt the same event twice as part of its normal processing.
-
-As with Olm events, clients must confirm that the ``sender_key`` belongs to the user
-who sent the message. The same reasoning applies, but the sender ed25519 key has to be
-inferred from the ``keys.ed25519`` property of the event which established the Megolm
-session.
-
-In order to enable end-to-end encryption in a room, clients can send a
-``m.room.encryption`` state event specifying ``m.megolm.v1.aes-sha2`` as its
-``algorithm`` property.
-
-When creating a Megolm session in a room, clients must share the corresponding session
-key using Olm with the intended recipients, so that they can decrypt future messages
-encrypted using this session. A ``m.room_key`` event is used to do this. Clients
-must also handle ``m.room_key`` events sent by other devices in order to decrypt their
-messages.
-
-Protocol definitions
---------------------
-
-Events
-~~~~~~
-
-{{m_room_encryption_event}}
-
-{{m_room_encrypted_event}}
-
-{{m_room_key_event}}
-
-{{m_room_key_request_event}}
-
-{{m_forwarded_room_key_event}}
-
-{{m_dummy_event}}
-
-Key management API
-~~~~~~~~~~~~~~~~~~
-
-{{keys_cs_http_api}}
-
-
-.. anchor for link from /sync api spec
-.. |device_lists_sync| replace:: End-to-end encryption
-.. _device_lists_sync:
-
-Extensions to /sync
-~~~~~~~~~~~~~~~~~~~
-
-This module adds an optional ``device_lists`` property to the |/sync|_
-response, as specified below. The server need only populate this property for
-an incremental ``/sync`` (ie, one where the ``since`` parameter was
-specified). The client is expected to use |/keys/query|_ or |/keys/changes|_
-for the equivalent functionality after an initial sync, as documented in
-`Tracking the device list for a user`_.
-
-It also adds a ``one_time_keys_count`` property. Note the spelling difference
-with the ``one_time_key_counts`` property in the |/keys/upload|_ response.
-
-.. todo: generate this from a swagger definition?
-
-.. device_lists: { changed: ["@user:server", ... ]},
-
-============ =========== =====================================================
-Parameter    Type        Description
-============ =========== =====================================================
-device_lists DeviceLists Optional. Information on e2e device updates. Note:
-                         only present on an incremental sync.
-|device_otk| {string:    Optional. For each key algorithm, the number of
-             integer}    unclaimed one-time keys currently held on the server
-                         for this device.
-============ =========== =====================================================
-
-``DeviceLists``
-
-========= ========= =============================================
-Parameter Type      Description
-========= ========= =============================================
-changed   [string]  List of users who have updated their device identity keys,
-                    or who now share an encrypted room with the client since
-                    the previous sync response.
-left      [string]  List of users with whom we do not share any encrypted rooms
-                    anymore since the previous sync response.
-========= ========= =============================================
-
-.. NOTE::
-
-  For optimal performance, Alice should be added to ``changed`` in Bob's sync only
-  when she adds a new device, or when Alice and Bob now share a room but didn't
-  share any room previously. However, for the sake of simpler logic, a server
-  may add Alice to ``changed`` when Alice and Bob share a new room, even if they
-  previously already shared a room.
-
-Example response:
-
-.. code:: json
-
-  {
-    "next_batch": "s72595_4483_1934",
-    "rooms": {"leave": {}, "join": {}, "invite": {}},
-    "device_lists": {
-      "changed": [
-         "@alice:example.com",
-      ],
-      "left": [
-         "@bob:example.com",
-      ],
-    },
-    "device_one_time_keys_count": {
-      "curve25519": 10,
-      "signed_curve25519": 20
-    }
-  }
-
-.. References
-
-.. _ed25519: http://ed25519.cr.yp.to/
-.. _curve25519: https://cr.yp.to/ecdh.html
-.. _`Olm specification`: http://matrix.org/docs/spec/olm.html
-.. _`Megolm specification`: http://matrix.org/docs/spec/megolm.html
-.. _`JSON Web Key`: https://tools.ietf.org/html/rfc7517#appendix-A.3
-.. _`W3C extension`: https://w3c.github.io/webcrypto/#iana-section-jwk
-.. _`PBKDF2`: https://tools.ietf.org/html/rfc2898#section-5.2
-
-.. _`Signing JSON`: ../appendices.html#signing-json
-
-.. |m.olm.v1.curve25519-aes-sha2| replace:: ``m.olm.v1.curve25519-aes-sha2``
-.. |device_otk| replace:: device_one_time_keys_count
-
-.. |/keys/upload| replace:: ``/keys/upload``
-.. _/keys/upload: #post-matrix-client-%CLIENT_MAJOR_VERSION%-keys-upload
-
-.. |/keys/query| replace:: ``/keys/query``
-.. _/keys/query: #post-matrix-client-%CLIENT_MAJOR_VERSION%-keys-query
-
-.. |/keys/claim| replace:: ``/keys/claim``
-.. _/keys/claim: #post-matrix-client-%CLIENT_MAJOR_VERSION%-keys-claim
-
-.. |/keys/changes| replace:: ``/keys/changes``
-.. _/keys/changes: #get-matrix-client-%CLIENT_MAJOR_VERSION%-keys-changes
diff --git a/specification/modules/event_context.rst b/specification/modules/event_context.rst
deleted file mode 100644
index 2d5f22b14c2..00000000000
--- a/specification/modules/event_context.rst
+++ /dev/null
@@ -1,33 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Event Context
-=============
-
-.. _module:event-context:
-
-This API returns a number of events that happened just before and after the
-specified event. This allows clients to get the context surrounding an event.
-
-Client behaviour
-----------------
-
-There is a single HTTP API for retrieving event context, documented below.
-
-{{event_context_cs_http_api}}
-
-Security considerations
------------------------
-
-The server must only return results that the user has permission to see.
diff --git a/specification/modules/guest_access.rst b/specification/modules/guest_access.rst
deleted file mode 100644
index d579da833b0..00000000000
--- a/specification/modules/guest_access.rst
+++ /dev/null
@@ -1,102 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Guest Access
-============
-
-.. _module:guest-access:
-
-There are times when it is desirable for clients to be able to interact with
-rooms without having to fully register for an account on a homeserver or join
-the room. This module specifies how these clients should interact with servers
-in order to participate in rooms as guests.
-
-Guest users retrieve access tokens from a homeserver using the ordinary
-`register endpoint <#post-matrix-client-%CLIENT_MAJOR_VERSION%-register>`_, specifying
-the ``kind`` parameter as ``guest``. They may then interact with the
-client-server API as any other user would, but will only have access to a subset
-of the API as described the Client behaviour subsection below.
-Homeservers may choose not to allow this access at all to their local users, but
-have no information about whether users on other homeservers are guests or not.
-
-Guest users can also upgrade their account by going through the ordinary
-``register`` flow, but specifying the additional POST parameter
-``guest_access_token`` containing the guest's access token. They are also
-required to specify the ``username`` parameter to the value of the local part of
-their username, which is otherwise optional.
-
-This module does not fully factor in federation; it relies on individual
-homeservers properly adhering to the rules set out in this module, rather than
-allowing all homeservers to enforce the rules on each other.
-
-Events
-------
-{{m_room_guest_access_event}}
-
-Client behaviour
-----------------
-The following API endpoints are allowed to be accessed by guest accounts for
-retrieving events:
-
-* `GET /rooms/:room_id/state <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-state>`_
-* `GET /rooms/:room_id/context/:event_id <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-context-eventid>`_
-* `GET /rooms/:room_id/event/:event_id <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-event-eventid>`_
-* `GET /rooms/:room_id/state/:event_type/:state_key <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-state-eventtype-statekey>`_
-* `GET /rooms/:room_id/messages <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-messages>`_
-* `GET /rooms/:room_id/initialSync <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-initialsync>`_
-* `GET /sync <#get-matrix-client-%CLIENT_MAJOR_VERSION%-sync>`_
-* `GET /events`__ as used for room previews.
-
-__  `peeking_events_api`_
-
-The following API endpoints are allowed to be accessed by guest accounts for
-sending events:
-
-* `POST /rooms/:room_id/join <#post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-join>`_
-* `POST /rooms/:room_id/leave <#post-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-leave>`_
-* `PUT /rooms/:room_id/send/m.room.message/:txn_id <#put-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-send-eventtype-txnid>`_
-* `PUT /sendToDevice/{eventType}/{txnId} <#put-matrix-client-%CLIENT_MAJOR_VERSION%-sendtodevice-eventtype-txnid>`_
-
-The following API endpoints are allowed to be accessed by guest accounts for
-their own account maintenance:
-
-* `PUT /profile/:user_id/displayname <#put-matrix-client-%CLIENT_MAJOR_VERSION%-profile-userid-displayname>`_
-* `GET /devices <#get-matrix-client-%CLIENT_MAJOR_VERSION%-devices>`_
-* `GET /devices/{deviceId} <#get-matrix-client-%CLIENT_MAJOR_VERSION%-devices-deviceid>`_
-* `PUT /devices/{deviceId} <#put-matrix-client-%CLIENT_MAJOR_VERSION%-devices-deviceid>`_
-
-The following API endpoints are allowed to be accessed by guest accounts for
-end-to-end encryption:
-
-* `POST /keys/upload <#post-matrix-client-%CLIENT_MAJOR_VERSION%-keys-upload>`_
-* `POST /keys/query <#post-matrix-client-%CLIENT_MAJOR_VERSION%-keys-query>`_
-* `POST /keys/claim <#post-matrix-client-%CLIENT_MAJOR_VERSION%-keys-claim>`_
-
-Server behaviour
-----------------
-Servers MUST only allow guest users to join rooms if the ``m.room.guest_access``
-state event is present on the room, and has the ``guest_access`` value
-``can_join``. If the ``m.room.guest_access`` event is changed to stop this from
-being the case, the server MUST set those users' ``m.room.member`` state to
-``leave``.
-
-Security considerations
------------------------
-Each homeserver manages its own guest accounts itself, and whether an account
-is a guest account or not is not information passed from server to server.
-Accordingly, any server participating in a room is trusted to properly enforce
-the permissions outlined in this section.
-
-Homeservers may want to enable protections such as captchas for guest
-registration to prevent spam, denial of service, and similar attacks.
diff --git a/specification/modules/history_visibility.rst b/specification/modules/history_visibility.rst
deleted file mode 100644
index 84435edb06d..00000000000
--- a/specification/modules/history_visibility.rst
+++ /dev/null
@@ -1,101 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room History Visibility
-=======================
-
-.. _module:history-visibility:
-
-This module adds support for controlling the visibility of previous events in a
-room.
-
-In all cases except ``world_readable``, a user needs to join a room to view events in that room. Once they
-have joined a room, they will gain access to a subset of events in the room. How
-this subset is chosen is controlled by the ``m.room.history_visibility`` event
-outlined below. After a user has left a room, they may see any events which they
-were allowed to see before they left the room, but no events received after they
-left.
-
-The four options for the ``m.room.history_visibility`` event are:
-
-- ``world_readable`` - All events while this is the
-  ``m.room.history_visibility`` value may be shared by any participating
-  homeserver with anyone, regardless of whether they have ever joined the room.
-- ``shared`` - Previous events are always accessible to newly joined members. All
-  events in the room are accessible, even those sent when the member was not a part
-  of the room.
-- ``invited`` - Events are accessible to newly joined members from the point
-  they were invited onwards. Events stop being accessible when the member's state
-  changes to something other than ``invite`` or ``join``.
-- ``joined`` - Events are accessible to newly joined members from the point
-  they joined the room onwards. Events stop being accessible when the member's state
-  changes to something other than ``join``.
-
-.. WARNING::
-  These options are applied at the point an event is *sent*. Checks are
-  performed with the state of the ``m.room.history_visibility`` event when the
-  event in question is added to the DAG. This means clients cannot
-  retrospectively choose to show or hide history to new users if the setting at
-  that time was more restrictive.
-
-Events
-------
-
-{{m_room_history_visibility_event}}
-
-Client behaviour
-----------------
-
-Clients that implement this module MUST present to the user the possible options
-for setting history visibility when creating a room. 
-
-Clients may want to display a notice that their events may be read by non-joined
-people if the value is set to ``world_readable``.
-
-Server behaviour
-----------------
-
-By default if no ``history_visibility`` is set, or if the value is not understood, the visibility is assumed to be
-``shared``. The rules governing whether a user is allowed to see an event depend
-on the state of the room *at that event*.
-
-1. If the ``history_visibility`` was set to ``world_readable``, allow.
-2. If the user's ``membership`` was ``join``, allow.
-3. If ``history_visibility`` was set to ``shared``, and the user joined the
-   room at any point after the event was sent, allow.
-4. If the user's ``membership`` was ``invite``, and the ``history_visibility``
-   was set to ``invited``, allow.
-5. Otherwise, deny.
-
-For ``m.room.history_visibility`` events themselves, the user should be allowed
-to see the event if the ``history_visibility`` before *or* after the event
-would allow them to see it. (For example, a user should be able to see
-``m.room.history_visibility`` events which change the ``history_visibility``
-from ``world_readable`` to ``joined`` *or* from ``joined`` to
-``world_readable``, even if that user was not a member of the room.)
-
-Likewise, for the user's own ``m.room.member`` events, the user should be
-allowed to see the event if their ``membership`` before *or* after the event
-would allow them to see it. (For example, a user can always see
-``m.room.member`` events which set their membership to ``join``, or which
-change their membership from ``join`` to any other value, even if
-``history_visibility`` is ``joined``.)
-
-Security considerations
------------------------
-
-The default value for ``history_visibility`` is ``shared`` for
-backwards-compatibility reasons. Clients need to be aware that by not setting
-this event they are exposing all of their room history to anyone in the room.
-
diff --git a/specification/modules/ignore_users.rst b/specification/modules/ignore_users.rst
deleted file mode 100644
index 56a410d1388..00000000000
--- a/specification/modules/ignore_users.rst
+++ /dev/null
@@ -1,62 +0,0 @@
-.. Copyright 2018 Travis Ralston
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Ignoring Users
-==============
-
-.. _module:ignore_users:
-
-With all the communication through Matrix it may be desirable to ignore a
-particular user for whatever reason. This module defines how clients and 
-servers can implement the ignoring of users.
-
-Events
-------
-
-{{m_ignored_user_list_event}}
-
-Client behaviour
-----------------
-To ignore a user, effectively blocking them, the client should add the target
-user to the ``m.ignored_user_list`` event in their account data using 
-|/user/<user_id>/account_data/<type>|_. Once ignored, the client will no longer 
-receive events sent by that user, with the exception of state events. The client 
-should either hide previous content sent by the newly ignored user or perform 
-a new ``/sync`` with no previous token.
-
-Invites to new rooms by ignored users will not be sent to the client. The server
-may optionally reject the invite on behalf of the client.
-
-State events will still be sent to the client, even if the user is ignored. 
-This is to ensure parts, such as the room name, do not appear different to the
-user just because they ignored the sender. 
-
-To remove a user from the ignored users list, remove them from the account data
-event. The server will resume sending events from the previously ignored user,
-however it should not send events that were missed while the user was ignored.
-To receive the events that were sent while the user was ignored the client 
-should perform a fresh sync. The client may also un-hide any events it previously
-hid due to the user becoming ignored.
-
-Server behaviour
-----------------
-Following an update of the ``m.ignored_user_list``, the sync API for all clients
-should immediately start ignoring (or un-ignoring) the user. Clients are responsible
-for determining if they should hide previously sent events or to start a new sync
-stream.
-
-Servers must still send state events sent by ignored users to clients.
-
-Servers must not send room invites from ignored users to clients. Servers may
-optionally decide to reject the invite, however.
diff --git a/specification/modules/instant_messaging.rst b/specification/modules/instant_messaging.rst
deleted file mode 100644
index 705fd2d954f..00000000000
--- a/specification/modules/instant_messaging.rst
+++ /dev/null
@@ -1,515 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Instant Messaging
-=================
-
-.. _module:im:
-
-This module adds support for sending human-readable messages to a room. It also
-adds support for associating human-readable information with the room itself
-such as a room name and topic.
-
-Events
-------
-
-{{m_room_message_event}}
-
-{{m_room_message_feedback_event}}
-
-Usage of this event is discouraged for several reasons:
- - The number of feedback events will grow very quickly with the number of users
-   in the room. This event provides no way to "batch" feedback, unlike the
-   `receipts module`_.
- - Pairing feedback to messages gets complicated when paginating as feedback
-   arrives before the message it is acknowledging.
- - There are no guarantees that the client has seen the event ID being
-   acknowledged.
-
-
-.. _`receipts module`: `module:receipts`_
-
-{{m_room_name_event}}
-
-{{m_room_topic_event}}
-
-{{m_room_avatar_event}}
-
-{{m_room_pinned_events_event}}
-
-m.room.message msgtypes
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Each `m.room.message`_ MUST have a ``msgtype`` key which identifies the type
-of message being sent. Each type has their own required and optional keys, as
-outlined below. If a client cannot display the given ``msgtype`` then it SHOULD
-display the fallback plain text ``body`` key instead.
-
-Some message types support HTML in the event content that clients should prefer
-to display if available. Currently ``m.text``, ``m.emote``, and ``m.notice``
-support an additional ``format`` parameter of ``org.matrix.custom.html``. When
-this field is present, a ``formatted_body`` with the HTML must be provided. The
-plain text version of the HTML should be provided in the ``body``.
-
-Clients should limit the HTML they render to avoid Cross-Site Scripting, HTML
-injection, and similar attacks. The strongly suggested set of HTML tags to permit,
-denying the use and rendering of anything else, is: ``font``, ``del``, ``h1``,
-``h2``, ``h3``, ``h4``, ``h5``, ``h6``, ``blockquote``, ``p``, ``a``, ``ul``,
-``ol``, ``sup``, ``sub``, ``li``, ``b``, ``i``, ``u``, ``strong``, ``em``,
-``strike``, ``code``, ``hr``, ``br``, ``div``, ``table``, ``thead``, ``tbody``,
-``tr``, ``th``, ``td``, ``caption``, ``pre``, ``span``, ``img``.
-
-Not all attributes on those tags should be permitted as they may be avenues for
-other disruption attempts, such as adding ``onclick`` handlers or excessively
-large text. Clients should only permit the attributes listed for the tags below.
-Where ``data-mx-bg-color`` and ``data-mx-color`` are listed, clients should
-translate the value (a 6-character hex color code) to the appropriate CSS/attributes
-for the tag.
-
-
-:``font``:
-  ``data-mx-bg-color``, ``data-mx-color``
-
-:``span``:
-  ``data-mx-bg-color``, ``data-mx-color``
-
-:``a``:
-  ``name``, ``target``, ``href`` (provided the value is not relative and has a scheme
-  matching one of: ``https``, ``http``, ``ftp``, ``mailto``, ``magnet``)
-
-:``img``:
-  ``width``, ``height``, ``alt``, ``title``, ``src`` (provided it is a `Matrix Content (MXC) URI`_)
-
-:``ol``:
-  ``start``
-
-:``code``:
-  ``class`` (only classes which start with ``language-`` for syntax highlighting)
-
-
-Additionally, web clients should ensure that *all* ``a`` tags get a ``rel="noopener"``
-to prevent the target page from referencing the client's tab/window.
-
-Tags must not be nested more than 100 levels deep. Clients should only support the subset
-of tags they can render, falling back to other representations of the tags where possible.
-For example, a client may not be able to render tables correctly and instead could fall
-back to rendering tab-delimited text.
-
-In addition to not rendering unsafe HTML, clients should not emit unsafe HTML in events.
-Likewise, clients should not generate HTML that is not needed, such as extra paragraph tags
-surrounding text due to Rich Text Editors. HTML included in events should otherwise be valid,
-such as having appropriate closing tags, appropriate attributes (considering the custom ones
-defined in this specification), and generally valid structure.
-
-A special tag, ``mx-reply``, may appear on rich replies (described below) and should be
-allowed if, and only if, the tag appears as the very first tag in the ``formatted_body``.
-The tag cannot be nested and cannot be located after another tag in the tree. Because the
-tag contains HTML, an ``mx-reply`` is expected to have a partner closing tag and should
-be treated similar to a ``div``. Clients that support rich replies will end up stripping
-the tag and its contents and therefore may wish to exclude the tag entirely.
-
-.. Note::
-   A future iteration of the specification will support more powerful and extensible
-   message formatting options, such as the proposal `MSC1225 <https://github.com/matrix-org/matrix-doc/issues/1225>`_.
-
-{{msgtype_events}}
-
-
-Client behaviour
-----------------
-
-Clients SHOULD verify the structure of incoming events to ensure that the
-expected keys exist and that they are of the right type. Clients can discard
-malformed events or display a placeholder message to the user. Redacted
-``m.room.message`` events MUST be removed from the client. This can either be
-replaced with placeholder text (e.g. "[REDACTED]") or the redacted message can
-be removed entirely from the messages view.
-
-Events which have attachments (e.g. ``m.image``, ``m.file``) SHOULD be
-uploaded using the `content repository module`_ where available. The
-resulting ``mxc://`` URI can then be used in the ``url`` key.
-
-Clients MAY include a client generated thumbnail image for an attachment under
-a ``info.thumbnail_url`` key. The thumbnail SHOULD also be a ``mxc://`` URI.
-Clients displaying events with attachments can either use the client generated
-thumbnail or ask its homeserver to generate a thumbnail from the original
-attachment using the `content repository module`_.
-
-.. _`content repository module`: `module:content`_
-
-Recommendations when sending messages
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In the event of send failure, clients SHOULD retry requests using an
-exponential-backoff algorithm for a
-certain amount of time T. It is recommended that T is no longer than 5 minutes.
-After this time, the client should stop retrying and mark the message as "unsent".
-Users should be able to manually resend unsent messages.
-
-Users may type several messages at once and send them all in quick succession.
-Clients SHOULD preserve the order in which they were sent by the user. This
-means that clients should wait for the response to the previous request before
-sending the next request. This can lead to head-of-line blocking. In order to
-reduce the impact of head-of-line blocking, clients should use a queue per room
-rather than a global queue, as ordering is only relevant within a single room
-rather than between rooms.
-
-Local echo
-~~~~~~~~~~
-
-Messages SHOULD appear immediately in the message view when a user presses the
-"send" button. This should occur even if the message is still sending. This is
-referred to as "local echo". Clients SHOULD implement "local echo" of messages.
-Clients MAY display messages in a different format to indicate that the server
-has not processed the message. This format should be removed when the server
-responds.
-
-Clients need to be able to match the message they are sending with the same
-message which they receive from the event stream. The echo of the same message
-from the event stream is referred to as "remote echo". Both echoes need to be
-identified as the same message in order to prevent duplicate messages being
-displayed. Ideally this pairing would occur transparently to the user: the UI
-would not flicker as it transitions from local to remote. Flickering can be
-reduced through clients making use of the transaction ID they used to send
-a particular event. The transaction ID used will be included in the event's
-``unsigned`` data as ``transaction_id`` when it arrives through the event stream.
-
-Clients unable to make use of the transaction ID are likely to experience
-flickering when the remote echo arrives on the event stream *before*
-the request to send the message completes. In that case the event
-arrives before the client has obtained an event ID, making it impossible to
-identify it as a remote echo. This results in the client displaying the message
-twice for some time (depending on the server responsiveness) before the original
-request to send the message completes. Once it completes, the client can take
-remedial actions to remove the duplicate event by looking for duplicate event IDs.
-
-
-Calculating the display name for a user
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Clients may wish to show the human-readable display name of a room member as
-part of a membership list, or when they send a message. However, different
-members may have conflicting display names. Display names MUST be disambiguated
-before showing them to the user, in order to prevent spoofing of other users.
-
-To ensure this is done consistently across clients, clients SHOULD use the
-following algorithm to calculate a disambiguated display name for a given user:
-
-1. Inspect the ``m.room.member`` state event for the relevant user id.
-2. If the ``m.room.member`` state event has no ``displayname`` field, or if
-   that field has a ``null`` value, use the raw user id as the display
-   name. Otherwise:
-3. If the ``m.room.member`` event has a ``displayname`` which is unique among
-   members of the room with ``membership: join`` or ``membership: invite``, use
-   the given ``displayname`` as the user-visible display name. Otherwise:
-4. The ``m.room.member`` event has a non-unique ``displayname``. This should be
-   disambiguated using the user id, for example "display name
-   (@id:homeserver.org)".
-
-   .. TODO-spec
-     what does it mean for a ``displayname`` to be 'unique'? Are we
-     case-sensitive?  Do we care about homograph attacks? See
-     https://matrix.org/jira/browse/SPEC-221.
-
-Developers should take note of the following when implementing the above
-algorithm:
-
-* The user-visible display name of one member can be affected by changes in the
-  state of another member. For example, if ``@user1:matrix.org`` is present in
-  a room, with ``displayname: Alice``, then when ``@user2:example.com`` joins
-  the room, also with ``displayname: Alice``, *both* users must be given
-  disambiguated display names. Similarly, when one of the users then changes
-  their display name, there is no longer a clash, and *both* users can be given
-  their chosen display name. Clients should be alert to this possibility and
-  ensure that all affected users are correctly renamed.
-
-* The display name of a room may also be affected by changes in the membership
-  list. This is due to the room name sometimes being based on user display
-  names (see `Calculating the display name for a room`_).
-
-* If the entire membership list is searched for clashing display names, this
-  leads to an O(N^2) implementation for building the list of room members. This
-  will be very inefficient for rooms with large numbers of members. It is
-  recommended that client implementations maintain a hash table mapping from
-  ``displayname`` to a list of room members using that name. Such a table can
-  then be used for efficient calculation of whether disambiguation is needed.
-
-
-Displaying membership information with messages
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Clients may wish to show the display name and avatar URL of the room member who
-sent a message. This can be achieved by inspecting the ``m.room.member`` state
-event for that user ID (see `Calculating the display name for a user`_).
-
-When a user paginates the message history, clients may wish to show the
-**historical** display name and avatar URL for a room member. This is possible
-because older ``m.room.member`` events are returned when paginating. This can
-be implemented efficiently by keeping two sets of room state: old and current.
-As new events arrive and/or the user paginates back in time, these two sets of
-state diverge from each other. New events update the current state and paginated
-events update the old state. When paginated events are processed sequentially,
-the old state represents the state of the room *at the time the event was sent*.
-This can then be used to set the historical display name and avatar URL.
-
-
-Calculating the display name for a room
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Clients may wish to show a human-readable name for a room. There are a number
-of possibilities for choosing a useful name. To ensure that rooms are named
-consistently across clients, clients SHOULD use the following algorithm to
-choose a name:
-
-1. If the room has an `m.room.name`_ state event with a non-empty ``name``
-   field, use the name given by that field.
-
-#. If the room has an `m.room.canonical_alias`_ state event with a valid
-   ``alias`` field, use the alias given by that field as the name. Note that
-   clients should avoid using ``alt_aliases`` when calculating the room name.
-
-#. If none of the above conditions are met, a name should be composed based
-   on the members of the room. Clients should consider `m.room.member`_ events
-   for users other than the logged-in user, as defined below.
-
-   i. If the number of ``m.heroes`` for the room are greater or equal to
-      ``m.joined_member_count + m.invited_member_count - 1``, then use the
-      membership events for the heroes to calculate display names for the
-      users (`disambiguating them if required`_) and concatenating them. For
-      example, the client may choose to show "Alice, Bob, and Charlie
-      (@charlie:example.org)" as the room name. The client may optionally
-      limit the number of users it uses to generate a room name.
-
-   #. If there are fewer heroes than ``m.joined_member_count + m.invited_member_count
-      - 1``, and ``m.joined_member_count + m.invited_member_count`` is greater
-      than 1, the client should use the heroes to calculate display names for
-      the users (`disambiguating them if required`_) and concatenating them
-      alongside a count of the remaining users. For example, "Alice, Bob, and
-      1234 others".
-
-   #. If ``m.joined_member_count + m.invited_member_count`` is less than or
-      equal to 1 (indicating the member is alone), the client should use the
-      rules above to indicate that the room was empty. For example, "Empty
-      Room (was Alice)", "Empty Room (was Alice and 1234 others)", or
-      "Empty Room" if there are no heroes.
-
-Clients SHOULD internationalise the room name to the user's language when using
-the ``m.heroes`` to calculate the name. Clients SHOULD use minimum 5 heroes to
-calculate room names where possible, but may use more or less to fit better with
-their user experience.
-
-.. _`disambiguating them if required`: `Calculating the display name for a user`_
-
-Forming relationships between events
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In some cases, events may wish to reference other events. This could be to form
-a thread of messages for the user to follow along with, or to provide more context
-as to what a particular event is describing. Currently, the only kind of relation
-defined is a "rich reply" where a user may reference another message to create a
-thread-like conversation.
-
-Relationships are defined under an ``m.relates_to`` key in the event's ``content``.
-If the event is of the type ``m.room.encrypted``, the ``m.relates_to`` key MUST NOT
-be covered by the encryption and instead be put alongside the encryption information
-held in the ``content``.
-
-
-Rich replies
-++++++++++++
-
-Users may wish to reference another message when forming their own message, and
-clients may wish to better embed the referenced message for the user to have a
-better context for the conversation being had. This sort of embedding another
-message in a message is known as a "rich reply", or occasionally just a "reply".
-
-A rich reply is formed through use of an ``m.relates_to`` relation for ``m.in_reply_to``
-where a single key, ``event_id``, is used to reference the event being replied to.
-The referenced event ID SHOULD belong to the same room where the reply is being sent.
-Clients should be cautious of the event ID belonging to another room, or being invalid
-entirely. Rich replies can only be constructed in the form of ``m.room.message`` events
-with a ``msgtype`` of ``m.text`` or ``m.notice``. Due to the fallback requirements, rich
-replies cannot be constructed for types of ``m.emote``, ``m.file``, etc. Rich replies
-may reference any other ``m.room.message`` event, however. Rich replies may reference
-another event which also has a rich reply, infinitely.
-
-An ``m.in_reply_to`` relationship looks like the following::
-
-  {
-    ...
-    "type": "m.room.message",
-    "content": {
-      "msgtype": "m.text",
-      "body": "<body including fallback>",
-      "format": "org.matrix.custom.html",
-      "formatted_body": "<HTML including fallback>",
-      "m.relates_to": {
-        "m.in_reply_to": {
-          "event_id": "$another:event.com"
-        }
-      }
-    }
-  }
-
-
-Fallbacks and event representation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Some clients may not have support for rich replies and therefore need a fallback
-to use instead. Clients that do not support rich replies should render the event
-as if rich replies were not special.
-
-Clients that do support rich replies MUST provide the fallback format on replies,
-and MUST strip the fallback before rendering the reply. Rich replies MUST have
-a ``format`` of ``org.matrix.custom.html`` and therefore a ``formatted_body``
-alongside the ``body`` and appropriate ``msgtype``. The specific fallback text
-is different for each ``msgtype``, however the general format for the ``body`` is:
-
-.. code-block:: text
-
-  > <@alice:example.org> This is the original body
-
-  This is where the reply goes
-
-
-The ``formatted_body`` should use the following template:
-
-.. code-block:: html
-
-  <mx-reply>
-    <blockquote>
-      <a href="https://matrix.to/#/!somewhere:example.org/$event:example.org">In reply to</a>
-      <a href="https://matrix.to/#/@alice:example.org">@alice:example.org</a>
-      <br />
-      <!-- This is where the related event's HTML would be. -->
-    </blockquote>
-  </mx-reply>
-  This is where the reply goes.
-
-
-If the related event does not have a ``formatted_body``, the event's ``body`` should
-be considered after encoding any HTML special characters. Note that the ``href`` in
-both of the anchors use a `matrix.to URI <../appendices.html#matrix-to-navigation>`_.
-
-Stripping the fallback
-``````````````````````
-
-Clients which support rich replies MUST strip the fallback from the event before
-rendering the event. This is because the text provided in the fallback cannot be
-trusted to be an accurate representation of the event. After removing the fallback,
-clients are recommended to represent the event referenced by ``m.in_reply_to``
-similar to the fallback's representation, although clients do have creative freedom
-for their user interface. Clients should prefer the ``formatted_body`` over the
-``body``, just like with other ``m.room.message`` events.
-
-To strip the fallback on the ``body``, the client should iterate over each line of
-the string, removing any lines that start with the fallback prefix ("> ",
-including the space, without quotes) and stopping when a line is encountered without
-the prefix. This prefix is known as the "fallback prefix sequence".
-
-To strip the fallback on the ``formatted_body``, the client should remove the
-entirety of the ``mx-reply`` tag.
-
-Fallback for ``m.text``, ``m.notice``, and unrecognised message types
-`````````````````````````````````````````````````````````````````````
-
-Using the prefix sequence, the first line of the related event's ``body`` should
-be prefixed with the user's ID, followed by each line being prefixed with the fallback
-prefix sequence. For example::
-
-  > <@alice:example.org> This is the first line
-  > This is the second line
-
-  This is the reply
-
-
-The ``formatted_body`` uses the template defined earlier in this section.
-
-Fallback for ``m.emote``
-````````````````````````
-
-Similar to the fallback for ``m.text``, each line gets prefixed with the fallback
-prefix sequence. However an asterisk should be inserted before the user's ID, like
-so::
-
-  > * <@alice:example.org> feels like today is going to be a great day
-
-  This is the reply
-
-
-The ``formatted_body`` has a subtle difference for the template where the asterisk
-is also inserted ahead of the user's ID:
-
-.. code-block:: html
-
-  <mx-reply>
-    <blockquote>
-      <a href="https://matrix.to/#/!somewhere:example.org/$event:example.org">In reply to</a>
-      * <a href="https://matrix.to/#/@alice:example.org">@alice:example.org</a>
-      <br />
-      <!-- This is where the related event's HTML would be. -->
-    </blockquote>
-  </mx-reply>
-  This is where the reply goes.
-
-
-Fallback for ``m.image``, ``m.video``, ``m.audio``, and ``m.file``
-``````````````````````````````````````````````````````````````````
-
-The related event's ``body`` would be a file name, which may not be very descriptive.
-The related event should additionally not have a ``format`` or ``formatted_body``
-in the ``content`` - if the event does have a ``format`` and/or ``formatted_body``,
-those fields should be ignored. Because the filename alone may not be descriptive,
-the related event's ``body`` should be considered to be ``"sent a file."`` such that
-the output looks similar to the following::
-
-  > <@alice:example.org> sent a file.
-
-  This is the reply
-
-
-.. code-block:: html
-
-  <mx-reply>
-    <blockquote>
-      <a href="https://matrix.to/#/!somewhere:example.org/$event:example.org">In reply to</a>
-      <a href="https://matrix.to/#/@alice:example.org">@alice:example.org</a>
-      <br />
-      sent a file.
-    </blockquote>
-  </mx-reply>
-  This is where the reply goes.
-
-
-For ``m.image``, the text should be ``"sent an image."``. For ``m.video``, the text
-should be ``"sent a video."``. For ``m.audio``, the text should be ``"sent an audio file"``.
-
-
-Server behaviour
-----------------
-
-Homeservers SHOULD reject ``m.room.message`` events which don't have a
-``msgtype`` key, or which don't have a textual ``body`` key, with an HTTP status
-code of 400.
-
-Security considerations
------------------------
-
-Messages sent using this module are not encrypted, although end to end encryption is in development (see `E2E module`_).
-
-Clients should sanitise **all displayed keys** for unsafe HTML to prevent Cross-Site
-Scripting (XSS) attacks. This includes room names and topics.
-
-.. _`E2E module`: `module:e2e`_
-.. _`Matrix Content (MXC) URI`: `module:content`_
diff --git a/specification/modules/mentions.rst b/specification/modules/mentions.rst
deleted file mode 100644
index dc078f3b6c7..00000000000
--- a/specification/modules/mentions.rst
+++ /dev/null
@@ -1,74 +0,0 @@
-.. Copyright 2018 New Vector Ltd.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-User, room, and group mentions
-==============================
-
-.. _module:mentions:
-
-This module allows users to mention other users, rooms, and groups within
-a room message. This is achieved by including a `matrix.to URI`_ in the HTML
-body of an `m.room.message`_ event. This module does not have any server-specific
-behaviour to it.
-
-Mentions apply only to `m.room.message`_ events where the ``msgtype`` is ``m.text``,
-``m.emote``, or ``m.notice``. The ``format`` for the event must be ``org.matrix.custom.html``
-and therefore requires a ``formatted_body``.
-
-To make a mention, reference the entity being mentioned in the ``formatted_body``
-using an anchor, like so::
-
-    {
-        "body": "Hello Alice!",
-        "msgtype": "m.text",
-        "format": "org.matrix.custom.html",
-        "formatted_body": "Hello <a href='https://matrix.to/#/@alice:example.org'>Alice</a>!"
-    }
-
-
-Client behaviour
-----------------
-
-In addition to using the appropriate ``matrix.to URI`` for the mention,
-clients should use the following guidelines when making mentions in events
-to be sent:
-
-* When mentioning users, use the user's potentially ambiguous display name for
-  the anchor's text. If the user does not have a display name, use the user's
-  ID.
-
-* When mentioning rooms, use the canonical alias for the room. If the room
-  does not have a canonical alias, prefer one of the aliases listed on the
-  room. If no alias can be found, fall back to the room ID. In all cases,
-  use the alias/room ID being linked to as the anchor's text.
-
-* When referencing groups, use the group ID as the anchor's text.
-
-The text component of the anchor should be used in the event's ``body`` where
-the mention would normally be represented, as shown in the example above.
-
-Clients should display mentions differently from other elements. For example,
-this may be done by changing the background color of the mention to indicate
-that it is different from a normal link. 
-
-If the current user is mentioned in a message (either by a mention as defined
-in this module or by a push rule), the client should show that mention differently
-from other mentions, such as by using a red background color to signify to the
-user that they were mentioned.
-
-When clicked, the mention should navigate the user to the appropriate room, group,
-or user information.
-
-
-.. _`matrix.to URI`: ../appendices.html#matrix-to-navigation
\ No newline at end of file
diff --git a/specification/modules/moderation_policies.rst b/specification/modules/moderation_policies.rst
deleted file mode 100644
index 2e85fb07840..00000000000
--- a/specification/modules/moderation_policies.rst
+++ /dev/null
@@ -1,128 +0,0 @@
-.. Copyright 2020 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Moderation policy lists
-=======================
-
-.. _module:moderation-policies:
-
-With Matrix being an open network where anyone can participate, a very wide
-range of content exists and it is important that users are empowered to select
-which content they wish to see, and which content they wish to block. By
-extension, room moderators and server admins should also be able to select
-which content they do not wish to host in their rooms and servers.
-
-The protocol's position on this is one of neutrality: it should not be deciding
-what content is undesirable for any particular entity and should instead be
-empowering those entities to make their own decisions. As such, a generic
-framework for communicating "moderation policy lists" or "moderation policy rooms"
-is described. Note that this module only describes the data structures and not
-how they should be interpreting: the entity making the decisions on filtering
-is best positioned to interpret the rules how it sees fit.
-
-Moderation policy lists are stored as room state events. There are no restrictions
-on how the rooms can be configured (they could be public, private, encrypted, etc).
-
-There are currently 3 kinds of entities which can be affected by rules: ``user``,
-``server``, and ``room``. All 3 are described with ``m.policy.rule.<kind>`` state
-events. The ``state_key`` for a policy rule is an arbitrary string decided by the
-sender of the rule.
-
-Rules contain recommendations and reasons for the rule existing. The ``reason``
-is a human-readable string which describes the ``recommendation``. Currently only
-one recommendation, ``m.ban``, is specified.
-
-``m.ban`` recommendation
-------------------------
-
-When this recommendation is used, the entities affected by the rule should be
-banned from participation where possible. The enforcement of this is deliberately
-left as an implementation detail to avoid the protocol imposing its opinion on how
-the policy list is to be interpreted. However, a suggestion for a simple implementation
-is as follows:
-
-* Is a ``user`` rule...
-
-  * Applied to a user: The user should be added to the subscriber's ignore list.
-  * Applied to a room: The user should be banned from the room (either on sight or immediately).
-  * Applied to a server: The user should not be allowed to send invites to users on the server.
-
-* Is a ``room`` rule...
-
-  * Applied to a user: The user should leave the room and not join it
-    (`MSC2270 <https://github.com/matrix-org/matrix-doc/pull/2270>`_-style ignore).
-  * Applied to a room: No-op because a room cannot ban itself.
-  * Applied to a server: The server should prevent users from joining the room and from receiving
-    invites to it.
-
-* Is a ``server`` rule...
-
-  * Applied to a user: The user should not receive events or invites from the server.
-  * Applied to a room: The server is added as a denied server in the ACLs.
-  * Applied to a server: The subscriber should avoid federating with the server as much as
-    possible by blocking invites from the server and not sending traffic unless strictly
-    required (no outbound invites).
-
-Subscribing to policy lists
----------------------------
-
-This is deliberatly left as an implementation detail. For implementations using the
-Client-Server API, this could be as easy as joining or peeking the room. Joining or peeking
-is not required, however: an implementation could poll for updates or use a different
-technique for receiving updates to the policy's rules.
-
-Sharing
--------
-
-In addition to sharing a direct reference to the room which contains the policy's rules,
-plain http or https URLs can be used to share links to the list. When the URL is approached
-with a ``Accept: application/json`` header or has ``.json`` appended to the end of the URL, it
-should return a JSON object containing a ``room_uri`` property which references the room.
-Currently this would be a ``matrix.to`` URI, however in future it could be a Matrix-schemed
-URI instead. When not approached with the intent of JSON, the service could return a
-user-friendly page describing what is included in the ban list.
-
-Events
-------
-
-The ``entity`` described by the state events can contain ``*`` and ``?`` to match zero or more
-and one or more characters respectively. Note that rules against rooms can describe a room ID
-or room alias - the subscriber is responsible for resolving the alias to a room ID if desired.
-
-{{m_policy_rule_user_event}}
-
-{{m_policy_rule_room_event}}
-
-{{m_policy_rule_server_event}}
-
-Client behaviour
-----------------
-As described above, the client behaviour is deliberatly left undefined.
-
-Server behaviour
-----------------
-Servers have no additional requirements placed on them by this module.
-
-Security considerations
------------------------
-This module could be used to build a system of shared blacklists, which may create
-a divide within established communities if not carefully deployed. This may well not
-be a suitable solution for all communities.
-
-Depending on how implementations handle subscriptions, user IDs may be linked to
-policy lists and therefore expose the views of that user. For example, a client implementation
-which joins the user to the policy room would expose the user's ID to observers of the
-policy room. In future, `MSC1228 <https://github.com/matrix-org/matrix-doc/pulls/1228>`_
-and `MSC1777 <https://github.com/matrix-org/matrix-doc/pulls/1777>`_ (or similar) could
-help solve this concern.
diff --git a/specification/modules/openid.rst b/specification/modules/openid.rst
deleted file mode 100644
index 63406719cff..00000000000
--- a/specification/modules/openid.rst
+++ /dev/null
@@ -1,24 +0,0 @@
-.. Copyright 2018 New Vector Ltd.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-OpenID
-======
-
-.. _module:openid:
-
-This module allows users to verify their identity with a third party service. The
-third party service does need to be matrix-aware in that it will need to know to
-resolve matrix homeservers to exchange the user's token for identity information.
-
-{{openid_cs_http_api}}
diff --git a/specification/modules/presence.rst b/specification/modules/presence.rst
deleted file mode 100644
index 53a33550965..00000000000
--- a/specification/modules/presence.rst
+++ /dev/null
@@ -1,88 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Presence
-========
-
-.. _module:presence:
-
-Each user has the concept of presence information. This encodes:
-
-* Whether the user is currently online
-* How recently the user was last active (as seen by the server)
-* Whether a given client considers the user to be currently idle
-* Arbitrary information about the user's current status (e.g. "in a meeting").
-
-This information is collated from both per-device (``online``, ``idle``,
-``last_active``) and per-user (status) data, aggregated by the user's homeserver
-and transmitted as an ``m.presence`` event. Presence events are sent to
-interested parties where users share a room membership.
-
-User's presence state is represented by the ``presence`` key, which is an enum
-of one of the following:
-
-- ``online`` : The default state when the user is connected to an event
-  stream.
-- ``unavailable`` : The user is not reachable at this time e.g. they are
-  idle.
-- ``offline`` : The user is not connected to an event stream or is
-  explicitly suppressing their profile information from being sent.
-
-Events
-------
-
-{{presence_events}}
-
-Client behaviour
-----------------
-
-Clients can manually set/get their presence using the HTTP APIs listed below.
-
-{{presence_cs_http_api}}
-
-Last active ago
-~~~~~~~~~~~~~~~
-The server maintains a timestamp of the last time it saw a pro-active event from
-the user. A pro-active event may be sending a message to a room or changing
-presence state to ``online``. This timestamp is presented via a key called
-``last_active_ago`` which gives the relative number of milliseconds since the
-pro-active event.
-
-To reduce the number of presence updates sent to clients the server may include
-a ``currently_active`` boolean field when the presence state is ``online``. When
-true, the server will not send further updates to the last active time until an
-update is sent to the client with either a) ``currently_active`` set to false or
-b) a presence state other than ``online``. During this period clients must
-consider the user to be currently active, irrespective of the last active time.
-
-The last active time must be up to date whenever the server gives a presence
-event to the client. The ``currently_active`` mechanism should purely be used by
-servers to stop sending continuous presence updates, as opposed to disabling
-last active tracking entirely. Thus clients can fetch up to date last active
-times by explicitly requesting the presence for a given user.
-
-Idle timeout
-~~~~~~~~~~~~
-
-The server will automatically set a user's presence to ``unavailable`` if their
-last active time was over a threshold value (e.g. 5 minutes). Clients can
-manually set a user's presence to ``unavailable``. Any activity that bumps the
-last active time on any of the user's clients will cause the server to
-automatically set their presence to ``online``.
-
-Security considerations
------------------------
-
-Presence information is shared with all users who share a room with the target
-user. In large public rooms this could be undesirable.
diff --git a/specification/modules/push.rst b/specification/modules/push.rst
deleted file mode 100644
index ec855e6b4b7..00000000000
--- a/specification/modules/push.rst
+++ /dev/null
@@ -1,768 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Push Notifications
-==================
-
-.. _module:push:
-
-::
-
-                                   +--------------------+  +-------------------+
-                  Matrix HTTP      |                    |  |                   |
-             Notification Protocol |   App Developer    |  |   Device Vendor   |
-                                   |                    |  |                   |
-           +-------------------+   | +----------------+ |  | +---------------+ |
-           |                   |   | |                | |  | |               | |
-           | Matrix homeserver +----->  Push Gateway  +------> Push Provider | |
-           |                   |   | |                | |  | |               | |
-           +-^-----------------+   | +----------------+ |  | +----+----------+ |
-             |                     |                    |  |      |            |
-    Matrix   |                     |                    |  |      |            |
- Client/Server API  +              |                    |  |      |            |
-             |      |              +--------------------+  +-------------------+
-             |   +--+-+                                           |
-             |   |    <-------------------------------------------+
-             +---+    |
-                 |    |          Provider Push Protocol
-                 +----+
-
-         Mobile Device or Client
-
-
-This module adds support for push notifications. Homeservers send notifications
-of events to user-configured HTTP endpoints. Users may also configure a
-number of rules that determine which events generate notifications. These are
-all stored and managed by the user's homeserver. This allows user-specific push
-settings to be reused between client applications.
-
-The above diagram shows the flow of push notifications being sent to a handset
-where push notifications are submitted via the handset vendor, such as Apple's
-APNS or Google's GCM. This happens as follows:
-
-1. The client app signs in to a homeserver.
-2. The client app registers with its vendor's Push Provider and
-   obtains a routing token of some kind.
-3. The mobile app uses the Client/Server API to add a 'pusher', providing the
-   URL of a specific Push Gateway which is configured for that
-   application. It also provides the routing token it has acquired from the
-   Push Provider.
-4. The homeserver starts sending HTTP requests to the Push Gateway using the
-   supplied URL. The Push Gateway relays this notification to
-   the Push Provider, passing the routing token along with any
-   necessary private credentials the provider requires to send push
-   notifications.
-5. The Push Provider sends the notification to the device.
-
-Definitions for terms used in this section are below:
-
-Push Provider
-  A push provider is a service managed by the device vendor which can send
-  notifications directly to the device. Google Cloud Messaging (GCM) and Apple
-  Push Notification Service (APNS) are two examples of push providers.
-
-Push Gateway
-  A push gateway is a server that receives HTTP event notifications from
-  homeservers and passes them on to a different protocol such as APNS for iOS
-  devices or GCM for Android devices. Clients inform the homeserver which
-  Push Gateway to send notifications to when it sets up a Pusher.
-
-.. _def:pushers:
-
-Pusher
-  A pusher is a worker on the homeserver that manages the sending
-  of HTTP notifications for a user. A user can have multiple pushers: one per
-  device.
-
-Push Rule
-  A push rule is a single rule that states under what *conditions* an event should
-  be passed onto a push gateway and *how* the notification should be presented.
-  These rules are stored on the user's homeserver. They are manually configured
-  by the user, who can create and view them via the Client/Server API.
-
-Push Ruleset
-  A push ruleset *scopes a set of rules according to some criteria*. For example,
-  some rules may only be applied for messages from a particular sender,
-  a particular room, or by default. The push ruleset contains the entire set
-  of scopes and rules.
-
-Client behaviour
-----------------
-
-Clients MUST configure a Pusher before they will receive push notifications.
-There is a single API endpoint for this, as described below.
-
-{{pusher_cs_http_api}}
-
-.. _pushers: `def:pushers`_
-
-Listing Notifications
-~~~~~~~~~~~~~~~~~~~~~
-
-A client can retrieve a list of events that it has been notified about. This
-may be useful so that users can see a summary of what important messages they
-have received.
-
-{{notifications_cs_http_api}}
-
-Receiving notifications
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Servers MUST include the number of unread notifications in a client's ``/sync``
-stream, and MUST update it as it changes. Notifications are determined by the
-push rules which apply to an event.
-
-When the user updates their read receipt (either by using the API or by sending an
-event), notifications prior to and including that event MUST be marked as read.
-
-Push Rules
-~~~~~~~~~~
-A push rule is a single rule that states under what *conditions* an event should
-be passed onto a push gateway and *how* the notification should be presented.
-There are different "kinds" of push rules and each rule has an associated
-priority. Every push rule MUST have a ``kind`` and ``rule_id``. The ``rule_id``
-is a unique string within the kind of rule and its' scope: ``rule_ids`` do not
-need to be unique between rules of the same kind on different devices. Rules may
-have extra keys depending on the value of ``kind``.
-
-The different ``kind``\ s of rule, in the order that they are checked, are:
-
-Override Rules ``override``
-  The highest priority rules are user-configured overrides.
-Content-specific Rules ``content``
-  These configure behaviour for (unencrypted) messages that match certain
-  patterns. Content rules take one parameter: ``pattern``, that gives the glob
-  pattern to match against. This is treated in the same way as ``pattern`` for
-  ``event_match``.
-Room-specific Rules ``room``
-  These rules change the behaviour of all messages for a given room. The
-  ``rule_id`` of a room rule is always the ID of the room that it affects.
-Sender-specific rules ``sender``
-  These rules configure notification behaviour for messages from a specific
-  Matrix user ID. The ``rule_id`` of Sender rules is always the Matrix user
-  ID of the user whose messages they'd apply to.
-Underride rules ``underride``
-  These are identical to ``override`` rules, but have a lower priority than
-  ``content``, ``room`` and ``sender`` rules.
-
-Rules with the same ``kind`` can specify an ordering priority. This determines
-which rule is selected in the event of multiple matches. For example, a rule
-matching "tea" and a separate rule matching "time" would both match the sentence
-"It's time for tea". The ordering of the rules would then resolve the tiebreak
-to determine which rule is executed. Only ``actions`` for highest priority rule
-will be sent to the Push Gateway.
-
-Each rule can be enabled or disabled. Disabled rules never match. If no rules
-match an event, the homeserver MUST NOT notify the Push Gateway for that event.
-Homeservers MUST NOT notify the Push Gateway for events that the user has sent
-themselves.
-
-Actions
-+++++++
-All rules have an associated list of ``actions``. An action affects if and how a
-notification is delivered for a matching event. The following actions are defined:
-
-``notify``
-  This causes each matching event to generate a notification.
-``dont_notify``
-  This prevents each matching event from generating a notification
-``coalesce``
-  This enables notifications for matching events but activates homeserver
-  specific behaviour to intelligently coalesce multiple events into a single
-  notification. Not all homeservers may support this. Those that do not support
-  it should treat it as the ``notify`` action.
-``set_tweak``
-  Sets an entry in the ``tweaks`` dictionary key that is sent in the notification
-  request to the Push Gateway. This takes the form of a dictionary with a
-  ``set_tweak`` key whose value is the name of the tweak to set. It may also
-  have a ``value`` key which is the value to which it should be set.
-
-Actions that have no parameters are represented as a string. Otherwise, they are
-represented as a dictionary with a key equal to their name and other keys as
-their parameters, e.g. ``{ "set_tweak": "sound", "value": "default" }``
-
-Tweaks
-^^^^^^
-The ``set_tweak`` action is used to add an entry to the 'tweaks' dictionary
-that is sent in the notification request to the Push Gateway. The following
-tweaks are defined:
-
-``sound``
-  A string representing the sound to be played when this notification arrives.
-  A value of ``default`` means to play a default sound. A device may choose to
-  alert the user by some other means if appropriate, eg. vibration.
-``highlight``
-  A boolean representing whether or not this message should be highlighted in
-  the UI. This will normally take the form of presenting the message in a
-  different colour and/or style. The UI might also be adjusted to draw
-  particular attention to the room in which the event occurred. If a
-  ``highlight`` tweak is given with no value, its value is defined to be
-  ``true``. If no highlight tweak is given at all then the value of
-  ``highlight`` is defined to be false.
-
-Tweaks are passed transparently through the homeserver so client applications
-and Push Gateways may agree on additional tweaks. For example, a tweak may be
-added to specify how to flash the notification light on a mobile device.
-
-Conditions
-++++++++++
-
-``override`` and ``underride`` rules MAY have a list of 'conditions'.
-All conditions must hold true for an event in order for the rule to match.
-A rule with no conditions always matches. The following conditions are defined:
-
-``event_match``
-  This is a glob pattern match on a field of the event. Parameters:
-
-  * ``key``: The dot-separated field of the event to match, e.g. ``content.body``
-  * ``pattern``: The glob-style pattern to match against. Patterns with no
-    special glob characters should be treated as having asterisks
-    prepended and appended when testing the condition.
-
-``contains_display_name``
-  This matches unencrypted messages where ``content.body`` contains the owner's
-  display name in that room. This is a separate rule because display names may
-  change and as such it would be hard to maintain a rule that matched the user's
-  display name. This condition has no parameters.
-
-``room_member_count``
-  This matches the current number of members in the room. Parameters:
-
-  * ``is``: A decimal integer optionally prefixed by one of, ``==``, ``<``,
-    ``>``, ``>=`` or ``<=``. A prefix of ``<`` matches rooms where the member
-    count is strictly less than the given number and so forth. If no prefix is
-    present, this parameter defaults to ``==``.
-
-``sender_notification_permission``
-  This takes into account the current power levels in the room, ensuring the
-  sender of the event has high enough power to trigger the notification.
-
-  Parameters:
-
-  * ``key``: A string that determines the power level the sender must have to trigger
-    notifications of a given type, such as ``room``. Refer to the `m.room.power_levels`_
-    event schema for information about what the defaults are and how to interpret the event.
-    The ``key`` is used to look up the power level required to send a notification type
-    from the ``notifications`` object in the power level event content.
-
-Unrecognised conditions MUST NOT match any events, effectively making the push
-rule disabled.
-
-``room``, ``sender`` and ``content`` rules do not have conditions in the same
-way, but instead have predefined conditions. In the cases of ``room`` and
-``sender`` rules, the ``rule_id`` of the rule determines its behaviour.
-
-
-Predefined Rules
-++++++++++++++++
-Homeservers can specify "server-default rules" which operate at a lower priority
-than "user-defined rules". The ``rule_id`` for all server-default rules MUST
-start with a dot (".") to identify them as "server-default". The following
-server-default rules are specified:
-
-
-Default Override Rules
-^^^^^^^^^^^^^^^^^^^^^^
-
-``.m.rule.master``
-``````````````````
-Matches all events. This can be enabled to turn off all push notifications
-other than those generated by override rules set by the user. By default this
-rule is disabled.
-
-Definition
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.master",
-        "default": true,
-        "enabled": false,
-        "conditions": [],
-        "actions": [
-            "dont_notify"
-        ]
-    }
-
-``.m.rule.suppress_notices``
-````````````````````````````
-Matches messages with a ``msgtype`` of ``notice``.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.suppress_notices",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "event_match",
-                "key": "content.msgtype",
-                "pattern": "m.notice",
-            }
-        ],
-        "actions": [
-            "dont_notify",
-        ]
-    }
-
-``.m.rule.invite_for_me``
-`````````````````````````
-Matches any invites to a new room for this user.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.invite_for_me",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "key": "type",
-                "kind": "event_match",
-                "pattern": "m.room.member"
-            },
-            {
-                "key": "content.membership",
-                "kind": "event_match",
-                "pattern": "invite"
-            },
-            {
-                "key": "state_key",
-                "kind": "event_match",
-                "pattern": "[the user's Matrix ID]"
-            }
-        ],
-        "actions": [
-           "notify",
-            {
-                "set_tweak": "sound",
-                "value": "default"
-            }
-        ]
-    }
-
-``.m.rule.member_event``
-````````````````````````
-
-Matches any ``m.room.member_event``.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.member_event",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "key": "type",
-                "kind": "event_match",
-                "pattern": "m.room.member"
-            }
-        ],
-        "actions": [
-            "dont_notify"
-        ]
-    }
-
-
-``.m.rule.contains_display_name``
-`````````````````````````````````
-Matches any message whose content is unencrypted and contains the user's
-current display name in the room in which it was sent.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.contains_display_name",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "contains_display_name"
-            }
-        ],
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "sound",
-                "value": "default"
-            },
-            {
-                "set_tweak": "highlight"
-            }
-        ]
-    }
-
-
-``.m.rule.tombstone``
-`````````````````````
-Matches any state event whose type is ``m.room.tombstone``. This is intended
-to notify users of a room when it is upgraded, similar to what an
-``@room`` notification would accomplish.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.tombstone",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "event_match",
-                "key": "type",
-                "pattern": "m.room.tombstone"
-            },
-            {
-                "kind": "event_match",
-                "key": "state_key",
-                "pattern": ""
-            }
-        ],
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "highlight"
-            }
-        ]
-    }
-
-
-``.m.rule.roomnotif``
-`````````````````````
-Matches any message whose content is unencrypted and contains the
-text ``@room``, signifying the whole room should be notified of
-the event.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.roomnotif",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "event_match",
-                "key": "content.body",
-                "pattern": "@room"
-            },
-            {
-                "kind": "sender_notification_permission",
-                "key": "room"
-            }
-        ],
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "highlight"
-            }
-        ]
-    }
-
-
-Default Content Rules
-^^^^^^^^^^^^^^^^^^^^^
-
-``.m.rule.contains_user_name``
-``````````````````````````````
-Matches any message whose content is unencrypted and contains the local part
-of the user's Matrix ID, separated by word boundaries.
-
-Definition (as a ``content`` rule):
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.contains_user_name",
-        "default": true,
-        "enabled": true,
-        "pattern": "[the local part of the user's Matrix ID]",
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "sound",
-                "value": "default"
-            },
-            {
-                "set_tweak": "highlight"
-            }
-        ]
-    }
-
-Default Underride Rules
-^^^^^^^^^^^^^^^^^^^^^^^
-
-``.m.rule.call``
-````````````````
-Matches any incoming VOIP call.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.call",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "key": "type",
-                "kind": "event_match",
-                "pattern": "m.call.invite"
-            }
-        ],
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "sound",
-                "value": "ring"
-            }
-        ]
-    }
-
-``.m.rule.encrypted_room_one_to_one``
-`````````````````````````````````````
-Matches any encrypted event sent in a room with exactly two members.
-Unlike other push rules, this rule cannot be matched against the content
-of the event by nature of it being encrypted. This causes the rule to
-be an "all or nothing" match where it either matches *all* events that
-are encrypted (in 1:1 rooms) or none.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.encrypted_room_one_to_one",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "room_member_count",
-                "is": "2"
-            },
-            {
-                "kind": "event_match",
-                "key": "type",
-                "pattern": "m.room.encrypted"
-            }
-        ],
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "sound",
-                "value": "default"
-            }
-        ]
-    }
-
-``.m.rule.room_one_to_one``
-```````````````````````````
-Matches any message sent in a room with exactly two members.
-
-Definition:
-
-.. code:: json
-
-    {
-        "rule_id": ".m.rule.room_one_to_one",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "room_member_count",
-                "is": "2"
-            },
-            {
-                "kind": "event_match",
-                "key": "type",
-                "pattern": "m.room.message"
-            }
-        ],
-        "actions": [
-            "notify",
-            {
-                "set_tweak": "sound",
-                "value": "default"
-            }
-        ]
-    }
-
-``.m.rule.message``
-```````````````````
-Matches all chat messages.
-
-Definition:
-
-.. code:: json
-
-   {
-        "rule_id": ".m.rule.message",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "event_match",
-                "key": "type",
-                "pattern": "m.room.message"
-            }
-        ],
-        "actions": [
-            "notify"
-        ]
-   }
-
-``.m.rule.encrypted``
-`````````````````````
-Matches all encrypted events. Unlike other push rules, this rule cannot
-be matched against the content of the event by nature of it being encrypted.
-This causes the rule to be an "all or nothing" match where it either
-matches *all* events that are encrypted (in group rooms) or none.
-
-Definition:
-
-.. code:: json
-
-   {
-        "rule_id": ".m.rule.encrypted",
-        "default": true,
-        "enabled": true,
-        "conditions": [
-            {
-                "kind": "event_match",
-                "key": "type",
-                "pattern": "m.room.encrypted"
-            }
-        ],
-        "actions": [
-            "notify"
-        ]
-   }
-
-Push Rules: API
-~~~~~~~~~~~~~~~
-
-Clients can retrieve, add, modify and remove push rules globally or per-device
-using the APIs below.
-
-{{pushrules_cs_http_api}}
-
-
-Push Rules: Events
-~~~~~~~~~~~~~~~~~~
-
-When a user changes their push rules a ``m.push_rules`` event is sent to all
-clients in the ``account_data`` section of their next ``/sync`` request. The
-content of the event is the current push rules for the user.
-
-{{m_push_rules_event}}
-
-Examples
-++++++++
-
-To create a rule that suppresses notifications for the room with ID
-``!dj234r78wl45Gh4D:matrix.org``::
-
-  curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/room/%21dj234r78wl45Gh4D%3Amatrix.org?access_token=123456" -d \
-  '{
-     "actions" : ["dont_notify"]
-   }'
-
-To suppress notifications for the user ``@spambot:matrix.org``::
-
-  curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/sender/%40spambot%3Amatrix.org?access_token=123456" -d \
-  '{
-     "actions" : ["dont_notify"]
-   }'
-
-To always notify for messages that contain the work 'cake' and set a specific
-sound (with a rule_id of ``SSByZWFsbHkgbGlrZSBjYWtl``)::
-
-  curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/content/SSByZWFsbHkgbGlrZSBjYWtl?access_token=123456" -d \
-  '{
-     "pattern": "cake",
-     "actions" : ["notify", {"set_sound":"cakealarm.wav"}]
-   }'
-
-To add a rule suppressing notifications for messages starting with 'cake' but
-ending with 'lie', superseding the previous rule::
-
-  curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/content/U3BvbmdlIGNha2UgaXMgYmVzdA?access_token=123456&before=SSByZWFsbHkgbGlrZSBjYWtl" -d \
-  '{
-     "pattern": "cake*lie",
-     "actions" : ["notify"]
-   }'
-
-To add a custom sound for notifications messages containing the word 'beer' in
-any rooms with 10 members or fewer (with greater importance than the room,
-sender and content rules)::
-
-  curl -X PUT -H "Content-Type: application/json" "https://example.com/_matrix/client/%CLIENT_MAJOR_VERSION%/pushrules/global/override/U2VlIHlvdSBpbiBUaGUgRHVrZQ?access_token=123456" -d \
-  '{
-     "conditions": [
-       {"kind": "event_match", "key": "content.body", "pattern": "beer" },
-       {"kind": "room_member_count", "is": "<=10"}
-     ],
-     "actions" : [
-       "notify",
-       {"set_sound":"beeroclock.wav"}
-     ]
-   }'
-
-Server behaviour
-----------------
-
-Push Gateway behaviour
-----------------------
-
-Recommendations for APNS
-~~~~~~~~~~~~~~~~~~~~~~~~
-The exact format for sending APNS notifications is flexible and up to the
-client app and its' push gateway to agree on. As APNS requires that the sender
-has a private key owned by the app developer, each app must have its own push
-gateway. It is recommended that:
-
-* The APNS token be base64 encoded and used as the pushkey.
-* A different app_id be used for apps on the production and sandbox
-  APS environments.
-* APNS push gateways do not attempt to wait for errors from the APNS
-  gateway before returning and instead to store failures and return
-  'rejected' responses next time that pushkey is used.
-
-Security considerations
------------------------
-
-Clients specify the Push Gateway URL to use to send event notifications to. This
-URL should be over HTTPS and *never* over HTTP.
-
-As push notifications will pass through a Push Provider, message content
-shouldn't be sent in the push itself where possible. Instead, Push Gateways
-should send a "sync" command to instruct the client to get new events from the
-homeserver directly.
-
-
-.. _`Push Gateway Specification`: ../push_gateway/%PUSH_GATEWAY_RELEASE_LABEL%.html
diff --git a/specification/modules/read_markers.rst b/specification/modules/read_markers.rst
deleted file mode 100644
index be06d037362..00000000000
--- a/specification/modules/read_markers.rst
+++ /dev/null
@@ -1,67 +0,0 @@
-.. Copyright 2018 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Fully read markers
-==================
-
-.. _module:read-markers:
-
-The history for a given room may be split into three sections: messages the
-user has read (or indicated they aren't interested in them), messages the user
-might have read some but not others, and messages the user hasn't seen yet.
-The "fully read marker" (also known as a "read marker") marks the last event
-of the first section, whereas the user's read receipt marks the last event of
-the second section.
-
-Events
-------
-The user's fully read marker is kept as an event in the room's `account data`_.
-The event may be read to determine the user's current fully read marker location
-in the room, and just like other account data events the event will be pushed down
-the event stream when updated.
-
-The fully read marker is kept under an ``m.fully_read`` event. If the event does
-not exist on the user's account data, the fully read marker should be considered
-to be the user's read receipt location.
-
-{{m_fully_read_event}}
-
-Client behaviour
-----------------
-The client cannot update fully read markers by directly modifying the ``m.fully_read``
-account data event. Instead, the client must make use of the read markers API
-to change the values.
-
-The read markers API can additionally update the user's read receipt (``m.read``)
-location in the same operation as setting the fully read marker location. This is
-because read receipts and read markers are commonly updated at the same time,
-and therefore the client might wish to save an extra HTTP call. Providing an
-``m.read`` location performs the same task as a request to ``/receipt/m.read/$event:example.org``.
-
-{{read_markers_cs_http_api}}
-
-Server behaviour
-----------------
-The server MUST prevent clients from setting ``m.fully_read`` directly in
-room account data. The server must additionally ensure that it treats the
-presence of ``m.read`` in the ``/read_markers`` request the same as how it
-would for a request to ``/receipt/m.read/$event:example.org``.
-
-Upon updating the ``m.fully_read`` event due to a request to ``/read_markers``,
-the server MUST send the updated account data event through to the client via
-the event stream (eg: ``/sync``), provided any applicable filters are also
-satisfied.
-
-
-.. _`account data`: #client-config
diff --git a/specification/modules/receipts.rst b/specification/modules/receipts.rst
deleted file mode 100644
index 4630091f01f..00000000000
--- a/specification/modules/receipts.rst
+++ /dev/null
@@ -1,98 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Receipts
-========
-
-.. _module:receipts:
-
-This module adds in support for receipts. These receipts are a form of
-acknowledgement of an event. This module defines a single acknowledgement:
-``m.read`` which indicates that the user has read up to a given event.
-
-Sending a receipt for each event can result in sending large amounts of traffic
-to a homeserver. To prevent this from becoming a problem, receipts are implemented
-using "up to" markers. This marker indicates that the acknowledgement applies
-to all events "up to and including" the event specified. For example, marking
-an event as "read" would indicate that the user had read all events *up to* the
-referenced event. See the `Receiving notifications <#receiving-notifications>`_
-section for more information on how read receipts affect notification counts.
-
-Events
-------
-Each ``user_id``, ``receipt_type`` pair must be associated with only a
-single ``event_id``.
-
-{{m_receipt_event}}
-
-Client behaviour
-----------------
-
-In ``/sync``, receipts are listed under the ``ephemeral`` array of events
-for a given room. New receipts that come down the event streams are deltas
-which update existing mappings. Clients should replace older receipt acknowledgements
-based on ``user_id`` and ``receipt_type`` pairs. For example::
-
-  Client receives m.receipt:
-    user = @alice:example.com
-    receipt_type = m.read
-    event_id = $aaa:example.com
-
-  Client receives another m.receipt:
-    user = @alice:example.com
-    receipt_type = m.read
-    event_id = $bbb:example.com
-
-  The client should replace the older acknowledgement for $aaa:example.com with
-  this one for $bbb:example.com
-
-Clients should send read receipts when there is some certainty that the event in
-question has been **displayed** to the user. Simply receiving an event does not
-provide enough certainty that the user has seen the event. The user SHOULD need
-to *take some action* such as viewing the room that the event was sent to or
-dismissing a notification in order for the event to count as "read". Clients
-SHOULD NOT send read receipts for events sent by their own user.
-
-A client can update the markers for its user by interacting with the following
-HTTP APIs.
-
-{{receipts_cs_http_api}}
-
-Server behaviour
-----------------
-
-For efficiency, receipts SHOULD be batched into one event per room before
-delivering them to clients.
-
-Receipts are sent across federation as EDUs with type ``m.receipt``. The
-format of the EDUs are::
-
-    {
-        <room_id>: {
-            <receipt_type>: {
-                <user_id>: { <content> }
-            },
-            ...
-        },
-        ...
-    }
-
-These are always sent as deltas to previously sent receipts. Currently only a
-single ``<receipt_type>`` should be used: ``m.read``.
-
-Security considerations
------------------------
-
-As receipts are sent outside the context of the event graph, there are no
-integrity checks performed on the contents of ``m.receipt`` events.
diff --git a/specification/modules/report_content.rst b/specification/modules/report_content.rst
deleted file mode 100644
index 5eca69cd7db..00000000000
--- a/specification/modules/report_content.rst
+++ /dev/null
@@ -1,35 +0,0 @@
-.. Copyright 2018 Travis Ralston
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Reporting Content
-=================
-
-.. _module:report_content:
-
-Users may encounter content which they find inappropriate and should be able
-to report it to the server administrators or room moderators for review. This
-module defines a way for users to report content.
-
-Content is reported based upon a negative score, where -100 is "most offensive"
-and 0 is "inoffensive".
-
-Client behaviour
-----------------
-{{report_content_cs_http_api}}
-
-Server behaviour
-----------------
-Servers are free to handle the reported content however they desire. This may
-be a dedicated room to alert server administrators to the reported content or
-some other mechanism for notifying the appropriate people.
diff --git a/specification/modules/room_previews.rst b/specification/modules/room_previews.rst
deleted file mode 100644
index f40c89728dd..00000000000
--- a/specification/modules/room_previews.rst
+++ /dev/null
@@ -1,58 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Previews
-=============
-
-.. _module:room-previews:
-
-It is sometimes desirable to offer a preview of a room, where a user can "lurk"
-and read messages posted to the room, without joining the room. This can be
-particularly effective when combined with `Guest Access`_.
-
-Previews are implemented via the ``world_readable`` `Room History Visibility`_.
-setting, along with a special version of the
-`GET /events <#get-matrix-client-%CLIENT_MAJOR_VERSION%-events>`_ endpoint.
-
-Client behaviour
-----------------
-A client wishing to view a room without joining it should call
-`GET /rooms/:room_id/initialSync <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-initialsync>`_,
-followed by `GET /events`__. Clients will need to do this
-in parallel for each room they wish to view.
-
-__  `peeking_events_api`_
-
-Clients can of course also call other endpoints such as
-`GET /rooms/:room_id/messages <#get-matrix-client-%CLIENT_MAJOR_VERSION%-rooms-roomid-messages>`_
-and `GET /search <#get-matrix-client-%CLIENT_MAJOR_VERSION%-search>`_ to access
-events outside the ``/events`` stream.
-
-.. _peeking_events_api:
-
-{{peeking_events_cs_http_api}}
-
-Server behaviour
-----------------
-For clients which have not joined a room, servers are required to only return
-events where the room state at the event had the ``m.room.history_visibility``
-state event present with ``history_visibility`` value ``world_readable``.
-
-Security considerations
------------------------
-Clients may wish to display to their users that rooms which are
-``world_readable`` *may* be showing messages to non-joined users. There is no
-way using this module to find out whether any non-joined guest users *do* see
-events in the room, or to list or count any lurking users.
-
diff --git a/specification/modules/room_upgrades.rst b/specification/modules/room_upgrades.rst
deleted file mode 100644
index f1861f72024..00000000000
--- a/specification/modules/room_upgrades.rst
+++ /dev/null
@@ -1,78 +0,0 @@
-.. Copyright 2019 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Upgrades
-=============
-
-.. _module:room-upgrades:
-
-From time to time, a room may need to be upgraded to a different room version for a
-variety for reasons. This module defines a way for rooms to upgrade to a different
-room version when needed.
-
-Events
-------
-
-{{m_room_tombstone_event}}
-
-Client behaviour
-----------------
-
-Clients which understand ``m.room.tombstone`` events and the ``predecessor`` field on
-``m.room.create`` events should communicate to the user that the room was upgraded.
-One way of accomplishing this would be hiding the old room from the user's room list
-and showing banners linking between the old and new room - ensuring that permalinks
-work when referencing the old room. Another approach may be to virtually merge the
-rooms such that the old room's timeline seamlessly continues into the new timeline
-without the user having to jump between the rooms.
-
-{{room_upgrades_cs_http_api}}
-
-Server behaviour
-----------------
-
-When the client requests to upgrade a known room to a known version, the server:
-
-1. Checks that the user has permission to send ``m.room.tombstone`` events in the room.
-2. Creates a replacement room with a ``m.room.create`` event containing a ``predecessor``
-   field and the applicable ``room_version``.
-3. Replicates transferable state events to the new room. The exact details for what is
-   transferred is left as an implementation detail, however the recommended state events
-   to transfer are:
-
-   * ``m.room.server_acl``
-   * ``m.room.encryption``
-   * ``m.room.name``
-   * ``m.room.avatar``
-   * ``m.room.topic``
-   * ``m.room.guest_access``
-   * ``m.room.history_visibility``
-   * ``m.room.join_rules``
-   * ``m.room.power_levels``
-
-   Membership events should not be transferred to the new room due to technical limitations
-   of servers not being able to impersonate people from other homeservers. Additionally,
-   servers should not transfer state events which are sensitive to who sent them, such as
-   events outside of the Matrix namespace where clients may rely on the sender to match
-   certain criteria.
-
-4. Moves any local aliases to the new room.
-5. Sends a ``m.room.tombstone`` event to the old room to indicate that it is not intended
-   to be used any further.
-6. If possible, the power levels in the old room should also be modified to prevent sending
-   of events and inviting new users. For example, setting ``events_default`` and ``invite``
-   to the greater of ``50`` and ``users_default + 1``.
-
-When a user joins the new room, the server should automatically transfer/replicate some of
-the user's personalized settings such as notifications, tags, etc.
diff --git a/specification/modules/search.rst b/specification/modules/search.rst
deleted file mode 100644
index 08926552340..00000000000
--- a/specification/modules/search.rst
+++ /dev/null
@@ -1,109 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Server Side Search
-==================
-
-.. _module:search:
-
-The search API allows clients to perform full text search across events in all
-rooms that the user has been in, including those that they have left. Only
-events that the user is allowed to see will be searched, e.g. it won't include
-events in rooms that happened after you left.
-
-Client behaviour
-----------------
-There is a single HTTP API for performing server-side search, documented below.
-
-{{search_cs_http_api}}
-
-Search Categories
------------------
-
-The search API allows clients to search in different categories of items.
-Currently the only specified category is ``room_events``.
-
-``room_events``
-~~~~~~~~~~~~~~~
-
-This category covers all events that the user is allowed to see, including
-events in rooms that they have left. The search is performed on certain keys of
-certain event types.
-
-The supported keys to search over are:
-
-- ``content.body`` in ``m.room.message``
-- ``content.name`` in ``m.room.name``
-- ``content.topic`` in ``m.room.topic``
-
-The search will *not* include rooms that are end to end encrypted.
-
-The results include a ``rank`` key that can be used to sort the results by
-relevancy. The higher the ``rank`` the more relevant the result is.
-
-The value of ``count`` gives an approximation of the total number of
-results. Homeservers may give an estimate rather than an exact value for this
-field.
-
-Ordering
---------
-
-The client can specify the ordering that the server returns results in. The two
-allowed orderings are:
-
-- ``rank``, which returns the most relevant results first.
-- ``recent``, which returns the most recent results first.
-
-The default ordering is ``rank``.
-
-Groups
-------
-
-The client can request that the results are returned along with grouping
-information, e.g. grouped by ``room_id``. In this case the response will
-contain a group entry for each distinct value of ``room_id``. Each group entry
-contains at least a list of the ``event_ids`` that are in that group, as well
-as potentially other metadata about the group.
-
-The current required supported groupings are:
-
-- ``room_id``
-- ``sender``
-
-
-Pagination
-----------
-
-The server may return a ``next_batch`` key at various places in the response.
-These are used to paginate the results. To fetch more results, the client
-should send the *same* request to the server with a ``next_batch`` query
-parameter set to that of the token.
-
-The scope of the pagination is defined depending on where the ``next_batch``
-token was returned. For example, using a token inside a group will return more
-results from within that group.
-
-The currently supported locations for the ``next_batch`` token are:
-
-- ``search_categories.<category>.next_batch``
-- ``search_categories.<category>.groups.<group_key>.<group_id>.next_batch``
-
-A server need not support pagination, even if there are more matching results.
-In that case, they must not return a ``next_batch`` token in the response.
-
-
-Security considerations
------------------------
-The server must only return results that the user has permission to see.
-
diff --git a/specification/modules/secrets.rst b/specification/modules/secrets.rst
deleted file mode 100644
index 2e8e38866de..00000000000
--- a/specification/modules/secrets.rst
+++ /dev/null
@@ -1,361 +0,0 @@
-.. Copyright 2020 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Secrets
-=======
-
-Clients may have secret information that they wish to be made available to
-other authorised clients, but that the server should not be able to see, so the
-information must be encrypted as it passes through the server. This can be done
-either asynchronously, by storing encrypted data on the server for later
-retrieval, or synchronously, by sending messages to each other.
-
-Each secret has an identifier that is used by clients to refer to the secret
-when storing, fetching, requesting, or sharing the secret. Secrets are plain
-strings; structured data can be stored by encoding it as a string.
-
-Storage
--------
-
-When secrets are stored on the server, they are stored in the user's
-`account-data <#module-account-data>`_, using an event type equal to the
-secret's identifier. The keys that secrets are encrypted with are described by
-data that is also stored in the user's account-data. Users can have multiple
-keys, allowing them to control what sets of secrets clients can access,
-depending on what keys are given to them.
-
-Key storage
-~~~~~~~~~~~
-
-Each key has an ID, and the description of the key is stored in the user's
-account_data using the event type ``m.secret_storage.key.[key ID]``.  The
-contents of the account data for the key will include an ``algorithm``
-property, which indicates the encryption algorithm used, as well as a ``name``
-property, which is a human-readable name. Key descriptions may also have a
-``passphrase`` property for generating the key from a user-entered
-passphrase, as described in `deriving keys from passphrases`_.
-
-``KeyDescription``
-
-============ =========== =======================================================
-Parameter    Type        Description
-============ =========== =======================================================
-name         string      **Required.** The name of the key.
-algorithm    string      **Required.** The encryption algorithm to be used for
-                         this key. Currently, only
-                         ``m.secret_storage.v1.aes-hmac-sha2`` is supported.
-passphrase   string      See `deriving keys from passphrases`_ section for a
-                         description of this property.
-============ =========== =======================================================
-
-Other properties depend on the encryption algorithm, and are described below.
-
-A key can be marked as the "default" key by setting the user's account_data
-with event type ``m.secret_storage.default_key`` to an object that has the ID
-of the key as its ``key`` property.  The default key will be used to encrypt
-all secrets that the user would expect to be available on all their clients.
-Unless the user specifies otherwise, clients will try to use the default key to
-decrypt secrets.
-
-Secret storage
-~~~~~~~~~~~~~~
-
-Encrypted data is stored in the user's account_data using the event type
-defined by the feature that uses the data. The account_data will have an
-``encrypted`` property that is a map from key ID to an object. The algorithm
-from the ``m.secret_storage.key.[key ID]`` data for the given key defines how
-the other properties are interpreted, though it's expected that most encryption
-schemes would have ``ciphertext`` and ``mac`` properties, where the
-``ciphertext`` property is the unpadded base64-encoded ciphertext, and the
-``mac`` is used to ensure the integrity of the data.
-
-``Secret``
-
-============ =========== =======================================================
-Parameter    Type        Description
-============ =========== =======================================================
-encrypted    {string:    **Required.** Map from key ID the encrypted data. The
-             object}     exact format for the encrypted data is dependent on the
-                         key algorithm. See the definition of
-                         ``AesHmacSha2EncryptedData`` in the
-                         `m.secret_storage.v1.aes-hmac-sha2`_ section.
-============ =========== =======================================================
-
-Example:
-
-Some secret is encrypted using keys with ID ``key_id_1`` and ``key_id_2``:
-
-``org.example.some.secret``:
-
-.. code:: json
-
-   {
-     "encrypted": {
-       "key_id_1": {
-         "ciphertext": "base64+encoded+encrypted+data",
-         "mac": "base64+encoded+mac",
-         // ... other properties according to algorithm property in
-         // m.secret_storage.key.key_id_1
-       },
-       "key_id_2": {
-         // ...
-       }
-     }
-   }
-
-and the key descriptions for the keys would be:
-
-``m.secret_storage.key.key_id_1``:
-
-.. code:: json
-
-   {
-     "name": "Some key",
-     "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
-     // ... other properties according to algorithm
-   }
-
-``m.secret_storage.key.key_id_2``:
-
-.. code:: json
-
-   {
-     "name": "Some other key",
-     "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
-     // ... other properties according to algorithm
-   }
-
-``m.secret_storage.v1.aes-hmac-sha2``
-+++++++++++++++++++++++++++++++++++++
-
-Secrets encrypted using the ``m.secret_storage.v1.aes-hmac-sha2`` algorithm are
-encrypted using AES-CTR-256, and authenticated using HMAC-SHA-256. The secret is
-encrypted as follows:
-
-1. Given the secret storage key, generate 64 bytes by performing an HKDF with
-   SHA-256 as the hash, a salt of 32 bytes of 0, and with the secret name as
-   the info.  The first 32 bytes are used as the AES key, and the next 32 bytes
-   are used as the MAC key
-2. Generate 16 random bytes, set bit 63 to 0 (in order to work around
-   differences in AES-CTR implementations), and use this as the AES
-   initialization vector.  This becomes the ``iv`` property, encoded using base64.
-3. Encrypt the data using AES-CTR-256 using the AES key generated above.  This
-   encrypted data, encoded using base64, becomes the ``ciphertext`` property.
-4. Pass the raw encrypted data (prior to base64 encoding) through HMAC-SHA-256
-   using the MAC key generated above.  The resulting MAC is base64-encoded and
-   becomes the ``mac`` property.
-
-``AesHmacSha2EncryptedData``
-
-============ =========== =======================================================
-Parameter    Type        Description
-============ =========== =======================================================
-iv           string      **Required.** The 16-byte initialization vector,
-                         encoded as base64.
-ciphertext   string      **Required.** The AES-CTR-encrypted data, encoded as
-                         base64.
-mac          string      **Required.** The MAC, encoded as base64.
-============ =========== =======================================================
-
-For the purposes of allowing clients to check whether a user has correctly
-entered the key, clients should:
-
-1. encrypt and MAC a message consisting of 32 bytes of 0 as described above,
-   using the empty string as the info parameter to the HKDF in step 1.
-2. store the ``iv`` and ``mac`` in the ``m.secret_storage.key.[key ID]``
-   account-data.
-
-``AesHmacSha2KeyDescription``
-
-============ =========== =======================================================
-Parameter    Type        Description
-============ =========== =======================================================
-name         string      **Required.** The name of the key.
-algorithm    string      **Required.** The encryption algorithm to be used for
-                         this key. Currently, only
-                         ``m.secret_storage.v1.aes-hmac-sha2`` is supported.
-passphrase   object      See `deriving keys from passphrases`_ section for a
-                         description of this property.
-iv           string      The 16-byte initialization vector, encoded as base64.
-mac          string      The MAC of the result of encrypting 32 bytes of 0,
-                         encoded as base64.
-============ =========== =======================================================
-
-For example, the ``m.secret_storage.key.key_id`` for a key using this algorithm
-could look like:
-
-.. code:: json
-
-   {
-     "name": "m.default",
-     "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
-     "iv": "random+data",
-     "mac": "mac+of+encrypted+zeros"
-   }
-
-and data encrypted using this algorithm could look like this:
-
-.. code:: json
-
-   {
-     "encrypted": {
-         "key_id": {
-           "iv": "16+bytes+base64",
-           "ciphertext": "base64+encoded+encrypted+data",
-           "mac": "base64+encoded+mac"
-         }
-     }
-   }
-
-Key representation
-++++++++++++++++++
-
-When a user is given a raw key for ``m.secret_storage.v1.aes-hmac-sha2``,
-it will be presented as a string constructed as follows:
-
-1. The key is prepended by the two bytes ``0x8b`` and ``0x01``
-2. All the bytes in the string above, including the two header bytes, are
-   XORed together to form a parity byte. This parity byte is appended to the byte
-   string.
-3. The byte string is encoded using base58, using the same `mapping as is used
-   for Bitcoin addresses
-   <https://en.bitcoin.it/wiki/Base58Check_encoding#Base58_symbol_chart>`_,
-   that is, using the alphabet
-   ``123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz``.
-4. The string is formatted into groups of four characters separated by spaces.
-
-When decoding a raw key, the process should be reversed, with the exception
-that whitespace is insignificant in the user's input.
-
-Deriving keys from passphrases
-++++++++++++++++++++++++++++++
-
-A user may wish to use a chosen passphrase rather than a randomly generated
-key.  In this case, information on how to generate the key from a passphrase
-will be stored in the ``passphrase`` property of the ``m.secret_storage.key.[key
-ID]`` account-data. The ``passphrase`` property has an ``algorithm`` property
-that indicates how to generate the key from the passphrase. Other properties of
-the ``passphrase`` property are defined by the ``algorithm`` specified.
-
-``m.pbkdf2``
-<<<<<<<<<<<<
-
-For the ``m.pbkdf2`` algorithm, the ``passphrase`` property has the following
-properties:
-
-============ =========== ========================================================
-Parameter    Type        Description
-============ =========== ========================================================
-algorithm    string      **Required.** Must be ``m.pbkdf2``
-salt         string      **Required.** The salt used in PBKDF2.
-iterations   integer     **Required.** The number of iterations to use in PBKDF2.
-bits         integer     Optional. The number of bits to generate for the key.
-                         Defaults to 256.
-============ =========== ========================================================
-
-The key is generated using PBKDF2 with SHA-512 as the hash, using the salt
-given in the ``salt`` parameter, and the number of iterations given in the
-``iterations`` parameter.
-
-Example:
-
-.. code:: json
-
-   {
-       "passphrase": {
-           "algorithm": "m.pbkdf2",
-           "salt": "MmMsAlty",
-           "iterations": 100000,
-           "bits": 256
-       },
-       ...
-   }
-
-Sharing
--------
-
-To request a secret from other devices, a client sends an ``m.secret.requests``
-device event with ``action`` set to ``request`` and ``name`` set to the
-identifier of the secret. A device that wishes to share the secret will reply
-with an ``m.secret.send`` event, encrypted using olm. When the original client
-obtains the secret, it sends an ``m.secret.request`` event with ``action`` set
-to ``request_cancellation`` to all devices other than the one that it received
-the secret from. Clients should ignore ``m.secret.send`` events received from
-devices that it did not send an ``m.secret.request`` event to.
-
-Clients must ensure that they only share secrets with other devices that are
-allowed to see them. For example, clients should only share secrets with the
-user’s own devices that are verified and may prompt the user to confirm sharing
-the secret.
-
-Event definitions
-~~~~~~~~~~~~~~~~~
-
-``m.secret.request``
-++++++++++++++++++++
-
-Sent by a client to request a secret from another device or to cancel a
-previous request. It is sent as an unencrypted to-device event.
-
-.. table::
-   :widths: auto
-
-   ===================== =========== =====================================================
-   Parameter             Type        Description
-   ===================== =========== =====================================================
-   name                  string      Required if ``action`` is ``request``. The name of
-                                     the secret that is being requested.
-   action                enum        **Required.** One of ["request", "request_cancellation"].
-   requesting_device_id  string      **Required.** The ID of the device requesting the secret.
-   request_id            string      **Required.** A random string uniquely identifying (with
-                                     respect to the requester and the target) the target
-                                     for a secret. If the secret is requested from
-                                     multiple devices at the same time, the same ID may
-                                     be used for every target. The same ID is also used
-                                     in order to cancel a previous request.
-   ===================== =========== =====================================================
-
-Example:
-
-.. code:: json
-
-   {
-     "name": "org.example.some.secret",
-     "action": "request",
-     "requesting_device_id": "ABCDEFG",
-     "request_id": "randomly_generated_id_9573"
-   }
-
-``m.secret.send``
-+++++++++++++++++
-
-Sent by a client to share a secret with another device, in response to an
-``m.secret.request`` event. It must be encrypted as an ``m.room.encrypted`` event,
-then sent as a to-device event.
-
-============ =========== ========================================================
-Parameter    Type        Description
-============ =========== ========================================================
-request_id   string      **Required.** The ID of the request that this a response to.
-secret       string      **Required.** The contents of the secret.
-============ =========== ========================================================
-
-Example:
-
-.. code:: json
-
-   {
-     "request_id": "randomly_generated_id_9573",
-     "secret": "ThisIsASecretDon'tTellAnyone"
-   }
diff --git a/specification/modules/send_to_device.rst b/specification/modules/send_to_device.rst
deleted file mode 100644
index 7ab622bcf77..00000000000
--- a/specification/modules/send_to_device.rst
+++ /dev/null
@@ -1,150 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-.. _module:to_device:
-.. _`to-device`:
-
-Send-to-Device messaging
-========================
-
-This module provides a means by which clients can exchange signalling messages
-without them being stored permanently as part of a shared communication
-history. A message is delivered exactly once to each client device.
-
-The primary motivation for this API is exchanging data that is meaningless or
-undesirable to persist in the room DAG - for example, one-time authentication
-tokens or key data. It is not intended for conversational data, which should be
-sent using the normal |/rooms/<room_id>/send|_ API for consistency throughout
-Matrix.
-
-Client behaviour
-----------------
-To send a message to other devices, a client should call |/sendToDevice|_.
-Only one message can be sent to each device per transaction, and they must all
-have the same event type. The device ID in the request body can be set to ``*``
-to request that the message be sent to all known devices.
-
-If there are send-to-device messages waiting for a client, they will be
-returned by |/sync|_, as detailed in |Extensions|_. Clients should
-inspect the ``type`` of each returned event, and ignore any they do not
-understand.
-
-.. |Extensions| replace:: Extensions to /sync
-.. _Extensions: `send_to_device_sync`_
-
-Server behaviour
-----------------
-Servers should store pending messages for local users until they are
-successfully delivered to the destination device. When a client calls |/sync|_
-with an access token which corresponds to a device with pending messages, the
-server should list the pending messages, in order of arrival, in the response
-body.
-
-When the client calls ``/sync`` again with the ``next_batch`` token from the
-first response, the server should infer that any send-to-device messages in
-that response have been delivered successfully, and delete them from the store.
-
-If there is a large queue of send-to-device messages, the server should
-limit the number sent in each ``/sync`` response. 100 messages is recommended
-as a reasonable limit.
-
-If the client sends messages to users on remote domains, those messages should
-be sent on to the remote servers via
-`federation`_.
-
-.. _`federation`: ../server_server/%SERVER_RELEASE_LABEL%.html#send-to-device-messaging
-
-.. TODO-spec:
-
-   * Is a server allowed to delete undelivered messages? After how long? What
-     about if the device is deleted?
-
-   * If the destination HS doesn't support the ``m.direct_to_device`` EDU, it
-     will just get dumped. Should we indicate that to the client?
-
-
-Protocol definitions
---------------------
-
-{{to_device_cs_http_api}}
-
-.. TODO-spec:
-
-   * What should a server do if the user id or device id is unknown? Presumably
-     it shouldn't reject the request outright, because some of the destinations
-     may be valid. Should we add something to the response?
-
-.. anchor for link from /sync api spec
-.. |send_to_device_sync| replace:: Send-to-Device messaging
-.. _send_to_device_sync:
-
-Extensions to /sync
-~~~~~~~~~~~~~~~~~~~
-
-This module adds the following properties to the |/sync|_ response:
-
-.. todo: generate this from a swagger definition?
-
-========= ========= =======================================================
-Parameter Type      Description
-========= ========= =======================================================
-to_device ToDevice  Optional. Information on the send-to-device messages
-                    for the client device.
-========= ========= =======================================================
-
-``ToDevice``
-
-========= ========= =============================================
-Parameter Type      Description
-========= ========= =============================================
-events    [Event]   List of send-to-device messages.
-========= ========= =============================================
-
-``Event``
-
-================ ============ ==================================================
-Parameter        Type         Description
-================ ============ ==================================================
-content          EventContent The content of this event. The fields in this
-                              object will vary depending on the type of event.
-sender           string       The Matrix user ID of the user who sent this
-                              event.
-type             string       The type of event.
-================ ============ ==================================================
-
-
-Example response:
-
-.. code:: json
-
-  {
-    "next_batch": "s72595_4483_1934",
-    "rooms": {"leave": {}, "join": {}, "invite": {}},
-    "to_device": {
-      "events": [
-        {
-          "sender": "@alice:example.com",
-          "type": "m.new_device",
-          "content": {
-            "device_id": "XYZABCDE",
-            "rooms": ["!726s6s6q:example.com"]
-          }
-        }
-      ]
-    }
-  }
-
-
-.. |/sendToDevice| replace:: ``/sendToDevice``
-.. _/sendToDevice: #put-matrix-client-%CLIENT_MAJOR_VERSION%-sendtodevice-eventtype-txnid
diff --git a/specification/modules/server_acls.rst b/specification/modules/server_acls.rst
deleted file mode 100644
index 2b2d8f351ba..00000000000
--- a/specification/modules/server_acls.rst
+++ /dev/null
@@ -1,70 +0,0 @@
-.. Copyright 2018 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Server Access Control Lists (ACLs) for rooms
-============================================
-
-.. _module:server-acls:
-
-In some scenarios room operators may wish to prevent a malicious or untrusted
-server from participating in their room. Sending an `m.room.server_acl`_ state
-event into a room is an effective way to prevent the server from participating
-in the room at the federation level.
-
-Server ACLs can also be used to make rooms only federate with a limited set of
-servers, or retroactively make the room no longer federate with any other server,
-similar to setting the ``m.federate`` value on the `m.room.create`_ event.
-
-{{m_room_server_acl_event}}
-
-.. Note::
-   Port numbers are not supported because it is unclear to parsers whether a
-   port number should be matched or an IP address literal. Additionally, it
-   is unlikely that one would trust a server running on a particular domain's
-   port but not a different port, especially considering the server host can
-   easily change ports.
-
-.. Note::
-   CIDR notation is not supported for IP addresses because Matrix does not
-   encourage the use of IPs for identifying servers. Instead, a blanket
-   ``allow_ip_literals`` is provided to cover banning them.
-
-Client behaviour
-----------------
-Clients are not expected to perform any additional duties beyond sending the
-event. Clients should describe changes to the server ACLs to the user in the
-user interface, such as in the timeline.
-
-Clients may wish to kick affected users from the room prior to denying a server
-access to the room to help prevent those servers from participating and to
-provide feedback to the users that they have been excluded from the room.
-
-Server behaviour
-----------------
-Servers MUST prevent blacklisted servers from sending events or participating
-in the room when an `m.room.server_acl`_ event is present in the room state.
-Which APIs are specifically affected are described in the Server-Server API
-specification.
-
-Servers should still send events to denied servers if they are still residents
-of the room.
-
-
-Security considerations
------------------------
-Server ACLs are only effective if every server in the room honours them. Servers
-that do not honour the ACLs may still permit events sent by denied servers into
-the room, leaking them to other servers in the room. To effectively enforce an
-ACL in a room, the servers that do not honour the ACLs should be denied in the
-room as well.
\ No newline at end of file
diff --git a/specification/modules/server_notices.rst b/specification/modules/server_notices.rst
deleted file mode 100644
index 63b7bfc5e54..00000000000
--- a/specification/modules/server_notices.rst
+++ /dev/null
@@ -1,78 +0,0 @@
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Server Notices
-==============
-
-.. _module:server-notices:
-
-Homeserver hosts often want to send messages to users in an official capacity,
-or have resource limits which affect a user's ability to use the homeserver.
-For example, the homeserver may be limited to a certain number of active users
-per month and has exceeded that limit. To communicate this failure to users,
-the homeserver would use the Server Notices room.
-
-The aesthetics of the room (name, topic, avatar, etc) are left as an implementation
-detail. It is recommended that the homeserver decorate the room such that it looks
-like an official room to users.
-
-Events
-------
-Notices are sent to the client as normal ``m.room.message`` events with a
-``msgtype`` of ``m.server_notice`` in the server notices room. Events with
-a ``m.server_notice`` ``msgtype`` outside of the server notice room must
-be ignored by clients.
-
-The specified values for ``server_notice_type`` are:
-
-:``m.server_notice.usage_limit_reached``:
-  The server has exceeded some limit which requires the server administrator
-  to intervene. The ``limit_type`` describes the kind of limit reached.
-  The specified values for ``limit_type`` are:
-
-  :``monthly_active_user``:
-    The server's number of active users in the last 30 days has exceeded the
-    maximum. New connections are being refused by the server. What defines
-    "active" is left as an implementation detail, however servers are encouraged
-    to treat syncing users as "active".
-
-
-{{m_room_message_m_server_notice_event}}
-
-Client behaviour
-----------------
-Clients can identify the server notices room by the ``m.server_notice`` tag
-on the room. Active notices are represented by the `pinned events <#m-room-pinned-events>`_
-in the server notices room. Server notice events pinned in that room should
-be shown to the user through special UI and not through the normal pinned
-events interface in the client. For example, clients may show warning banners
-or bring up dialogs to get the user's attention. Events which are not server
-notice events and are pinned in the server notices room should be shown just
-like any other pinned event in a room.
-
-The client must not expect to be able to reject an invite to join the server
-notices room. Attempting to reject the invite must result in a
-``M_CANNOT_LEAVE_SERVER_NOTICE_ROOM`` error. Servers should not prevent the user
-leaving the room after joining the server notices room, however the same error
-code must be used if the server will prevent leaving the room.
-
-Server behaviour
-----------------
-Servers should manage exactly 1 server notices room per user. Servers must
-identify this room to clients with the ``m.server_notice`` tag. Servers should
-invite the target user rather than automatically join them to the server notice
-room.
-
-How servers send notices to clients, and which user they use to send the events,
-is left as an implementation detail for the server.
diff --git a/specification/modules/sso_login.rst b/specification/modules/sso_login.rst
deleted file mode 100644
index 986bed94f44..00000000000
--- a/specification/modules/sso_login.rst
+++ /dev/null
@@ -1,347 +0,0 @@
-.. Copyright 2019-2020 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-SSO client login/authentication
-===============================
-
-.. _module:sso_login:
-
-Single Sign-On (SSO) is a generic term which refers to protocols which allow
-users to log into applications via a single web-based authentication portal.
-Examples include OpenID Connect, "Central Authentication Service" (CAS) and SAML.
-
-This module allows a Matrix homeserver to delegate user authentication to an
-external authentication server supporting one of these protocols. In this
-process, there are three systems involved:
-
- * A Matrix client, using the APIs defined this specification, which is seeking
-   to authenticate a user to a Matrix homeserver.
-
- * A Matrix homeserver, implementing the APIs defined in this specification, but
-   which is delegating user authentication to the authentication server.
-
- * An "authentication server", which is responsible for authenticating the
-   user.
-
-This specification is concerned only with communication between the Matrix
-client and the homeserver, and is independent of the SSO protocol used to
-communicate with the authentication server. Different Matrix homeserver
-implementations might support different SSO protocols.
-
-Clients and homeservers implementing the SSO flow will need to consider both login_
-and `user-interactive authentication`_. The flow is
-similar in both cases, but there are slight differences.
-
-Typically, SSO systems require a single "callback" URI to be configured at the
-authentication server. Once the user is authenticated, their browser is
-redirected to that URI. It is up to the Matrix homeserver implementation to
-implement a suitable endpoint. For example, for CAS authentication the
-homeserver should provide a means for the administrator to configure where the
-CAS server is and the REST endpoints which consume the ticket.
-
-Client login via SSO
----------------------
-
-An overview of the process is as follows:
-
-0. The Matrix client calls |GET /login|_ to find the supported login
-   types, and the homeserver includes a flow with ``"type": "m.login.sso"`` in the
-   response.
-
-1. To initiate the ``m.login.sso`` login type, the Matrix client instructs the
-   user's browser to navigate to the |/login/sso/redirect|_ endpoint on the
-   user's homeserver.
-
-2. The homeserver responds with an HTTP redirect to the SSO user interface,
-   which the browser follows.
-
-3. The authentication server and the homeserver interact to verify the user's
-   identity and other authentication information, potentially using a number of
-   redirects.
-
-4. The browser is directed to the ``redirectUrl`` provided by the client with
-   a ``loginToken`` query parameter for the client to log in with.
-
-5. The client exchanges the login token for an access token by calling the
-   |/login|_ endpoint with a ``type`` of ``m.login.token``.
-
-For native applications, typically steps 1 to 4 are carried out by opening an
-embedded web view.
-
-These steps are illustrated as follows::
-
-  Matrix Client                        Matrix Homeserver      Auth Server
-      |                                       |                   |
-      |-------------(0) GET /login----------->|                   |
-      |<-------------login types--------------|                   |
-      |                                       |                   |
-      |   Webview                             |                   |
-      |      |                                |                   |
-      |----->|                                |                   |
-      |      |--(1) GET /login/sso/redirect-->|                   |
-      |      |<---------(2) 302---------------|                   |
-      |      |                                |                   |
-      |      |<========(3) Authentication process================>|
-      |      |                                |                   |
-      |      |<--(4) redirect to redirectUrl--|                   |
-      |<-----|                                |                   |
-      |                                       |                   |
-      |---(5) POST /login with login token--->|                   |
-      |<-------------access token-------------|                   |
-
-
-.. Note::
-   In the older `r0.4.0 version <https://matrix.org/docs/spec/client_server/r0.4.0.html#cas-based-client-login>`_
-   of this specification it was possible to authenticate via CAS when the homeserver
-   provides a ``m.login.cas`` login flow. This specification deprecates the use
-   of ``m.login.cas`` to instead prefer ``m.login.sso``, which is the same process
-   with the only change being which redirect endpoint to use: for ``m.login.cas``, use
-   ``/cas/redirect`` and for ``m.login.sso`` use ``/sso/redirect`` (described below).
-   The endpoints are otherwise the same.
-
-Client behaviour
-~~~~~~~~~~~~~~~~
-
-The client starts the process by instructing the browser to navigate to
-|/login/sso/redirect|_ with an appropriate ``redirectUrl``. Once authentication
-is successful, the browser will be redirected to that ``redirectUrl``.
-
-{{sso_login_redirect_cs_http_api}}
-
-Security considerations
-+++++++++++++++++++++++
-
-1. CSRF attacks via manipulation of parameters on the ``redirectUrl``
-
-   Clients should validate any requests to the ``redirectUrl``. In particular, it
-   may be possible for attackers to falsify any query parameters, leading to
-   cross-site request forgery (CSRF) attacks.
-
-   For example, consider a web-based client at ``https://client.example.com``,
-   which wants to initiate SSO login on the homeserver at ``server.example.org``.
-   It does this by storing the homeserver name in a query parameter for the
-   ``redirectUrl``: it redirects to
-   ``https://server.example.org/login/sso/redirect?redirectUrl=https://client.example.com?hs=server.example.org``.
-
-   An attacker could trick a victim into following a link to
-   ``https://server.example.org/login/sso/redirect?redirectUrl=https://client.example.com?hs=evil.com``,
-   which would result in the client sending a login token for the victim's
-   account to the attacker-controlled site ``evil.com``.
-
-   To guard against this, clients MUST NOT store state (such as the address of
-   the homeserver being logged into) anywhere it can be modified by external
-   processes.
-
-   Instead, the state could be stored in `localStorage
-   <https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage>`_ or
-   in a cookie.
-
-2. For added security, clients SHOULD include a unique identifier in the
-   ``redirectUrl`` and reject any callbacks that do not contain a recognised
-   identifier, to guard against unsolicited login attempts and replay attacks.
-
-Server behaviour
-~~~~~~~~~~~~~~~~
-
-Redirecting to the Authentication server
-++++++++++++++++++++++++++++++++++++++++
-
-The server should handle
-``/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect`` as follows:
-
-#. It should build a suitable request for the SSO system.
-
-#. It should store enough state that the flow can be securely resumed after the
-   SSO process completes. One way to do this is by storing a cookie which is
-   stored in the user's browser, by adding a ``Set-Cookie`` header to the response.
-
-#. It should redirect the user's browser to the SSO login page with the
-   appropriate parameters.
-
-See also the "Security considerations" below.
-
-.. TODO-spec:
-
-   It might be nice if the server did some validation of the ``redirectUrl``
-   parameter, so that we could check that aren't going to redirect to a non-TLS
-   endpoint, and to give more meaningful errors in the case of
-   faulty/poorly-configured clients.
-
-Handling the callback from the Authentication server
-++++++++++++++++++++++++++++++++++++++++++++++++++++
-
-Note that there will normally be a single callback URI which is used for both login
-and user-interactive authentication: it is up to the homeserver implementation
-to distinguish which is taking place.
-
-The homeserver should validate the response from the SSO system: this may
-require additional calls to the authentication server, and/or may require
-checking a signature on the response.
-
-The homeserver then proceeds as follows:
-
-#. The homeserver MUST map the user details received from the authentication
-   server to a valid `Matrix user identifier <../appendices.html#user-identifiers>`_.
-   The guidance in `Mapping from other character sets
-   <../appendices.html#mapping-from-other-character-sets>`_ may be useful.
-
-#. If the generated user identifier represents a new user, it should be
-   registered as a new user.
-
-#. The homeserver should generate a short-term login token. This is an opaque
-   token, suitable for use with the ``m.login.token`` type of the |/login|_
-   API. The lifetime of this token SHOULD be limited to around five
-   seconds.
-
-#. The homeserver adds a query parameter of ``loginToken``, with the value of
-   the generated login token, to the ``redirectUrl`` given in the
-   ``/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect``
-   request. (Note: ``redirectURL`` may or may not include existing query
-   parameters. If it already includes one or more ``loginToken`` parameters,
-   they should be removed before adding the new one.)
-
-#. The homeserver redirects the user's browser to the URI thus built.
-
-Security considerations
-~~~~~~~~~~~~~~~~~~~~~~~
-
-1. Homeservers should ensure that login tokens are not sent to malicious
-   clients.
-
-   For example, consider a homeserver at ``server.example.org``. An attacker tricks
-   a victim into following a link to
-   ``https://server.example.org/login/sso/redirect?redirectUrl=https://evil.com``,
-   resulting in a login token being sent to the attacker-controlled site
-   ``evil.com``. This is a form of cross-site request forgery (CSRF).
-
-   To mitigate this, Homeservers SHOULD confirm with the user that they are
-   happy to grant access to their matrix account to the site named in the
-   ``redirectUrl``. This can be done either *before* redirecting to the SSO
-   login page when handling the
-   ``/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect`` endpoint, or
-   *after* login when handling the callback from the authentication server. (If
-   the check is performed before redirecting, it is particularly important that
-   the homeserver guards against unsolicited authentication attempts as below).
-
-   It may be appropriate to whitelist a set of known-trusted client URLs in
-   this process. In particular, the homeserver's own `login fallback`_
-   implementation could be excluded.
-
-2. For added security, homeservers SHOULD guard against unsolicited
-   authentication attempts by tracking pending requests. One way to do this is
-   to set a cookie when handling
-   ``/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect``, which is
-   checked and cleared when handling the callback from the authentication
-   server.
-
-SSO during User-Interactive Authentication
-------------------------------------------
-
-`User-interactive authentication`_ is used by client-server
-endpoints which require additional confirmation of the user's identity (beyond
-holding an access token). Typically this means that the user must re-enter
-their password, but for homeservers which delegate to an SSO server, this means
-redirecting to the authentication server during user-interactive auth.
-
-The implemementation of this is based on the `Fallback`_ mechanism for
-user-interactive auth.
-
-Client behaviour
-----------------
-
-Clients do not need to take any particular additional steps beyond ensuring
-that the fallback mechanism has been implemented, and treating the
-``m.login.sso`` authentication type the same as any other unknown type
-(i.e. they should open a browser window for
-``/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web?session=<session_id>``.
-Once the flow has completed, the client retries the request with the session
-only.)
-
-Server behaviour
-----------------
-
-Redirecting to the Authentication server
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The server should handle
-``/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web`` in
-much the same way as
-``/_matrix/client/%CLIENT_MAJOR_VERSION%/login/sso/redirect``, which is to say:
-
-#. It should build a suitable request for the SSO system.
-
-#. It should store enough state that the flow can be securely resumed after the
-   SSO process completes. One way to do this is by storing a cookie which is
-   stored in the user's browser, by adding a ``Set-Cookie`` header to the response.
-
-#. It should redirect the user's browser to the SSO login page with the
-   appropriate parameters.
-
-See also the "Security considerations" below.
-
-Handling the callback from the Authentication server
-++++++++++++++++++++++++++++++++++++++++++++++++++++
-
-Note that there will normally be a single callback URI which is used for both login
-and user-interactive authentication: it is up to the homeserver implementation
-to distinguish which is taking place.
-
-The homeserver should validate the response from the SSO system: this may
-require additional calls to the authentication server, and/or may require
-checking a signature on the response.
-
-The homeserver then returns the `user-interactive authentication fallback
-completion`_ page to the user's browser.
-
-Security considerations
-+++++++++++++++++++++++
-
-1. Confirming the operation
-
-   The homeserver SHOULD confirm that the user is happy for the operation to go
-   ahead. The goal of the user-interactive authentication operation is to guard
-   against a compromised ``access_token`` being used to take over the user's
-   account. Simply redirecting the user to the SSO system is insufficient,
-   since they may not realise what is being asked of them, or the SSO system
-   may even confirm the authentication automatically.
-
-   For example, the homeserver might serve a page with words to the effect of:
-
-     A client is trying to remove a device from your account. To confirm this
-     action, re-authenticate with single sign-on. If you did not expect this, your
-     account may be compromised!
-
-   This confirmation could take place before redirecting to the SSO
-   authentication page (when handling the
-   ``/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web``
-   endpoint), or *after* authentication when handling the callback from the
-   authentication server. (If the check is performed before redirecting, it is
-   particularly important that the homeserver guards against unsolicited
-   authentication attempts as below).
-
-2. For added security, homeservers SHOULD guard against unsolicited
-   authentication attempts by tracking pending requests. One way to do this is
-   to set a cookie when handling
-   ``/_matrix/client/%CLIENT_MAJOR_VERSION%/auth/m.login.sso/fallback/web``,
-   which is checked and cleared when handling the callback from the
-   authentication server.
-
-
-
-.. |GET /login| replace:: ``GET /login``
-.. _GET /login: #get-matrix-client-%CLIENT_MAJOR_VERSION%-login
-.. |/login| replace:: ``/login``
-.. _/login: #post-matrix-client-%CLIENT_MAJOR_VERSION%-login
-.. |/login/sso/redirect| replace:: ``/login/sso/redirect``
-.. _/login/sso/redirect: #get-matrix-client-%CLIENT_MAJOR_VERSION%-login-sso-redirect
diff --git a/specification/modules/stickers.rst b/specification/modules/stickers.rst
deleted file mode 100644
index 346b0d84fe9..00000000000
--- a/specification/modules/stickers.rst
+++ /dev/null
@@ -1,53 +0,0 @@
-.. Copyright 2018 New Vector Ltd.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Sticker Messages
-================
-
-.. _module:stickers:
-
-This module allows users to send sticker messages in to rooms or direct
-messaging sessions.
-
-Sticker messages are specialised image messages that are displayed without
-controls (e.g. no "download" link, or light-box view on click, as would be
-displayed for for `m.image`_ events).
-
-Sticker messages are intended to provide simple "reaction" events in the message
-timeline. The matrix client should provide some mechanism to display the sticker
-"body" e.g. as a tooltip on hover, or in a modal when the sticker image is
-clicked.
-
-Events
-------
-Sticker events are received as a single ``m.sticker`` event in the
-``timeline`` section of a room, in a ``/sync``.
-
-{{m_sticker_event}}
-
-Client behaviour
-----------------
-
-Clients supporting this message type should display the image content from the
-event URL directly in the timeline.
-
-A thumbnail image should be provided in the ``info`` object. This is
-largely intended as a fallback for clients that do not fully support the
-``m.sticker`` event type. In most cases it is fine to set the thumbnail URL to the
-same URL as the main event content.
-
-It is recommended that sticker image content should be 512x512 pixels in size
-or smaller. The dimensions of the image file should be twice the intended
-display size specified in the ``info`` object in order to assist
-rendering sharp images on higher DPI screens.
diff --git a/specification/modules/tags.rst b/specification/modules/tags.rst
deleted file mode 100644
index a5e2377017b..00000000000
--- a/specification/modules/tags.rst
+++ /dev/null
@@ -1,70 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2018 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Tagging
-============
-
-.. _module:tagging:
-
-Users can add tags to rooms. Tags are namespaced strings used to label rooms.
-A room may have multiple tags. Tags are only visible to the user that set them
-but are shared across all their devices.
-
-Events
-------
-
-The tags on a room are received as single ``m.tag`` event in the
-``account_data`` section of a room. The content of the ``m.tag`` event is a
-``tags`` key whose value is an object mapping the name of each tag to another
-object.
-
-The JSON object associated with each tag gives information about the tag, e.g how
-to order the rooms with a given tag.
-
-Ordering information is given under the ``order`` key as a number between 0 and
-1. The numbers are compared such that 0 is displayed first. Therefore a room
-with an ``order`` of ``0.2`` would be displayed before a room with an ``order``
-of ``0.7``. If a room has a tag without an ``order`` key then it should appear
-after the rooms with that tag that have an ``order`` key.
-
-The name of a tag MUST NOT exceed 255 bytes.
-
-The tag namespace is defined as follows:
-
-* The namespace ``m.*`` is reserved for tags defined in the Matrix specification. Clients must ignore
-  any tags in this namespace they don't understand.
-* The namespace ``u.*`` is reserved for user-defined tags. The portion of the string after the ``u.``
-  is defined to be the display name of this tag. No other semantics should be inferred from tags in
-  this namespace.
-* A client or app willing to use special tags for advanced functionality should namespace them similarly to state keys: ``tld.name.*``
-* Any tag in the ``tld.name.*`` form but not matching the namespace of the current client should be ignored
-* Any tag not matching the above rules should be interpreted as a user tag from the ``u.*`` namespace, as if
-  the name had already had ``u.`` stripped from the start (ie. the name of the tag is used as the
-  display name directly). These non-namespaced tags are supported for historical reasons. New tags should use
-  one of the defined namespaces above.
-
-Several special names are listed in the specification:
-The following tags are defined in the ``m.*`` namespace:
-
-* ``m.favourite``: The user's favourite rooms. These should be shown with higher precedence than other rooms.
-* ``m.lowpriority``: These should be shown with lower precedence than others.
-* ``m.server_notice``: Used to identify `Server Notice Rooms <#module-server-notices>`_.
-
-{{m_tag_event}}
-
-Client Behaviour
-----------------
-
-{{tags_cs_http_api}}
diff --git a/specification/modules/third_party_networks.rst b/specification/modules/third_party_networks.rst
deleted file mode 100644
index cd4ce414322..00000000000
--- a/specification/modules/third_party_networks.rst
+++ /dev/null
@@ -1,20 +0,0 @@
-Third Party Networks
-====================
-
-.. _module:third-party-networks:
-
-Application services can provide access to third party networks via bridging.
-This allows Matrix users to communicate with users on other communication
-platforms, with messages ferried back and forth by the application service. A
-single application service may bridge multiple third party networks, and many
-individual locations within those networks. A single third party network
-location may be bridged to multiple Matrix rooms.
-
-Third Party Lookups
--------------------
-
-A client may wish to provide a rich interface for joining third party
-locations and connecting with third party users. Information necessary for
-such an interface is provided by third party lookups.
-
-{{third_party_lookup_cs_http_api}}
\ No newline at end of file
diff --git a/specification/modules/typing_notifications.rst b/specification/modules/typing_notifications.rst
deleted file mode 100644
index 964b804a237..00000000000
--- a/specification/modules/typing_notifications.rst
+++ /dev/null
@@ -1,56 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Typing Notifications
-====================
-
-.. _module:typing:
-
-Users may wish to be informed when another user is typing in a room. This can be
-achieved using typing notifications. These are ephemeral events scoped to a
-``room_id``. This means they do not form part of the
-`Event Graph <index.html#event-graphs>`_ but still have a ``room_id`` key.
-
-Events
-------
-
-{{m_typing_event}}
-
-Client behaviour
-----------------
-
-When a client receives an ``m.typing`` event, it MUST use the user ID list to
-**REPLACE** its knowledge of every user who is currently typing. The reason for
-this is that the server *does not remember* users who are not currently typing
-as that list gets big quickly. The client should mark as not typing any user ID
-who is not in that list.
-
-It is recommended that clients store a ``boolean`` indicating whether the user
-is typing or not. Whilst this value is ``true`` a timer should fire periodically
-every N seconds to send a typing HTTP request. The value of N is recommended to
-be no more than 20-30 seconds. This request should be re-sent by the client to
-continue informing the server the user is still typing. As subsequent
-requests will replace older requests, a safety margin of 5 seconds before the
-expected timeout runs out is recommended. When the user stops typing, the
-state change of the ``boolean`` to ``false`` should trigger another HTTP request
-to inform the server that the user has stopped typing.
-
-{{typing_cs_http_api}}
-
-Security considerations
------------------------
-
-Clients may not wish to inform everyone in a room that they are typing and
-instead only specific users in the room.
-
diff --git a/specification/modules/voip_events.rst b/specification/modules/voip_events.rst
deleted file mode 100644
index fab5651702a..00000000000
--- a/specification/modules/voip_events.rst
+++ /dev/null
@@ -1,116 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Voice over IP
-=============
-
-.. _module:voip:
-
-This module outlines how two users in a room can set up a Voice over IP (VoIP)
-call to each other. Voice and video calls are built upon the WebRTC 1.0 standard.
-Call signalling is achieved by sending `message events`_ to the room.  In this
-version of the spec, only two-party communication is supported (e.g. between two
-peers, or between a peer and a multi-point conferencing unit).
-This means that clients MUST only send call events to rooms with exactly two
-participants.
-
-.. _message events: `sect:events`_
-
-Events
-------
-
-{{voip_events}}
-
-Client behaviour
-----------------
-
-A call is set up with message events exchanged as follows:
-
-::
-
-   Caller                    Callee
- [Place Call]
- m.call.invite ----------->
- m.call.candidate -------->
- [..candidates..] -------->
-                           [Answers call]
-          <--------------- m.call.answer
-    [Call is active and ongoing]
-          <--------------- m.call.hangup
-
-Or a rejected call:
-
-::
-
-   Caller                      Callee
- m.call.invite ------------>
- m.call.candidate --------->
- [..candidates..] --------->
-                            [Rejects call]
-            <-------------- m.call.hangup
-
-Calls are negotiated according to the WebRTC specification.
-
-Glare
-~~~~~
-
-"Glare" is a problem which occurs when two users call each other at roughly the
-same time. This results in the call failing to set up as there already is an
-incoming/outgoing call. A glare resolution algorithm can be used to determine
-which call to hangup and which call to answer. If both clients implement the
-same algorithm then they will both select the same call and the call will be
-successfully connected.
-
-
-As calls are "placed" to rooms rather than users, the glare resolution algorithm
-outlined below is only considered for calls which are to the same room. The
-algorithm is as follows:
-
-- If an ``m.call.invite`` to a room is received whilst the client is
-  **preparing to send** an ``m.call.invite`` to the same room:
-
-  * the client should cancel its outgoing call and instead
-    automatically accept the incoming call on behalf of the user.
-
-- If an ``m.call.invite`` to a room is received **after the client has sent**
-  an ``m.call.invite`` to the same room and is waiting for a response:
-
-  * the client should perform a lexicographical comparison of the call IDs of
-    the two calls and use the *lesser* of the two calls, aborting the
-    greater. If the incoming call is the lesser, the client should accept
-    this call on behalf of the user.
-
-
-The call setup should appear seamless to the user as if they had simply placed
-a call and the other party had accepted. This means any media stream that had been
-setup for use on a call should be transferred and used for the call that
-replaces it.
-
-Server behaviour
-----------------
-
-The homeserver MAY provide a TURN server which clients can use to contact the
-remote party. The following HTTP API endpoints will be used by clients in order
-to get information about the TURN server.
-
-{{voip_cs_http_api}}
-
-
-Security considerations
------------------------
-
-Calls should only be placed to rooms with one other user in them. If they are
-placed to group chat rooms it is possible that another user will intercept and
-answer the call.
-
diff --git a/specification/proposals.rst b/specification/proposals.rst
deleted file mode 100644
index 94878f80497..00000000000
--- a/specification/proposals.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-Tables of Tracked Proposals
----------------------------
-
-This file is generated by an automated process on our build server.
-
-View the current live version `at https://matrix.org/docs/spec/proposals <https://matrix.org/docs/spec/proposals>`_.
diff --git a/specification/proposals_intro.rst b/specification/proposals_intro.rst
deleted file mode 100644
index 6d8dc8a9fa4..00000000000
--- a/specification/proposals_intro.rst
+++ /dev/null
@@ -1,503 +0,0 @@
-.. raw:: html
-
- %proposalscssinjection%
-
-.. title:: Proposals for Spec Changes to Matrix
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Proposals for Spec Changes to Matrix
-------------------------------------
-
-If you are interested in submitting a change to the Matrix Specification,
-please take note of the following guidelines.
-
-Most changes to the Specification require a formal proposal. Bug fixes, typos,
-and clarifications to existing behaviour do not need proposals - see the
-`contributing guide <https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst>`_
-for more information on what does and does not need a proposal.
-
-The proposal process involves some technical writing, having it reviewed by
-everyone, having the proposal being accepted, then actually having your ideas
-implemented as committed changes to the `Specification repository
-<https://github.com/matrix-org/matrix-doc>`_.
-
-Meet the `members of the Core Team
-<https://matrix.org/foundation>`_, a group of
-individuals tasked with ensuring the spec process is as smooth and painless as
-possible. Members of the Spec Core Team will do their best to participate in
-discussion, summarise when things become long-winded, and generally try to act
-towards the benefit of everyone. As a majority, team members have the ability
-to change the state of a proposal, and individually have the final say in
-proposal discussion.
-
-Guiding Principles
-------------------
-
-Proposals **must** act to the greater benefit of the entire Matrix ecosystem,
-rather than benefiting or privileging any single player or subset of players -
-and must not contain any patent encumbered intellectual property. Members of
-the Core Team pledge to act as a neutral custodian for Matrix on behalf of the
-whole ecosystem.
-
-For clarity: the Matrix ecosystem is anyone who uses the Matrix protocol. That
-includes client users, server admins, client developers, bot developers,
-bridge and application service developers, users and admins who are indirectly
-using Matrix via 3rd party networks which happen to be bridged, server developers,
-room moderators and admins, companies/projects building products or services on
-Matrix, spec contributors, translators, and those who created it in
-the first place.
-
-"Greater benefit" could include maximising:
-
-* the number of end-users reachable on the open Matrix network
-* the number of regular users on the Matrix network (e.g. 30-day retained
-  federated users)
-* the number of online servers in the open federation
-* the number of developers building on Matrix
-* the number of independent implementations which use Matrix
-* the number of bridged end-users reachable on the open Matrix network
-* the signal-to-noise ratio of the content on the open Matrix network (i.e. minimising spam)
-* the ability for users to discover content on their terms (empowering them to select what to see and what not to see)
-* the quality and utility of the Matrix spec (as defined by ease and ability
-  with which a developer can implement spec-compliant clients, servers, bots,
-  bridges, and other integrations without needing to refer to any other
-  external material)
-
-In addition, proposal authors are expected to uphold the following values in
-their proposed changes to the Matrix protocol:
-
-* Supporting the whole long-term ecosystem rather than individual stakeholder gain
-* Openness rather than proprietary lock-in
-* Interoperability rather than fragmentation
-* Cross-platform rather than platform-specific
-* Collaboration rather than competition
-* Accessibility rather than elitism
-* Transparency rather than stealth
-* Empathy rather than contrariness
-* Pragmatism rather than perfection
-* Proof rather than conjecture
-
-Please `see MSC1779 <https://github.com/matrix-org/matrix-doc/blob/master/proposals/1779-open-governance.md>`_
-for full details of the project's Guiding Principles.
-
-Technical notes
----------------
-
-Proposals **must** develop Matrix as a layered protocol: with new features
-building on layers of shared abstractions rather than introducing tight vertical
-coupling within the stack.  This ensures that new features can evolve rapidly by
-building on existing layers and swapping out old features without impacting the
-rest of the stack or requiring substantial upgrades to the whole ecosystem.
-This is critical for Matrix to rapidly evolve and compete effectively with
-centralised systems, despite being a federated protocol.
-
-For instance, new features should be implemented using the highest layer
-abstractions possible (e.g. new event types, which layer on top of the existing
-room semantics, and so don't even require any API changes). Failing that, the
-next recourse would be backwards-compatible changes to the next layer down (e.g.
-room APIs); failing that, considering changes to the format of events or the
-DAG; etc.  It would be a very unusual feature which doesn't build on the
-existing infrastructure provided by the spec and instead created new primitives
-or low level APIs.
-
-Backwards compatibility is very important for Matrix, but not at the expense of
-hindering the protocol's evolution.  Backwards incompatible changes to endpoints
-are allowed when no other alternative exists, and must be versioned under a new
-major release of the API.  Backwards incompatible changes to the room algorithm
-are also allowed when no other alternative exists, and must be versioned under a
-new version of the room algorithm.
-
-There is sometimes a dilemma over where to include higher level features: for
-instance, should video conferencing be formalised in the spec, or should it be
-implemented via widgets? Should reputation systems be specified? Should search
-engine behaviour be specified?
-
-There is no universal answer to this, but the following guidelines should be
-applied:
-
-1. If the feature would benefit the whole Matrix ecosystem and is aligned with
-   the guiding principles above, then it should be supported by the spec.
-2. If the spec already makes the feature possible without changing any of the
-   implementations and spec, then it may not need to be added to the spec.
-3. However, if the best user experience for a feature does require custom
-   implementation behaviour then the behaviour should be defined in the spec
-   such that all implementations may implement it.
-4. However, the spec must never add dependencies on unspecified/nonstandardised
-   3rd party behaviour.
-
-As a worked example:
-
-1. Video conferencing is clearly a feature which would benefit
-   the whole ecosystem, and so the spec should find a way to make it happen.
-2. Video conferencing can be achieved by widgets without requiring any
-   compulsory changes to changes to clients nor servers to work, and so could be
-   omitted from the spec.
-3. A better experience could be achieved by embedding Jitsi natively into clients
-   rather than using a widget...
-4. ...except that would add a dependency on unspecified/nonstandardised 3rd party
-   behaviour, so must not be added to the spec.
-
-Therefore, our two options in the specific case of video conferencing are
-either to spec SFU conferencing semantics for WebRTC (or refer to an existing spec
-for doing so), or to keep it as a widget-based approach (optionally with widget
-extensions specific for more deeply integrating video conferencing use cases).
-
-As an alternative example: it's very unlikely that "how to visualise Magnetic
-Resonsance Imaging data over Matrix" would ever be added to the Matrix spec
-(other than perhaps a custom event type in a wider standardised Matrix event
-registry) given that the spec's existing primitives of file transfer and
-extensible events (MSC1767) give excellent tools for transfering and
-visualising arbitrary rich data.
-
-Supporting public search engines are likely to not require custom spec features
-(other than possibly better bulk access APIs), given they can be implemented as
-clients using the existing CS API.  An exception could be API features required
-by decentralised search infrastructure (avoiding centralisation of power by
-a centralised search engine).
-
-Features such as reactions, threaded messages, editable messages,
-spam/abuse/content filtering (and reputation systems), are all features which
-would clearly benefit the whole Matrix ecosystem, and cannot be implemented in an
-interoperable way using the current spec; so they necessitate a spec change.
-
-Process
--------
-
-The process for submitting a Matrix Spec Change (MSC) Proposal in detail is as
-follows:
-
-- Create a first draft of your proposal using `GitHub-flavored markdown
-  <https://help.github.com/articles/basic-writing-and-formatting-syntax/>`_
-
-  - In the document, clearly state the problem being solved, and the possible
-    solutions being proposed for solving it and their respective trade-offs.
-  - Proposal documents are intended to be as lightweight and flexible as the
-    author desires; there is no formal template; the intention is to iterate
-    as quickly as possible to get to a good design.
-  - However, a `template with suggested headers
-    <https://github.com/matrix-org/matrix-doc/blob/master/proposals/0000-proposal-template.md>`_
-    is available to get you started if necessary.
-  - Take care in creating your proposal. Specify your intended changes, and
-    give reasoning to back them up. Changes without justification will likely
-    be poorly received by the community.
-
-- Fork and make a PR to the `matrix-doc
-  <https://github.com/matrix-org/matrix-doc>`_ repository. The ID of your PR
-  will become the MSC ID for the lifetime of your proposal.
-
-  - The proposal must live in the ``proposals/`` directory with a filename that
-    follows the format ``1234-my-new-proposal.md`` where ``1234`` is the MSC
-    ID.
-  - Your PR description must include a link to the rendered markdown document
-    and a summary of the proposal.
-  - It is often very helpful to link any related MSCs or `matrix-doc issues
-    <https://github.com/matrix-org/matrix-doc/issues>`_ to give context
-    for the proposal.
-  - Additionally, please be sure to sign off your proposal PR as per the
-    guidelines listed on `CONTRIBUTING.rst
-    <https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst>`_.
-
-- Gather feedback as widely as possible.
-
-  - The aim is to get maximum consensus towards an optimal solution. Sometimes
-    trade-offs are required to meet this goal. Decisions should be made to the
-    benefit of all major use cases.
-  - A good place to ask for feedback on a specific proposal is
-    `#matrix-spec:matrix.org <https://matrix.to/#/#matrix-spec:matrix.org>`_.
-    If preferred, an alternative room can be created and advertised in
-    #matrix-spec:matrix.org. Please also link to the room in your PR
-    description.
-  - For additional discussion areas, know that that #matrix-dev:matrix.org is
-    for developers using existing Matrix APIs, #matrix:matrix.org is for users
-    trying to run Matrix apps (clients & servers) and
-    #matrix-architecture:matrix.org is for cross-cutting discussion of matrix's
-    architectural design.
-  - The point of the spec proposal process is to be collaborative rather than
-    competitive, and to try to solve the problem in question with the optimal
-    set of trade-offs. The author should neutrally gather the various
-    viewpoints and get consensus, but this can sometimes be time-consuming (or
-    the author may be biased), in which case an impartial 'shepherd' can be
-    assigned to help guide the proposal through this process instead. A shepherd is
-    typically a neutral party from the Spec Core Team or an experienced member of
-    the community. There is no formal process for assignment. Simply ask for a
-    shepherd to help get your proposal through and one will be assigned based
-    on availability. Having a shepherd is not a requirement for proposal
-    acceptance.
-
-- Members of the Spec Core Team and community will review and discuss the PR in the
-  comments and in relevant rooms on Matrix. Discussion outside of GitHub should
-  be summarised in a comment on the PR.
-- When a member of the Spec Core Team believes that no new discussion points are
-  being made, and the proposal has suitable evidence of working (see `implementing a
-  proposal`_ below), they will propose a motion for a final comment period (FCP),
-  along with a *disposition* of either merge, close or postpone. This FCP is
-  provided to allow a short period of time for any invested party to provide a
-  final objection before a major decision is made. If sufficient reasoning is
-  given, an FCP can be cancelled. It is often preceded by a comment summarising
-  the current state of the discussion, along with reasoning for its occurrence.
-- A concern can be raised by a Spec Core Team member at any time, which will block
-  an FCP from beginning. An FCP will only begin when 75% of the members of the
-  Spec Core Team team agree on its outcome, and all existing concerns have been
-  resolved.
-- The FCP will then begin and last for 5 days, giving anyone else some time to
-  speak up before it concludes. On its conclusion, the disposition of the FCP
-  will be carried out. If sufficient reasoning against the disposition is
-  raised, the FCP can be cancelled and the MSC will continue to evolve
-  accordingly.
-- Once the proposal has been accepted and merged, it is time to submit the
-  actual change to the Specification that your proposal reasoned about. This is
-  known as a spec PR. However in order for the spec PR to be accepted, an
-  implementation **must** be shown to prove that it works well in practice. A
-  link to the implementation should be included in the PR description. In
-  addition, any significant unforeseen changes to the original idea found
-  during this process will warrant another MSC. Any minor, non-fundamental
-  changes are allowed but **must** be documented in the original proposal
-  document. This ensures that someone reading a proposal in the future doesn't
-  assume old information wasn't merged into the spec.
-
-  - Similar to the proposal PR, please sign off the spec PR as per the
-    guidelines on `CONTRIBUTING.rst
-    <https://github.com/matrix-org/matrix-doc/blob/master/CONTRIBUTING.rst>`_.
-
-- Your PR will then be reviewed and hopefully merged on the grounds it is
-  implemented sufficiently. If so, then give yourself a pat on the back knowing
-  you've contributed to the Matrix protocol for the benefit of users and
-  developers alike :)
-
-The process for handling proposals is shown visually in the following diagram.
-Note that the lifetime of a proposal is tracked through the corresponding
-labels for each stage on the `matrix-doc
-<https://github.com/matrix-org/matrix-doc>`_ issue and pull request trackers.
-
-::
-
-                           +                          +
-         Proposals         |          Spec PRs        |  Additional States
-         +-------+         |          +------+        |  +---------------+
-                           |                          |
- +----------------------+  |         +---------+      |    +-----------+
- |                      |  |         |         |      |    |           |
- |      Proposal        |  |  +------= Spec PR |      |    | Postponed |
- | Drafting and Initial |  |  |      | Missing |      |    |           |
- |  Feedback Gathering  |  |  |      |         |      |    +-----------+
- |                      |  |  |      +----+----+      |
- +----------+-----------+  |  |           |           |    +----------+
-            |              |  |           v           |    |          |
-            v              |  |  +-----------------+  |    |  Closed  |
-  +-------------------+    |  |  |                 |  |    |          |
-  |                   |    |  |  | Spec PR Created |  |    +----------+
-  |    Proposal PR    |    |  |  |  and In Review  |  |
-  |     In Review     |    |  |  |                 |  |
-  |                   |    |  |  +--------+--------+  |
-  +---------+---------+    |  |           |           |
-            |              |  |           v           |
-            v              |  |     +-----------+     |
- +----------------------+  |  |     |           |     |
- |                      |  |  |     |  Spec PR  |     |
- |    Proposed Final    |  |  |     |  Merged!  |     |
- |    Comment Period    |  |  |     |           |     |
- |                      |  |  |     +-----------+     |
- +----------+-----------+  |  |                       |
-            |              |  |                       |
-            v              |  |                       |
- +----------------------+  |  |                       |
- |                      |  |  |                       |
- | Final Comment Period |  |  |                       |
- |                      |  |  |                       |
- +----------+-----------+  |  |                       |
-            |              |  |                       |
-            v              |  |                       |
- +----------------------+  |  |                       |
- |                      |  |  |                       |
- | Final Comment Period |  |  |                       |
- |       Complete       |  |  |                       |
- |                      |  |  |                       |
- +----------+-----------+  |  |                       |
-            |              |  |                       |
-            +-----------------+                       |
-                           |                          |
-                           +                          +
-
-Lifetime States
----------------
-
-**Note:** All labels are to be placed on the proposal PR.
-
-===============================  =============================  ====================================
-Name                             GitHub Label                   Description
-===============================  =============================  ====================================
-Proposal Drafting and Feedback   N/A                            A proposal document which is still work-in-progress but is being shared to incorporate feedback. Please prefix your proposal's title with ``[WIP]`` to make it easier for reviewers to skim their notifications list.
-Proposal In Review               proposal-in-review             A proposal document which is now ready and waiting for review by the Spec Core Team and community
-Proposed Final Comment Period    proposed-final-comment-period  Currently awaiting signoff of a 75% majority of team members in order to enter the final comment period
-Final Comment Period             final-comment-period           A proposal document which has reached final comment period either for merge, closure or postponement
-Final Commment Period Complete   finished-final-comment-period  The final comment period has been completed. Waiting for a demonstration implementation
-Spec PR Missing                  spec-pr-missing                The proposal has been agreed, and proven with a demonstration implementation. Waiting for a PR against the Spec
-Spec PR In Review                spec-pr-in-review              The spec PR has been written, and is currently under review
-Spec PR Merged                   merged                         A proposal with a sufficient working implementation and whose Spec PR has been merged!
-Postponed                        proposal-postponed             A proposal that is temporarily blocked or a feature that may not be useful currently but perhaps
-                                                                sometime in the future
-Closed                           proposal-closed                A proposal which has been reviewed and deemed unsuitable for acceptance
-Obsolete                         obsolete                       A proposal which has been made obsolete by another proposal or decision elsewhere.
-===============================  =============================  ====================================
-
-Categories
-----------
-
-We use category labels on MSCs to place them into a track of work. The Spec Core Team
-decides which of the tracks they are focusing on for the next while and generally makes
-an effort to pull MSCs out of that category when possible.
-
-The current categories are:
-
-============ ================= ======================================
-Name         Github Label      Description
-============ ================= ======================================
-Core         kind:core         Important for the protocol's success.
-Feature      kind:feature      Nice to have additions to the spec.
-Maintenance  kind:maintenance  Fixes or clarifies existing spec.
-============ ================= ======================================
-
-Some examples of core MSCs would be aggregations, cross-signing, and groups/communities.
-These are the sorts of things that if not implemented could cause the protocol to
-fail or become second-class. Features would be areas like enhanced media APIs,
-new transports, and bookmarks in comparison. Finally, maintenance MSCs would include
-improving error codes, clarifying what is required of an API, and adding properties
-to an API which makes it easier to use.
-
-The Spec Core Team assigns a category to each MSC based on the descriptions above.
-This can mean that new MSCs get categorized into an area the team isn't focused on,
-though that can always change as priorities evolve. We still encourage that MSCs be
-opened, even if not the focus for the time being, as they can still make progress and
-even be merged without the Spec Core Team focusing on them specifically.
-
-Implementing a proposal
------------------------
-
-As part of the proposal process the spec core team will require evidence of the MSC
-working in order for it to move into FCP. This can usually be a branch/pull request
-to whichever implementation of choice that proves the MSC works in practice, though
-in some cases the MSC itself will be small enough to be considered proven. Where it's
-unclear if a MSC will require an implementation proof, ask in `#matrix-spec:matrix.org
-<https://matrix.to/#/#matrix-spec:matrix.org>`_.
-
-Early release of a MSC/idea
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To help facilitate early releases of software dependent on a spec release, implementations
-are required to use the following process to ensure that the official Matrix namespace
-is not cluttered with development or testing data.
-
-.. Note::
-   Unreleased implementations (including proofs-of-concept demonstrating that a
-   particular MSC works) do not have to follow this process.
-
-1. Have an idea for a feature.
-2. Implement the feature using unstable endpoints, vendor prefixes, and unstable
-   feature flags as appropriate.
-
-   * When using unstable endpoints, they MUST include a vendor prefix. For example:
-     ``/_matrix/client/unstable/com.example/login``. Vendor prefixes throughout Matrix
-     always use the Java package naming convention. The MSC for the feature should
-     identify which preferred vendor prefix is to be used by early adopters.
-   * Note that unstable namespaces do not automatically inherit endpoints from stable
-     namespaces: for example, the fact that ``/_matrix/client/r0/sync`` exists does
-     not imply that ``/_matrix/client/unstable/com.example/sync`` exists.
-   * If the client needs to be sure the server supports the feature, an unstable
-     feature flag that MUST be vendor prefixed is to be used. This kind of flag shows
-     up in the ``unstable_features`` section of ``/versions`` as, for example,
-     ``com.example.new_login``. The MSC for the feature should identify which preferred
-     feature flag is to be used by early adopters.
-   * When using this approach correctly, the implementation can ship/release the
-     feature at any time, so long as the implementation is able to accept the technical
-     debt that results from needing to provide adequate backwards and forwards
-     compatibility. The implementation MUST support the flag (and server-side implementation) disappearing and be
-     generally safe for users. Note that implementations early in the MSC review
-     process may also be required to provide backwards compatibility with earlier
-     editions of the proposal.
-   * If the implementation cannot support the technical debt (or if it's impossible
-     to provide forwards/backwards compatibility - e.g. a user authentication change
-     which can't be safely rolled back), the implementation should not attempt to
-     implement the feature and should instead wait for a spec release.
-   * If at any point after early release, the idea changes in a backwards-incompatible way, the feature flag should also change so that
-     implementations can adapt as needed.
-
-3. In parallel, or ahead of implementation, open an MSC and solicit review per above.
-4. Before FCP can be called, the Spec Core Team will require evidence of the MSC
-   working as proposed. A typical example of this is an implementation of the MSC,
-   though the implementation does not need to be shipped anywhere and can therefore
-   avoid the forwards/backwards compatibility concerns mentioned here.
-5. The FCP process is completed, and assuming nothing is flagged the MSC lands.
-6. A spec PR is written to incorporate the changes into Matrix.
-7. A spec release happens.
-8. Implementations switch to using stable prefixes (e.g.: ``/r0``) if the server
-   supports the specification version released. If the server doesn't advertise the
-   specification version, but does have the feature flag, unstable prefixes should
-   still be used.
-9. A transition period of about 2 months starts immediately after the spec release,
-   before implementations start to encourage other implementations to switch
-   to stable endpoints. For example, a server implementation should start asking
-   client implementations to support the stable endpoints 2 months after the spec
-   release, if they haven't already. The same applies in the reverse: if clients
-   cannot switch to stable prefixes because server implementations haven't started
-   supporting the new spec release, some noise should be raised in the general direction
-   of the implementation.
-
-.. Note::
-   MSCs MUST still describe what the stable endpoints/feature looks like with a note
-   towards the bottom for what the unstable feature flag/prefixes are. For example,
-   a MSC would propose `/_matrix/client/r0/new/endpoint`, not `/_matrix/client/unstable/
-   com.example/new/endpoint`.
-
-In summary:
-
-* Implementations MUST NOT use stable endpoints before the MSC is in the spec. This
-  includes NOT using stable endpoints in the period between completion of FCP and release of the spec.
-  passed.
-* Implementations are able to ship features that are exposed to users by default before
-  an MSC has been merged to the spec, provided they follow the process above.
-* Implementations SHOULD be wary of the technical debt they are incurring by moving faster
-  than the spec.
-* The vendor prefix is chosen by the developer of the feature, using the Java package
-  naming convention. The foundation's preferred vendor prefix is `org.matrix`.
-* The vendor prefixes, unstable feature flags, and unstable endpoints should be included
-  in the MSC, though the MSC MUST be written in a way that proposes new stable endpoints.
-  Typically this is solved by a small table at the bottom mapping the various values
-  from stable to unstable.
-
-Proposal Tracking
------------------
-
-This is a living document generated from the list of proposals on the issue and
-pull request trackers of the `matrix-doc
-<https://github.com/matrix-org/matrix-doc>`_ repo.
-
-We use labels and some metadata in MSC PR descriptions to generate this page.
-Labels are assigned by the Spec Core Team whilst triaging the proposals based on those
-which exist in the `matrix-doc <https://github.com/matrix-org/matrix-doc>`_
-repo already.
-
-It is worth mentioning that a previous version of the MSC process used a
-mixture of GitHub issues and PRs, leading to some MSC numbers deriving from
-GitHub issue IDs instead. A useful feature of GitHub is that it does
-automatically resolve to an issue, if an issue ID is placed in a pull URL. This
-means that https://github.com/matrix-org/matrix-doc/pull/$MSCID will correctly
-resolve to the desired MSC, whether it started as an issue or a PR.
-
-Other metadata:
-
-- The MSC number is taken from the GitHub Pull Request ID. This is carried for
-  the lifetime of the proposal. These IDs do not necessary represent a
-  chronological order.
-- The GitHub PR title will act as the MSC's title.
-- Please link to the spec PR (if any) by adding a "PRs: #1234" line in the
-  issue description.
-- The creation date is taken from the GitHub PR, but can be overridden by
-  adding a "Date: yyyy-mm-dd" line in the PR description.
-- Updated Date is taken from GitHub.
-- Author is the creator of the MSC PR, but can be overridden by adding a
-  "Author: @username" line in the body of the issue description. Please make
-  sure @username is a GitHub user (include the @!)
-- A shepherd can be assigned by adding a "Shepherd: @username" line in the
-  issue description. Again, make sure this is a real GitHub user.
diff --git a/specification/push_gateway.rst b/specification/push_gateway.rst
deleted file mode 100644
index 46c0000d3c2..00000000000
--- a/specification/push_gateway.rst
+++ /dev/null
@@ -1,95 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2018 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Push Gateway API
-================
-
-{{unstable_warning_block_PUSH_GATEWAY_RELEASE_LABEL}}
-
-Clients may want to receive push notifications when events are received at
-the homeserver. This is managed by a distinct entity called the Push Gateway.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Changelog
----------
-
-.. topic:: Version: %PUSH_GATEWAY_RELEASE_LABEL%
-{{push_gateway_changelog}}
-
-This version of the specification is generated from
-`matrix-doc <https://github.com/matrix-org/matrix-doc>`_ as of Git commit
-`{{git_version}} <https://github.com/matrix-org/matrix-doc/tree/{{git_rev}}>`_.
-
-For the full historical changelog, see
-https://github.com/matrix-org/matrix-doc/blob/master/changelogs/push_gateway.rst
-
-Other versions of this specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following other versions are also available, in reverse chronological order:
-
-- `HEAD <https://matrix.org/docs/spec/push_gateway/unstable.html>`_: Includes all changes since the latest versioned release.
-- `r0.1.0 <https://matrix.org/docs/spec/push_gateway/r0.1.0.html>`_
-
-Overview
---------
-
-A client's homeserver forwards information about received events to the push
-gateway. The gateway then submits a push notification to the push notification
-provider (e.g. APNS, GCM).
-
-
-::
-
-                                   +--------------------+  +-------------------+
-                  Matrix HTTP      |                    |  |                   |
-             Notification Protocol |   App Developer    |  |   Device Vendor   |
-                                   |                    |  |                   |
-           +-------------------+   | +----------------+ |  | +---------------+ |
-           |                   |   | |                | |  | |               | |
-           | Matrix homeserver +----->  Push Gateway  +------> Push Provider | |
-           |                   |   | |                | |  | |               | |
-           +-^-----------------+   | +----------------+ |  | +----+----------+ |
-             |                     |                    |  |      |            |
-    Matrix   |                     |                    |  |      |            |
- Client/Server API  +              |                    |  |      |            |
-             |      |              +--------------------+  +-------------------+
-             |   +--+-+                                           |
-             |   |    <-------------------------------------------+
-             +---+    |
-                 |    |          Provider Push Protocol
-                 +----+
-
-         Mobile Device or Client
-
-
-Homeserver behaviour
---------------------
-
-This describes the format used by "HTTP" pushers to send notifications of
-events to Push Gateways. If the endpoint returns an HTTP error code, the
-homeserver SHOULD retry for a reasonable amount of time using exponential backoff.
-
-When pushing notifications for events, the homeserver is expected to include all of
-the event-related fields in the ``/notify`` request. When the homeserver is performing
-a push where the ``format`` is ``"event_id_only"``, only the ``event_id``, ``room_id``,
-``counts``, and ``devices`` are required to be populated.
-
-Note that most of the values and behaviour of this endpoint is described by the Client-Server
-API's `Push Module <../client_server/%CLIENT_RELEASE_LABEL%.html#module-push>`_.
-
-{{push_notifier_push_http_api}}
diff --git a/specification/rooms/v1.rst b/specification/rooms/v1.rst
deleted file mode 100644
index a71bdfb4592..00000000000
--- a/specification/rooms/v1.rst
+++ /dev/null
@@ -1,363 +0,0 @@
-.. Copyright 2017,2019 New Vector Ltd
-.. Copyright 2020 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Version 1
-==============
-
-This room version is the first ever version for rooms, and contains the building
-blocks for other room versions.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Client considerations
----------------------
-
-Clients may need to consider some algorithms performed by the server for their own
-implementation.
-
-Redactions
-~~~~~~~~~~
-
-Upon receipt of a redaction event, the server must strip off any keys not in
-the following list:
-
-- ``event_id``
-- ``type``
-- ``room_id``
-- ``sender``
-- ``state_key``
-- ``content``
-- ``hashes``
-- ``signatures``
-- ``depth``
-- ``prev_events``
-- ``prev_state``
-- ``auth_events``
-- ``origin``
-- ``origin_server_ts``
-- ``membership``
-
-.. Note:
-   Some of the keys, such as ``hashes``, will appear on the federation-formatted
-   event and therefore the client may not be aware of them.
-
-The content object must also be stripped of all keys, unless it is one of
-one of the following event types:
-
-- ``m.room.member`` allows key ``membership``.
-- ``m.room.create`` allows key ``creator``.
-- ``m.room.join_rules`` allows key ``join_rule``.
-- ``m.room.power_levels`` allows keys ``ban``, ``events``, ``events_default``,
-  ``kick``, ``redact``, ``state_default``, ``users``, ``users_default``.
-- ``m.room.aliases`` allows key ``aliases``.
-- ``m.room.history_visibility`` allows key ``history_visibility``.
-
-Server implementation components
---------------------------------
-
-.. WARNING::
-   The information contained in this section is strictly for server implementors.
-   Applications which use the Client-Server API are generally unaffected by the
-   intricacies contained here. The section above regarding client considerations
-   is the resource that Client-Server API use cases should reference.
-
-
-The algorithms defined here should only apply to version 1 rooms. Other algorithms
-may be used by other room versions, and as such servers should be aware of which
-version room they are dealing with prior to executing a given algorithm.
-
-.. WARNING::
-   Although room version 1 is the most popular room version, it is known to have
-   undesirable effects. Servers implementing support for room version 1 should be
-   aware that restrictions should be generally relaxed and that inconsistencies
-   may occur until room version 2 (or later) is ready and adopted.
-
-State resolution
-~~~~~~~~~~~~~~~~
-
-.. WARNING::
-  This section documents the state resolution algorithm as implemented by
-  Synapse as of December 2017 (and therefore the de-facto Matrix protocol).
-  However, this algorithm is known to have some problems.
-
-The room state :math:`S'(E)` after an event :math:`E` is defined in terms of
-the room state :math:`S(E)` before :math:`E`, and depends on whether
-:math:`E` is a state event or a message event:
-
-* If :math:`E` is a message event, then :math:`S'(E) = S(E)`.
-
-* If :math:`E` is a state event, then :math:`S'(E)` is :math:`S(E)`, except
-  that its entry corresponding to :math:`E`'s ``event_type`` and ``state_key``
-  is replaced by :math:`E`'s ``event_id``.
-
-The room state :math:`S(E)` before :math:`E` is the *resolution* of the set of
-states :math:`\{ S'(E'), S'(E''), … \}` consisting of the states after each of
-:math:`E`'s ``prev_event``\s :math:`\{ E', E'', … \}`.
-
-The *resolution* of a set of states is defined as follows.  The resolved state
-is built up in a number of passes; here we use :math:`R` to refer to the
-results of the resolution so far.
-
-* Start by setting :math:`R` to the union of the states to be resolved,
-  excluding any *conflicting* events.
-
-* First we resolve conflicts between ``m.room.power_levels`` events. If there
-  is no conflict, this step is skipped, otherwise:
-
-  * Assemble all the ``m.room.power_levels`` events from the states to
-    be resolved into a list.
-
-  * Sort the list by ascending ``depth`` then descending ``sha1(event_id)``.
-
-  * Add the first event in the list to :math:`R`.
-
-  * For each subsequent event in the list, check that the event would be
-    allowed by the authorization rules for a room in state :math:`R`. If the
-    event would be allowed, then update :math:`R` with the event and continue
-    with the next event in the list. If it would not be allowed, stop and
-    continue below with ``m.room.join_rules`` events.
-
-* Repeat the above process for conflicts between ``m.room.join_rules`` events.
-
-* Repeat the above process for conflicts between ``m.room.member`` events.
-
-* No other events affect the authorization rules, so for all other conflicts,
-  just pick the event with the highest depth and lowest ``sha1(event_id)`` that
-  passes authentication in :math:`R` and add it to :math:`R`.
-
-A *conflict* occurs between states where those states have different
-``event_ids`` for the same ``(event_type, state_key)``. The events thus
-affected are said to be *conflicting* events.
-
-
-Authorization rules
-~~~~~~~~~~~~~~~~~~~
-
-The types of state events that affect authorization are:
-
-- ``m.room.create``
-- ``m.room.member``
-- ``m.room.join_rules``
-- ``m.room.power_levels``
-- ``m.room.third_party_invite``
-
-.. NOTE::
-
-  Power levels are inferred from defaults when not explicitly supplied.
-  For example, mentions of the ``sender``'s power level can also refer
-  to the default power level for users in the room.
-
-The rules are as follows:
-
-1. If type is ``m.room.create``:
-
-   a. If it has any previous events, reject.
-   b. If the domain of the ``room_id`` does not match the domain of the
-      ``sender``, reject.
-   c. If ``content.room_version`` is present and is not a recognised version,
-      reject.
-   d. If ``content`` has no ``creator`` field, reject.
-   e. Otherwise, allow.
-
-#. Reject if event has ``auth_events`` that:
-
-   a. have duplicate entries for a given ``type`` and ``state_key`` pair
-   #. have entries whose ``type`` and ``state_key`` don't match those
-      specified by the `auth events selection`_ algorithm described in the
-      server specification.
-
-#. If event does not have a ``m.room.create`` in its ``auth_events``, reject.
-
-#. If type is ``m.room.aliases``:
-
-   a. If event has no ``state_key``, reject.
-   b. If sender's domain doesn't matches ``state_key``, reject.
-   c. Otherwise, allow.
-
-#. If type is ``m.room.member``:
-
-   a. If no ``state_key`` key or ``membership`` key in ``content``, reject.
-
-   #. If ``membership`` is ``join``:
-
-      i. If the only previous event is an ``m.room.create``
-         and the ``state_key`` is the creator, allow.
-
-      #. If the ``sender`` does not match ``state_key``, reject.
-
-      #. If the ``sender`` is banned, reject.
-
-      #. If the ``join_rule`` is ``invite`` then allow if membership state
-         is ``invite`` or ``join``.
-
-      #. If the ``join_rule`` is ``public``, allow.
-
-      #. Otherwise, reject.
-
-   #. If ``membership`` is ``invite``:
-
-      i. If ``content`` has ``third_party_invite`` key:
-
-         #. If *target user* is banned, reject.
-
-         #. If ``content.third_party_invite`` does not have a
-            ``signed`` key, reject.
-
-         #. If ``signed`` does not have ``mxid`` and ``token`` keys, reject.
-
-         #. If ``mxid`` does not match ``state_key``, reject.
-
-         #. If there is no ``m.room.third_party_invite`` event in the
-            current room state with ``state_key`` matching ``token``, reject.
-
-         #. If ``sender`` does not match ``sender`` of the
-            ``m.room.third_party_invite``, reject.
-
-         #. If any signature in ``signed`` matches any public key in the
-            ``m.room.third_party_invite`` event, allow. The public keys are
-            in ``content`` of ``m.room.third_party_invite`` as:
-
-            #. A single public key in the ``public_key`` field.
-            #. A list of public keys in the ``public_keys`` field.
-
-         #. Otherwise, reject.
-
-      #. If the ``sender``'s current membership state is not ``join``, reject.
-
-      #. If *target user*'s current membership state is ``join`` or ``ban``,
-         reject.
-
-      #. If the ``sender``'s power level is greater than or equal to the *invite
-         level*, allow.
-
-      #. Otherwise, reject.
-
-   #. If ``membership`` is ``leave``:
-
-      i. If the ``sender`` matches ``state_key``, allow if and only if that user's
-         current membership state is ``invite`` or ``join``.
-
-      #. If the ``sender``'s current membership state is not ``join``, reject.
-
-      #. If the *target user*'s current membership state is ``ban``, and the
-         ``sender``'s power level is less than the *ban level*, reject.
-
-      #. If the ``sender``'s power level is greater than or equal to the *kick
-         level*, and the *target user*'s power level is less than the
-         ``sender``'s power level, allow.
-
-      #. Otherwise, reject.
-
-   #. If ``membership`` is ``ban``:
-
-      i. If the ``sender``'s current membership state is not ``join``, reject.
-
-      #. If the ``sender``'s power level is greater than or equal to the *ban
-         level*, and the *target user*'s power level is less than the
-         ``sender``'s power level, allow.
-
-      #. Otherwise, reject.
-
-   #. Otherwise, the membership is unknown. Reject.
-
-#. If the ``sender``'s current membership state is not ``join``, reject.
-
-#. If type is ``m.room.third_party_invite``:
-
-   a. Allow if and only if ``sender``'s current power level is greater than
-      or equal to the *invite level*.
-
-#. If the event type's *required power level* is greater than the ``sender``'s power
-   level, reject.
-
-#. If the event has a ``state_key`` that starts with an ``@`` and does not match
-   the ``sender``, reject.
-
-#. If type is ``m.room.power_levels``:
-
-   a. If ``users`` key in ``content`` is not a dictionary with keys that are
-      valid user IDs with values that are integers (or a string that is an
-      integer), reject.
-
-   #. If there is no previous ``m.room.power_levels`` event in the room, allow.
-
-   #. For the keys ``users_default``, ``events_default``,
-      ``state_default``, ``ban``, ``redact``, ``kick``, ``invite`` check if they
-      were added, changed or removed. For each found alteration:
-
-      i. If the current value is higher than the ``sender``'s current power level,
-         reject.
-
-      #. If the new value is higher than the ``sender``'s current power level,
-         reject.
-
-   #. For each entry being added, changed or removed in both the ``events`` and
-      ``users`` keys:
-
-      i. If the current value is higher than the ``sender``'s current power level,
-         reject.
-
-      #. If the new value is higher than the ``sender``'s current power level,
-         reject.
-
-   #. For each entry being changed under the ``users`` key, other than the
-      ``sender``'s own entry:
-
-      i. If the current value is equal to the ``sender``'s current power level,
-         reject.
-
-   #. Otherwise, allow.
-
-#. If type is ``m.room.redaction``:
-
-   a. If the ``sender``'s power level is greater than or equal to the *redact
-      level*, allow.
-
-   #. If the domain of the ``event_id`` of the event being redacted is the same
-      as the domain of the ``event_id`` of the ``m.room.redaction``, allow.
-
-   #. Otherwise, reject.
-
-#. Otherwise, allow.
-
-.. NOTE::
-
-  Some consequences of these rules:
-
-  * Unless you are a member of the room, the only permitted operations (apart
-    from the initial create/join) are: joining a public room; accepting or
-    rejecting an invitation to a room.
-
-  * To unban somebody, you must have power level greater than or equal to both
-    the kick *and* ban levels, *and* greater than the target user's power
-    level.
-
-Event format
-~~~~~~~~~~~~
-
-Events in version 1 rooms have the following structure:
-
-{{definition_ss_pdu}}
-
-Canonical JSON
-~~~~~~~~~~~~~~
-
-Servers MUST NOT strictly enforce the JSON format specified in the
-`appendices <../appendices.html#canonical-json>`_ for the reasons described there.
-
-
-.. _`auth events selection`: ../server_server/%SERVER_RELEASE_LABEL%.html#auth-events-selection
-.. _`Signing Events`: ../server_server/%SERVER_RELEASE_LABEL%.html#signing-events
diff --git a/specification/rooms/v2.rst b/specification/rooms/v2.rst
deleted file mode 100644
index afc114f8f59..00000000000
--- a/specification/rooms/v2.rst
+++ /dev/null
@@ -1,204 +0,0 @@
-.. Copyright 2018-2019 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Version 2
-==============
-
-This room version builds off of `version 1 <v1.html>`_ with an improved state
-resolution algorithm.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Server implementation components
---------------------------------
-
-.. WARNING::
-   The information contained in this section is strictly for server implementors.
-   Applications which use the Client-Server API are generally unaffected by the
-   details contained here, and can safely ignore their presence.
-
-
-Room version 2 uses the base components of `room version 1 <v1.html>`_, changing
-only the state resolution algorithm.
-
-
-State resolution
-~~~~~~~~~~~~~~~~
-
-The room state :math:`S'(E)` after an event :math:`E` is defined in terms of
-the room state :math:`S(E)` before :math:`E`, and depends on whether
-:math:`E` is a state event or a message event:
-
-* If :math:`E` is a message event, then :math:`S'(E) = S(E)`.
-
-* If :math:`E` is a state event, then :math:`S'(E)` is :math:`S(E)`, except
-  that its entry corresponding to :math:`E`'s ``event_type`` and ``state_key``
-  is replaced by :math:`E`'s ``event_id``.
-
-The room state :math:`S(E)` before :math:`E` is the *resolution* of the set of
-states :math:`\{ S'(E_1), S'(E_2), … \}` consisting of the states after each of
-:math:`E`'s ``prev_event``\s :math:`\{ E_1, E_2, … \}`, where the resolution of
-a set of states is given in the algorithm below.
-
-Definitions
-+++++++++++
-
-The state resolution algorithm for version 2 rooms uses the following
-definitions, given the set of room states :math:`\{ S_1, S_2, \ldots \}`:
-
-Power events
-  A *power event* is a state event with type ``m.room.power_levels`` or
-  ``m.room.join_rules``, or a state event with type ``m.room.member`` where the
-  ``membership`` is ``leave`` or ``ban`` and the ``sender`` does not match the
-  ``state_key``. The idea behind this is that power events are events that might
-  remove someone's ability to do something in the room.
-
-Unconflicted state map and conflicted state set
-  The *unconflicted state map* is the state where the value of each key exists
-  and is the same in each state :math:`S_i`.  The *conflicted state set* is the
-  set of all other state events. Note that the unconflicted state map only has
-  one event per ``(event_type, state_key)``, whereas the conflicted state set
-  may have multiple events.
-
-Auth difference
-  The *auth difference* is calculated by first calculating the full auth chain
-  for each state :math:`S_i`, that is the union of the auth chains for each
-  event in :math:`S_i`, and then taking every event that doesn't appear in
-  every auth chain. If :math:`C_i` is the full auth chain of :math:`S_i`, then
-  the auth difference is :math:`\cup C_i - \cap C_i`.
-
-Full conflicted set
-  The *full conflicted set* is the union of the conflicted state set and the
-  auth difference.
-
-Reverse topological power ordering
-  The *reverse topological power ordering* of a set of events is the
-  lexicographically smallest topological ordering based on the DAG formed by
-  auth events. The reverse topological power ordering is ordered from earliest
-  event to latest. For comparing two topological orderings to determine which
-  is the lexicographically smallest, the following comparison relation on
-  events is used: for events :math:`x` and :math:`y`, :math:`x<y` if
-
-  1. :math:`x`'s sender has *greater* power level than :math:`y`'s sender,
-     when looking at their respective ``auth_event``\s; or
-  2. the senders have the same power level, but :math:`x`'s
-     ``origin_server_ts`` is *less* than :math:`y`'s ``origin_server_ts``; or
-  3. the senders have the same power level and the events have the same
-     ``origin_server_ts``, but :math:`x`'s ``event_id`` is *less* than
-     :math:`y`'s ``event_id``.
-
-  The reverse topological power ordering can be found by sorting the events
-  using Kahn's algorithm for topological sorting, and at each step selecting,
-  among all the candidate vertices, the smallest vertex using the above
-  comparison relation.
-
-Mainline ordering
-  Given an ``m.room.power_levels`` event :math:`P`, the *mainline of* :math:`P`
-  is the list of events generated by starting with :math:`P` and recursively
-  taking the ``m.room.power_levels`` events from the ``auth_events``, ordered
-  such that :math:`P` is last. Given another event :math:`e`, the *closest
-  mainline event to* :math:`e` is the first event encountered in the mainline
-  when iteratively descending through the ``m.room.power_levels`` events in the
-  ``auth_events`` starting at :math:`e`. If no mainline event is encountered
-  when iteratively descending through the ``m.room.power_levels`` events, then
-  the closest mainline event to :math:`e` can be considered to be a dummy event
-  that is before any other event in the mainline of :math:`P` for the purposes
-  of condition 1 below.
-
-  The *mainline ordering based on* :math:`P` of a set of events is the
-  ordering, from smallest to largest, using the following comparison relation
-  on events: for events :math:`x` and :math:`y`, :math:`x<y` if
-
-  1. the closest mainline event to :math:`x` appears *before* the closest
-     mainline event to :math:`y`; or
-  2. the closest mainline events are the same, but :math:`x`\'s
-     ``origin_server_ts`` is *less* than :math:`y`\'s ``origin_server_ts``; or
-  3. the closest mainline events are the same and the events have the same
-     ``origin_server_ts``, but :math:`x`\'s ``event_id`` is *less* than
-     :math:`y`\'s ``event_id``.
-
-Iterative auth checks
-  The *iterative auth checks algorithm* takes as input an initial room state
-  and a sorted list of state events, and constructs a new room state by
-  iterating through the event list and applying the state event to the room
-  state if the state event is allowed by the `authorization rules`_. If the
-  state event is not allowed by the authorization rules, then the event is
-  ignored. If a ``(event_type, state_key)`` key that is required for checking
-  the authorization rules is not present in the state, then the appropriate
-  state event from the event's ``auth_events`` is used if the auth event is
-  not rejected.
-
-Algorithm
-+++++++++
-
-The *resolution* of a set of states is obtained as follows:
-
-1. Take all *power events* and any events in their auth chains, recursively,
-   that appear in the *full conflicted set* and order them by the *reverse
-   topological power ordering*.
-2. Apply the *iterative auth checks algorithm*, starting from the *unconflicted state map*,
-   to the list of events from the previous step to get a partially resolved
-   state.
-3. Take all remaining events that weren't picked in step 1 and order them by
-   the mainline ordering based on the power level in the partially resolved
-   state obtained in step 2.
-4. Apply the *iterative auth checks algorithm* on the partial resolved
-   state and the list of events from the previous step.
-5. Update the result by replacing any event with the event with the same key
-   from the *unconflicted state map*, if such an event exists, to get the final
-   resolved state.
-
-
-.. _`authorization rules`: ../server_server/%SERVER_RELEASE_LABEL%.html#authorization-rules
-
-Rejected events
-+++++++++++++++
-
-Events that have been rejected due to failing auth based on the state at the
-event (rather than based on their auth chain) are handled as usual by the
-algorithm, unless otherwise specified.
-
-Note that no events rejected due to failure to auth against their auth chain
-should appear in the process, as they should not appear in state (the algorithm
-only uses events that appear in either the state sets or in the auth chain of
-the events in the state sets).
-
-.. admonition:: Rationale
-
-  This helps ensure that different servers' view of state is more likely to
-  converge, since rejection state of an event may be different. This can happen if
-  a third server gives an incorrect version of the state when a server joins a
-  room via it (either due to being faulty or malicious). Convergence of state is a
-  desirable property as it ensures that all users in the room have a (mostly)
-  consistent view of the state of the room. If the view of the state on different
-  servers diverges it can lead to bifurcation of the room due to e.g. servers
-  disagreeing on who is in the room.
-
-  Intuitively, using rejected events feels dangerous, however:
-
-  1. Servers cannot arbitrarily make up state, since they still need to pass the
-     auth checks based on the event's auth chain (e.g. they can't grant themselves
-     power levels if they didn't have them before).
-  2. For a previously rejected event to pass auth there must be a set of state
-     that allows said event. A malicious server could therefore produce a
-     fork where it claims the state is that particular set of state, duplicate the
-     rejected event to point to that fork, and send the event. The
-     duplicated event would then pass the auth checks. Ignoring rejected events
-     would therefore not eliminate any potential attack vectors.
-
-
-Rejected auth events are deliberately excluded from use in the iterative auth
-checks, as auth events aren't re-authed (although non-auth events are) during
-the iterative auth checks.
diff --git a/specification/rooms/v3.rst b/specification/rooms/v3.rst
deleted file mode 100644
index 8ef52acc54c..00000000000
--- a/specification/rooms/v3.rst
+++ /dev/null
@@ -1,124 +0,0 @@
-.. Copyright 2018-2019 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Version 3
-==============
-
-This room version builds on `version 2 <v2.html>`_ with an improved event format.
-
-.. note:
-   All requirements listed in this room version specification are scoped to rooms
-   which actually use this room version. For example, a requirement of "all APIs must
-   accept the new event format" does in fact apply to all APIs, but only so much as
-   where the contextual room of the request is using this room version. Rooms using
-   other room versions should not be affected by these sweeping requirements.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-
-Client considerations
----------------------
-
-This room version changes the format for event IDs sent to clients. Clients should be
-aware that these event IDs may contain slashes and other potentially problematic
-characters. Clients should be treating event IDs as opaque identifiers and should not
-be attempting to parse them into a usable form, just like with other room versions.
-
-Clients should expect to see event IDs changed from the format of ``$randomstring:example.org``
-to something like ``$acR1l0raoZnm60CBwAVgqbZqoO/mYU81xysh1u7XcJk`` (note the lack of
-domain and the potentially problematic slash).
-
-
-Server implementation components
---------------------------------
-
-.. WARNING::
-   The information contained in this section is strictly for server implementors.
-   Applications which use the Client-Server API are generally unaffected by the
-   intricacies contained here. The section above regarding client considerations
-   is the resource that Client-Server API use cases should reference.
-
-
-Room version 3 uses the state resolution algorithm defined in `room version 2 <v2.html>`_,
-and the event format defined here.
-
-Event IDs
-~~~~~~~~~
-
-.. admonition:: Rationale
-
-   In other room versions (namely version 1 and 2) the event ID is a distinct field
-   from the remainder of the event, which must be tracked as such. This leads to
-   complications where servers receive multiple events with the same ID in either the
-   same or different rooms where the server cannot easily keep track of which event it
-   should be using. By removing the use of a dedicated event ID, servers are required
-   to track the hashes on an event to determine its ID.
-
-The event ID is the `reference hash`_ of the event encoded using `Unpadded Base64`_,
-prefixed with ``$``. A resulting event ID using this approach should look similar to
-``$CD66HAED5npg6074c6pDtLKalHjVfYb2q4Q3LZgrW6o``.
-
-Event IDs should not be sent over federation to servers when the room uses
-this room version. On the receiving end of an event, the server should compute
-the relevant event ID for itself.
-
-Additionally, the ``auth_events`` and ``prev_events`` have had a format change
-compared to other room versions to make it easier to handle. Instead of a tuple
-of values, they are now plain lists of events.
-
-{{definition_ss_pdu_v3}}
-
-Changes to APIs
-~~~~~~~~~~~~~~~
-
-Due to the event ID being removed from the event, some APIs need to change. All
-APIs which currently accept an event ID must do so with the new format. Servers
-must append the calculated event ID to all events sent to clients where an event
-ID would normally be expected.
-
-Because the format of events has changed, servers must be aware of the room version
-where the event resides so that the server may parse and handle the event. The
-federation API has taken this concern into consideration by ensuring that servers
-are aware of (or can find) the room version during a request.
-
-Authorization rules for events
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The authorization rules for a given event have changed in this room version due
-to the change in event format:
-
-* The event no longer needs to be signed by the domain of the event ID (as there
-  is no domain in the event ID), but still needs to be signed by the sender's
-  domain.
-
-* In past room versions, redactions were only permitted to enter the DAG if the
-  sender's domain matched the domain in the event ID being redacted, or the sender
-  had appropriate permissions per the power levels. Due to servers now not being
-  able to determine where an event came from during event authorization, redaction
-  events are always accepted (provided the event is allowed by ``events`` and
-  ``events_default`` in the power levels). However, servers should not apply or send
-  redactions to clients until both the redaction event and original event have been
-  seen, and are valid. Servers should only apply redactions to events where the
-  sender's domains match, or the sender of the redaction has the appropriate
-  permissions per the power levels.
-
-
-The remaining rules are the same as `room version 1 <v1.html#authorization-rules>`_.
-
-
-.. _`Unpadded Base64`:  ../appendices.html#unpadded-base64
-.. _`Canonical JSON`: ../appendices.html#canonical-json
-.. _`Signing Events`: ../server_server/%SERVER_RELEASE_LABEL%.html#signing-events
-.. _`reference hash`: ../server_server/%SERVER_RELEASE_LABEL%.html#reference-hashes
diff --git a/specification/rooms/v4.rst b/specification/rooms/v4.rst
deleted file mode 100644
index bcd821cb80c..00000000000
--- a/specification/rooms/v4.rst
+++ /dev/null
@@ -1,76 +0,0 @@
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Version 4
-==============
-
-This room version builds on `version 3 <v3.html>`_ using a different encoding for
-event IDs.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-
-Client considerations
----------------------
-
-This room version changes the format form event IDs sent to clients. Clients should
-already be treating event IDs as opaque identifiers, and should not be concerned with
-the format of them. Clients should still encode the event ID when including it in a
-request path.
-
-Clients should expect to see event IDs changed from the format of ``$randomstring:example.org``
-to something like ``$Rqnc-F-dvnEYJTyHq_iKxU2bZ1CI92-kuZq3a5lr5Zg`` (note the lack of domain).
-
-
-Server implementation components
---------------------------------
-
-.. WARNING::
-   The information contained in this section is strictly for server implementors.
-   Applications which use the Client-Server API are generally unaffected by the
-   intricacies contained here. The section above regarding client considerations
-   is the resource that Client-Server API use cases should reference.
-
-
-Room version 4 uses the same algorithms defined in `room version 3 <v3.html>`_, however
-using URL-safe base64 to generate the event ID.
-
-Event IDs
-~~~~~~~~~
-
-.. admonition:: Rationale
-
-   Room version 3 generated event IDs that were difficult for client implementations
-   which were not encoding the event ID to function in those rooms. It additionally
-   raised concern due to the ``/`` character being interpretted differently by some
-   reverse proxy software, and generally made administration harder.
-
-The event ID is the `reference hash`_ of the event encoded using a variation of
-`Unpadded Base64`_ which replaces the 62nd and 63rd characters with ``-`` and ``_``
-instead of using ``+`` and ``/``. This matches `RFC4648's definition of URL-safe base64
-<https://tools.ietf.org/html/rfc4648#section-5>`_. Event IDs are still prefixed
-with ``$`` and may result in looking like ``$Rqnc-F-dvnEYJTyHq_iKxU2bZ1CI92-kuZq3a5lr5Zg``.
-
-Just like in room version 3, event IDs should not be sent over federation to servers
-when the room uses this room version. On the receiving end of an event, the server
-should compute the relevant event ID for itself. Room version 3 also changes the format
-of ``auth_events`` and ``prev_events`` in a PDU.
-
-{{definition_ss_pdu_v4}}
-
-.. _`Unpadded Base64`:  ../appendices.html#unpadded-base64
-.. _`Canonical JSON`: ../appendices.html#canonical-json
-.. _`Signing Events`: ../server_server/%SERVER_RELEASE_LABEL%.html#signing-events
-.. _`reference hash`: ../server_server/%SERVER_RELEASE_LABEL%.html#reference-hashes
diff --git a/specification/rooms/v5.rst b/specification/rooms/v5.rst
deleted file mode 100644
index 6d34ec935ac..00000000000
--- a/specification/rooms/v5.rst
+++ /dev/null
@@ -1,59 +0,0 @@
-.. Copyright 2019 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Version 5
-==============
-
-This room version builds on `version 4 <v4.html>`_ while enforcing signing
-key validity periods for events.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-
-Client considerations
----------------------
-
-There are no specific requirements for clients in this room version. Clients should
-be aware of event ID changes in `room version 4 <v4.html>`_, however.
-
-
-Server implementation components
---------------------------------
-
-.. WARNING::
-   The information contained in this section is strictly for server implementors.
-   Applications which use the Client-Server API are generally unaffected by the
-   intricacies contained here. The section above regarding client considerations
-   is the resource that Client-Server API use cases should reference.
-
-
-Room version 5 uses the same algorithms defined in `room version 4 <v4.html>`_, ensuring
-that signing key validity is respected.
-
-Signing key validity period
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When validating event signatures, servers MUST enforce the ``valid_until_ts`` property
-from a key request is at least as large as the ``origin_server_ts`` for the event being
-validated. Servers missing a copy of the signing key MUST try to obtain one via the
-`GET /_matrix/key/v2/server <../server_server/%SERVER_RELEASE_LABEL%.html#get-matrix-key-v2-server-keyid>`_
-or `POST /_matrix/key/v2/query <../server_server/%SERVER_RELEASE_LABEL%.html#post-matrix-key-v2-query>`_
-APIs. When using the ``/query`` endpoint, servers MUST set the ``minimum_valid_until_ts``
-property to prompt the notary server to attempt to refresh the key if appropriate.
-
-Servers MUST use the lesser of ``valid_until_ts`` and 7 days into the future when
-determining if a key is valid. This is to avoid a situation where an attacker
-publishes a key which is valid for a significant amount of time without a way for
-the homeserver owner to revoke it.
diff --git a/specification/rooms/v6.rst b/specification/rooms/v6.rst
deleted file mode 100644
index e5378d0ebf7..00000000000
--- a/specification/rooms/v6.rst
+++ /dev/null
@@ -1,100 +0,0 @@
-.. Copyright 2020 The Matrix.org Foundation C.I.C.
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Room Version 6
-==============
-
-This room version builds on `version 5 <v5.html>`_ while changing various
-authorization rules performed on events.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-
-Client considerations
----------------------
-
-The redaction algorithm has changed from `room version 1 <v1.html>`_ to remove
-all rules against events of type ``m.room.aliases``. Room versions 2, 3, 4, and
-5 all use v1's redaction algorithm. The algorithm is otherwise unchanged.
-
-
-Server implementation components
---------------------------------
-
-.. WARNING::
-   The information contained in this section is strictly for server implementors.
-   Applications which use the Client-Server API are generally unaffected by the
-   intricacies contained here. The section above regarding client considerations
-   is the resource that Client-Server API use cases should reference.
-
-
-Room version 6 makes the following alterations to algorithms described in `room version 5 <v5.html>`_.
-
-Redactions
-~~~~~~~~~~
-
-As mentioned in the client considerations portion of this specification, all
-special meaning has been removed for events of type ``m.room.aliases``. The
-algorithm is otherwise unchanged.
-
-Authorization rules for events
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Like redactions, all rules relating specifically to events of type ``m.room.aliases``
-are removed. They must still pass authorization checks relating to state events.
-
-Additionally, the authorization rules for events of type ``m.room.power_levels``
-now include the content key ``notifications``. This new rule takes the place of the
-rule which checks the ``events`` and ``users`` keys.
-
-For completeness, the changes to the auth rules can be represented as follows:
-
-.. code:: diff
-
-     ...
-
-    -If type is `m.room.aliases`:
-    -
-    -   a. If event has no `state_key`, reject.
-    -   b. If sender's domain doesn't matches `state_key`, reject.
-    -   c. Otherwise, allow.
-
-     ...
-
-     If type is `m.room.power_levels`:
-
-     ...
-
-    -  * For each entry being added, changed or removed in both the `events` and `users` keys:
-    +  * For each entry being added, changed or removed in the `events`, `users`, and `notifications` keys:
-
-        i. If the current value is higher than the `sender`'s current power level, reject.
-
-        ii. If the new value is higher than the `sender`'s current power level, reject.
-
-     ...
-
-
-The remaining rules are the same as in `room version 3 <v3.html#authorization-rules-for-events>`_
-(the last inherited room version to specify the authorization rules).
-
-Canonical JSON
-~~~~~~~~~~~~~~
-
-Servers MUST strictly enforce the JSON format specified in the
-`appendices <../appendices.html#canonical-json>`_. This translates to a 400 ``M_BAD_JSON`` error
-on most endpoints, or discarding of events over federation. For example, the Federation API's
-``/send`` endpoint would discard the event whereas the Client Server API's ``/send/{eventType}``
-endpoint would return a ``M_BAD_JSON`` error.
diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst
deleted file mode 100644
index 9deb267cb80..00000000000
--- a/specification/server_server_api.rst
+++ /dev/null
@@ -1,1267 +0,0 @@
-.. Copyright 2016 OpenMarket Ltd
-.. Copyright 2017-2019 New Vector Ltd
-..
-.. Licensed under the Apache License, Version 2.0 (the "License");
-.. you may not use this file except in compliance with the License.
-.. You may obtain a copy of the License at
-..
-..     http://www.apache.org/licenses/LICENSE-2.0
-..
-.. Unless required by applicable law or agreed to in writing, software
-.. distributed under the License is distributed on an "AS IS" BASIS,
-.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-.. See the License for the specific language governing permissions and
-.. limitations under the License.
-
-Federation API
-==============
-
-{{unstable_warning_block_SERVER_RELEASE_LABEL}}
-
-Matrix homeservers use the Federation APIs (also known as server-server APIs)
-to communicate with each other. Homeservers use these APIs to push messages to
-each other in real-time, to retrieve historic messages from each other, and to
-query profile and presence information about users on each other's servers.
-
-The APIs are implemented using HTTPS requests between each of the servers.
-These HTTPS requests are strongly authenticated using public key signatures
-at the TLS transport layer and using public key signatures in HTTP
-Authorization headers at the HTTP layer.
-
-There are three main kinds of communication that occur between homeservers:
-
-Persisted Data Units (PDUs):
-    These events are broadcast from one homeserver to any others that have
-    joined the same room (identified by Room ID). They are persisted in
-    long-term storage and record the history of messages and state for a
-    room.
-
-    Like email, it is the responsibility of the originating server of a PDU
-    to deliver that event to its recipient servers. However PDUs are signed
-    using the originating server's private key so that it is possible to
-    deliver them through third-party servers.
-
-Ephemeral Data Units (EDUs):
-    These events are pushed between pairs of homeservers. They are not
-    persisted and are not part of the history of a room, nor does the
-    receiving homeserver have to reply to them.
-
-Queries:
-    These are single request/response interactions between a given pair of
-    servers, initiated by one side sending an HTTPS GET request to obtain some
-    information, and responded by the other. They are not persisted and contain
-    no long-term significant history. They simply request a snapshot state at
-    the instant the query is made.
-
-
-EDUs and PDUs are further wrapped in an envelope called a Transaction, which is
-transferred from the origin to the destination homeserver using an HTTPS PUT
-request.
-
-.. contents:: Table of Contents
-.. sectnum::
-
-Changelog
----------
-
-.. topic:: Version: %SERVER_RELEASE_LABEL%
-{{server_server_changelog}}
-
-This version of the specification is generated from
-`matrix-doc <https://github.com/matrix-org/matrix-doc>`_ as of Git commit
-`{{git_version}} <https://github.com/matrix-org/matrix-doc/tree/{{git_rev}}>`_.
-
-For the full historical changelog, see
-https://github.com/matrix-org/matrix-doc/blob/master/changelogs/server_server.rst
-
-Other versions of this specification
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The following other versions are also available, in reverse chronological order:
-
-- `HEAD <https://matrix.org/docs/spec/server_server/unstable.html>`_: Includes all changes since the latest versioned release.
-- `r0.1.4 <https://matrix.org/docs/spec/server_server/r0.1.4.html>`_
-- `r0.1.3 <https://matrix.org/docs/spec/server_server/r0.1.3.html>`_
-- `r0.1.2 <https://matrix.org/docs/spec/server_server/r0.1.2.html>`_
-- `r0.1.1 <https://matrix.org/docs/spec/server_server/r0.1.1.html>`_
-- `r0.1.0 <https://matrix.org/docs/spec/server_server/r0.1.0.html>`_
-
-
-API standards
--------------
-
-The mandatory baseline for client-server communication in Matrix is exchanging
-JSON objects over HTTP APIs. More efficient optional transports will in future
-be supported as optional extensions - e.g. a packed binary encoding over
-stream-cipher encrypted TCP socket for low-bandwidth/low-roundtrip mobile usage.
-For the default HTTP transport, all API calls use a Content-Type of
-``application/json``.  In addition, all strings MUST be encoded as UTF-8.
-
-Server discovery
-----------------
-
-Resolving server names
-~~~~~~~~~~~~~~~~~~~~~~
-
-Each Matrix homeserver is identified by a server name consisting of a hostname
-and an optional port, as described by the `grammar
-<../appendices.html#server-name>`_. Where applicable, a delegated server name
-uses the same grammar.
-
-Server names are resolved to an IP address and port to connect to, and have
-various conditions affecting which certificates and ``Host`` headers to send.
-The process overall is as follows:
-
-.. Note from the author: The repetitive "use this Host header and this cert"
-   comments are intentional. The process is overall quite complicated, and
-   explaining explicitly what requests look like at each step helps ease the
-   understanding and ensure everyone is on the same page. Implementations
-   are of course welcome to realize where the process can be optimized, and
-   do so - just ensure that the result is the same!
-
-1. If the hostname is an IP literal, then that IP address should be used,
-   together with the given port number, or 8448 if no port is given. The
-   target server must present a valid certificate for the IP address.
-   The ``Host`` header in the request should be set to the server name,
-   including the port if the server name included one.
-
-2. If the hostname is not an IP literal, and the server name includes an
-   explicit port, resolve the IP address using AAAA or A records. Requests
-   are made to the resolved IP address and given port with a ``Host`` header
-   of the original server name (with port). The target server must present a
-   valid certificate for the hostname.
-
-3. If the hostname is not an IP literal, a regular HTTPS request is made
-   to ``https://<hostname>/.well-known/matrix/server``, expecting the
-   schema defined later in this section. 30x redirects should be followed,
-   however redirection loops should be avoided. Responses (successful or
-   otherwise) to the ``/.well-known`` endpoint should be cached by the
-   requesting server. Servers should respect the cache control headers
-   present on the response, or use a sensible default when headers are not
-   present. The recommended sensible default is 24 hours. Servers should
-   additionally impose a maximum cache time for responses: 48 hours is
-   recommended. Errors are recommended to be cached for up to an hour,
-   and servers are encouraged to exponentially back off for repeated
-   failures. The schema of the ``/.well-known`` request is later in this
-   section. If the response is invalid (bad JSON, missing properties, non-200
-   response, etc), skip to step 4. If the response is valid, the ``m.server``
-   property is parsed as ``<delegated_hostname>[:<delegated_port>]`` and
-   processed as follows:
-
-   * If ``<delegated_hostname>`` is an IP literal, then that IP address
-     should be used together with the ``<delegated_port>`` or 8448 if no
-     port is provided. The target server must present a valid TLS certificate
-     for the IP address. Requests must be made with a ``Host`` header containing
-     the IP address, including the port if one was provided.
-
-   * If ``<delegated_hostname>`` is not an IP literal, and ``<delegated_port>``
-     is present, an IP address is discovered by looking up an AAAA or A
-     record for ``<delegated_hostname>``. The resulting IP address is
-     used, alongside the ``<delegated_port>``. Requests must be made with a
-     ``Host`` header of ``<delegated_hostname>:<delegated_port>``. The
-     target server must present a valid certificate for ``<delegated_hostname>``.
-
-   * If ``<delegated_hostname>`` is not an IP literal and no
-     ``<delegated_port>`` is present, an SRV record is looked up for
-     ``_matrix._tcp.<delegated_hostname>``. This may result in another
-     hostname (to be resolved using AAAA or A records) and port. Requests
-     should be made to the resolved IP address and port with a ``Host``
-     header containing the ``<delegated_hostname>``. The target server
-     must present a valid certificate for ``<delegated_hostname>``.
-
-   * If no SRV record is found, an IP address is resolved using AAAA
-     or A records. Requests are then made to the resolve IP address
-     and a port of 8448, using a ``Host`` header of ``<delegated_hostname>``.
-     The target server must present a valid certificate for ``<delegated_hostname>``.
-
-4. If the ``/.well-known`` request resulted in an error response, a server
-   is found by resolving an SRV record for ``_matrix._tcp.<hostname>``. This
-   may result in a hostname (to be resolved using AAAA or A records) and
-   port. Requests are made to the resolved IP address and port, using 8448
-   as a default port, with a ``Host`` header of ``<hostname>``. The target
-   server must present a valid certificate for ``<hostname>``.
-
-5. If the ``/.well-known`` request returned an error response, and the SRV
-   record was not found, an IP address is resolved using AAAA and A records.
-   Requests are made to the resolved IP address using port 8448 and a ``Host``
-   header containing the ``<hostname>``. The target server must present a
-   valid certificate for ``<hostname>``.
-
-
-The TLS certificate provided by the target server must be signed by a known
-Certificate Authority. Servers are ultimately responsible for determining
-the trusted Certificate Authorities, however are strongly encouraged to
-rely on the operating system's judgement. Servers can offer administrators
-a means to override the trusted authorities list. Servers can additionally
-skip the certificate validation for a given whitelist of domains or netmasks
-for the purposes of testing or in networks where verification is done
-elsewhere, such as with ``.onion`` addresses. Servers should respect SNI
-when making requests where possible: a SNI should be sent for the certificate
-which is expected, unless that certificate is expected to be an IP address in
-which case SNI is not supported and should not be sent.
-
-Servers are encouraged to make use of the
-`Certificate Transparency <https://www.certificate-transparency.org/>`_ project.
-
-{{wellknown_ss_http_api}}
-
-Server implementation
-~~~~~~~~~~~~~~~~~~~~~~
-
-{{version_ss_http_api}}
-
-Retrieving server keys
-~~~~~~~~~~~~~~~~~~~~~~
-
-.. NOTE::
-  There was once a "version 1" of the key exchange. It has been removed from the
-  specification due to lack of significance. It may be reviewed `from the historical draft
-  <https://github.com/matrix-org/matrix-doc/blob/51faf8ed2e4a63d4cfd6d23183698ed169956cc0/specification/server_server_api.rst#232version-1>`_.
-
-Each homeserver publishes its public keys under ``/_matrix/key/v2/server/{keyId}``.
-Homeservers query for keys by either getting ``/_matrix/key/v2/server/{keyId}``
-directly or by querying an intermediate notary server using a
-``/_matrix/key/v2/query/{serverName}/{keyId}`` API. Intermediate notary servers
-query the ``/_matrix/key/v2/server/{keyId}`` API on behalf of another server and
-sign the response with their own key. A server may query multiple notary servers to
-ensure that they all report the same public keys.
-
-This approach is borrowed from the `Perspectives Project`_, but modified to
-include the NACL keys and to use JSON instead of XML. It has the advantage of
-avoiding a single trust-root since each server is free to pick which notary
-servers they trust and can corroborate the keys returned by a given notary
-server by querying other servers.
-
-.. _Perspectives Project: https://web.archive.org/web/20170702024706/https://perspectives-project.org/
-
-Publishing Keys
-+++++++++++++++
-
-Homeservers publish their signing keys in a JSON
-object at ``/_matrix/key/v2/server/{key_id}``. The response contains a list of
-``verify_keys`` that are valid for signing federation requests made by the
-homeserver and for signing events. It contains a list of ``old_verify_keys`` which
-are only valid for signing events.
-
-{{keys_server_ss_http_api}}
-
-
-Querying Keys Through Another Server
-++++++++++++++++++++++++++++++++++++
-
-Servers may query another server's keys through a notary server. The notary
-server may be another homeserver. The notary server will retrieve keys from
-the queried servers through use of the ``/_matrix/key/v2/server/{keyId}``
-API. The notary server will additionally sign the response from the queried
-server before returning the results.
-
-Notary servers can return keys for servers that are offline or having issues
-serving their own keys by using cached responses. Keys can be queried from
-multiple servers to mitigate against DNS spoofing.
-
-{{keys_query_ss_http_api}}
-
-Authentication
---------------
-
-Request Authentication
-~~~~~~~~~~~~~~~~~~~~~~
-
-Every HTTP request made by a homeserver is authenticated using public key
-digital signatures. The request method, target and body are signed by wrapping
-them in a JSON object and signing it using the JSON signing algorithm. The
-resulting signatures are added as an Authorization header with an auth scheme
-of ``X-Matrix``. Note that the target field should include the full path
-starting with ``/_matrix/...``, including the ``?`` and any query parameters if
-present, but should not include the leading ``https:``, nor the destination
-server's hostname.
-
-Step 1 sign JSON:
-
-.. code::
-
-    {
-        "method": "GET",
-        "uri": "/target",
-        "origin": "origin.hs.example.com",
-        "destination": "destination.hs.example.com",
-        "content": <request body>,
-        "signatures": {
-            "origin.hs.example.com": {
-                "ed25519:key1": "ABCDEF..."
-            }
-        }
-   }
-
-The server names in the JSON above are the server names for each homeserver involved. Delegation from
-the `server name resolution section <#resolving-server-names>`_ above do not affect
-these - the server names from before delegation would take place are used. This
-same condition applies throughout the request signing process.
-
-Step 2 add Authorization header:
-
-.. code::
-
-    GET /target HTTP/1.1
-    Authorization: X-Matrix origin=origin.example.com,key="ed25519:key1",sig="ABCDEF..."
-    Content-Type: application/json
-
-    <JSON-encoded request body>
-
-
-Example python code:
-
-.. code:: python
-
-    def authorization_headers(origin_name, origin_signing_key,
-                              destination_name, request_method, request_target,
-                              content=None):
-        request_json = {
-             "method": request_method,
-             "uri": request_target,
-             "origin": origin_name,
-             "destination": destination_name,
-        }
-
-        if content is not None:
-            request_json["content"] = content
-
-        signed_json = sign_json(request_json, origin_name, origin_signing_key)
-
-        authorization_headers = []
-
-        for key, sig in signed_json["signatures"][origin_name].items():
-            authorization_headers.append(bytes(
-                "X-Matrix origin=%s,key=\"%s\",sig=\"%s\"" % (
-                    origin_name, key, sig,
-                )
-            ))
-
-        return ("Authorization", authorization_headers)
-
-Response Authentication
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Responses are authenticated by the TLS server certificate. A homeserver should
-not send a request until it has authenticated the connected server to avoid
-leaking messages to eavesdroppers.
-
-Client TLS Certificates
-~~~~~~~~~~~~~~~~~~~~~~~
-
-Requests are authenticated at the HTTP layer rather than at the TLS layer
-because HTTP services like Matrix are often deployed behind load balancers that
-handle the TLS and these load balancers make it difficult to check TLS client
-certificates.
-
-A homeserver may provide a TLS client certificate and the receiving homeserver
-may check that the client certificate matches the certificate of the origin
-homeserver.
-
-Transactions
-------------
-
-The transfer of EDUs and PDUs between homeservers is performed by an exchange
-of Transaction messages, which are encoded as JSON objects, passed over an HTTP
-PUT request. A Transaction is meaningful only to the pair of homeservers that
-exchanged it; they are not globally-meaningful.
-
-Transactions are limited in size; they can have at most 50 PDUs and 100 EDUs.
-
-{{transactions_ss_http_api}}
-
-.. _`Persistent Data Unit schema`:
-
-PDUs
-----
-
-Each PDU contains a single Room Event which the origin server wants to send to
-the destination.
-
-The ``prev_events`` field of a PDU identifies the "parents" of the event, and
-thus establishes a partial ordering on events within the room by linking them
-into a Directed Acyclic Graph (DAG). The sending server should populate this
-field with all of the events in the room for which it has not yet seen a
-child - thus demonstrating that the event comes after all other known events.
-
-For example, consider a room whose events form the DAG shown below. A server
-creating a new event in this room should populate the new event's
-``prev_events`` field with ``E4`` and ``E5``, since neither event yet has a child::
-
-      E1
-      ^
-      |
-  +-> E2 <-+
-  |        |
-  E3       E5
-  ^
-  |
-  E4
-
-For a full schema of what a PDU looks like, see the `room version specification`_.
-
-
-Checks performed on receipt of a PDU
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Whenever a server receives an event from a remote server, the receiving server
-must ensure that the event:
-
-1. Is a valid event, otherwise it is dropped.
-2. Passes signature checks, otherwise it is dropped.
-3. Passes hash checks, otherwise it is redacted before being processed
-   further.
-4. Passes authorization rules based on the event's auth events, otherwise it
-   is rejected.
-5. Passes authorization rules based on the state at the event, otherwise it
-   is rejected.
-6. Passes authorization rules based on the current state of the room, otherwise it
-   is "soft failed".
-
-Further details of these checks, and how to handle failures, are described
-below.
-
-The `Signing Events <#signing-events>`_ section has more information on which hashes
-and signatures are expected on events, and how to calculate them.
-
-
-Definitions
-+++++++++++
-
-Required Power Level
-  A given event type has an associated *required power level*. This is given by
-  the current ``m.room.power_levels`` event. The event type is either listed
-  explicitly in the ``events`` section or given by either ``state_default`` or
-  ``events_default`` depending on if the event is a state event or not.
-
-Invite Level, Kick Level, Ban Level, Redact Level
-   The levels given by the ``invite``, ``kick``, ``ban``, and ``redact``
-   properties in the current ``m.room.power_levels`` state. Each defaults to 50
-   if unspecified.
-
-Target User
-  For an ``m.room.member`` state event, the user given by the ``state_key`` of
-  the event.
-
-.. _`authorization rules`:
-
-Authorization rules
-+++++++++++++++++++
-
-The rules governing whether an event is authorized depends on a set of state. A
-given event is checked multiple times against different sets of state, as
-specified above. Each room version can have a different algorithm for how the
-rules work, and which rules are applied. For more detailed information, please
-see the `room version specification`_.
-
-
-Auth events selection
-^^^^^^^^^^^^^^^^^^^^^
-
-The ``auth_events`` field of a PDU identifies the set of events which give the
-sender permission to send the event. The ``auth_events`` for the
-``m.room.create`` event in a room is empty; for other events, it should be the
-following subset of the room state:
-
-- The ``m.room.create`` event.
-- The current ``m.room.power_levels`` event, if any.
-- The sender's current ``m.room.member`` event, if any.
-- If type is ``m.room.member``:
-
-    - The target's current ``m.room.member`` event, if any.
-    - If ``membership`` is ``join`` or ``invite``, the current
-      ``m.room.join_rules`` event, if any.
-    - If membership is ``invite`` and ``content`` contains a
-      ``third_party_invite`` property, the current
-      ``m.room.third_party_invite`` event with ``state_key`` matching
-      ``content.third_party_invite.signed.token``, if any.
-
-
-Rejection
-+++++++++
-
-If an event is rejected it should neither be relayed to clients nor be included
-as a prev event in any new events generated by the server. Subsequent events
-from other servers that reference rejected events should be allowed if they
-still pass the auth rules. The state used in the checks should be calculated as
-normal, except not updating with the rejected event where it is a state event.
-
-If an event in an incoming transaction is rejected, this should not cause the
-transaction request to be responded to with an error response.
-
-.. NOTE::
-
-    This means that events may be included in the room DAG even though they
-    should be rejected.
-
-.. NOTE::
-
-    This is in contrast to redacted events which can still affect the
-    state of the room. For example, a redacted ``join`` event will still
-    result in the user being considered joined.
-
-
-Soft failure
-++++++++++++
-
-.. admonition:: Rationale
-
-  It is important that we prevent users from evading bans (or other power
-  restrictions) by creating events which reference old parts of the DAG. For
-  example, a banned user could continue to send messages to a room by having
-  their server send events which reference the event before they were banned.
-  Note that such events are entirely valid, and we cannot simply reject them, as
-  it is impossible to distinguish such an event from a legitimate one which has
-  been delayed. We must therefore accept such events and let them participate in
-  state resolution and the federation protocol as normal. However, servers may
-  choose not to send such events on to their clients, so that end users won't
-  actually see the events.
-
-  When this happens it is often fairly obvious to servers, as they can see that
-  the new event doesn't actually pass auth based on the "current state" (i.e.
-  the resolved state across all forward extremities). While the event is
-  technically valid, the server can choose to not notify clients about the new
-  event.
-
-  This discourages servers from sending events that evade bans etc. in this way,
-  as end users won't actually see the events.
-
-
-When the homeserver receives a new event over federation it should also check
-whether the event passes auth checks based on the current state of the room (as
-well as based on the state at the event). If the event does not pass the auth
-checks based on the *current state* of the room (but does pass the auth checks
-based on the state at that event) it should be "soft failed".
-
-When an event is "soft failed" it should not be relayed to the client nor be
-referenced by new events created by the homeserver (i.e. they should not be
-added to the server's list of forward extremities of the room). Soft failed
-events are otherwise handled as usual.
-
-
-.. NOTE::
-
-  Soft failed events participate in state resolution as normal if further events
-  are received which reference it. It is the job of the state resolution
-  algorithm to ensure that malicious events cannot be injected into the room
-  state via this mechanism.
-
-
-.. NOTE::
-
-  Because soft failed state events participate in state resolution as normal, it
-  is possible for such events to appear in the current state of the room. In
-  that case the client should be told about the soft failed event in the usual
-  way (e.g. by sending it down in the ``state`` section of a sync response).
-
-
-.. NOTE::
-
-  A soft failed event should be returned in response to federation requests
-  where appropriate (e.g. in ``/event/<event_id>``). Note that soft failed
-  events are returned in ``/backfill`` and ``/get_missing_events`` responses
-  only if the requests include events referencing the soft failed events.
-
-
-.. admonition:: Example
-
-  As an example consider the event graph::
-
-      A
-     /
-    B
-
-  where ``B`` is a ban of a user ``X``. If the user ``X`` tries to set the topic
-  by sending an event ``C`` while evading the ban::
-
-      A
-     / \
-    B   C
-
-  servers that receive ``C`` after ``B`` should soft fail event ``C``, and so
-  will neither relay ``C`` to its clients nor send any events referencing ``C``.
-
-  If later another server sends an event ``D`` that references both ``B`` and
-  ``C`` (this can happen if it received ``C`` before ``B``)::
-
-      A
-     / \
-    B   C
-     \ /
-      D
-
-  then servers will handle ``D`` as normal. ``D`` is sent to the servers'
-  clients (assuming ``D`` passes auth checks). The state at ``D`` may resolve to
-  a state that includes ``C``, in which case clients should also to be told that
-  the state has changed to include ``C``. (*Note*: This depends on the exact
-  state resolution algorithm used. In the original version of the algorithm
-  ``C`` would be in the resolved state, whereas in latter versions the algorithm
-  tries to prioritise the ban over the topic change.)
-
-  Note that this is essentially equivalent to the situation where one server
-  doesn't receive ``C`` at all, and so asks another server for the state of the
-  ``C`` branch.
-
-  Let's go back to the graph before ``D`` was sent::
-
-      A
-     / \
-    B   C
-
-  If all the servers in the room saw ``B`` before ``C`` and so soft fail ``C``,
-  then any new event ``D'`` will not reference ``C``::
-
-      A
-     / \
-    B   C
-    |
-    D
-
-
-Retrieving event authorization information
-++++++++++++++++++++++++++++++++++++++++++
-
-The homeserver may be missing event authorization information, or wish to check
-with other servers to ensure it is receiving the correct auth chain. These APIs
-give the homeserver an avenue for getting the information it needs.
-
-{{event_auth_ss_http_api}}
-
-EDUs
-----
-
-EDUs, by comparison to PDUs, do not have an ID, a room ID, or a list of
-"previous" IDs. They are intended to be non-persistent data such as user
-presence, typing notifications, etc.
-
-{{definition_ss_edu}}
-
-Room State Resolution
----------------------
-
-The *state* of a room is a map of ``(event_type, state_key)`` to
-``event_id``. Each room starts with an empty state, and each state event which
-is accepted into the room updates the state of that room.
-
-Where each event has a single ``prev_event``, it is clear what the state of the
-room after each event should be. However, when two branches in the event graph
-merge, the state of those branches might differ, so a *state resolution*
-algorithm must be used to determine the resultant state.
-
-For example, consider the following event graph (where the oldest event, E0,
-is at the top)::
-
-      E0
-      |
-      E1
-     /  \
-    E2  E4
-    |    |
-    E3   |
-     \  /
-      E5
-
-
-Suppose E3 and E4 are both ``m.room.name`` events which set the name of the
-room. What should the name of the room be at E5?
-
-The algorithm to be used for state resolution depends on the room version. For
-a description of each room version's algorithm, please see the `room version specification`_.
-
-
-Backfilling and retrieving missing events
------------------------------------------
-
-Once a homeserver has joined a room, it receives all the events emitted by
-other homeservers in that room, and is thus aware of the entire history of the
-room from that moment onwards. Since users in that room are able to request the
-history by the ``/messages`` client API endpoint, it's possible that they might
-step backwards far enough into history before the homeserver itself was a
-member of that room.
-
-To cover this case, the federation API provides a server-to-server analog of
-the ``/messages`` client API, allowing one homeserver to fetch history from
-another. This is the ``/backfill`` API.
-
-To request more history, the requesting homeserver picks another homeserver
-that it thinks may have more (most likely this should be a homeserver for
-some of the existing users in the room at the earliest point in history it
-has currently), and makes a ``/backfill`` request.
-
-Similar to backfilling a room's history, a server may not have all the events
-in the graph. That server may use the ``/get_missing_events`` API to acquire
-the events it is missing.
-
-.. TODO-spec
-  Specify (or remark that it is unspecified) how the server handles divergent
-  history. DFS? BFS? Anything weirder?
-
-{{backfill_ss_http_api}}
-
-Retrieving events
------------------
-
-In some circumstances, a homeserver may be missing a particular event or information
-about the room which cannot be easily determined from backfilling. These APIs provide
-homeservers with the option of getting events and the state of the room at a given
-point in the timeline.
-
-{{events_ss_http_api}}
-
-
-Joining Rooms
--------------
-
-When a new user wishes to join a room that the user's homeserver already knows
-about, the homeserver can immediately determine if this is allowable by
-inspecting the state of the room. If it is acceptable, it can generate, sign,
-and emit a new ``m.room.member`` state event adding the user into that room.
-When the homeserver does not yet know about the room it cannot do this
-directly. Instead, it must take a longer multi-stage handshaking process by
-which it first selects a remote homeserver which is already participating in
-that room, and use it to assist in the joining process. This is the remote
-join handshake.
-
-This handshake involves the homeserver of the new member wishing to join
-(referred to here as the "joining" server), the directory server hosting the
-room alias the user is requesting to join with, and a homeserver where existing
-room members are already present (referred to as the "resident" server).
-
-In summary, the remote join handshake consists of the joining server querying
-the directory server for information about the room alias; receiving a room ID
-and a list of join candidates. The joining server then requests information
-about the room from one of the residents. It uses this information to construct
-a ``m.room.member`` event which it finally sends to a resident server.
-
-Conceptually these are three different roles of homeserver. In practice the
-directory server is likely to be resident in the room, and so may be selected
-by the joining server to be the assisting resident. Likewise, it is likely that
-the joining server picks the same candidate resident for both phases of event
-construction, though in principle any valid candidate may be used at each time.
-Thus, any join handshake can potentially involve anywhere from two to four
-homeservers, though most in practice will use just two.
-
-::
-
-  Client         Joining                Directory       Resident
-                 Server                 Server          Server
-
-  join request -->
-                 |
-                 directory request ------->
-                 <---------- directory response
-                 |
-                 make_join request ----------------------->
-                 <------------------------------- make_join response
-                 |
-                 send_join request ----------------------->
-                 <------------------------------- send_join response
-                 |
-  <---------- join response
-
-The first part of the handshake usually involves using the directory server to
-request the room ID and join candidates through the |/query/directory|_
-API endpoint. In the case of a new user joining a room as a result of a received
-invite, the joining user's homeserver could optimise this step away by picking
-the origin server of that invite message as the join candidate. However, the
-joining server should be aware that the origin server of the invite might since
-have left the room, so should be prepared to fall back on the regular join flow
-if this optimisation fails.
-
-Once the joining server has the room ID and the join candidates, it then needs
-to obtain enough information about the room to fill in the required fields of
-the ``m.room.member`` event. It obtains this by selecting a resident from the
-candidate list, and using the ``GET /make_join`` endpoint. The resident server
-will then reply with enough information for the joining server to fill in the
-event.
-
-The joining server is expected to add or replace the ``origin``, ``origin_server_ts``,
-and ``event_id`` on the templated event received by the resident server. This
-event is then signed by the joining server.
-
-To complete the join handshake, the joining server must now submit this new
-event to a resident homeserver, by using the ``PUT /send_join`` endpoint.
-
-The resident homeserver then accepts this event into the room's event graph,
-and responds to the joining server with the full set of state for the
-newly-joined room. The resident server must also send the event to other servers
-participating in the room.
-
-{{joins_v1_ss_http_api}}
-
-{{joins_v2_ss_http_api}}
-
-.. TODO-spec
-  - (paul) I don't really understand why the full auth_chain events are given
-    here. What purpose does it serve expanding them out in full, when surely
-    they'll appear in the state anyway?
-
-Inviting to a room
-------------------
-
-When a user on a given homeserver invites another user on the same homeserver,
-the homeserver may sign the membership event itself and skip the process defined
-here. However, when a user invites another user on a different homeserver, a request
-to that homeserver to have the event signed and verified must be made.
-
-{{invites_v1_ss_http_api}}
-
-{{invites_v2_ss_http_api}}
-
-Leaving Rooms (Rejecting Invites)
----------------------------------
-
-Normally homeservers can send appropriate ``m.room.member`` events to have users
-leave the room, or to reject local invites. Remote invites from other homeservers
-do not involve the server in the graph and therefore need another approach to
-reject the invite. Joining the room and promptly leaving is not recommended as
-clients and servers will interpret that as accepting the invite, then leaving the
-room rather than rejecting the invite.
-
-Similar to the `Joining Rooms`_ handshake, the server which wishes to leave the
-room starts with sending a ``/make_leave`` request to a resident server. In the
-case of rejecting invites, the resident server may be the server which sent the
-invite. After receiving a template event from ``/make_leave``, the leaving server
-signs the event and replaces the ``event_id`` with it's own. This is then sent to
-the resident server via ``/send_leave``. The resident server will then send the
-event to other servers in the room.
-
-{{leaving_v1_ss_http_api}}
-
-{{leaving_v2_ss_http_api}}
-
-Third-party invites
--------------------
-
-.. NOTE::
-   More information about third party invites is available in the `Client-Server API`_
-   under the Third Party Invites module.
-
-When an user wants to invite another user in a room but doesn't know the Matrix
-ID to invite, they can do so using a third-party identifier (e.g. an e-mail or a
-phone number).
-
-This identifier and its bindings to Matrix IDs are verified by an identity server
-implementing the `Identity Service API`_.
-
-Cases where an association exists for a third-party identifier
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If the third-party identifier is already bound to a Matrix ID, a lookup request
-on the identity server will return it. The invite is then processed by the inviting
-homeserver as a standard ``m.room.member`` invite event. This is the simplest case.
-
-Cases where an association doesn't exist for a third-party identifier
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If the third-party identifier isn't bound to any Matrix ID, the inviting
-homeserver will request the identity server to store an invite for this identifier
-and to deliver it to whoever binds it to its Matrix ID. It will also send a
-``m.room.third_party_invite`` event in the room to specify a display name, a token
-and public keys the identity server provided as a response to the invite storage
-request.
-
-When a third-party identifier with pending invites gets bound to a Matrix ID,
-the identity server will send a POST request to the ID's homeserver as described
-in the `Invitation Storage`_ section of the Identity Service API.
-
-The following process applies for each invite sent by the identity server:
-
-The invited homeserver will create a ``m.room.member`` invite event containing
-a special ``third_party_invite`` section containing the token and a signed object,
-both provided by the identity server.
-
-If the invited homeserver is in the room the invite came from, it can auth the
-event and send it.
-
-However, if the invited homeserver isn't in the room the invite came from, it
-will need to request the room's homeserver to auth the event.
-
-{{third_party_invite_ss_http_api}}
-
-Verifying the invite
-++++++++++++++++++++
-
-When a homeserver receives a ``m.room.member`` invite event for a room it's in
-with a ``third_party_invite`` object, it must verify that the association between
-the third-party identifier initially invited to the room and the Matrix ID that
-claims to be bound to it has been verified without having to rely on a third-party
-server.
-
-To do so, it will fetch from the room's state events the ``m.room.third_party_invite``
-event for which the state key matches with the value for the ``token`` key in the
-``third_party_invite`` object from the ``m.room.member`` event's content to fetch the
-public keys initially delivered by the identity server that stored the invite.
-
-It will then use these keys to verify that the ``signed`` object (in the
-``third_party_invite`` object from the ``m.room.member`` event's content) was
-signed by the same identity server.
-
-Since this ``signed`` object can only be delivered once in the POST request
-emitted by the identity server upon binding between the third-party identifier
-and the Matrix ID, and contains the invited user's Matrix ID and the token
-delivered when the invite was stored, this verification will prove that the
-``m.room.member`` invite event comes from the user owning the invited third-party
-identifier.
-
-Public Room Directory
----------------------
-
-To complement the `Client-Server API`_'s room directory, homeservers need a
-way to query the public rooms for another server. This can be done by making
-a request to the ``/publicRooms`` endpoint for the server the room directory
-should be retrieved for.
-
-{{public_rooms_ss_http_api}}
-
-
-Typing Notifications
---------------------
-
-When a server's users send typing notifications, those notifications need to
-be sent to other servers in the room so their users are aware of the same
-state. Receiving servers should verify that the user is in the room, and is
-a user belonging to the sending server.
-
-{{definition_ss_event_schemas_m_typing}}
-
-Presence
---------
-The server API for presence is based entirely on exchange of the following
-EDUs. There are no PDUs or Federation Queries involved.
-
-Servers should only send presence updates for users that the receiving server
-would be interested in. Such as the receiving server sharing a room
-with a given user.
-
-.. TODO-doc
-  - Explain the timing-based round-trip reduction mechanism for presence
-    messages
-  - Explain the zero-byte presence inference logic
-  See also: docs/client-server/model/presence
-
-{{definition_ss_event_schemas_m_presence}}
-
-Receipts
---------
-
-Receipts are EDUs used to communicate a marker for a given event. Currently the
-only kind of receipt supported is a "read receipt", or where in the event graph
-the user has read up to.
-
-Read receipts for events events that a user sent do not need to be sent. It is
-implied that by sending the event the user has read up to the event.
-
-{{definition_ss_event_schemas_m_receipt}}
-
-Querying for information
-------------------------
-
-Queries are a way to retrieve information from a homeserver about a resource,
-such as a user or room. The endpoints here are often called in conjunction with
-a request from a client on the client-server API in order to complete the call.
-
-There are several types of queries that can be made. The generic endpoint to
-represent all queries is described first, followed by the more specific queries
-that can be made.
-
-{{query_ss_http_api}}
-
-OpenID
-------
-
-Third party services can exchange an access token previously generated by the
-`Client-Server API` for information about a user. This can help verify that a
-user is who they say they are without granting full access to the user's account.
-
-Access tokens generated by the OpenID API are only good for the OpenID API and
-nothing else.
-
-{{openid_ss_http_api}}
-
-Device Management
------------------
-
-Details of a user's devices must be efficiently published to other users and kept
-up-to-date.  This is critical for reliable end-to-end encryption, in order for users
-to know which devices are participating in a room.  It's also required for to-device
-messaging to work. This section is intended to complement the `Device Management module`_
-of the Client-Server API.
-
-Matrix currently uses a custom pubsub system for synchronising information
-about the list of devices for a given user over federation.  When a server
-wishes to determine a remote user's device list for the first time,
-it should populate a local cache from the result of a ``/user/keys/query`` API
-on the remote server.  However, subsequent updates to the cache should be applied
-by consuming ``m.device_list_update`` EDUs.  Each new ``m.device_list_update`` EDU
-describes an incremental change to one device for a given user which should replace
-any existing entry in the local server's cache of that device list. Servers must send
-``m.device_list_update`` EDUs to all the servers who share a room with a given
-local user, and must be sent whenever that user's device list changes (i.e. for new or
-deleted devices, when that user joins a room which contains servers which are not
-already receiving updates for that user's device list, or changes in device information
-such as the device's human-readable name).
-
-Servers send ``m.device_list_update`` EDUs in a sequence per origin user, each with
-a unique ``stream_id``.  They also include a pointer to the most recent previous EDU(s)
-that this update is relative to in the ``prev_id`` field.  To simplify implementation
-for clustered servers which could send multiple EDUs at the same time, the ``prev_id``
-field should include all ``m.device_list_update`` EDUs which have not been yet been
-referenced in a EDU. If EDUs are emitted in series by a server, there should only ever
-be one ``prev_id`` in the EDU.
-
-This forms a simple directed acyclic graph of ``m.device_list_update`` EDUs, showing
-which EDUs a server needs to have received in order to apply an update to its local
-copy of the remote user's device list.  If a server receives an EDU which refers to
-a ``prev_id`` it does not recognise, it must resynchronise its list by calling the
-``/user/keys/query API`` and resume the process.  The response contains a ``stream_id``
-which should be used to correlate with subsequent ``m.device_list_update`` EDUs.
-
-.. TODO: this whole thing desperately feels like it should just be state in a room,
-  rather than inventing a whole different DAG.  The same room could be used for
-  profiles etc.
-
-{{user_devices_ss_http_api}}
-
-{{definition_ss_event_schemas_m_device_list_update}}
-
-
-End-to-End Encryption
----------------------
-
-This section complements the `End-to-End Encryption module`_ of the Client-Server
-API. For detailed information about end-to-end encryption, please see that module.
-
-The APIs defined here are designed to be able to proxy much of the client's request
-through to federation, and have the response also be proxied through to the client.
-
-{{user_keys_ss_http_api}}
-
-
-Send-to-device messaging
-------------------------
-
-.. TODO: add modules to the federation spec and make this a module
-
-The server API for send-to-device messaging is based on the
-``m.direct_to_device`` EDU. There are no PDUs or Federation Queries involved.
-
-Each send-to-device message should be sent to the destination server using
-the following EDU:
-
-{{definition_ss_event_schemas_m_direct_to_device}}
-
-
-Content Repository
-------------------
-
-Attachments to events (images, files, etc) are uploaded to a homeserver via the
-Content Repository described in the `Client-Server API`_. When a server wishes
-to serve content originating from a remote server, it needs to ask the remote
-server for the media.
-
-Servers should use the server described in the Matrix Content URI, which has the
-format ``mxc://{ServerName}/{MediaID}``. Servers should use the download endpoint
-described in the `Client-Server API`_, being sure to use the ``allow_remote``
-parameter (set to ``false``).
-
-
-Server Access Control Lists (ACLs)
-----------------------------------
-
-Server ACLs and their purpose are described in the `Server ACLs`_ section of the
-Client-Server API.
-
-When a remote server makes a request, it MUST be verified to be allowed by the
-server ACLs. If the server is denied access to a room, the receiving server
-MUST reply with a 403 HTTP status code and an ``errcode`` of ``M_FORBIDDEN``.
-
-The following endpoint prefixes MUST be protected:
-
-* ``/_matrix/federation/v1/send`` (on a per-PDU basis)
-* ``/_matrix/federation/v1/make_join``
-* ``/_matrix/federation/v1/make_leave``
-* ``/_matrix/federation/v1/send_join``
-* ``/_matrix/federation/v2/send_join``
-* ``/_matrix/federation/v1/send_leave``
-* ``/_matrix/federation/v2/send_leave``
-* ``/_matrix/federation/v1/invite``
-* ``/_matrix/federation/v2/invite``
-* ``/_matrix/federation/v1/state``
-* ``/_matrix/federation/v1/state_ids``
-* ``/_matrix/federation/v1/backfill``
-* ``/_matrix/federation/v1/event_auth``
-* ``/_matrix/federation/v1/get_missing_events``
-
-
-Signing Events
---------------
-
-Signing events is complicated by the fact that servers can choose to redact
-non-essential parts of an event.
-
-Adding hashes and signatures to outgoing events
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Before signing the event, the *content hash* of the event is calculated as
-described below. The hash is encoded using `Unpadded Base64`_ and stored in the
-event object, in a ``hashes`` object, under a ``sha256`` key.
-
-The event object is then *redacted*, following the `redaction
-algorithm`_. Finally it is signed as described in `Signing JSON`_, using the
-server's signing key (see also `Retrieving server keys`_).
-
-The signature is then copied back to the original event object.
-
-See `Persistent Data Unit schema`_ for an example of a signed event.
-
-
-Validating hashes and signatures on received events
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-When a server receives an event over federation from another server, the
-receiving server should check the hashes and signatures on that event.
-
-First the signature is checked. The event is redacted following the `redaction
-algorithm`_, and the resultant object is checked for a signature from the
-originating server, following the algorithm described in `Checking for a signature`_.
-Note that this step should succeed whether we have been sent the full event or
-a redacted copy.
-
-The signatures expected on an event are:
-
-* The ``sender``'s server, unless the invite was created as a result of 3rd party invite.
-  The sender must already match the 3rd party invite, and the server which actually
-  sends the event may be a different server.
-* For room versions 1 and 2, the server which created the ``event_id``. Other room
-  versions do not track the ``event_id`` over federation and therefore do not need
-  a signature from those servers.
-
-If the signature is found to be valid, the expected content hash is calculated
-as described below. The content hash in the ``hashes`` property of the received
-event is base64-decoded, and the two are compared for equality.
-
-If the hash check fails, then it is assumed that this is because we have only
-been given a redacted version of the event. To enforce this, the receiving
-server should use the redacted copy it calculated rather than the full copy it
-received.
-
-.. _`reference hashes`:
-
-Calculating the reference hash for an event
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The *reference hash* of an event covers the essential fields of an event,
-including content hashes. It is used for event identifiers in some room versions.
-See the `room version specification`_ for more information. It is calculated as
-follows.
-
-1. The event is put through the redaction algorithm.
-
-2. The ``signatures``, ``age_ts``, and ``unsigned`` properties are removed
-   from the event, if present.
-
-3. The event is converted into `Canonical JSON`_.
-
-4. A sha256 hash is calculated on the resulting JSON object.
-
-
-Calculating the content hash for an event
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-The *content hash* of an event covers the complete event including the
-*unredacted* contents. It is calculated as follows.
-
-First, any existing ``unsigned``, ``signature``, and ``hashes`` members are
-removed. The resulting object is then encoded as `Canonical JSON`_, and the
-JSON is hashed using SHA-256.
-
-
-Example code
-~~~~~~~~~~~~
-
-.. code:: python
-
-    def hash_and_sign_event(event_object, signing_key, signing_name):
-        # First we need to hash the event object.
-        content_hash = compute_content_hash(event_object)
-        event_object["hashes"] = {"sha256": encode_unpadded_base64(content_hash)}
-
-        # Strip all the keys that would be removed if the event was redacted.
-        # The hashes are not stripped and cover all the keys in the event.
-        # This means that we can tell if any of the non-essential keys are
-        # modified or removed.
-        stripped_object = strip_non_essential_keys(event_object)
-
-        # Sign the stripped JSON object. The signature only covers the
-        # essential keys and the hashes. This means that we can check the
-        # signature even if the event is redacted.
-        signed_object = sign_json(stripped_object, signing_key, signing_name)
-
-        # Copy the signatures from the stripped event to the original event.
-        event_object["signatures"] = signed_object["signatures"]
-
-    def compute_content_hash(event_object):
-        # take a copy of the event before we remove any keys.
-        event_object = dict(event_object)
-
-        # Keys under "unsigned" can be modified by other servers.
-        # They are useful for conveying information like the age of an
-        # event that will change in transit.
-        # Since they can be modified we need to exclude them from the hash.
-        event_object.pop("unsigned", None)
-
-        # Signatures will depend on the current value of the "hashes" key.
-        # We cannot add new hashes without invalidating existing signatures.
-        event_object.pop("signatures", None)
-
-        # The "hashes" key might contain multiple algorithms if we decide to
-        # migrate away from SHA-2. We don't want to include an existing hash
-        # output in our hash so we exclude the "hashes" dict from the hash.
-        event_object.pop("hashes", None)
-
-        # Encode the JSON using a canonical encoding so that we get the same
-        # bytes on every server for the same JSON object.
-        event_json_bytes = encode_canonical_json(event_object)
-
-        return hashlib.sha256(event_json_bytes)
-
-.. TODO
-
-   [[TODO(markjh): Since the ``hash`` object cannot be redacted a server
-   shouldn't allow too many hashes to be listed, otherwise a server might embed
-   illicit data within the ``hash`` object.
-
-   We might want to specify a maximum number of keys for the
-   ``hash`` and we might want to specify the maximum output size of a hash]]
-
-   [[TODO(markjh) We might want to allow the server to omit the output of well
-   known hash functions like SHA-256 when none of the keys have been redacted]]
-
-
-Security considerations
------------------------
-
-When a domain's ownership changes, the new controller of the domain can masquerade
-as the previous owner, receiving messages (similarly to email) and request past
-messages from other servers. In the future, proposals like
-`MSC1228 <https://github.com/matrix-org/matrix-doc/issues/1228>`_ will address this
-issue.
-
-
-.. |/query/directory| replace:: ``/query/directory``
-.. _/query/directory: #get-matrix-federation-v1-query-directory
-
-.. _`Invitation storage`: ../identity_service/%IDENTITY_RELEASE_LABEL%.html#invitation-storage
-.. _`Identity Service API`: ../identity_service/%IDENTITY_RELEASE_LABEL%.html
-.. _`Client-Server API`: ../client_server/%CLIENT_RELEASE_LABEL%.html
-.. _`Inviting to a room`: #inviting-to-a-room
-.. _`Canonical JSON`: ../appendices.html#canonical-json
-.. _`Unpadded Base64`:  ../appendices.html#unpadded-base64
-.. _`Server ACLs`:  ../client_server/%CLIENT_RELEASE_LABEL%.html#module-server-acls
-.. _`redaction algorithm`: ../client_server/%CLIENT_RELEASE_LABEL%.html#redactions
-.. _`Signing JSON`: ../appendices.html#signing-json
-.. _`Checking for a signature`: ../appendices.html#checking-for-a-signature
-.. _`Device Management module`: ../client_server/%CLIENT_RELEASE_LABEL%.html#device-management
-.. _`End-to-End Encryption module`: ../client_server/%CLIENT_RELEASE_LABEL%.html#end-to-end-encryption
-.. _`room version specification`: ../index.html#room-versions
-.. _`Client-Server Key Algorithms`: ../client_server/%CLIENT_RELEASE_LABEL%.html#key-algorithms
diff --git a/specification/targets.yaml b/specification/targets.yaml
deleted file mode 100644
index df66218f6c0..00000000000
--- a/specification/targets.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
-targets:
-  index:
-    files:
-      - index.rst
-  client_server:
-    files:
-      - client_server_api.rst
-      - { 1: modules.rst }
-      - { 2: feature_profiles.rst }
-      - { 2: "group:modules" }  # reference a group of files
-    version_label: "%CLIENT_RELEASE_LABEL%"
-  application_service:
-    files:
-      - application_service_api.rst
-    version_label: "%APPSERVICE_RELEASE_LABEL%"
-  server_server:
-    files:
-      - server_server_api.rst
-    version_label: "%SERVER_RELEASE_LABEL%"
-  identity_service:
-    files:
-      - identity_service_api.rst
-    version_label: "%IDENTITY_RELEASE_LABEL%"
-  push_gateway:
-    files:
-      - push_gateway.rst
-    version_label: "%PUSH_GATEWAY_RELEASE_LABEL%"
-  rooms@v1: # this is translated to be rooms/v1.html
-    files:
-      - rooms/v1.rst
-    version_label: v1
-  rooms@v2: # this is translated to be rooms/v2.html
-    files:
-      - rooms/v2.rst
-    version_label: v2
-  rooms@v3: # this is translated to be rooms/v3.html
-    files:
-      - rooms/v3.rst
-    version_label: v3
-  rooms@v4: # this is translated to be rooms/v4.html
-    files:
-      - rooms/v4.rst
-    version_label: v4
-  rooms@v5: # this is translated to be rooms/v5.html
-    files:
-      - rooms/v5.rst
-    version_label: v5
-  rooms@v6: # this is translated to be rooms/v6.html
-    files:
-      - rooms/v6.rst
-    version_label: v6
-  appendices:
-    files:
-      - appendices.rst
-      - appendices/base64.rst
-      - appendices/signing_json.rst
-      - appendices/identifier_grammar.rst
-      - appendices/threepids.rst
-      - appendices/threat_model.rst
-      - appendices/test_vectors.rst
-  proposals:
-    files:
-        - proposals_intro.rst
-        - proposals.rst
-groups:  # reusable blobs of files when prefixed with 'group:'
-  modules:
-    - modules/instant_messaging.rst
-    - modules/voip_events.rst
-    - modules/typing_notifications.rst
-    - modules/receipts.rst
-    - modules/read_markers.rst
-    - modules/presence.rst
-    - modules/content_repo.rst
-    - modules/send_to_device.rst
-    - modules/device_management.rst
-    - modules/end_to_end_encryption.rst
-    - modules/secrets.rst
-    - modules/history_visibility.rst
-    - modules/push.rst
-    - modules/third_party_invites.rst
-    - modules/search.rst
-    - modules/guest_access.rst
-    - modules/room_previews.rst
-    - modules/tags.rst
-    - modules/account_data.rst
-    - modules/admin.rst
-    - modules/event_context.rst
-    - modules/sso_login.rst
-    - modules/dm.rst
-    - modules/ignore_users.rst
-    - modules/stickers.rst
-    - modules/report_content.rst
-    - modules/third_party_networks.rst
-    - modules/openid.rst
-    - modules/server_acls.rst
-    - modules/mentions.rst
-    - modules/room_upgrades.rst
-    - modules/server_notices.rst
-    - modules/moderation_policies.rst
-
-
-title_styles: ["=", "-", "~", "+", "^", "`", "@", ":"]
-
-# The templating system doesn't know the right title style to use when generating
-# RST. These symbols are 'relative' to say "make a sub-title" (-1), "make a title
-# at the same level (0)", or "make a title one above (+1)". The gendoc script
-# will inspect this file and replace these relative styles with actual title
-# styles. The templating system will also inspect this file to know which symbols
-# to inject.
-relative_title_styles:
-  subtitle: "<"
-  sametitle: "/"
-  supertitle: ">"
diff --git a/static/css/fonts/Inter.css b/static/css/fonts/Inter.css
new file mode 100644
index 00000000000..c308cb83cfb
--- /dev/null
+++ b/static/css/fonts/Inter.css
@@ -0,0 +1,168 @@
+/* cyrillic-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-cyrillic-ext-normal-300.woff2);
+  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
+}
+/* cyrillic */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-cyrillic-normal-300.woff2);
+  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
+}
+/* greek-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-greek-ext-normal-300.woff2);
+  unicode-range: U+1F00-1FFF;
+}
+/* greek */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-greek-normal-300.woff2);
+  unicode-range: U+0370-03FF;
+}
+/* vietnamese */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-vietnamese-normal-300.woff2);
+  unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+1EA0-1EF9, U+20AB;
+}
+/* latin-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-latin-ext-normal-300.woff2);
+  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
+}
+/* latin */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 300;
+  src: url(../../fonts/Inter-latin-normal-300.woff2);
+  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+}
+/* cyrillic-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-cyrillic-ext-normal-400.woff2);
+  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
+}
+/* cyrillic */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-cyrillic-normal-400.woff2);
+  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
+}
+/* greek-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-greek-ext-normal-400.woff2);
+  unicode-range: U+1F00-1FFF;
+}
+/* greek */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-greek-normal-400.woff2);
+  unicode-range: U+0370-03FF;
+}
+/* vietnamese */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-vietnamese-normal-400.woff2);
+  unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+1EA0-1EF9, U+20AB;
+}
+/* latin-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-latin-ext-normal-400.woff2);
+  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
+}
+/* latin */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../../fonts/Inter-latin-normal-400.woff2);
+  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+}
+/* cyrillic-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-cyrillic-ext-normal-700.woff2);
+  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
+}
+/* cyrillic */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-cyrillic-normal-700.woff2);
+  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
+}
+/* greek-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-greek-ext-normal-700.woff2);
+  unicode-range: U+1F00-1FFF;
+}
+/* greek */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-greek-normal-700.woff2);
+  unicode-range: U+0370-03FF;
+}
+/* vietnamese */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-vietnamese-normal-700.woff2);
+  unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+1EA0-1EF9, U+20AB;
+}
+/* latin-ext */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-latin-ext-normal-700.woff2);
+  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
+}
+/* latin */
+@font-face {
+  font-family: 'Inter';
+  font-style: normal;
+  font-weight: 700;
+  src: url(../../fonts/Inter-latin-normal-700.woff2);
+  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+}
diff --git a/static/css/fonts/README.md b/static/css/fonts/README.md
new file mode 100644
index 00000000000..aca33304293
--- /dev/null
+++ b/static/css/fonts/README.md
@@ -0,0 +1,30 @@
+# Fonts
+
+## Inter.css
+
+`Inter.css` is a local copy of
+https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,700,700i, modified to pull
+font files (`.woff2`) from local sources. It was created
+using `download_google_fonts_css.py`.
+  
+## download_google_fonts_css.py
+
+`download_google_fonts_css.py` is a script that takes a google fonts CSS URL, downloads
+the file and linked fonts, then saves the fonts locally along with a modified CSS file to
+load them. Example call:
+
+```sh
+python3 download_google_fonts_css.py \
+  "https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,700,700i" \
+  ../../fonts \
+  ../../fonts 
+```
+  
+Which would pop out a `Inter.css` file that should be `@import url("Inter.css")`d
+somewhere in the site's SCSS (currently in
+[/assets/scss/_variables_project.scss](/assets/scss/_variables_project.scss)).
+
+Re-running the script and committing any new files is only necessary when a desired 
+font updates (not very often), or we want to change the font we're using. In that case,
+remove the existing font files at `/static/fonts/*.woff2` and re-run the script with a
+different URL.
diff --git a/static/css/fonts/download_google_fonts_css.py b/static/css/fonts/download_google_fonts_css.py
new file mode 100755
index 00000000000..cfb5c05264c
--- /dev/null
+++ b/static/css/fonts/download_google_fonts_css.py
@@ -0,0 +1,134 @@
+#!/usr/bin/env python3
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script takes a google fonts CSS URL, downloads the referenced fonts locally
+# and spits out a modified CSS file which now points to those local fonts.
+#
+# Purely for the purposes of converting a website to use local font files instead of
+# making requests to Google Fonts.
+
+import re
+import requests
+import subprocess
+import sys
+
+# Pull the font filename to process and output directory to point at
+if len(sys.argv) < 4:
+    print(f"""
+Error: Not enough arguments.
+
+Usage: {sys.argv[0]} google_fonts_url font_directory css_font_path
+* google fonts url: A URL leading to a google font css file (i.e https://fonts.googleapis.com/css?family=Inter)
+* font directory: The location that font files will be downloaded to (i.e ../../fonts)
+* font path: The directory the resulting CSS will be pointing to, relative to site root (i.e /unstable/css/fonts).
+             This is where the browser will look for fonts.
+""")
+    sys.exit(1)
+
+google_fonts_url = sys.argv[1]
+font_output_dir = sys.argv[2]
+css_font_path = sys.argv[3]
+
+# Get font name
+if google_fonts_url.count(":") > 1:
+    # Account for font weights specified in the URL
+    # (i.e https://fonts.googleapis.com/css?family=Inter:300,300i,400,400i,700,700i)
+    url_match = re.match(r".*family=(.*):", google_fonts_url)
+else:
+    url_match = re.match(r".*family=(.*)", google_fonts_url)
+
+if not url_match:
+    print("Unable to extract font name, invalid google fonts URL:", google_fonts_url)
+    print("URL should look something like: https://fonts.googleapis.com/css?family=Inter...")
+    sys.exit(1)
+
+font_name = url_match.group(1)
+
+# Ensure font paths end with a trailing slash
+if not font_output_dir.endswith("/"):
+    font_output_dir += "/"
+if not css_font_path.endswith("/"):
+    css_font_path += "/"
+
+# Download the css file and split by newline
+resp = requests.get(
+    google_fonts_url,
+    # We need to set a believable user-agent, else google fonts won't give us
+    # all of the font weights we requested for some reason
+    headers={
+        "User-Agent": "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
+    }
+)
+if resp.status_code != 200:
+    print("Failed to download:", google_fonts_url, resp.status_code)
+    sys.exit(1)
+
+original_contents = resp.text.split("\n")
+
+# Download all referenced font files and write out new font file
+new_css_file_lines = []
+
+# Store metadata for helping give friendly names to each font file
+font_lang = None
+font_family = None
+font_style = None
+font_weight = 0
+for line in original_contents:
+    # Check if this line contains a font URL
+    match = re.match(r".*url\((.*)\) format.*", line)
+    if match:
+        # Download the font file
+        font_url = match.group(1)
+        print("Downloading font:", font_url)
+
+        resp = requests.get(font_url)
+        if resp.status_code == 200:
+            # Save the font file
+            filename = "%s-%s-%s-%d.woff2" % (
+                font_family, font_lang, font_style, font_weight
+            )
+            font_filepath = font_output_dir + filename
+            with open(font_filepath, "wb") as f:
+                print("Writing font file:", font_filepath)
+                f.write(resp.content)
+
+            # Replace google URL with local URL
+            line = re.sub(r"url\(.+\)", f"url({css_font_path + filename})", line)
+        else:
+            print("Warning: failed to download font file:", font_url)
+
+    # Check for font metadata. If there is some, we'll note it down and use it to help
+    # name font files when we write them out.
+    # Makes for nicer font filenames than fvQtMwCp50KnMw2boKod... etc.
+    font_lang_match = re.match(r"^/\* (.+) \*/$", line)
+    if font_lang_match:
+        font_lang = font_lang_match.group(1)
+    font_family_match = re.match(r".*font-family: '(.+)';$", line)
+    if font_family_match:
+        font_family = font_family_match.group(1)
+    font_style_match = re.match(r".*font-style: (.+);$", line)
+    if font_style_match:
+        font_style = font_style_match.group(1)
+    font_weight_match = re.match(r".*font-weight: (.+);$", line)
+    if font_weight_match:
+        font_weight = int(font_weight_match.group(1))
+
+    # Append the potentially modified line to the new css file
+    new_css_file_lines.append(line)
+
+# Write out the new font css file
+with open(font_name + ".css", "w") as f:
+    new_css_file_contents = "\n".join(new_css_file_lines)
+    f.write(new_css_file_contents)
diff --git a/static/css/fonts/requirements.txt b/static/css/fonts/requirements.txt
new file mode 100644
index 00000000000..f2293605cf1
--- /dev/null
+++ b/static/css/fonts/requirements.txt
@@ -0,0 +1 @@
+requests
diff --git a/static/diagrams/README.md b/static/diagrams/README.md
new file mode 100644
index 00000000000..0b74734c07b
--- /dev/null
+++ b/static/diagrams/README.md
@@ -0,0 +1,17 @@
+# Spec diagrams
+
+Non-ascii diagrams for the spec can be placed here for reference in the actual spec.
+Please include source material so the diagram can be recreated by a future editor.
+
+https://www.diagrams.net/ is a great ([open source](https://github.com/jgraph/drawio))
+tool for these sorts of things - include your `.drawio` file next to your diagram.
+
+Suggested settings for diagrams.net:
+* Export as PNG.
+* 100% size.
+* `20` for a border width.
+* No transparent background, shadow, or grid.
+* Include a copy of the diagram.
+
+To reference a diagram, use the absolute path when compiled. For example,
+`![membership-flow-diagram](/diagrams/membership.png)`
diff --git a/static/diagrams/membership.drawio b/static/diagrams/membership.drawio
new file mode 100644
index 00000000000..1c6708deb34
--- /dev/null
+++ b/static/diagrams/membership.drawio
@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2021-04-28T19:35:50.494Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" etag="-IOh23FjJiPnGlGWLseU" version="14.6.6" type="device"><diagram id="4a_pTli-mcEMNPq0ciXK" name="Page-1">3Vvdb6M4EP9rIt09NMIGA3ncZtvbh73TSn243X1ZOYmT0BIcOaZJ9q8/E0z4cggEgulVqoqHsbHHv/nwjDsyp5vDXwxv13/TBfFH0FgcRubnEYTAAa74E1GOMWViopiwYt5CMqWEF+83kURDUkNvQXY5Rk6pz71tnjinQUDmPEfDjNF9nm1J/fxXt3hFSoSXOfbL1H+9BV/HVBc6Kf0L8Vbr5MvAnsRvNjhhlivZrfGC7jMk82lkThmlPH7aHKbEj4SXyCXu93zh7XlijAS8TodvBvr96euj/xL83G+Dn2gaTvgDkMO8Yz+UKxYjvFIvkJPmx0QSZCEEI5uU8TVd0QD7Tyn1kdEwWJDoc4ZopTxfKd0KIhDEV8L5Ue4yDjkVpDXf+PJt/M3oQxfXKEk7GrI5qVqYxApmK8Ir+OB5JwSECd0Qzo6iHyM+5t57fh5YYml15pNdPzGGjxmGrZAf32VG/hYRBINUCziRmJBKYdqFrWvGLx7iGSStzFJS0gkOTaBhqaDhEyykogEb5ODx75nnH9FQY4hk8/NBDn1qHJNGIGTwPcMZtX9kX6b9Tq2kY4dIhKgmFC01FCUGjDEwHDMeqhk6S3Cy3DycoDUZ25kfx8qPGM9cDpLCrinqLVD4rG1Wot4CqIo/j/q0dzIdulzuCC/06EYzSorhBe8eL6tFHvT7teB52eITWvbCXaqM3zthnByqQXcRI9ApSBjJ9j51XcCQtHXGbSV8KgzlpNdYVHaFETEoG0VO6/nNm799cH8DO1JysRduOyW/P/4hVG3qDGuJGRK/YIxRxjOA29wC6NEt1ASMWQmYB2NsI6ulW+gBMSXAKEPMRvZySQP+jDeeH23OVIjbI5E5+Yfs72NMLUu7MXVVehcGujUvF5HVDMhAVu1kr34Uz2xnqWsrWautNks7rdrkQekLQoVDiqldX5R+KrY8hreMVhfOfG8+grYv5vI4E/KwV9FTxPOLhT7Z6XVp8Caf5ug66lg1VavtobsdKsq6Jca5EMH3sduXNq7HYKT2xqFr0QgaeigCnEEGr05W0426mq4tqVEXMBei1340vZzAUmevBuVGzWKuT7sbVUadGu1lO53RFnfCSWdG1rVdq52dPddnCgkjB+WHiFdVSv31arCNjx3F5RPW1ccjLXBraaLrIcuy6yGrs4yDsrCly82nHrtRhHdLbksHhK7mqFxogrsYLGTVg1XTWgUo1CqQWV2hs41Kfn21CqhMwA/Ae9+SNGp6tM3Fal+I/064N8cdK0lHZycRzN+iIU2BbVr5ohqYoIEAVXkuG0qlqGWV4eOitrpeJUy7A4ZffjAHFQzcEBf+L6B0NUpwEGoZJfRgpspJhbeAKozSoJMK5zBKW1IhuRXT8SWKvouC+m9YJEF6RpBPB06YMEknl1k8FP8R0JOmiN8N2cwI+7NC4qChxMsmpl1JqXCGVKXCoELY9r2EbSpzEdIAxMmIU+MBz4QwB5qQKJSVaiebu/E8r+Fmmyw0oAFJSPGsHV1JkKtxjuvCm3JuTQP0wt08YFUfPM+3EtT8Gi/Jle2S/pjrVug3O3ZmIY7ZvGNI171OejXcmvRy4ISTwoETXcmkwEr+ewBaNNNr+DF7+s8M5tN/</diagram></mxfile>
\ No newline at end of file
diff --git a/static/diagrams/membership.png b/static/diagrams/membership.png
new file mode 100644
index 00000000000..891b338b92a
Binary files /dev/null and b/static/diagrams/membership.png differ
diff --git a/static/fonts/Inter-cyrillic-ext-normal-300.woff2 b/static/fonts/Inter-cyrillic-ext-normal-300.woff2
new file mode 100644
index 00000000000..77f8fe74b3c
Binary files /dev/null and b/static/fonts/Inter-cyrillic-ext-normal-300.woff2 differ
diff --git a/static/fonts/Inter-cyrillic-ext-normal-400.woff2 b/static/fonts/Inter-cyrillic-ext-normal-400.woff2
new file mode 100644
index 00000000000..0a28013d59e
Binary files /dev/null and b/static/fonts/Inter-cyrillic-ext-normal-400.woff2 differ
diff --git a/static/fonts/Inter-cyrillic-ext-normal-700.woff2 b/static/fonts/Inter-cyrillic-ext-normal-700.woff2
new file mode 100644
index 00000000000..a5658ff7699
Binary files /dev/null and b/static/fonts/Inter-cyrillic-ext-normal-700.woff2 differ
diff --git a/static/fonts/Inter-cyrillic-normal-300.woff2 b/static/fonts/Inter-cyrillic-normal-300.woff2
new file mode 100644
index 00000000000..9863e906845
Binary files /dev/null and b/static/fonts/Inter-cyrillic-normal-300.woff2 differ
diff --git a/static/fonts/Inter-cyrillic-normal-400.woff2 b/static/fonts/Inter-cyrillic-normal-400.woff2
new file mode 100644
index 00000000000..9b199dff899
Binary files /dev/null and b/static/fonts/Inter-cyrillic-normal-400.woff2 differ
diff --git a/static/fonts/Inter-cyrillic-normal-700.woff2 b/static/fonts/Inter-cyrillic-normal-700.woff2
new file mode 100644
index 00000000000..e7c9b5c0baf
Binary files /dev/null and b/static/fonts/Inter-cyrillic-normal-700.woff2 differ
diff --git a/static/fonts/Inter-greek-ext-normal-300.woff2 b/static/fonts/Inter-greek-ext-normal-300.woff2
new file mode 100644
index 00000000000..c5040704aa4
Binary files /dev/null and b/static/fonts/Inter-greek-ext-normal-300.woff2 differ
diff --git a/static/fonts/Inter-greek-ext-normal-400.woff2 b/static/fonts/Inter-greek-ext-normal-400.woff2
new file mode 100644
index 00000000000..2133c2aa0f3
Binary files /dev/null and b/static/fonts/Inter-greek-ext-normal-400.woff2 differ
diff --git a/static/fonts/Inter-greek-ext-normal-700.woff2 b/static/fonts/Inter-greek-ext-normal-700.woff2
new file mode 100644
index 00000000000..11f08273250
Binary files /dev/null and b/static/fonts/Inter-greek-ext-normal-700.woff2 differ
diff --git a/static/fonts/Inter-greek-normal-300.woff2 b/static/fonts/Inter-greek-normal-300.woff2
new file mode 100644
index 00000000000..e2d53b38ea5
Binary files /dev/null and b/static/fonts/Inter-greek-normal-300.woff2 differ
diff --git a/static/fonts/Inter-greek-normal-400.woff2 b/static/fonts/Inter-greek-normal-400.woff2
new file mode 100644
index 00000000000..3d2f76d320e
Binary files /dev/null and b/static/fonts/Inter-greek-normal-400.woff2 differ
diff --git a/static/fonts/Inter-greek-normal-700.woff2 b/static/fonts/Inter-greek-normal-700.woff2
new file mode 100644
index 00000000000..5b6ed50090d
Binary files /dev/null and b/static/fonts/Inter-greek-normal-700.woff2 differ
diff --git a/static/fonts/Inter-latin-ext-normal-300.woff2 b/static/fonts/Inter-latin-ext-normal-300.woff2
new file mode 100644
index 00000000000..bf5bc6474f7
Binary files /dev/null and b/static/fonts/Inter-latin-ext-normal-300.woff2 differ
diff --git a/static/fonts/Inter-latin-ext-normal-400.woff2 b/static/fonts/Inter-latin-ext-normal-400.woff2
new file mode 100644
index 00000000000..ef110cb8c89
Binary files /dev/null and b/static/fonts/Inter-latin-ext-normal-400.woff2 differ
diff --git a/static/fonts/Inter-latin-ext-normal-700.woff2 b/static/fonts/Inter-latin-ext-normal-700.woff2
new file mode 100644
index 00000000000..b42f8b12a85
Binary files /dev/null and b/static/fonts/Inter-latin-ext-normal-700.woff2 differ
diff --git a/static/fonts/Inter-latin-normal-300.woff2 b/static/fonts/Inter-latin-normal-300.woff2
new file mode 100644
index 00000000000..605d1b2d996
Binary files /dev/null and b/static/fonts/Inter-latin-normal-300.woff2 differ
diff --git a/static/fonts/Inter-latin-normal-400.woff2 b/static/fonts/Inter-latin-normal-400.woff2
new file mode 100644
index 00000000000..b5db4467bc7
Binary files /dev/null and b/static/fonts/Inter-latin-normal-400.woff2 differ
diff --git a/static/fonts/Inter-latin-normal-700.woff2 b/static/fonts/Inter-latin-normal-700.woff2
new file mode 100644
index 00000000000..f6215ed2478
Binary files /dev/null and b/static/fonts/Inter-latin-normal-700.woff2 differ
diff --git a/static/fonts/Inter-vietnamese-normal-300.woff2 b/static/fonts/Inter-vietnamese-normal-300.woff2
new file mode 100644
index 00000000000..707bb80552c
Binary files /dev/null and b/static/fonts/Inter-vietnamese-normal-300.woff2 differ
diff --git a/static/fonts/Inter-vietnamese-normal-400.woff2 b/static/fonts/Inter-vietnamese-normal-400.woff2
new file mode 100644
index 00000000000..c9fa5c598b5
Binary files /dev/null and b/static/fonts/Inter-vietnamese-normal-400.woff2 differ
diff --git a/static/fonts/Inter-vietnamese-normal-700.woff2 b/static/fonts/Inter-vietnamese-normal-700.woff2
new file mode 100644
index 00000000000..0dfa08501fa
Binary files /dev/null and b/static/fonts/Inter-vietnamese-normal-700.woff2 differ
diff --git a/static/icons/unstable.png b/static/icons/unstable.png
new file mode 100644
index 00000000000..e870a38d8e5
Binary files /dev/null and b/static/icons/unstable.png differ
diff --git a/static/js/toc.js b/static/js/toc.js
new file mode 100644
index 00000000000..fa36ba4a58f
--- /dev/null
+++ b/static/js/toc.js
@@ -0,0 +1,314 @@
+/*
+Copyright 2020, 2021 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+Account for id attributes that are in the sidebar nav
+*/
+function populateIds() {
+  const navItems = document.querySelectorAll(".td-sidebar-nav li");
+  return Array.from(navItems).map(item => item.id).filter(id => id != "");
+}
+
+/*
+Given an ID and an array of IDs, return s version of the original ID that's
+not equal to any of the IDs in the array.
+*/
+function uniquifyHeadingId(id, uniqueIDs) {
+  const baseId = id;
+  let counter = 0;
+  while (uniqueIDs.includes(id)) {
+    counter = counter + 1;
+    id = baseId + "-" + counter.toString();
+  }
+  return id;
+}
+
+/*
+Given an array of heading nodes, ensure they all have unique IDs.
+
+We have to do this mostly because of client-server modules, which are
+rendered separately then glued together with a template.
+Because heading IDs are generated in rendering, this means they can and will
+end up with duplicate IDs.
+*/
+function uniquifyHeadingIds(headings) {
+  const uniqueIDs = populateIds();
+  for (let heading of headings) {
+    const uniqueID = uniquifyHeadingId(heading.id, uniqueIDs);
+    uniqueIDs.push(uniqueID);
+    heading.id = uniqueID;
+  }
+}
+
+/*
+The document contains "normal" headings, and these have corresponding items
+in the ToC.
+
+The document might also contain H1 headings that act as titles for blocks of
+rendered data, like HTTP APIs or event schemas. Unlike "normal" headings,
+these headings don't appear in the ToC. But they do have anchor IDs to enable
+links to them. When someone follows a link to one of these "rendered data"
+headings we want to scroll the ToC to the item corresponding to the "normal"
+heading preceding the "rendered data" heading we have visited.
+
+To support this we need to add `data` attributes to ToC items.
+These attributes identify which "rendered data" headings live underneath
+the heading corresponding to that ToC item.
+*/
+function setTocItemChildren(toc, headings) {
+  let tocEntryForHeading  = null;
+  for (const heading of headings) {
+    // H1 headings are rendered-data headings
+    if (heading.tagName !== "H1") {
+      tocEntryForHeading = document.querySelector(`nav li a[href="#${heading.id}"]`);
+    } else {
+      // on the ToC entry for the parent heading,
+      // set a data-* attribute whose name is the child's fragment ID
+      tocEntryForHeading.setAttribute(`data-${heading.id}`, "true");
+    }
+  }
+}
+
+/*
+Generate a table of contents based on the headings in the document.
+*/
+function makeToc() {
+
+  // make the title from the H1
+  const h1 = document.body.querySelector("h1");
+  const title = document.createElement("a");
+  title.id = "toc-title";
+  title.setAttribute("href", "#");
+  title.textContent = h1.textContent;
+
+  // make the content
+  const content = document.body.querySelector(".td-content");
+  let headings = [].slice.call(content.querySelectorAll("h2, h3, h4, h5, h6, .rendered-data > details > summary > h1"));
+
+  // exclude headings that don't have IDs.
+  headings = headings.filter(heading => heading.id);
+  uniquifyHeadingIds(headings);
+
+  // exclude .rendered-data > h1 headings from the ToC
+  const tocTargets = headings.filter(heading => heading.tagName !== "H1");
+
+  // we have to adjust heading IDs to ensure that they are unique
+  const nav = document.createElement("nav");
+  nav.id = "TableOfContents";
+
+  const section = makeTocSection(tocTargets, 0);
+  nav.appendChild(section.content);
+  // append title and content to the #toc placeholder
+  const toc = document.body.querySelector("#toc");
+  toc.appendChild(title);
+  toc.appendChild(nav);
+
+  // tell ToC items about any rendered-data headings they contain
+  setTocItemChildren(section.content, headings);
+}
+
+// create a single ToC entry
+function makeTocEntry(heading) {
+  const li = document.createElement("li");
+  const a = document.createElement("a");
+  a.setAttribute("href", `#${heading.id}`);
+  a.textContent = heading.textContent;
+  li.appendChild(a);
+  return li;
+}
+
+/*
+Each ToC section is an `<ol>` element.
+ToC entries are `<li>` elements and these contain nested ToC sections,
+whenever we go to the next heading level down.
+*/
+function makeTocSection(headings, index) {
+  const ol = document.createElement("ol");
+  let previousHeading = null;
+  let previousLi = null;
+  let i = index;
+  const lis = [];
+  for (i; i < headings.length; i++) {
+    const thisHeading = headings[i];
+    if (previousHeading && (thisHeading.tagName > previousHeading.tagName)) {
+      // we are going down a heading level, create a new nested section
+      const section = makeTocSection(headings, i);
+      previousLi.appendChild(section.content);
+      i = section.index -1;
+    }
+    else if (previousHeading && (previousHeading.tagName > thisHeading.tagName)) {
+      // we have come back up a level, so a section is finished
+      for (let li of lis) {
+        ol.appendChild(li);
+      }
+      return {
+        content: ol,
+        index: i
+      }
+    }
+    else {
+      // we are still processing this section, so add this heading to the current section
+      previousLi = makeTocEntry(thisHeading);
+      lis.push(previousLi);
+      previousHeading = thisHeading;
+    }
+  }
+  for (let li of lis) {
+    ol.appendChild(li);
+  }
+  return  {
+    content: ol,
+    index: i
+  }
+}
+
+/*
+Set a new ToC entry.
+Clear any previously highlighted ToC items, set the new one,
+and adjust the ToC scroll position.
+*/
+function setTocEntry(newEntry) {
+  const activeEntries = document.querySelectorAll("#toc a.active");
+  for (const activeEntry of activeEntries) {
+    activeEntry.classList.remove('active');
+  }
+
+  newEntry.classList.add('active');
+  // don't scroll the sidebar nav if the main content is not scrolled
+  const nav = document.querySelector("#td-section-nav");
+  const content = document.querySelector("html");
+  if (content.scrollTop !== 0) {
+    nav.scrollTop = newEntry.offsetTop - 100;
+  } else {
+    nav.scrollTop = 0;
+  }
+}
+
+/*
+Test whether a node is in the viewport
+*/
+function isInViewport(node) {
+  const rect = node.getBoundingClientRect();
+  return (
+    rect.top >= 0 &&
+    rect.left >= 0 &&
+    rect.bottom <= (window.innerHeight || document.documentElement.clientHeight) &&
+    rect.right <= (window.innerWidth || document.documentElement.clientWidth)
+  );
+}
+
+/*
+The callback we pass to the IntersectionObserver constructor.
+
+Called when any of our observed nodes starts or stops intersecting
+with the viewport.
+*/
+function handleIntersectionUpdate(entries) {
+
+  /*
+  Special case: If the current URL hash matches a ToC entry, and
+  the corresponding heading is visible in the viewport, then that is
+  made the current ToC entry, and we don't even look at the intersection
+  observer data.
+  This means that if the user has clicked on a ToC entry,
+  we won't unselect it through the intersection observer.
+  */
+  const hash = document.location.hash;
+  if (hash) {
+    let tocEntryForHash = document.querySelector(`nav li a[href="${hash}"]`);
+    // if the hash isn't a direct match for a ToC item, check the data attributes
+    if (!tocEntryForHash) {
+      const fragment = hash.substring(1);
+      tocEntryForHash = document.querySelector(`nav li a[data-${fragment}]`);
+    }
+    if (tocEntryForHash) {
+      const headingForHash = document.querySelector(hash);
+      if (headingForHash && isInViewport(headingForHash)) {
+        setTocEntry(tocEntryForHash);
+        return;
+      }
+    }
+  }
+
+  let newEntry = null;
+
+  for (const entry of entries) {
+    if (entry.intersectionRatio > 0) {
+      const heading = entry.target;
+      /*
+      This sidebar nav consists of two sections:
+      * at the top, a sitenav containing links to other pages
+      * under that, the ToC for the current page
+
+      Since the sidebar scrolls to match the document position,
+      the sitenav will tend to scroll off the screen.
+
+      If the user has scrolled up to (or near) the top of the page,
+      we want to show the sitenav so.
+
+      So: if the H1 (title) for the current page has started
+      intersecting, then always scroll the sidebar back to the top.
+      */
+      if (heading.tagName === "H1" && heading.parentNode.tagName === "DIV") {
+        const nav = document.querySelector("#td-section-nav");
+        nav.scrollTop = 0;
+        return;
+      }
+      /*
+      Otherwise, get the ToC entry for the first entry that
+      entered the viewport, if there was one.
+      */
+      const id = entry.target.getAttribute('id');
+      let tocEntry = document.querySelector(`nav li a[href="#${id}"]`);
+      // if the id isn't a direct match for a ToC item,
+      // check the ToC entry's `data-*` attributes
+      if (!tocEntry) {
+        tocEntry = document.querySelector(`nav li a[data-${id}]`);
+      }
+      if (tocEntry && !newEntry) {
+        newEntry = tocEntry;
+      }
+    }
+  }
+
+  if (newEntry) {
+    setTocEntry(newEntry);
+    return;
+  }
+}
+
+/*
+Track when headings enter the viewport, and use this to update the highlight
+for the corresponding ToC entry.
+*/
+window.addEventListener('DOMContentLoaded', () => {
+
+  makeToc();
+
+  const toc = document.querySelector("#toc");
+  toc.addEventListener("click", event => {
+    if (event.target.tagName === "A") {
+      setTocEntry(event.target);
+    }
+  });
+
+  const observer = new IntersectionObserver(handleIntersectionUpdate);
+
+  document.querySelectorAll("h1, h2, h3, h4, h5, h6").forEach((section) => {
+    observer.observe(section);
+  });
+
+});
diff --git a/themes/docsy b/themes/docsy
new file mode 160000
index 00000000000..5023a291452
--- /dev/null
+++ b/themes/docsy
@@ -0,0 +1 @@
+Subproject commit 5023a2914528e012ecf3ec85a56028c00ee97dd2