docs: Generated database docs

chore: Release announcement
chore: Release
2026-05-26 20:49:55 +00:00 · 2025-06-19 23:46:49 +01:00 · 2025-06-14 22:34:24 +01:00 · 2025-06-14 20:53:00 +01:00 · 2025-06-14 19:09:54 +01:00 · 2025-06-14 16:51:24 +01:00
62 changed files with 2580 additions and 949 deletions
@@ -15,6 +15,7 @@ docker/
 .gitea
 .gitlab
 .github
+.forgejo

 # Dot files
 .env
@@ -22,3 +22,7 @@ indent_size = 2
 [*.rs]
 indent_style = tab
 max_line_length = 98
+
+[{.forgejo/**/*.yml,.github/**/*.yml}]
+indent_size = 2
+indent_style = space
@@ -0,0 +1,63 @@
+name: rust-toolchain
+description: |
+  Install a Rust toolchain using rustup.
+  See https://rust-lang.github.io/rustup/concepts/toolchains.html#toolchain-specification
+  for more information about toolchains.
+inputs:
+  toolchain:
+    description: |
+      Rust toolchain name.
+      See https://rust-lang.github.io/rustup/concepts/toolchains.html#toolchain-specification
+    required: false
+  target:
+    description: Target triple to install for this toolchain
+    required: false
+  components:
+    description: Space-separated list of components to be additionally installed for a new toolchain
+    required: false
+outputs:
+  rustc_version:
+    description: The rustc version installed
+    value: ${{ steps.rustc-version.outputs.version }}
+  rustup_version:
+    description: The rustup version installed
+    value: ${{ steps.rustup-version.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+    - name: Check if rustup is already installed
+      shell: bash
+      id: rustup-version
+      run: |
+        echo "version=$(rustup --version)" >> $GITHUB_OUTPUT
+    - name: Cache rustup toolchains
+      if: steps.rustup-version.outputs.version == ''
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.rustup
+          !~/.rustup/tmp
+          !~/.rustup/downloads
+        # Requires repo to be cloned if toolchain is not specified
+        key: ${{ runner.os }}-rustup-${{ inputs.toolchain || hashFiles('**/rust-toolchain.toml') }}
+    - name: Install Rust toolchain
+      if: steps.rustup-version.outputs.version == ''
+      shell: bash
+      run: |
+        if ! command -v rustup &> /dev/null ; then
+            curl --proto '=https' --tlsv1.2 --retry 10 --retry-connrefused -fsSL "https://sh.rustup.rs" | sh -s -- --default-toolchain none -y
+            echo "${CARGO_HOME:-$HOME/.cargo}/bin" >> $GITHUB_PATH
+        fi
+    - shell: bash
+      run: |
+        set -x
+        ${{ inputs.toolchain && format('rustup override set {0}', inputs.toolchain) }}
+        ${{ inputs.target && format('rustup target add {0}', inputs.target) }}
+        ${{ inputs.components && format('rustup component add {0}', inputs.components) }}
+        cargo --version
+        rustc --version
+    - id: rustc-version
+      shell: bash
+      run: |
+        echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
@@ -0,0 +1,29 @@
+name: sccache
+description: |
+  Install sccache for caching builds in GitHub Actions.
+
+inputs:
+  token:
+    description: 'A Github PAT'
+    required: false
+
+runs:
+  using: composite
+  steps:
+  - name: Install sccache
+    uses: https://github.com/mozilla-actions/sccache-action@v0.0.9
+    with:
+      token: ${{ inputs.token }}
+  - name: Configure sccache
+    uses: https://github.com/actions/github-script@v7
+    with:
+      script: |
+        core.exportVariable('ACTIONS_RESULTS_URL', process.env.ACTIONS_RESULTS_URL || '');
+        core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
+  - shell: bash
+    run: |
+      echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV
+      echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
+      echo "CMAKE_C_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV
+      echo "CMAKE_CXX_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV
+      echo "CMAKE_CUDA_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV
@@ -0,0 +1,46 @@
+name: timelord
+description: |
+  Use timelord to set file timestamps
+inputs:
+  key:
+    description: |
+      The key to use for caching the timelord data.
+      This should be unique to the repository and the runner.
+    required: true
+    default: timelord-v0
+  path:
+    description: |
+      The path to the directory to be timestamped.
+      This should be the root of the repository.
+    required: true
+    default: .
+
+runs:
+  using: composite
+  steps:
+    - name: Cache timelord-cli installation
+      id: cache-timelord-bin
+      uses: actions/cache@v3
+      with:
+        path: ~/.cargo/bin/timelord
+        key: timelord-cli-v3.0.1
+    - name: Install timelord-cli
+      uses: https://github.com/cargo-bins/cargo-binstall@main
+      if: steps.cache-timelord-bin.outputs.cache-hit != 'true'
+    - run: cargo binstall timelord-cli@3.0.1
+      shell: bash
+      if: steps.cache-timelord-bin.outputs.cache-hit != 'true'
+
+    - name: Load timelord files
+      uses: actions/cache/restore@v3
+      with:
+        path: /timelord/
+        key: ${{ inputs.key }}
+    - name: Run timelord to set timestamps
+      shell: bash
+      run: timelord sync --source-dir ${{ inputs.path }} --cache-dir /timelord/
+    - name: Save timelord
+      uses: actions/cache/save@v3
+      with:
+        path: /timelord/
+        key: ${{ inputs.key }}
@@ -3,7 +3,6 @@ concurrency:
  group: "release-image-${{ github.ref }}"

 on:
-  pull_request:
  push:
    paths-ignore:
      - "*.md"
@@ -58,7 +57,6 @@ jobs:

  build-image:
    runs-on: dind
-    container: ghcr.io/catthehacker/ubuntu:act-latest
    needs: define-variables
    permissions:
      contents: read
@@ -80,28 +78,14 @@ jobs:
        run: echo '${{ toJSON(fromJSON(needs.define-variables.outputs.build_matrix)) }}'
      - name: Echo matrix
        run: echo '${{ toJSON(matrix) }}'
-      - run: |
-          if ! command -v rustup &> /dev/null ; then
-            curl --proto '=https' --tlsv1.2 --retry 10 --retry-connrefused -fsSL "https://sh.rustup.rs" | sh -s -- --default-toolchain none -y
-            echo "${CARGO_HOME:-$HOME/.cargo}/bin" >> $GITHUB_PATH
-          fi
-      
+
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
-
-      - name: Cache timelord-cli installation
-        id: cache-timelord-bin
-        uses: actions/cache@v3
-        with:
-          path: ~/.cargo/bin/timelord
-          key: timelord-cli-v3.0.1
-      - name: Install timelord-cli
-        uses: https://github.com/cargo-bins/cargo-binstall@main
-        if: steps.cache-timelord-bin.outputs.cache-hit != 'true'
-      - run: cargo binstall timelord-cli@3.0.1
-        if: steps.cache-timelord-bin.outputs.cache-hit != 'true'
+      - name: Install rust
+        id: rust-toolchain
+        uses: ./.forgejo/actions/rust-toolchain

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -136,18 +120,58 @@ jobs:
          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
      - name: Get Git commit timestamps
        run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
-      - name: Set up timelord
-        uses: actions/cache/restore@v3
+
+      - uses: ./.forgejo/actions/timelord
        with:
-          path: /timelord/
-          key: timelord-v0 # Cache is already split per runner
-      - name: Run timelord to set timestamps
-        run: timelord sync --source-dir . --cache-dir /timelord/
-      - name: Save timelord
-        uses: actions/cache/save@v3
-        with:
-          path: /timelord/
          key: timelord-v0
+          path: .
+
+      - name: Cache Rust registry
+        uses: actions/cache@v3
+        with:
+          path: |
+            .cargo/git
+            .cargo/git/checkouts
+            .cargo/registry
+            .cargo/registry/src
+          key: rust-registry-image-${{hashFiles('**/Cargo.lock') }}
+      - name: Cache cargo target
+        id: cache-cargo-target
+        uses: actions/cache@v3
+        with:
+          path: |
+            cargo-target-${{ matrix.slug }}
+          key: cargo-target-${{ matrix.slug }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}}
+      - name: Cache apt cache
+        id: cache-apt
+        uses: actions/cache@v3
+        with:
+          path: |
+            var-cache-apt-${{ matrix.slug }}
+          key: var-cache-apt-${{ matrix.slug }}
+      - name: Cache apt lib
+        id: cache-apt-lib
+        uses: actions/cache@v3
+        with:
+          path: |
+            var-lib-apt-${{ matrix.slug }}
+          key: var-lib-apt-${{ matrix.slug }}
+      - name: inject cache into docker
+        uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.1.0
+        with:
+          cache-map: |
+            {
+              ".cargo/registry": "/usr/local/cargo/registry",
+              ".cargo/git/db": "/usr/local/cargo/git/db",
+              "cargo-target-${{ matrix.slug }}": {
+                "target": "/app/target",
+                "id": "cargo-target-${{ matrix.platform }}"
+              },
+              "var-cache-apt-${{ matrix.slug }}": "/var/cache/apt",
+              "var-lib-apt-${{ matrix.slug }}": "/var/lib/apt"
+            }
+          skip-extraction: ${{ steps.cache.outputs.cache-hit }}
+
      - name: Build and push Docker image by digest
        id: build
        uses: docker/build-push-action@v6
@@ -156,14 +180,14 @@ jobs:
          file: "docker/Dockerfile"
          build-args: |
            GIT_COMMIT_HASH=${{ github.sha }})
-            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
+            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
            GIT_REMOTE_URL=${{github.event.repository.html_url }}
            GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          # cache-to: type=gha,mode=max
          sbom: true
          outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true
        env:
@@ -186,7 +210,6 @@ jobs:

  merge:
    runs-on: dind
-    container: ghcr.io/catthehacker/ubuntu:act-latest
    needs: [define-variables, build-image]
    steps:
      - name: Download digests
@@ -0,0 +1,142 @@
+name: Rust Checks
+
+on:
+  push:
+
+jobs:
+  format:
+    name: Format
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install rust
+        uses: ./.forgejo/actions/rust-toolchain
+        with:
+          toolchain: "nightly"
+          components: "rustfmt"
+
+      - name: Check formatting
+        run: |
+          cargo +nightly fmt --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install rust
+        uses: ./.forgejo/actions/rust-toolchain
+
+      - uses: https://github.com/actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          github-api-url: https://api.github.com
+          owner: ${{ vars.GH_APP_OWNER }}
+          repositories: ""
+      - name: Install sccache
+        uses: ./.forgejo/actions/sccache
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - run: sudo apt-get update
+      - name: Install system dependencies
+        uses: https://github.com/awalsh128/cache-apt-pkgs-action@v1
+        with:
+          packages: clang liburing-dev
+          version: 1
+      - name: Cache Rust registry
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/git
+            !~/.cargo/git/checkouts
+            ~/.cargo/registry
+            !~/.cargo/registry/src
+          key: rust-registry-${{hashFiles('**/Cargo.lock') }}
+      - name: Timelord
+        uses: ./.forgejo/actions/timelord
+        with:
+          key: sccache-v0
+          path: .
+      - name: Clippy
+        run: |
+          cargo clippy \
+            --workspace \
+            --locked \
+            --no-deps \
+            --profile test \
+            -- \
+            -D warnings
+
+      - name: Show sccache stats
+        if: always()
+        run: sccache --show-stats
+
+  cargo-test:
+    name: Cargo Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install rust
+        uses: ./.forgejo/actions/rust-toolchain
+
+      - uses: https://github.com/actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          github-api-url: https://api.github.com
+          owner: ${{ vars.GH_APP_OWNER }}
+          repositories: ""
+      - name: Install sccache
+        uses: ./.forgejo/actions/sccache
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - run: sudo apt-get update
+      - name: Install system dependencies
+        uses: https://github.com/awalsh128/cache-apt-pkgs-action@v1
+        with:
+          packages: clang liburing-dev
+          version: 1
+      - name: Cache Rust registry
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/git
+            !~/.cargo/git/checkouts
+            ~/.cargo/registry
+            !~/.cargo/registry/src
+          key: rust-registry-${{hashFiles('**/Cargo.lock') }}
+      - name: Timelord
+        uses: ./.forgejo/actions/timelord
+        with:
+          key: sccache-v0
+          path: .
+      - name: Cargo Test
+        run: |
+          cargo test \
+            --workspace \
+            --locked \
+            --profile test \
+            --all-targets \
+            --no-fail-fast
+
+      - name: Show sccache stats
+        if: always()
+        run: sccache --show-stats
@@ -1,5 +1,9 @@
+[files]
+extend-exclude = ["*.csr"]
+
 [default.extend-words]
 "allocatedp" = "allocatedp"
 "conduwuit" = "conduwuit"
 "continuwuity" = "continuwuity"
+"continuwity" = "continuwuity"
 "execuse" = "execuse"
@@ -1,6 +1,6 @@
 # Contributing guide

-This page is for about contributing to conduwuit. The
+This page is for about contributing to Continuwuity. The
 [development](./development.md) page may be of interest for you as well.

 If you would like to work on an [issue][issues] that is not assigned, preferably
@@ -73,7 +73,7 @@ If you'd like to run Complement locally using Nix, see the

 ### Writing documentation

-conduwuit's website uses [`mdbook`][mdbook] and deployed via CI using GitHub
+Continuwuity's website uses [`mdbook`][mdbook] and deployed via CI using GitHub
 Pages in the [`documentation.yml`][documentation.yml] workflow file with Nix's
 mdbook in the devshell. All documentation is in the `docs/` directory at the top
 level. The compiled mdbook website is also uploaded as an artifact.
@@ -21,7 +21,7 @@ license = "Apache-2.0"
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
 rust-version = "1.86.0"
-version = "0.5.0-rc.5"
+version = "0.5.0-rc.6"

 [workspace.metadata.crane]
 name = "conduwuit"
@@ -298,7 +298,7 @@ version = "1.15.0"
 default-features = false
 features = ["serde"]

-# Used for reading the configuration from conduwuit.toml & environment variables
+# Used for reading the configuration from continuwuity.toml & environment variables
 [workspace.dependencies.figment]
 version = "0.10.19"
 default-features = false
@@ -745,7 +745,6 @@ incremental = true

 [profile.dev.package.conduwuit_core]
 inherits = "dev"
-incremental = false
 #rustflags = [
 #	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
@@ -785,7 +784,6 @@ inherits = "dev"
 [profile.dev.package.'*']
 inherits = "dev"
 debug = 'limited'
-incremental = false
 codegen-units = 1
 opt-level = 'z'
 #rustflags = [
@@ -807,7 +805,6 @@ inherits = "dev"
 strip = false
 opt-level = 0
 codegen-units = 16
-incremental = false

 [profile.test.package.'*']
 inherits = "dev"
@@ -815,7 +812,6 @@ debug = 0
 strip = false
 opt-level = 0
 codegen-units = 16
-incremental = false

 ###############################################################################
 #
@@ -992,3 +988,6 @@ let_underscore_future = { level = "allow", priority = 1 }

 # rust doesnt understand conduwuit's custom log macros
 literal_string_with_formatting_args = { level = "allow", priority = 1 }
+
+
+needless_raw_string_hashes = "allow"
@@ -7,10 +7,15 @@
 <!-- ANCHOR_END: catchphrase -->

 [continuwuity] is a Matrix homeserver written in Rust.
-It's a community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver. 
+It's a community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.

 <!-- ANCHOR: body -->

+[![forgejo.ellis.link](https://img.shields.io/badge/Ellis%20Git-main+packages-green?style=flat&logo=forgejo&labelColor=fff)](https://forgejo.ellis.link/continuwuation/continuwuity) ![](https://forgejo.ellis.link/continuwuation/continuwuity/badges/stars.svg?style=flat) [![](https://forgejo.ellis.link/continuwuation/continuwuity/badges/issues/open.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/issues?state=open) [![](https://forgejo.ellis.link/continuwuation/continuwuity/badges/pulls/open.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/pulls?state=open)
+
+[![GitHub](https://img.shields.io/badge/GitHub-mirror-blue?style=flat&logo=github&labelColor=fff&logoColor=24292f)](https://github.com/continuwuity/continuwuity) ![](https://img.shields.io/github/stars/continuwuity/continuwuity?style=flat)
+
+[![Codeberg](https://img.shields.io/badge/Codeberg-mirror-2185D0?style=flat&logo=codeberg&labelColor=fff)](https://codeberg.org/nexy7574/continuwuity) ![](https://codeberg.org/nexy7574/continuwuity/badges/stars.svg?style=flat)

 ### Why does this exist?

@@ -112,4 +117,3 @@ Join our [Matrix room](https://matrix.to/#/#continuwuity:continuwuity.org) and [


 [continuwuity]: https://forgejo.ellis.link/continuwuation/continuwuity
-
@@ -0,0 +1,63 @@
+# Security Policy for Continuwuity
+
+This document outlines the security policy for Continuwuity. Our goal is to maintain a secure platform for all users, and we take security matters seriously.
+
+## Supported Versions
+
+We provide security updates for the following versions of Continuwuity:
+
+| Version        | Supported        |
+| -------------- |:----------------:|
+| Latest release |        ✅        |
+| Main branch    |        ✅        |
+| Older releases |        ❌        |
+
+We may backport fixes to the previous release at our discretion, but we don't guarantee this.
+
+## Reporting a Vulnerability
+
+### Responsible Disclosure
+
+We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
+
+1. **Contact members of the team directly** over E2EE private message.
+   - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
+   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
+2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
+3. **Do not disclose the vulnerability publicly** until it has been addressed
+4. **Provide detailed information** about the vulnerability, including:
+   - A clear description of the issue
+   - Steps to reproduce
+   - Potential impact
+   - Any possible mitigations
+   - Version(s) affected, including specific commits if possible
+
+If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.
+
+### What to Expect
+
+When you report a security vulnerability:
+
+1. **Acknowledgment**: We will acknowledge receipt of your report.
+2. **Assessment**: We will assess the vulnerability and determine its impact on our users
+3. **Updates**: We will provide updates on our progress in addressing the vulnerability, and may request you help test mitigations
+4. **Resolution**: Once resolved, we will notify you and discuss coordinated disclosure
+5. **Credit**: We will recognize your contribution (unless you prefer to remain anonymous)
+
+## Security Update Process
+
+When security vulnerabilities are identified:
+
+1. We will develop and test fixes in a private fork
+2. Security updates will be released as soon as possible
+3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
+4. Critical security updates may be backported to the previous stable release
+
+## Additional Resources
+
+- [Matrix Security Disclosure Policy](https://matrix.org/security-disclosure-policy/)
+- [Continuwuity Documentation](https://continuwuity.org/introduction)
+
+---
+
+This security policy was last updated on May 25, 2025.
@@ -1,11 +1,11 @@
 [Unit]
-Description=conduwuit Matrix homeserver
+
+Description=Continuwuity - Matrix homeserver
 Wants=network-online.target
 After=network-online.target
-Documentation=https://conduwuit.puppyirl.gay/
+Documentation=https://continuwuity.org/
 RequiresMountsFor=/var/lib/private/conduwuit
 Alias=matrix-conduwuit.service
-
 [Service]
 DynamicUser=yes
 Type=notify-reload
@@ -59,7 +59,7 @@ StateDirectory=conduwuit
 RuntimeDirectory=conduwuit
 RuntimeDirectoryMode=0750

-Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"
+Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 BindPaths=/var/lib/private/conduwuit:/var/lib/matrix-conduit
 BindPaths=/var/lib/private/conduwuit:/var/lib/private/matrix-conduit

@@ -1,4 +1,4 @@
-### conduwuit Configuration
+### continuwuity Configuration
 ###
 ### THIS FILE IS GENERATED. CHANGES/CONTRIBUTIONS IN THE REPO WILL BE
 ### OVERWRITTEN!
@@ -13,7 +13,7 @@
 ### that say "YOU NEED TO EDIT THIS".
 ###
 ### For more information, see:
-### https://conduwuit.puppyirl.gay/configuration.html
+### https://continuwuity.org/configuration.html

 [global]

@@ -21,7 +21,7 @@
 # suffix for user and room IDs/aliases.
 #
 # See the docs for reverse proxying and delegation:
-# https://conduwuit.puppyirl.gay/deploying/generic.html#setting-up-the-reverse-proxy
+# https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
 #
 # Also see the `[global.well_known]` config section at the very bottom.
 #
@@ -32,11 +32,11 @@
 # YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
 # WIPE.
 #
-# example: "conduwuit.woof"
+# example: "continuwuity.org"
 #
 #server_name =

-# The default address (IPv4 or IPv6) conduwuit will listen on.
+# The default address (IPv4 or IPv6) continuwuity will listen on.
 #
 # If you are using Docker or a container NAT networking setup, this must
 # be "0.0.0.0".
@@ -46,10 +46,10 @@
 #
 #address = ["127.0.0.1", "::1"]

-# The port(s) conduwuit will listen on.
+# The port(s) continuwuity will listen on.
 #
 # For reverse proxying, see:
-# https://conduwuit.puppyirl.gay/deploying/generic.html#setting-up-the-reverse-proxy
+# https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
 #
 # If you are using Docker, don't change this, you'll need to map an
 # external port to this.
@@ -58,16 +58,17 @@
 #
 #port = 8008

-# The UNIX socket conduwuit will listen on.
+# The UNIX socket continuwuity will listen on.
 #
-# conduwuit cannot listen on both an IP address and a UNIX socket. If
+# continuwuity cannot listen on both an IP address and a UNIX socket. If
 # listening on a UNIX socket, you MUST remove/comment the `address` key.
 #
 # Remember to make sure that your reverse proxy has access to this socket
-# file, either by adding your reverse proxy to the 'conduwuit' group or
-# granting world R/W permissions with `unix_socket_perms` (666 minimum).
+# file, either by adding your reverse proxy to the appropriate user group
+# or granting world R/W permissions with `unix_socket_perms` (666
+# minimum).
 #
-# example: "/run/conduwuit/conduwuit.sock"
+# example: "/run/continuwuity/continuwuity.sock"
 #
 #unix_socket_path =

@@ -75,23 +76,23 @@
 #
 #unix_socket_perms = 660

-# This is the only directory where conduwuit will save its data, including
-# media. Note: this was previously "/var/lib/matrix-conduit".
+# This is the only directory where continuwuity will save its data,
+# including media. Note: this was previously "/var/lib/matrix-conduit".
 #
 # YOU NEED TO EDIT THIS.
 #
-# example: "/var/lib/conduwuit"
+# example: "/var/lib/continuwuity"
 #
 #database_path =

-# conduwuit supports online database backups using RocksDB's Backup engine
-# API. To use this, set a database backup path that conduwuit can write
-# to.
+# continuwuity supports online database backups using RocksDB's Backup
+# engine API. To use this, set a database backup path that continuwuity
+# can write to.
 #
 # For more information, see:
-# https://conduwuit.puppyirl.gay/maintenance.html#backups
+# https://continuwuity.org/maintenance.html#backups
 #
-# example: "/opt/conduwuit-db-backups"
+# example: "/opt/continuwuity-db-backups"
 #
 #database_backup_path =

@@ -112,14 +113,14 @@
 #
 #new_user_displayname_suffix = "🏳️‍⚧️"

-# If enabled, conduwuit will send a simple GET request periodically to
+# If enabled, continuwuity will send a simple GET request periodically to
 # `https://continuwuity.org/.well-known/continuwuity/announcements` for any new
 # announcements or major updates. This is not an update check endpoint.
 #
 #allow_announcements_check = true

-# Set this to any float value to multiply conduwuit's in-memory LRU caches
-# with such as "auth_chain_cache_capacity".
+# Set this to any float value to multiply continuwuity's in-memory LRU
+# caches with such as "auth_chain_cache_capacity".
 #
 # May be useful if you have significant memory to spare to increase
 # performance.
@@ -131,7 +132,7 @@
 #
 #cache_capacity_modifier = 1.0

-# Set this to any float value in megabytes for conduwuit to tell the
+# Set this to any float value in megabytes for continuwuity to tell the
 # database engine that this much memory is available for database read
 # caches.
 #
@@ -145,7 +146,7 @@
 #
 #db_cache_capacity_mb = varies by system

-# Set this to any float value in megabytes for conduwuit to tell the
+# Set this to any float value in megabytes for continuwuity to tell the
 # database engine that this much memory is available for database write
 # caches.
 #
@@ -250,9 +251,9 @@
 # Enable using *only* TCP for querying your specified nameservers instead
 # of UDP.
 #
-# If you are running conduwuit in a container environment, this config
+# If you are running continuwuity in a container environment, this config
 # option may need to be enabled. For more details, see:
-# https://conduwuit.puppyirl.gay/troubleshooting.html#potential-dns-issues-when-using-docker
+# https://continuwuity.org/troubleshooting.html#potential-dns-issues-when-using-docker
 #
 #query_over_tcp_only = false

@@ -418,9 +419,9 @@
 # tokens. Multiple tokens can be added if you separate them with
 # whitespace
 #
-# conduwuit must be able to access the file, and it must not be empty
+# continuwuity must be able to access the file, and it must not be empty
 #
-# example: "/etc/conduwuit/.reg_token"
+# example: "/etc/continuwuity/.reg_token"
 #
 #registration_token_file =

@@ -512,16 +513,16 @@
 #allow_room_creation = true

 # Set to false to disable users from joining or creating room versions
-# that aren't officially supported by conduwuit.
+# that aren't officially supported by continuwuity.
 #
-# conduwuit officially supports room versions 6 - 11.
+# continuwuity officially supports room versions 6 - 11.
 #
-# conduwuit has slightly experimental (though works fine in practice)
+# continuwuity has slightly experimental (though works fine in practice)
 # support for versions 3 - 5.
 #
 #allow_unstable_room_versions = true

-# Default room version conduwuit will create rooms with.
+# Default room version continuwuity will create rooms with.
 #
 # Per spec, room version 11 is the default.
 #
@@ -587,7 +588,7 @@
 # Servers listed here will be used to gather public keys of other servers
 # (notary trusted key servers).
 #
-# Currently, conduwuit doesn't support inbound batched key requests, so
+# Currently, continuwuity doesn't support inbound batched key requests, so
 # this list should only contain other Synapse servers.
 #
 # example: ["matrix.org", "tchncs.de"]
@@ -628,7 +629,7 @@
 #
 #trusted_server_batch_size = 1024

-# Max log level for conduwuit. Allows debug, info, warn, or error.
+# Max log level for continuwuity. Allows debug, info, warn, or error.
 #
 # See also:
 # https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
@@ -649,8 +650,9 @@
 #
 #log_span_events = "none"

-# Configures whether CONDUWUIT_LOG EnvFilter matches values using regular
-# expressions. See the tracing_subscriber documentation on Directives.
+# Configures whether CONTINUWUITY_LOG EnvFilter matches values using
+# regular expressions. See the tracing_subscriber documentation on
+# Directives.
 #
 #log_filter_regex = true

@@ -718,7 +720,7 @@
 # This takes priority over "turn_secret" first, and falls back to
 # "turn_secret" if invalid or failed to open.
 #
-# example: "/etc/conduwuit/.turn_secret"
+# example: "/etc/continuwuity/.turn_secret"
 #
 #turn_secret_file =

@@ -726,12 +728,12 @@
 #
 #turn_ttl = 86400

-# List/vector of room IDs or room aliases that conduwuit will make newly
-# registered users join. The rooms specified must be rooms that you have
-# joined at least once on the server, and must be public.
+# List/vector of room IDs or room aliases that continuwuity will make
+# newly registered users join. The rooms specified must be rooms that you
+# have joined at least once on the server, and must be public.
 #
-# example: ["#conduwuit:puppygock.gay",
-# "!eoIzvAvVwY23LPDay8:puppygock.gay"]
+# example: ["#continuwuity:continuwuity.org",
+# "!main-1:continuwuity.org"]
 #
 #auto_join_rooms = []

@@ -754,10 +756,10 @@
 #
 #auto_deactivate_banned_room_attempts = false

-# RocksDB log level. This is not the same as conduwuit's log level. This
-# is the log level for the RocksDB engine/library which show up in your
-# database folder/path as `LOG` files. conduwuit will log RocksDB errors
-# as normal through tracing or panics if severe for safety.
+# RocksDB log level. This is not the same as continuwuity's log level.
+# This is the log level for the RocksDB engine/library which show up in
+# your database folder/path as `LOG` files. continuwuity will log RocksDB
+# errors as normal through tracing or panics if severe for safety.
 #
 #rocksdb_log_level = "error"

@@ -777,7 +779,7 @@
 # Set this to true to use RocksDB config options that are tailored to HDDs
 # (slower device storage).
 #
-# It is worth noting that by default, conduwuit will use RocksDB with
+# It is worth noting that by default, continuwuity will use RocksDB with
 # Direct IO enabled. *Generally* speaking this improves performance as it
 # bypasses buffered I/O (system page cache). However there is a potential
 # chance that Direct IO may cause issues with database operations if your
@@ -785,7 +787,7 @@
 # possibly ZFS filesystem. RocksDB generally deals/corrects these issues
 # but it cannot account for all setups. If you experience any weird
 # RocksDB issues, try enabling this option as it turns off Direct IO and
-# feel free to report in the conduwuit Matrix room if this option fixes
+# feel free to report in the continuwuity Matrix room if this option fixes
 # your DB issues.
 #
 # For more information, see:
@@ -840,7 +842,7 @@
 # as they all differ. See their `kDefaultCompressionLevel`.
 #
 # Note when using the default value we may override it with a setting
-# tailored specifically conduwuit.
+# tailored specifically for continuwuity.
 #
 #rocksdb_compression_level = 32767

@@ -856,7 +858,7 @@
 # algorithm.
 #
 # Note when using the default value we may override it with a setting
-# tailored specifically conduwuit.
+# tailored specifically for continuwuity.
 #
 #rocksdb_bottommost_compression_level = 32767

@@ -896,13 +898,13 @@
 # 0 = AbsoluteConsistency
 # 1 = TolerateCorruptedTailRecords (default)
 # 2 = PointInTime (use me if trying to recover)
-# 3 = SkipAnyCorruptedRecord (you now voided your Conduwuit warranty)
+# 3 = SkipAnyCorruptedRecord (you now voided your Continuwuity warranty)
 #
 # For more information on these modes, see:
 # https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes
 #
 # For more details on recovering a corrupt database, see:
-# https://conduwuit.puppyirl.gay/troubleshooting.html#database-corruption
+# https://continuwuity.org/troubleshooting.html#database-corruption
 #
 #rocksdb_recovery_mode = 1

@@ -942,7 +944,7 @@
 # - Disabling repair mode and restarting the server is recommended after
 #   running the repair.
 #
-# See https://conduwuit.puppyirl.gay/troubleshooting.html#database-corruption for more details on recovering a corrupt database.
+# See https://continuwuity.org/troubleshooting.html#database-corruption for more details on recovering a corrupt database.
 #
 #rocksdb_repair = false

@@ -969,7 +971,7 @@
 # Enables RocksDB compaction. You should never ever have to set this
 # option to false. If you for some reason find yourself needing to use
 # this option as part of troubleshooting or a bug, please reach out to us
-# in the conduwuit Matrix room with information and details.
+# in the continuwuity Matrix room with information and details.
 #
 # Disabling compaction will lead to a significantly bloated and
 # explosively large database, gradually poor performance, unnecessarily
@@ -995,7 +997,7 @@
 # purposes such as recovering/recreating your admin room, or inviting
 # yourself back.
 #
-# See https://conduwuit.puppyirl.gay/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room.
+# See https://continuwuity.org/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room.
 #
 # Once this password is unset, all sessions will be logged out for
 # security purposes.
@@ -1010,8 +1012,8 @@

 # Allow local (your server only) presence updates/requests.
 #
-# Note that presence on conduwuit is very fast unlike Synapse's. If using
-# outgoing presence, this MUST be enabled.
+# Note that presence on continuwuity is very fast unlike Synapse's. If
+# using outgoing presence, this MUST be enabled.
 #
 #allow_local_presence = true

@@ -1019,7 +1021,7 @@
 #
 # This option receives presence updates from other servers, but does not
 # send any unless `allow_outgoing_presence` is true. Note that presence on
-# conduwuit is very fast unlike Synapse's.
+# continuwuity is very fast unlike Synapse's.
 #
 #allow_incoming_presence = true

@@ -1027,8 +1029,8 @@
 #
 # This option sends presence updates to other servers, but does not
 # receive any unless `allow_incoming_presence` is true. Note that presence
-# on conduwuit is very fast unlike Synapse's. If using outgoing presence,
-# you MUST enable `allow_local_presence` as well.
+# on continuwuity is very fast unlike Synapse's. If using outgoing
+# presence, you MUST enable `allow_local_presence` as well.
 #
 #allow_outgoing_presence = true

@@ -1081,8 +1083,8 @@
 #
 #typing_client_timeout_max_s = 45

-# Set this to true for conduwuit to compress HTTP response bodies using
-# zstd. This option does nothing if conduwuit was not built with
+# Set this to true for continuwuity to compress HTTP response bodies using
+# zstd. This option does nothing if continuwuity was not built with
 # `zstd_compression` feature. Please be aware that enabling HTTP
 # compression may weaken TLS. Most users should not need to enable this.
 # See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
@@ -1090,8 +1092,8 @@
 #
 #zstd_compression = false

-# Set this to true for conduwuit to compress HTTP response bodies using
-# gzip. This option does nothing if conduwuit was not built with
+# Set this to true for continuwuity to compress HTTP response bodies using
+# gzip. This option does nothing if continuwuity was not built with
 # `gzip_compression` feature. Please be aware that enabling HTTP
 # compression may weaken TLS. Most users should not need to enable this.
 # See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before
@@ -1102,8 +1104,8 @@
 #
 #gzip_compression = false

-# Set this to true for conduwuit to compress HTTP response bodies using
-# brotli. This option does nothing if conduwuit was not built with
+# Set this to true for continuwuity to compress HTTP response bodies using
+# brotli. This option does nothing if continuwuity was not built with
 # `brotli_compression` feature. Please be aware that enabling HTTP
 # compression may weaken TLS. Most users should not need to enable this.
 # See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
@@ -1165,7 +1167,7 @@
 # Otherwise setting this to false reduces filesystem clutter and overhead
 # for managing these symlinks in the directory. This is now disabled by
 # default. You may still return to upstream Conduit but you have to run
-# conduwuit at least once with this set to true and allow the
+# continuwuity at least once with this set to true and allow the
 # media_startup_check to take place before shutting down to return to
 # Conduit.
 #
@@ -1210,8 +1212,8 @@
 #
 #allowed_remote_server_names = []

-# Vector list of regex patterns of server names that conduwuit will refuse
-# to download remote media from.
+# Vector list of regex patterns of server names that continuwuity will
+# refuse to download remote media from.
 #
 # example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
@@ -1225,7 +1227,7 @@
 #
 #forbidden_remote_room_directory_server_names = []

-# Vector list of regex patterns of server names that conduwuit will not
+# Vector list of regex patterns of server names that continuwuity will not
 # send messages to the client from.
 #
 # Note that there is no way for clients to receive messages once a server
@@ -1249,7 +1251,7 @@
 #send_messages_from_ignored_users_to_client = false

 # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
-# do not want conduwuit to send outbound requests to. Defaults to
+# do not want continuwuity to send outbound requests to. Defaults to
 # RFC1918, unroutable, loopback, multicast, and testnet addresses for
 # security.
 #
@@ -1399,26 +1401,26 @@

 # Allow admins to enter commands in rooms other than "#admins" (admin
 # room) by prefixing your message with "\!admin" or "\\!admin" followed up
-# a normal conduwuit admin command. The reply will be publicly visible to
-# the room, originating from the sender.
+# a normal continuwuity admin command. The reply will be publicly visible
+# to the room, originating from the sender.
 #
 # example: \\!admin debug ping puppygock.gay
 #
 #admin_escape_commands = true

-# Automatically activate the conduwuit admin room console / CLI on
-# startup. This option can also be enabled with `--console` conduwuit
+# Automatically activate the continuwuity admin room console / CLI on
+# startup. This option can also be enabled with `--console` continuwuity
 # argument.
 #
 #admin_console_automatic = false

 # List of admin commands to execute on startup.
 #
-# This option can also be configured with the `--execute` conduwuit
+# This option can also be configured with the `--execute` continuwuity
 # argument and can take standard shell commands and environment variables
 #
-# For example: `./conduwuit --execute "server admin-notice conduwuit has
-# started up at $(date)"`
+# For example: `./continuwuity --execute "server admin-notice continuwuity
+# has started up at $(date)"`
 #
 # example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
 #
@@ -1426,7 +1428,7 @@

 # Ignore errors in startup commands.
 #
-# If false, conduwuit will error and fail to start if an admin execute
+# If false, continuwuity will error and fail to start if an admin execute
 # command (`--execute` / `admin_execute`) fails.
 #
 #admin_execute_errors_ignore = false
@@ -1447,15 +1449,14 @@
 # The default room tag to apply on the admin room.
 #
 # On some clients like Element, the room tag "m.server_notice" is a
-# special pinned room at the very bottom of your room list. The conduwuit
-# admin room can be pinned here so you always have an easy-to-access
-# shortcut dedicated to your admin room.
+# special pinned room at the very bottom of your room list. The
+# continuwuity admin room can be pinned here so you always have an
+# easy-to-access shortcut dedicated to your admin room.
 #
 #admin_room_tag = "m.server_notice"

 # Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
-# This is NOT enabled by default. conduwuit's default Sentry reporting
-# endpoint domain is `o4506996327251968.ingest.us.sentry.io`.
+# This is NOT enabled by default.
 #
 #sentry = false

@@ -1463,7 +1464,7 @@
 #
 #sentry_endpoint = ""

-# Report your conduwuit server_name in Sentry.io crash reports and
+# Report your continuwuity server_name in Sentry.io crash reports and
 # metrics.
 #
 #sentry_send_server_name = false
@@ -1500,7 +1501,7 @@
 # Enable the tokio-console. This option is only relevant to developers.
 #
 #	For more information, see:
-# https://conduwuit.puppyirl.gay/development.html#debugging-with-tokio-console
+# https://continuwuity.org/development.html#debugging-with-tokio-console
 #
 #tokio_console = false

@@ -1640,19 +1641,29 @@
 #
 #server =

-# This item is undocumented. Please contribute documentation for it.
+# URL to a support page for the server, which will be served as part of
+# the MSC1929 server support endpoint at /.well-known/matrix/support.
+# Will be included alongside any contact information
 #
 #support_page =

-# This item is undocumented. Please contribute documentation for it.
+# Role string for server support contacts, to be served as part of the
+# MSC1929 server support endpoint at /.well-known/matrix/support.
 #
-#support_role =
+#support_role = "m.role.admin"

-# This item is undocumented. Please contribute documentation for it.
+# Email address for server support contacts, to be served as part of the
+# MSC1929 server support endpoint.
+# This will be used along with support_mxid if specified.
 #
 #support_email =

-# This item is undocumented. Please contribute documentation for it.
+# Matrix ID for server support contacts, to be served as part of the
+# MSC1929 server support endpoint.
+# This will be used along with support_email if specified.
+#
+# If no email or mxid is specified, all of the server's admins will be
+# listed.
 #
 #support_mxid =

@@ -1,4 +1,4 @@
-# conduwuit for Debian
+# Continuwuity for Debian

 Information about downloading and deploying the Debian package. This may also be
 referenced for other `apt`-based distros such as Ubuntu.
@@ -22,7 +22,7 @@ options in `/etc/conduwuit/conduwuit.toml`.

 ### Running

-The package uses the [`conduwuit.service`](../configuration/examples.md#example-systemd-unit-file) systemd unit file to start and stop conduwuit. The binary is installed at `/usr/sbin/conduwuit`.
+The package uses the [`conduwuit.service`](../configuration/examples.md#example-systemd-unit-file) systemd unit file to start and stop Continuwuity. The binary is installed at `/usr/sbin/conduwuit`.

 This package assumes by default that conduwuit will be placed behind a reverse proxy. The default config options apply (listening on `localhost` and TCP port `6167`). Matrix federation requires a valid domain name and TLS, so you will need to set up TLS certificates and renewal for it to work properly if you intend to federate.

@@ -1,9 +1,10 @@
 [Unit]
-Description=conduwuit Matrix homeserver
+
+Description=Continuwuity - Matrix homeserver
 Wants=network-online.target
 After=network-online.target
-Alias=matrix-conduwuit.service
 Documentation=https://continuwuity.org/
+Alias=matrix-conduwuit.service

 [Service]
 DynamicUser=yes
@@ -11,7 +12,7 @@ User=conduwuit
 Group=conduwuit
 Type=notify

-Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"
+Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"

 ExecStart=/usr/sbin/conduwuit

@@ -18,13 +18,14 @@ ARG LLVM_VERSION=19
 # Line three: for xx-verify
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
-apt-get update && apt-get install -y \
+    apt-get update && apt-get install -y \
    clang-${LLVM_VERSION} lld-${LLVM_VERSION} pkg-config make jq \
    curl git \
    file

 # Create symlinks for LLVM tools
 RUN <<EOF
+    set -o xtrace
    # clang
    ln -s /usr/bin/clang-${LLVM_VERSION} /usr/bin/clang
    ln -s "/usr/bin/clang++-${LLVM_VERSION}" "/usr/bin/clang++"
@@ -46,6 +47,7 @@ ENV LDDTREE_VERSION=0.3.7

 # Install unpackaged tools
 RUN <<EOF
+    set -o xtrace
    curl --retry 5 -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
    cargo binstall --no-confirm cargo-sbom --version $CARGO_SBOM_VERSION
    cargo binstall --no-confirm lddtree --version $LDDTREE_VERSION
@@ -59,7 +61,7 @@ ARG TARGETPLATFORM
 # xx-* are xx-specific meta-packages
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
-xx-apt-get install -y \
+    xx-apt-get install -y \
    xx-c-essentials xx-cxx-essentials pkg-config \
    liburing-dev

@@ -75,6 +77,7 @@ RUN echo "CARGO_INCREMENTAL=0" >> /etc/environment

 # Configure pkg-config
 RUN <<EOF
+    set -o xtrace
    echo "PKG_CONFIG_LIBDIR=/usr/lib/$(xx-info)/pkgconfig" >> /etc/environment
    echo "PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /etc/environment
    echo "PKG_CONFIG_ALLOW_CROSS=true" >> /etc/environment
@@ -82,12 +85,14 @@ EOF

 # Configure cc to use clang version
 RUN <<EOF
+    set -o xtrace
    echo "CC=clang" >> /etc/environment
    echo "CXX=clang++" >> /etc/environment
 EOF

 # Cross-language LTO
 RUN <<EOF
+    set -o xtrace
    echo "CFLAGS=-flto" >> /etc/environment
    echo "CXXFLAGS=-flto" >> /etc/environment
    # Linker is set to target-compatible clang by xx
@@ -98,6 +103,7 @@ EOF
 ARG TARGET_CPU=
 RUN <<EOF
  set -o allexport
+  set -o xtrace
  . /etc/environment
  if [ -n "${TARGET_CPU}" ]; then
    echo "CFLAGS='${CFLAGS} -march=${TARGET_CPU}'" >> /etc/environment
@@ -118,7 +124,6 @@ COPY . .
 ARG TARGETPLATFORM

 # Verify environment configuration
-RUN cat /etc/environment
 RUN xx-cargo --print-target-triple

 # Conduwuit version info
@@ -139,9 +144,10 @@ ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA
 # Build the binary
 RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/local/cargo/git/db \
-    --mount=type=cache,target=/app/target \
+    --mount=type=cache,target=/app/target,id=cargo-target-${TARGETPLATFORM} \
    bash <<'EOF'
    set -o allexport
+    set -o xtrace
    . /etc/environment
    TARGET_DIR=($(cargo metadata --no-deps --format-version 1 | \
            jq -r ".target_directory"))
@@ -162,6 +168,7 @@ EOF
 RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/local/cargo/git/db \
    bash <<'EOF'
+    set -o xtrace
    mkdir /out/sbom
    typeset -A PACKAGES
    for BINARY in /out/sbin/*; do
@@ -180,6 +187,7 @@ EOF

 # Extract dynamically linked dependencies
 RUN <<EOF
+    set -o xtrace
    mkdir /out/libs
    mkdir /out/libs-root
    for BINARY in /out/sbin/*; do
@@ -0,0 +1,350 @@
+# Continuwuity Database Mermaid Diagrams
+
+This document contains visual representations of the Continuwuity database schema using Mermaid diagrams.
+
+## 1. Core Event Storage Architecture
+
+```mermaid
+graph TD
+    A[Matrix Event ID<br/>48 bytes] --> B[eventid_shorteventid]
+    B --> C[Short Event ID<br/>8 bytes]
+    C --> D[shorteventid_eventid]
+    D --> A
+    
+    A --> E[eventid_pduid]
+    E --> F[PDU ID<br/>16 bytes]
+    F --> G[pduid_pdu<br/>Main Event Storage]
+    
+    A --> H[eventid_outlierpdu<br/>Outlier Events]
+    
+    C --> I[shorteventid_authchain<br/>Authorization Chains]
+    C --> J[shorteventid_shortstatehash<br/>Event → State Mapping]
+    
+    G -.->|Shared Cache| H
+    
+    style G fill:#e1f5fe
+    style H fill:#e1f5fe
+    style A fill:#fff3e0
+    style C fill:#f3e5f5
+```
+
+## 2. Room State Management System
+
+```mermaid
+graph TD
+    A[Room State Key] --> B[statekey_shortstatekey]
+    B --> C[Short State Key<br/>8 bytes]
+    C --> D[shortstatekey_statekey]
+    D --> A
+    
+    E[Full State Hash] --> F[statehash_shortstatehash]
+    F --> G[Short State Hash<br/>8 bytes]
+    
+    G --> H[shortstatehash_statediff<br/>State Differences]
+    G --> I[roomid_shortstatehash<br/>Current Room State]
+    G --> J[roomsynctoken_shortstatehash<br/>Sync Token Mapping]
+    
+    K[Room ID] --> I
+    L[Sync Token] --> J
+    
+    style G fill:#e8f5e8
+    style I fill:#fff3e0
+    style J fill:#f0f4ff
+```
+
+## 3. User Authentication and Identity Flow
+
+```mermaid
+graph TD
+    A[User ID] --> B[userid_password<br/>Password Hashes]
+    
+    A --> C[userid_displayname]
+    A --> D[userid_avatarurl]
+    D --> E[userid_blurhash]
+    A --> F[useridprofilekey_value<br/>Custom Profile]
+    
+    G[Access Token] --> H[token_userdeviceid]
+    H --> I[User + Device ID]
+    I --> J[userdeviceid_token]
+    J --> G
+    
+    I --> K[userdeviceid_metadata<br/>Device Info]
+    I --> L[userdevicesessionid_uiaainfo<br/>Auth Sessions]
+    I --> M[userdevicetxnid_response<br/>Transaction Cache]
+    
+    N[OpenID Token] --> O[openidtoken_expiresatuserid]
+    P[Login Token] --> Q[logintoken_expiresatuserid]
+    
+    style H fill:#e1f5fe
+    style J fill:#e1f5fe
+    style B fill:#ffebee
+```
+
+## 4. Room Membership Bidirectional System
+
+```mermaid
+graph TD
+    A[Room ID + User ID] --> B[roomuserid_joined<br/>Room → User View]
+    C[User ID + Room ID] --> D[userroomid_joined<br/>User → Room View]
+    
+    B -.->|Bidirectional| D
+    
+    A --> E[roomuserid_invitecount]
+    C --> F[userroomid_invitestate]
+    E -.->|Related| F
+    
+    A --> G[roomuserid_leftcount]
+    C --> H[userroomid_leftstate]
+    G -.->|Related| H
+    
+    A --> I[roomuserid_knockedcount]
+    C --> J[userroomid_knockedstate]
+    I -.->|Related| J
+    
+    K[Room ID] --> L[roomid_joinedcount<br/>Total Joined]
+    K --> M[roomid_invitedcount<br/>Total Invited]
+    
+    N[Historical] --> O[roomuseroncejoinedids<br/>Ever Joined Tracking]
+    
+    style B fill:#e8f5e8
+    style D fill:#e8f5e8
+    style L fill:#fff3e0
+    style M fill:#fff3e0
+```
+
+## 5. Cryptography and Key Management Chain
+
+```mermaid
+graph TD
+    A[User ID] --> B[userid_devicelistversion<br/>Device List Changes]
+    
+    A --> C[userid_masterkeyid<br/>Master Signing Key]
+    A --> D[userid_selfsigningkeyid<br/>Self Signing Key]
+    A --> E[userid_usersigningkeyid<br/>User Signing Key]
+    
+    F[Key ID] --> G[keyid_key<br/>Actual Keys]
+    
+    C --> G
+    D --> G
+    E --> G
+    
+    H[Key Change ID] --> I[keychangeid_userid<br/>Change Notifications]
+    
+    J[One-Time Key ID] --> K[onetimekeyid_onetimekeys<br/>OTK Storage]
+    A --> L[userid_lastonetimekeyupdate<br/>Last OTK Update]
+    
+    M[Backup ID] --> N[backupid_algorithm<br/>Backup Algorithm]
+    M --> O[backupid_etag<br/>Backup Versioning]
+    P[Backup Key ID] --> Q[backupkeyid_backup<br/>Backed Up Keys]
+    
+    style G fill:#e1f5fe
+    style I fill:#fff3e0
+    style K fill:#f3e5f5
+    style Q fill:#e8f5e8
+```
+
+## 6. Federation and Server Communication
+
+```mermaid
+graph TD
+    A[Server Name] --> B[servername_destination<br/>Cached Destinations]
+    A --> C[servername_override<br/>Cached Overrides]
+    A --> D[server_signingkeys<br/>Federation Keys]
+    A --> E[servername_educount<br/>EDU Counters]
+    
+    F[Server + Event] --> G[servernameevent_data<br/>Server Events]
+    H[Server Current] --> I[servercurrentevent_data<br/>Current State]
+    
+    J[Room ID] --> K[roomserverids<br/>Room → Servers]
+    L[Server Name] --> M[serverroomids<br/>Server → Rooms]
+    
+    K -.->|Bidirectional| M
+    
+    N[Room ID] --> O[roomid_inviteviaservers<br/>Invitation Routing]
+    
+    style B fill:#e1f5fe
+    style C fill:#e1f5fe
+    style K fill:#e8f5e8
+    style M fill:#e8f5e8
+```
+
+## 7. Push Notifications and Read Tracking
+
+```mermaid
+graph TD
+    A[Sender Key] --> B[senderkey_pusher<br/>Push Endpoints]
+    C[Push Key] --> D[pushkey_deviceid<br/>Device Mapping]
+    
+    B -.->|Related| D
+    
+    E[Read Receipt ID] --> F[readreceiptid_readreceipt<br/>Public Receipts]
+    
+    G[Room + User] --> H[roomuserid_privateread<br/>Private Read Markers]
+    G --> I[roomuserid_lastprivatereadupdate<br/>Update Timestamps]
+    
+    J[User + Room] --> K[userroomid_highlightcount<br/>Mention Count]
+    J --> L[userroomid_notificationcount<br/>Notification Count]
+    
+    style F fill:#e8f5e8
+    style H fill:#f3e5f5
+    style K fill:#fff3e0
+    style L fill:#fff3e0
+```
+
+## 8. Media and Content Management
+
+```mermaid
+graph TD
+    A[Media ID] --> B[mediaid_file<br/>File Metadata]
+    A --> C[mediaid_user<br/>Uploader Tracking]
+    
+    B -.->|Related| C
+    
+    D[URL] --> E[url_previews<br/>Preview Cache]
+    
+    F[User ID] --> G[userfilterid_filter<br/>Sync Filters]
+    H[Lazy Load] --> I[lazyloadedids<br/>Member Event Tracking]
+    
+    style B fill:#e1f5fe
+    style C fill:#e1f5fe
+    style E fill:#f0f4ff
+```
+
+## 9. Account Data and Presence System
+
+```mermaid
+graph TD
+    A[Room + User + Type] --> B[roomusertype_roomuserdataid<br/>Account Data Index]
+    B --> C[Room User Data ID]
+    C --> D[roomuserdataid_accountdata<br/>Actual Account Data]
+    
+    E[User ID] --> F[userid_presenceid<br/>Presence Mapping]
+    F --> G[Presence ID]
+    G --> H[presenceid_presence<br/>Presence Data]
+    
+    I[To-Device ID] --> J[todeviceid_events<br/>Device Messages]
+    
+    style D fill:#e8f5e8
+    style H fill:#f3e5f5
+    style J fill:#fff3e0
+```
+
+## 10. Global Configuration and Access Control
+
+```mermaid
+graph TD
+    A[Global Config] --> B[global<br/>Server Settings]
+    
+    C[Room Categories] --> D[publicroomids<br/>Public Rooms]
+    C --> E[bannedroomids<br/>Banned Rooms]
+    C --> F[disabledroomids<br/>Disabled Rooms]
+    
+    G[App Service ID] --> H[id_appserviceregistrations<br/>Application Services]
+    
+    I[Token Management] --> J[tokenids<br/>Token Allocation]
+    
+    K[Relations] --> L[tofrom_relation<br/>Event Relations]
+    K --> M[threadid_userids<br/>Thread Participants]
+    K --> N[referencedevents<br/>Referenced Events]
+    K --> O[softfailedeventids<br/>Failed Events]
+    
+    style B fill:#e1f5fe
+    style D fill:#e8f5e8
+    style E fill:#ffebee
+    style F fill:#ffebee
+```
+
+## 11. Complete System Overview
+
+```mermaid
+graph TB
+    subgraph "Identity Management"
+        UI[User Identity]
+        UA[User Auth]
+        UD[User Devices]
+        UP[User Profile]
+    end
+    
+    subgraph "Event Storage"
+        ES[Event Storage]
+        EID[Event ID Mapping]
+        EO[Outlier Events]
+    end
+    
+    subgraph "Room Management"
+        RS[Room State]
+        RM[Room Membership]
+        RMeta[Room Metadata]
+    end
+    
+    subgraph "Cryptography"
+        DK[Device Keys]
+        CS[Cross Signing]
+        KB[Key Backups]
+    end
+    
+    subgraph "Federation"
+        FS[Federation Servers]
+        FK[Federation Keys]
+        FE[Federation Events]
+    end
+    
+    subgraph "Communication"
+        PUSH[Push Notifications]
+        RT[Read Tracking]
+        DM[Device Messages]
+    end
+    
+    subgraph "Content"
+        MC[Media Content]
+        UP2[URL Previews]
+        AD[Account Data]
+    end
+    
+    UI --> UA
+    UA --> UD
+    UI --> UP
+    
+    ES --> EID
+    ES --> EO
+    EID --> RS
+    
+    RS --> RM
+    RM --> RMeta
+    
+    UD --> DK
+    DK --> CS
+    CS --> KB
+    
+    RM --> FS
+    FS --> FK
+    FK --> FE
+    
+    UD --> PUSH
+    RM --> RT
+    UD --> DM
+    
+    UI --> MC
+    MC --> UP2
+    UI --> AD
+    
+    style UI fill:#e8f5e8
+    style ES fill:#e1f5fe
+    style RS fill:#f3e5f5
+    style DK fill:#fff3e0
+    style FS fill:#f0f4ff
+```
+
+## Diagram Legend
+
+- **Blue boxes** (`#e1f5fe`): Core storage tables
+- **Green boxes** (`#e8f5e8`): Membership and relationship tables  
+- **Purple boxes** (`#f3e5f5`): ID mapping and compression tables
+- **Orange boxes** (`#fff3e0`): Count and metadata tables
+- **Light blue boxes** (`#f0f4ff`): Sync and federation tables
+- **Red boxes** (`#ffebee`): Access control and security tables
+- **Solid arrows**: Direct relationships
+- **Dotted arrows**: Bidirectional or related tables
+- **Shared Cache notation**: Tables that share memory pools
+
+These diagrams show how Continuwuity's 89 database tables interconnect to provide a complete Matrix homeserver implementation with optimized storage patterns and efficient relationship management.
@@ -0,0 +1,354 @@
+# Continuwuity Database Column Relationships
+
+This document analyzes how the 89 database columns in Continuwuity relate to each other, showing the data flow and dependencies between tables.
+
+## Core Identity Mapping System
+
+### Event ID Management
+
+The system uses a sophisticated event ID mapping system to optimize storage:
+
+```
+eventid_shorteventid ←→ shorteventid_eventid
+         ↓                      ↓
+   eventid_pduid         shorteventid_authchain
+         ↓                      ↓
+     pduid_pdu         shorteventid_shortstatehash
+         ↓
+eventid_outlierpdu
+```
+
+**Relationships:**
+
+- `eventid_shorteventid` + `shorteventid_eventid`: Bidirectional mapping between full Matrix event IDs (48 bytes) and compact short IDs (8 bytes)
+- `eventid_pduid`: Maps event IDs to PDU IDs (16-byte internal identifiers)
+- `pduid_pdu`: Main event storage using PDU IDs as keys
+- `eventid_outlierpdu`: Stores events not yet part of the timeline (outliers)
+- `shorteventid_authchain`: Authorization chains using short event IDs
+- `shorteventid_shortstatehash`: Links events to room state using short IDs
+
+### Room ID Management
+
+Similar optimization for room identifiers:
+
+```
+roomid_shortroomid
+       ↓
+   (used in keys for room-related tables)
+```
+
+### State Management
+
+Complex state tracking with compression:
+
+```
+statekey_shortstatekey ←→ shortstatekey_statekey
+         ↓
+statehash_shortstatehash
+         ↓
+shortstatehash_statediff
+         ↓
+roomid_shortstatehash
+```
+
+**Relationships:**
+
+- `statekey_shortstatekey` + `shortstatekey_statekey`: Bidirectional mapping for state keys
+- `statehash_shortstatehash`: Maps full state hashes to 8-byte compressed versions
+- `shortstatehash_statediff`: Stores state differences between versions
+- `roomid_shortstatehash`: Current state hash for each room
+
+## User and Authentication Flow
+
+### User Authentication Chain
+
+```
+userid_password → token_userdeviceid ←→ userdeviceid_token
+                         ↓
+                 userdeviceid_metadata
+                         ↓
+              userdevicesessionid_uiaainfo
+```
+
+**Relationships:**
+
+- `userid_password`: Stores user password hashes
+- `token_userdeviceid` + `userdeviceid_token`: Bidirectional mapping between access tokens and devices
+- `userdeviceid_metadata`: Device information (name, type, etc.)
+- `userdevicesessionid_uiaainfo`: User-Interactive Authentication session data
+
+### User Profile Data
+
+```
+userid_displayname
+userid_avatarurl → userid_blurhash
+useridprofilekey_value
+```
+
+**Relationships:**
+
+- Profile data is stored separately per attribute
+- `userid_blurhash` complements `userid_avatarurl` for progressive loading
+
+### Token Management
+
+```
+openidtoken_expiresatuserid
+logintoken_expiresatuserid  
+tokenids
+```
+
+**Relationships:**
+
+- Separate token types have separate expiration tracking
+- `tokenids` manages token ID allocation
+
+## Room Membership System
+
+### Membership State Tracking
+
+```
+roomuserid_joined ←→ userroomid_joined
+roomuserid_invitecount ←→ userroomid_invitestate
+roomuserid_leftcount ←→ userroomid_leftstate
+roomuserid_knockedcount ←→ userroomid_knockedstate
+```
+
+**Relationships:**
+
+- Bidirectional indexes: room→user and user→room perspectives
+- Count tables track membership transitions
+- State tables store membership event data
+
+### Room Counts and Metadata
+
+```
+roomid_joinedcount ← roomuserid_joined
+roomid_invitedcount ← roomuserid_invitecount
+roomuseroncejoinedids (historical tracking)
+```
+
+**Relationships:**
+
+- Count tables are derived from individual membership records
+- Historical tracking for users who ever joined
+
+### Federation Integration
+
+```
+roomserverids ←→ serverroomids
+roomid_inviteviaservers
+```
+
+**Relationships:**
+
+- Bidirectional tracking of which servers participate in which rooms
+- Via servers for invitation routing
+
+## Cryptography and Security
+
+### Device Key Management
+
+```
+userid_devicelistversion
+         ↓
+keyid_key ← userid_masterkeyid
+         ↓     userid_selfsigningkeyid
+keychangeid_userid ← userid_usersigningkeyid
+         ↓
+onetimekeyid_onetimekeys
+         ↓
+userid_lastonetimekeyupdate
+```
+
+**Relationships:**
+
+- Device list versions track changes requiring key updates
+- Different key types stored separately with references from user records
+- Key changes trigger notifications
+- One-time keys managed with update timestamps
+
+### Key Backup System
+
+```
+backupid_algorithm
+backupid_etag → backupkeyid_backup
+```
+
+**Relationships:**
+
+- Backup metadata (algorithm, versioning) linked to actual backed-up keys
+
+## Push Notifications and Read Tracking
+
+### Push Infrastructure
+
+```
+senderkey_pusher ←→ pushkey_deviceid
+```
+
+**Relationships:**
+
+- Bidirectional mapping between push keys and devices
+
+### Read Receipt System
+
+```
+readreceiptid_readreceipt
+roomuserid_privateread
+roomuserid_lastprivatereadupdate
+userroomid_highlightcount
+userroomid_notificationcount
+```
+
+**Relationships:**
+
+- Public read receipts vs private read markers
+- Highlight/notification counts per user-room pair
+- Update tracking for private reads
+
+## Media and Content
+
+### Media Storage
+
+```
+mediaid_file ←→ mediaid_user
+url_previews
+```
+
+**Relationships:**
+
+- File metadata linked to uploader tracking
+- URL previews cached separately
+
+## Sync and Timeline
+
+### Sync Token Management
+
+```
+roomsynctoken_shortstatehash
+lazyloadedids
+```
+
+**Relationships:**
+
+- Sync tokens map to room state for efficient delta computation
+- Lazy loading tracking for member events
+
+### Event Relations
+
+```
+tofrom_relation
+threadid_userids
+referencedevents
+softfailedeventids
+```
+
+**Relationships:**
+
+- Event relations track replies, edits, reactions
+- Thread participant tracking
+- Referenced events and soft failures
+
+## Federation and Server Management
+
+### Server Discovery and Communication
+
+```
+servername_destination (cached)
+servername_override (cached)
+server_signingkeys
+servername_educount
+servercurrentevent_data
+servernameevent_data
+```
+
+**Relationships:**
+
+- Destination resolution with caching
+- Server signing keys for federation
+- EDU (Ephemeral Data Unit) counting
+- Current and historical server events
+
+## Account Data and Presence
+
+### Account Data Storage
+
+```
+roomusertype_roomuserdataid → roomuserdataid_accountdata
+userid_presenceid → presenceid_presence
+```
+
+**Relationships:**
+
+- Account data indexed by room+user+type, pointing to actual data
+- Presence data separated from user records with ID mapping
+
+## Global Configuration
+
+### Application Services
+
+```
+id_appserviceregistrations
+```
+
+### Global Settings
+
+```
+global
+publicroomids
+bannedroomids
+disabledroomids
+```
+
+**Relationships:**
+
+- Global server configuration
+- Room access control lists
+
+## Performance Optimizations
+
+### Shared Cache Relationships
+
+- `eventid_outlierpdu` and `pduid_pdu` share cache because they both store PDU data
+- Related tables are grouped for memory efficiency
+
+### Transaction Management
+
+```
+userdevicetxnid_response
+todeviceid_events
+```
+
+**Relationships:**
+
+- Transaction ID response caching
+- To-device message queuing
+
+## Data Flow Examples
+
+### Sending a Message
+
+1. `pduid_pdu` ← stores the PDU
+2. `eventid_pduid` ← maps event ID to PDU ID
+3. `eventid_shorteventid` ← creates short ID mapping
+4. `shorteventid_shortstatehash` ← links to room state
+5. `userroomid_notificationcount` ← updates notification counts
+6. `readreceiptid_readreceipt` ← processes read receipts
+
+### User Login
+
+1. `userid_password` ← validates credentials
+2. `userdeviceid_token` ← creates device token
+3. `token_userdeviceid` ← creates reverse mapping
+4. `userdeviceid_metadata` ← stores device info
+
+### Room Join
+
+1. `roomuserid_joined` ← records membership
+2. `userroomid_joined` ← creates reverse index
+3. `roomid_joinedcount` ← updates room count
+4. `roomuseroncejoinedids` ← historical tracking
+5. `roomserverids` ← federation tracking
+
+This relational structure allows Continuwuity to efficiently handle Matrix protocol operations while maintaining data consistency and enabling fast lookups from multiple perspectives.
@@ -0,0 +1,485 @@
+# Continuwuity Database Schema Documentation
+
+Continuwuity is a Matrix protocol implementation using RocksDB as its storage backend. The database is organized into column families (called "Maps" in the codebase), each serving specific purposes in the Matrix homeserver functionality.
+
+| Table Name | Access Pattern | Key Size | Value Size | Description |
+|------------|---------------|----------|------------|-------------|
+| `alias_roomid` | RANDOM_SMALL | - | - | Maps room alias to room ID |
+| `alias_userid` | RANDOM_SMALL | - | - | Maps room alias to user ID |
+| `aliasid_alias` | RANDOM_SMALL | - | - | Maps alias ID to alias string |
+| `backupid_algorithm` | RANDOM_SMALL | - | - | Key backup algorithms |
+| `backupid_etag` | RANDOM_SMALL | - | - | Key backup ETags |
+| `backupkeyid_backup` | RANDOM_SMALL | - | - | Backed up keys |
+| `bannedroomids` | RANDOM_SMALL | - | - | Set of banned room IDs |
+| `disabledroomids` | RANDOM_SMALL | - | - | Set of disabled room IDs |
+| `eventid_outlierpdu` | RANDOM | 48 bytes | 1488 bytes | Outlier PDUs (shared cache with pduid_pdu) |
+| `eventid_pduid` | RANDOM | 48 bytes | 16 bytes | Event ID to PDU ID mapping |
+| `eventid_shorteventid` | RANDOM | 48 bytes | 8 bytes | Event ID to short event ID |
+| `global` | RANDOM_SMALL | - | - | Global server configuration |
+| `id_appserviceregistrations` | RANDOM_SMALL | - | - | Application service registrations |
+| `keychangeid_userid` | RANDOM | - | - | Key change notifications |
+| `keyid_key` | RANDOM_SMALL | - | - | Cryptographic keys |
+| `lazyloadedids` | RANDOM_SMALL | - | - | Lazy-loaded member events |
+| `mediaid_file` | RANDOM_SMALL | - | - | Media file metadata |
+| `mediaid_user` | RANDOM_SMALL | - | - | Media uploader tracking |
+| `onetimekeyid_onetimekeys` | RANDOM_SMALL | - | - | One-time keys |
+| `pduid_pdu` | SEQUENTIAL | 16 bytes | 1520 bytes | Main PDU storage (shared cache with eventid_outlierpdu) |
+| `publicroomids` | RANDOM_SMALL | - | - | Public room IDs |
+| `pushkey_deviceid` | RANDOM_SMALL | - | - | Push key to device mapping |
+| `presenceid_presence` | SEQUENTIAL_SMALL | - | - | User presence data |
+| `readreceiptid_readreceipt` | RANDOM | - | - | Read receipts |
+| `referencedevents` | RANDOM | - | - | Referenced events |
+| `roomid_invitedcount` | RANDOM_SMALL | - | - | Room invited user count |
+| `roomid_inviteviaservers` | RANDOM_SMALL | - | - | Room invite via servers |
+| `roomid_joinedcount` | RANDOM_SMALL | - | - | Room joined user count |
+| `roomid_pduleaves` | RANDOM_SMALL | - | - | PDU leaves per room |
+| `roomid_shortroomid` | RANDOM_SMALL | - | 8 bytes | Room ID to short room ID |
+| `roomid_shortstatehash` | RANDOM_SMALL | - | 8 bytes | Room ID to state hash |
+| `roomserverids` | RANDOM_SMALL | - | - | Server IDs per room |
+| `roomsynctoken_shortstatehash` | SEQUENTIAL | - | 8 bytes | Sync token to state hash (special compression) |
+| `roomuserdataid_accountdata` | RANDOM_SMALL | - | - | Room account data |
+| `roomuserid_invitecount` | RANDOM_SMALL | - | 8 bytes | Room-user invite count |
+| `roomuserid_joined` | RANDOM_SMALL | - | - | Room-user joined status |
+| `roomuserid_lastprivatereadupdate` | RANDOM_SMALL | - | - | Last private read update |
+| `roomuserid_leftcount` | RANDOM | - | 8 bytes | Room-user leave count |
+| `roomuserid_knockedcount` | RANDOM_SMALL | - | 8 bytes | Room-user knock count |
+| `roomuserid_privateread` | RANDOM_SMALL | - | - | Private read markers |
+| `roomuseroncejoinedids` | RANDOM | - | - | Users who ever joined |
+| `roomusertype_roomuserdataid` | RANDOM_SMALL | - | - | Account data type mapping |
+| `senderkey_pusher` | RANDOM_SMALL | - | - | Push notification senders |
+| `server_signingkeys` | RANDOM | - | - | Server signing keys |
+| `servercurrentevent_data` | RANDOM_SMALL | - | - | Current server events |
+| `servername_destination` | RANDOM_SMALL_CACHE | - | - | Server destinations (cached) |
+| `servername_educount` | RANDOM_SMALL | - | - | EDU counters |
+| `servername_override` | RANDOM_SMALL_CACHE | - | - | Server name overrides (cached) |
+| `servernameevent_data` | RANDOM | - | 128 bytes | Server event data |
+| `serverroomids` | RANDOM_SMALL | - | - | Rooms per server |
+| `shorteventid_authchain` | SEQUENTIAL | 8 bytes | - | Event authorization chains |
+| `shorteventid_eventid` | SEQUENTIAL_SMALL | 8 bytes | 48 bytes | Short event ID to event ID |
+| `shorteventid_shortstatehash` | SEQUENTIAL | 8 bytes | 8 bytes | Event to state hash mapping |
+| `shortstatehash_statediff` | SEQUENTIAL_SMALL | 8 bytes | - | State differences |
+| `shortstatekey_statekey` | RANDOM_SMALL | 8 bytes | 1016 bytes | Short state key to state key |
+| `softfailedeventids` | RANDOM_SMALL | 48 bytes | - | Soft-failed events |
+| `statehash_shortstatehash` | RANDOM | - | 8 bytes | State hash to short hash |
+| `statekey_shortstatekey` | RANDOM | 1016 bytes | 8 bytes | State key to short key |
+| `threadid_userids` | SEQUENTIAL_SMALL | - | - | Thread participants |
+| `todeviceid_events` | RANDOM | - | - | To-device messages |
+| `tofrom_relation` | RANDOM_SMALL | 8 bytes | 8 bytes | Event relations |
+| `token_userdeviceid` | RANDOM_SMALL | - | - | Token to device mapping |
+| `tokenids` | RANDOM | - | - | Token ID management |
+| `url_previews` | RANDOM | - | - | URL preview cache |
+| `userdeviceid_metadata` | RANDOM_SMALL | - | - | Device metadata |
+| `userdeviceid_token` | RANDOM_SMALL | - | - | Device tokens |
+| `userdevicesessionid_uiaainfo` | RANDOM_SMALL | - | - | UIAA session info |
+| `userdevicetxnid_response` | RANDOM_SMALL | - | - | Transaction responses |
+| `userfilterid_filter` | RANDOM_SMALL | - | - | User sync filters |
+| `userid_avatarurl` | RANDOM_SMALL | - | - | User avatar URLs |
+| `userid_blurhash` | RANDOM_SMALL | - | - | Avatar blurhashes |
+| `userid_devicelistversion` | RANDOM_SMALL | - | - | Device list versions |
+| `userid_displayname` | RANDOM_SMALL | - | - | User display names |
+| `userid_lastonetimekeyupdate` | RANDOM_SMALL | - | - | Last OTK update time |
+| `userid_masterkeyid` | RANDOM_SMALL | - | - | Master signing keys |
+| `userid_password` | RANDOM | - | - | Password hashes |
+| `userid_presenceid` | RANDOM_SMALL | - | - | User presence mapping |
+| `userid_selfsigningkeyid` | RANDOM_SMALL | - | - | Self-signing keys |
+| `userid_usersigningkeyid` | RANDOM_SMALL | - | - | User-signing keys |
+| `useridprofilekey_value` | RANDOM_SMALL | - | - | Custom profile fields |
+| `openidtoken_expiresatuserid` | RANDOM_SMALL | - | - | OpenID tokens |
+| `logintoken_expiresatuserid` | RANDOM_SMALL | - | - | Login tokens |
+| `userroomid_highlightcount` | RANDOM | - | - | Highlight counts |
+| `userroomid_invitestate` | RANDOM_SMALL | - | - | User invite states |
+| `userroomid_joined` | RANDOM | - | - | User joined rooms |
+| `userroomid_leftstate` | RANDOM | - | - | User leave states |
+| `userroomid_knockedstate` | RANDOM_SMALL | - | - | User knock states |
+| `userroomid_notificationcount` | RANDOM | - | - | Notification counts |
+
+## Access Pattern Definitions
+
+### RANDOM
+
+- Large datasets with random updates across keyspace
+- Compaction priority: OldestSmallestSeqFirst
+- Write buffer: 32MB
+- Cache shards: 128
+- Compression: Zstd level -3
+- Bottommost compression: level 2
+
+### SEQUENTIAL  
+
+- Large datasets with append-heavy updates
+- Compaction priority: OldestLargestSeqFirst
+- Write buffer: 64MB
+- Level size: 32MB
+- File size: 2MB
+- Compression: Zstd level -2
+
+### RANDOM_SMALL
+
+- Small datasets with random updates
+- Compaction style: Universal
+- Write buffer: 16MB
+- Level size: 512KB
+- File size: 128KB
+- Block size: 512 bytes
+- Compression: Zstd level -4
+
+### SEQUENTIAL_SMALL
+
+- Small datasets with sequential updates
+- Compaction style: Universal
+- Write buffer: 16MB
+- Level size: 1MB
+- File size: 512KB
+- Compression: Zstd level -4
+
+### RANDOM_SMALL_CACHE
+
+- Small persistent caches with TTL
+- Compaction style: FIFO
+- Size limit: 64MB
+- TTL: 14 days
+- Unique cache allocation
+
+## Special Configurations
+
+### Shared Cache Tables
+
+- `eventid_outlierpdu` and `pduid_pdu` share cache pool
+- Optimizes memory usage for related event data
+
+### High-Performance Tables
+
+- `roomsynctoken_shortstatehash`: Special compression settings for sync performance
+- `pduid_pdu`: Large block size (2KB) for efficient event storage
+- `eventid_outlierpdu`: Optimized for outlier PDU handling
+
+### Cache-Only Tables
+
+- `servername_destination`: FIFO cache for server resolution
+- `servername_override`: FIFO cache for server overrides
+
+## Data Types and Sizes
+
+### Event IDs
+
+- Full event IDs: 48 bytes (Matrix event ID format)
+- Short event IDs: 8 bytes (internal optimization)
+
+### Room IDs  
+
+- Full room IDs: Variable length Matrix room ID
+- Short room IDs: 8 bytes (internal optimization)
+
+### PDU Data
+
+- PDU ID: 16 bytes
+- PDU content: ~1520 bytes average
+- Outlier PDUs: ~1488 bytes average
+
+### State Data
+
+- State keys: Up to 1016 bytes
+- Short state keys: 8 bytes
+- State hashes: 8 bytes (shortened)
+
+This technical reference shows how Continuwuity optimizes storage for different types of Matrix data, using appropriate RocksDB configurations for each access pattern.
+
+## Database Architecture
+
+## Column Families (Maps)
+
+### Room Management
+
+#### Room Aliases
+
+- **`alias_roomid`**: Maps room alias to room ID
+- **`alias_userid`**: Maps room alias to user ID (for alias management)
+- **`aliasid_alias`**: Maps alias ID to actual alias string
+
+#### Room Metadata
+
+- **`roomid_shortroomid`**: Maps room ID to short room ID (8-byte identifier)
+- **`roomid_shortstatehash`**: Maps room ID to current state hash
+- **`roomid_pduleaves`**: Tracks PDU leaves for each room
+- **`roomid_invitedcount`**: Count of invited users per room
+- **`roomid_joinedcount`**: Count of joined users per room
+- **`roomid_inviteviaservers`**: Via servers for room invites
+- **`publicroomids`**: Set of public room IDs
+- **`bannedroomids`**: Set of banned room IDs
+- **`disabledroomids`**: Set of disabled room IDs
+
+#### Room State
+
+- **`shortstatehash_statediff`**: State differences between state hashes
+- **`statehash_shortstatehash`**: Maps full state hash to short state hash (8-byte)
+- **`statekey_shortstatekey`**: Maps state key to short state key (8-byte)
+- **`shortstatekey_statekey`**: Reverse mapping from short state key to full state key
+- **`roomsynctoken_shortstatehash`**: Maps room sync tokens to state hashes
+
+### Events and Timeline
+
+#### Event Storage
+
+- **`eventid_pduid`**: Maps event ID to PDU ID (16-byte identifier)
+- **`eventid_shorteventid`**: Maps event ID to short event ID (8-byte)
+- **`eventid_outlierpdu`**: Stores outlier PDUs (events not yet in timeline)
+- **`pduid_pdu`**: Main PDU storage (PDU ID to PDU data)
+- **`shorteventid_eventid`**: Reverse mapping from short event ID to full event ID
+- **`shorteventid_authchain`**: Authorization chains for events
+- **`shorteventid_shortstatehash`**: Maps events to their state hashes
+
+#### Event Relationships
+
+- **`tofrom_relation`**: Event relations (replies, edits, reactions)
+- **`threadid_userids`**: Thread participants tracking
+- **`referencedevents`**: Referenced events tracking
+- **`softfailedeventids`**: Events that soft-failed state resolution
+
+### User Management
+
+#### User Identity
+
+- **`userid_displayname`**: User display names
+- **`userid_avatarurl`**: User avatar URLs
+- **`userid_blurhash`**: Avatar blurhash values
+- **`userid_password`**: Password hashes
+- **`useridprofilekey_value`**: Custom profile fields
+
+#### User Devices and Sessions
+
+- **`userdeviceid_metadata`**: Device metadata (name, type, etc.)
+- **`userdeviceid_token`**: Device access tokens
+- **`token_userdeviceid`**: Reverse token to device mapping
+- **`userdevicesessionid_uiaainfo`**: User-Interactive Auth session data
+- **`userdevicetxnid_response`**: Transaction ID to response caching
+
+#### User Preferences
+
+- **`userfilterid_filter`**: Sync filter definitions
+- **`lazyloadedids`**: Lazy-loaded member event tracking
+
+### Cryptography and Security
+
+#### Device Keys
+
+- **`keyid_key`**: Cryptographic keys storage
+- **`userid_devicelistversion`**: Device list versions for users
+- **`userid_lastonetimekeyupdate`**: Last one-time key update timestamps
+- **`onetimekeyid_onetimekeys`**: One-time keys storage
+
+#### Cross-Signing
+
+- **`userid_masterkeyid`**: Master signing keys
+- **`userid_selfsigningkeyid`**: Self-signing keys
+- **`userid_usersigningkeyid`**: User-signing keys
+- **`keychangeid_userid`**: Key change notifications
+
+#### Key Backups
+
+- **`backupid_algorithm`**: Backup algorithm information
+- **`backupid_etag`**: Backup ETags for versioning
+- **`backupkeyid_backup`**: Backed up keys
+
+### Room Membership
+
+#### Membership States
+
+- **`roomuserid_joined`**: Current joined room members
+- **`roomuserid_invitecount`**: Invite counts per room-user
+- **`roomuserid_leftcount`**: Leave counts per room-user
+- **`roomuserid_knockedcount`**: Knock counts per room-user
+- **`roomuseroncejoinedids`**: Users who have ever joined rooms
+
+#### Membership Events
+
+- **`userroomid_joined`**: User's joined rooms
+- **`userroomid_invitestate`**: Invite state events
+- **`userroomid_leftstate`**: Leave state events
+- **`userroomid_knockedstate`**: Knock state events
+
+### Push Notifications and Read Receipts
+
+#### Push Infrastructure
+
+- **`senderkey_pusher`**: Push notification endpoints
+- **`pushkey_deviceid`**: Push key to device mappings
+
+#### Read Tracking
+
+- **`readreceiptid_readreceipt`**: Read receipt storage
+- **`roomuserid_privateread`**: Private read markers
+- **`roomuserid_lastprivatereadupdate`**: Last private read updates
+- **`userroomid_highlightcount`**: Highlight/mention counts
+- **`userroomid_notificationcount`**: Notification counts per room
+
+### Media and Content
+
+#### Media Storage
+
+- **`mediaid_file`**: Media file metadata
+- **`mediaid_user`**: Media uploader tracking
+- **`url_previews`**: URL preview cache
+
+### Federation and Server-to-Server
+
+#### Server Management
+
+- **`server_signingkeys`**: Server signing keys
+- **`servername_destination`**: Server destination resolution
+- **`servername_educount`**: Ephemeral Data Unit counters
+- **`servername_override`**: Server name overrides for federation
+- **`servernameevent_data`**: Server event data
+- **`roomserverids`**: Servers participating in rooms
+- **`serverroomids`**: Rooms per server
+- **`servercurrentevent_data`**: Current server event state
+
+### Application Services
+
+- **`id_appserviceregistrations`**: Application service registrations
+
+### Account Data and Presence
+
+#### Account Data
+
+- **`roomuserdataid_accountdata`**: Room-specific account data
+- **`roomusertype_roomuserdataid`**: Account data type mappings
+
+#### Presence
+
+- **`presenceid_presence`**: User presence information
+- **`userid_presenceid`**: User to presence ID mapping
+
+### To-Device Messages
+
+- **`todeviceid_events`**: Direct device-to-device messages
+
+### Authentication Tokens
+
+- **`openidtoken_expiresatuserid`**: OpenID Connect tokens
+- **`logintoken_expiresatuserid`**: Login tokens
+- **`tokenids`**: Token ID management
+
+### Global Configuration
+
+- **`global`**: Global server settings and state
+
+## Key Design Patterns
+
+### Short Identifiers
+
+Many tables use "short" versions of identifiers (8-byte integers) to reduce storage overhead:
+
+- `shortroomid` for room IDs
+- `shorteventid` for event IDs
+- `shortstatekey` for state keys
+- `shortstatehash` for state hashes
+
+### Composite Keys
+
+Key naming follows a pattern of `{primary}_{secondary}` to create efficient lookups:
+
+- `roomuserid_*` for room-user relationships
+- `userroomid_*` for user-room relationships
+- `eventid_*` for event-related data
+
+### Performance Optimizations
+
+- **Cache sharing**: Related tables share cache pools (e.g., `eventid_outlierpdu` and `pduid_pdu`)
+- **Access patterns**: Tables are optimized for their specific usage (RANDOM vs SEQUENTIAL)
+- **Compression**: Different compression levels based on data characteristics
+- **Block sizes**: Tuned based on expected key/value sizes
+
+## Storage Efficiency
+
+The schema is designed for efficiency in a Matrix homeserver context:
+
+- Large event data uses sequential storage patterns
+- Lookup tables use random access patterns
+- Small metadata uses compressed storage
+- Caching is strategically shared between related data
+
+This design allows Continuwuity to efficiently handle the complex relationships and high-volume data typical in Matrix federation while maintaining good performance characteristics for both reads and writes.
+
+## Column Relationships and Data Flow
+
+### Core Event Storage Chain
+
+The heart of the Matrix homeserver is event storage, which uses several interconnected tables:
+
+- `eventid_shorteventid` ↔ `shorteventid_eventid`: Bidirectional mapping for event ID compression (48 bytes → 8 bytes)
+- `eventid_pduid`: Maps Matrix event IDs to internal PDU IDs (16 bytes)
+- `pduid_pdu`: Main event storage using PDU IDs as keys (shares cache with `eventid_outlierpdu`)
+- `eventid_outlierpdu`: Stores events not yet integrated into the timeline
+- `shorteventid_authchain`: Authorization chains using compressed event IDs
+- `shorteventid_shortstatehash`: Links events to room state snapshots
+
+### Room State Management
+
+Room state is tracked through multiple interconnected tables:
+
+- `statekey_shortstatekey` ↔ `shortstatekey_statekey`: Bidirectional state key compression
+- `statehash_shortstatehash`: Compresses state hashes from full size to 8 bytes
+- `shortstatehash_statediff`: Stores incremental state changes
+- `roomid_shortstatehash`: Current state hash for each room
+- `roomsynctoken_shortstatehash`: Maps sync tokens to state for efficient delta sync
+
+### User Identity and Authentication
+
+User management involves several related tables:
+
+- `userid_password` → authentication base
+- `token_userdeviceid` ↔ `userdeviceid_token`: Bidirectional token↔device mapping
+- `userdeviceid_metadata`: Device information storage
+- `userid_displayname`, `userid_avatarurl`, `userid_blurhash`: Profile data
+- `openidtoken_expiresatuserid`, `logintoken_expiresatuserid`: Token management
+
+### Room Membership Tracking
+
+Membership uses bidirectional indexes for efficient queries:
+
+- `roomuserid_joined` ↔ `userroomid_joined`: Current membership from both perspectives
+- `roomuserid_invitecount` ↔ `userroomid_invitestate`: Invitation tracking
+- `roomuserid_leftcount` ↔ `userroomid_leftstate`: Leave event tracking
+- `roomid_joinedcount`, `roomid_invitedcount`: Aggregate room statistics
+- `roomuseroncejoinedids`: Historical membership tracking
+
+### Cryptography and Security Chain
+
+End-to-end encryption involves coordinated key management:
+
+- `userid_devicelistversion`: Tracks when device lists change
+- `keyid_key`: Stores actual cryptographic keys
+- `userid_masterkeyid`, `userid_selfsigningkeyid`, `userid_usersigningkeyid`: Cross-signing keys
+- `onetimekeyid_onetimekeys` → `userid_lastonetimekeyupdate`: One-time key lifecycle
+- `keychangeid_userid`: Key change notifications
+- `backupid_algorithm`, `backupid_etag` → `backupkeyid_backup`: Key backup system
+
+### Federation and Server Communication
+
+Server-to-server communication requires coordinated tracking:
+
+- `roomserverids` ↔ `serverroomids`: Bidirectional room↔server participation
+- `servername_destination`, `servername_override`: Server resolution (both cached)
+- `server_signingkeys`: Federation authentication
+- `servername_educount`: Ephemeral data unit tracking
+- `servernameevent_data`, `servercurrentevent_data`: Server event state
+
+### Read Tracking and Notifications
+
+Message read tracking involves multiple coordinated updates:
+
+- `readreceiptid_readreceipt`: Public read receipts
+- `roomuserid_privateread`, `roomuserid_lastprivatereadupdate`: Private read markers
+- `userroomid_highlightcount`, `userroomid_notificationcount`: Per-room notification counts
+- `senderkey_pusher` ↔ `pushkey_deviceid`: Push notification routing
+
+### Account Data and Preferences
+
+User preferences and account data use a two-level structure:
+
+- `roomusertype_roomuserdataid` → `roomuserdataid_accountdata`: Type index points to actual data
+- `userid_presenceid` → `presenceid_presence`: Presence data separation
+- `userfilterid_filter`: Sync filter definitions
+- `lazyloadedids`: Lazy loading state tracking
+
+This interconnected design allows Continuwuity to efficiently handle Matrix protocol operations while maintaining data consistency and enabling fast lookups from multiple perspectives.
@@ -20,3 +20,4 @@
  - [Testing](development/testing.md)
  - [Hot Reloading ("Live" Development)](development/hot_reload.md)
 - [Community (and Guidelines)](community.md)
+- [Security](security.md)
@@ -7,30 +7,30 @@ services:
    image: forgejo.ellis.link/continuwuation/continuwuity:latest
    restart: unless-stopped
    volumes:
-      - db:/var/lib/conduwuit
-      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's. 
-      #- ./conduwuit.toml:/etc/conduwuit.toml
+      - db:/var/lib/continuwuity
+      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
+      #- ./continuwuity.toml:/etc/continuwuity.toml
    networks:
      - proxy
    environment:
-      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
-      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-      CONDUWUIT_PORT: 6167 # should match the loadbalancer traefik label
-      CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-      CONDUWUIT_ALLOW_REGISTRATION: 'true'
-      CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
-      #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
-      CONDUWUIT_ALLOW_FEDERATION: 'true'
-      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-      #CONDUWUIT_LOG: warn,state_res=warn
-      CONDUWUIT_ADDRESS: 0.0.0.0
-      #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
+      CONTINUWUITY_SERVER_NAME: your.server.name.example # EDIT THIS
+      CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
+      CONTINUWUITY_PORT: 6167 # should match the loadbalancer traefik label
+      CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
+      CONTINUWUITY_ALLOW_REGISTRATION: 'true'
+      CONTINUWUITY_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
+      #CONTINUWUITY_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
+      CONTINUWUITY_ALLOW_FEDERATION: 'true'
+      CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
+      CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
+      #CONTINUWUITY_LOG: warn,state_res=warn
+      CONTINUWUITY_ADDRESS: 0.0.0.0
+      #CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above

-      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
-      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a separate
+      # We need some way to serve the client and server .well-known json. The simplest way is via the CONTINUWUITY_WELL_KNOWN
+      # variable / config option, there are multiple ways to do this, e.g. in the continuwuity.toml file, and in a separate
      # see the override file for more information about delegation
-      CONDUWUIT_WELL_KNOWN: |
+      CONTINUWUITY_WELL_KNOWN: |
        {
        client=https://your.server.name.example,
        server=your.server.name.example:443
@@ -6,11 +6,11 @@ services:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network

-      - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Continuwuity is hosted
-      - "traefik.http.routers.to-conduwuit.tls=true"
-      - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
-      - "traefik.http.services.to_conduwuit.loadbalancer.server.port=6167"
+      - "traefik.http.routers.to-continuwuity.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Continuwuity is hosted
+      - "traefik.http.routers.to-continuwuity.tls=true"
+      - "traefik.http.routers.to-continuwuity.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.to-continuwuity.middlewares=cors-headers@docker"
+      - "traefik.http.services.to_continuwuity.loadbalancer.server.port=6167"

      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
@@ -25,23 +25,23 @@ services:
        image: forgejo.ellis.link/continuwuation/continuwuity:latest
        restart: unless-stopped
        volumes:
-            - db:/var/lib/conduwuit
+            - db:/var/lib/continuwuity
            - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's. 
-            #- ./conduwuit.toml:/etc/conduwuit.toml
+            #- ./continuwuity.toml:/etc/continuwuity.toml
        environment:
-            CONDUWUIT_SERVER_NAME: example.com # EDIT THIS
-            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-            CONDUWUIT_ALLOW_REGISTRATION: 'true'
-            CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
-            #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
-            CONDUWUIT_ALLOW_FEDERATION: 'true'
-            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUWUIT_LOG: warn,state_res=warn
-            CONDUWUIT_ADDRESS: 0.0.0.0
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
+            CONTINUWUITY_SERVER_NAME: example.com # EDIT THIS
+            CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
+            CONTINUWUITY_PORT: 6167
+            CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
+            CONTINUWUITY_ALLOW_REGISTRATION: 'true'
+            CONTINUWUITY_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
+            #CONTINUWUITY_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
+            CONTINUWUITY_ALLOW_FEDERATION: 'true'
+            CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
+            CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
+            #CONTINUWUITY_LOG: warn,state_res=warn
+            CONTINUWUITY_ADDRESS: 0.0.0.0
+            #CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
        networks:
            - caddy
        labels:
@@ -7,38 +7,38 @@ services:
    image: forgejo.ellis.link/continuwuation/continuwuity:latest
    restart: unless-stopped
    volumes:
-      - db:/var/lib/conduwuit
+      - db:/var/lib/continuwuity
      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's. 
-      #- ./conduwuit.toml:/etc/conduwuit.toml
+      #- ./continuwuity.toml:/etc/continuwuity.toml
    networks:
      - proxy
    environment:
-      CONDUWUIT_SERVER_NAME: your.server.name.example # EDIT THIS
-      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-      CONDUWUIT_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
-      CONDUWUIT_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
-      #CONDUWUIT_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
-      CONDUWUIT_ADDRESS: 0.0.0.0
-      CONDUWUIT_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
-      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-      #CONDUWUIT_CONFIG: '/etc/conduit.toml' # Uncomment if you mapped config toml above
+      CONTINUWUITY_SERVER_NAME: your.server.name.example # EDIT THIS
+      CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
+      CONTINUWUITY_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
+      CONTINUWUITY_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
+      #CONTINUWUITY_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
+      CONTINUWUITY_ADDRESS: 0.0.0.0
+      CONTINUWUITY_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
+      CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
+      #CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
      ### Uncomment and change values as desired, note that Continuwuity has plenty of config options, so you should check out the example example config too
      # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
-      # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
-      # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
-      # CONDUWUIT_ALLOW_FEDERATION: 'true'
-      # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-      # CONDUWUIT_ALLOW_INCOMING_PRESENCE: true
-      # CONDUWUIT_ALLOW_OUTGOING_PRESENCE: true
-      # CONDUWUIT_ALLOW_LOCAL_PRESENCE: true
-      # CONDUWUIT_WORKERS: 10
-      # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
-      # CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"
+      # CONTINUWUITY_LOG: info  # default is: "warn,state_res=warn"
+      # CONTINUWUITY_ALLOW_ENCRYPTION: 'true'
+      # CONTINUWUITY_ALLOW_FEDERATION: 'true'
+      # CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
+      # CONTINUWUITY_ALLOW_INCOMING_PRESENCE: true
+      # CONTINUWUITY_ALLOW_OUTGOING_PRESENCE: true
+      # CONTINUWUITY_ALLOW_LOCAL_PRESENCE: true
+      # CONTINUWUITY_WORKERS: 10
+      # CONTINUWUITY_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
+      # CONTINUWUITY_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"

-      # We need some way to serve the client and server .well-known json. The simplest way is via the CONDUWUIT_WELL_KNOWN
-      # variable / config option, there are multiple ways to do this, e.g. in the conduwuit.toml file, and in a separate
+      # We need some way to serve the client and server .well-known json. The simplest way is via the CONTINUWUITY_WELL_KNOWN
+      # variable / config option, there are multiple ways to do this, e.g. in the continuwuity.toml file, and in a separate
      # reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included
-      CONDUWUIT_WELL_KNOWN: |
+      CONTINUWUITY_WELL_KNOWN: |
        {
          client=https://your.server.name.example,
          server=your.server.name.example:443
@@ -9,22 +9,22 @@ services:
        ports:
            - 8448:6167
        volumes:
-            - db:/var/lib/conduwuit
-            #- ./conduwuit.toml:/etc/conduwuit.toml
+            - db:/var/lib/continuwuity
+            #- ./continuwuity.toml:/etc/continuwuity.toml
        environment:
-            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
-            CONDUWUIT_PORT: 6167
-            CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
-            CONDUWUIT_ALLOW_REGISTRATION: 'true'
-            CONDUWUIT_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
-            #CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
-            CONDUWUIT_ALLOW_FEDERATION: 'true'
-            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUWUIT_LOG: warn,state_res=warn
-            CONDUWUIT_ADDRESS: 0.0.0.0
-            #CONDUWUIT_CONFIG: '/etc/conduwuit.toml' # Uncomment if you mapped config toml above
+            CONTINUWUITY_SERVER_NAME: your.server.name # EDIT THIS
+            CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
+            CONTINUWUITY_PORT: 6167
+            CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
+            CONTINUWUITY_ALLOW_REGISTRATION: 'true'
+            CONTINUWUITY_REGISTRATION_TOKEN: 'YOUR_TOKEN' # A registration token is required when registration is allowed.
+            #CONTINUWUITY_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
+            CONTINUWUITY_ALLOW_FEDERATION: 'true'
+            CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
+            CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
+            #CONTINUWUITY_LOG: warn,state_res=warn
+            CONTINUWUITY_ADDRESS: 0.0.0.0
+            #CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
    #
    ### Uncomment if you want to use your own Element-Web App.
    ### Note: You need to provide a config.json for Element and you also need a second
@@ -30,16 +30,16 @@ When you have the image you can simply run it with

 ```bash
 docker run -d -p 8448:6167 \
-    -v db:/var/lib/conduwuit/ \
-    -e CONDUWUIT_SERVER_NAME="your.server.name" \
-    -e CONDUWUIT_ALLOW_REGISTRATION=false \
-    --name conduwuit $LINK
+    -v db:/var/lib/continuwuity/ \
+    -e CONTINUWUITY_SERVER_NAME="your.server.name" \
+    -e CONTINUWUITY_ALLOW_REGISTRATION=false \
+    --name continuwuity $LINK
 ```

 or you can use [docker compose](#docker-compose).

 The `-d` flag lets the container run in detached mode. You may supply an
-optional `conduwuit.toml` config file, the example config can be found
+optional `continuwuity.toml` config file, the example config can be found
 [here](../configuration/examples.md). You can pass in different env vars to
 change config values on the fly. You can even configure Continuwuity completely by
 using env vars. For an overview of possible values, please take a look at the
@@ -115,7 +115,7 @@ ReadWritePaths=/path/to/custom/database/path
 ## Creating the Continuwuity configuration file

 Now we need to create the Continuwuity's config file in
-`/etc/conduwuit/conduwuit.toml`. The example config can be found at
+`/etc/continuwuity/continuwuity.toml`. The example config can be found at
 [conduwuit-example.toml](../configuration/examples.md).

 **Please take a moment to read the config. You need to change at least the
@@ -190,7 +190,7 @@ The initial implementation PR is available [here][1].
 - [Workspace-level metadata
 (cargo-deb)](https://github.com/kornelski/cargo-deb/issues/68)

-[1]: https://github.com/girlbossceo/conduwuit/pull/387
+[1]: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/387
 [2]: https://wiki.musl-libc.org/functional-differences-from-glibc.html#Unloading-libraries
 [3]: https://github.com/rust-lang/rust/issues/28794
 [4]: https://github.com/rust-lang/rust/issues/28794#issuecomment-368693049
@@ -24,8 +24,9 @@ and run the script.
 If you're on macOS and need to build an image, run `nix build .#linux-complement`.

 We have a Complement fork as some tests have needed to be fixed. This can be found
-at: <https://github.com/girlbossceo/complement>
+at: <https://forgejo.ellis.link/continuwuation/complement>

-[ci-workflows]: https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml?query=event%3Apush+is%3Asuccess+actor%3Agirlbossceo
+[ci-workflows]:
+https://forgejo.ellis.link/continuwuation/continuwuity/actions/?workflow=ci.yml&actor=0&status=1
 [complement]: https://github.com/matrix-org/complement
 [direnv]: https://direnv.net/docs/hook.html
@@ -0,0 +1 @@
+{{#include ../SECURITY.md}}
@@ -4,6 +4,10 @@
        {
            "id": 1,
            "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
+        },
+        {
+            "id": 2,
+            "message": "🎉 Continuwuity v0.5.0-rc.6 is now available! This release includes improved knock-restricted room handling, automatic support contact configuration, and a new HTML landing page. Check [the release notes for full details](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.6) and upgrade instructions."
        }
    ]
-}
+}
@@ -3,7 +3,7 @@
    "$id": "https://continwuity.org/schema/announcements.schema.json",
    "type": "object",
    "properties": {
-      "updates": {
+      "announcements": {
        "type": "array",
        "items": {
          "type": "object",
@@ -16,6 +16,10 @@
            },
            "date": {
              "type": "string"
+            },
+            "mention_room": {
+              "type": "boolean",
+              "description": "Whether to mention the room (@room) when posting this announcement"
            }
          },
          "required": [
@@ -26,6 +30,6 @@
      }
    },
    "required": [
-      "updates"
+      "announcements"
    ]
  }
@@ -75,9 +75,9 @@ dockerTools.buildImage {
      else [];

    Env = [
-      "CONDUWUIT_TLS__KEY=${./private_key.key}"
-      "CONDUWUIT_TLS__CERTS=${./certificate.crt}"
-      "CONDUWUIT_CONFIG=${./config.toml}"
+      "CONTINUWUITY_TLS__KEY=${./private_key.key}"
+      "CONTINUWUITY_TLS__CERTS=${./certificate.crt}"
+      "CONTINUWUITY_CONFIG=${./config.toml}"
      "RUST_BACKTRACE=full"
    ];

@@ -33,13 +33,13 @@ dockerTools.buildLayeredImage {
      <jason@zemos.net>";
      "org.opencontainers.image.created" ="@${toString inputs.self.lastModified}";
      "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust";
-      "org.opencontainers.image.documentation" = "https://conduwuit.puppyirl.gay/";
+      "org.opencontainers.image.documentation" = "https://continuwuity.org/";
      "org.opencontainers.image.licenses" = "Apache-2.0";
      "org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or "";
-      "org.opencontainers.image.source" = "https://github.com/girlbossceo/conduwuit";
+      "org.opencontainers.image.source" = "https://forgejo.ellis.link/continuwuation/continuwuity";
      "org.opencontainers.image.title" = main.pname;
-      "org.opencontainers.image.url" = "https://conduwuit.puppyirl.gay/";
-      "org.opencontainers.image.vendor" = "girlbossceo";
+      "org.opencontainers.image.url" = "https://continuwuity.org/";
+      "org.opencontainers.image.vendor" = "continuwuation";
      "org.opencontainers.image.version" = main.version;
    };
  };
@@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
 		reset: bool,
 	},

-	/// - Verify json signatures
+	/// - Sign JSON blob
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	SignJson,

-	/// - Verify json signatures
+	/// - Verify JSON signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
@@ -94,7 +94,7 @@ async fn process_command(services: Arc<Services>, input: &CommandInput) -> Proce
 #[allow(clippy::result_large_err)]
 fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
 	let link =
-		"Please submit a [bug report](https://github.com/girlbossceo/conduwuit/issues/new). 🥺";
+		"Please submit a [bug report](https://forgejo.ellis.link/continuwuation/continuwuity/issues/new). 🥺";
 	let msg = format!("Panic occurred while processing command:\n```\n{error:#?}\n```\n{link}");
 	let content = RoomMessageEventContent::notice_markdown(msg);
 	error!("Panic while processing command: {error:?}");
@@ -2162,6 +2162,109 @@ async fn knock_room_by_id_helper(
 		}
 	}

+	// For knock_restricted rooms, check if the user meets the restricted conditions
+	// If they do, attempt to join instead of knock
+	// This is not mentioned in the spec, but should be allowable (we're allowed to
+	// auto-join invites to knocked rooms)
+	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
+	if let JoinRule::KnockRestricted(restricted) = &join_rule {
+		let restriction_rooms: Vec<_> = restricted
+			.allow
+			.iter()
+			.filter_map(|a| match a {
+				| AllowRule::RoomMembership(r) => Some(&r.room_id),
+				| _ => None,
+			})
+			.collect();
+
+		// Check if the user is in any of the allowed rooms
+		let mut user_meets_restrictions = false;
+		for restriction_room_id in &restriction_rooms {
+			if services
+				.rooms
+				.state_cache
+				.is_joined(sender_user, restriction_room_id)
+				.await
+			{
+				user_meets_restrictions = true;
+				break;
+			}
+		}
+
+		// If the user meets the restrictions, try joining instead
+		if user_meets_restrictions {
+			debug_info!(
+				"{sender_user} meets the restricted criteria in knock_restricted room \
+				 {room_id}, attempting to join instead of knock"
+			);
+			// For this case, we need to drop the state lock and get a new one in
+			// join_room_by_id_helper We need to release the lock here and let
+			// join_room_by_id_helper acquire it again
+			drop(state_lock);
+			match join_room_by_id_helper(
+				services,
+				sender_user,
+				room_id,
+				reason.clone(),
+				servers,
+				None,
+				&None,
+			)
+			.await
+			{
+				| Ok(_) => return Ok(knock_room::v3::Response::new(room_id.to_owned())),
+				| Err(e) => {
+					debug_warn!(
+						"Failed to convert knock to join for {sender_user} in {room_id}: {e:?}"
+					);
+					// Get a new state lock for the remaining knock logic
+					let new_state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+					let server_in_room = services
+						.rooms
+						.state_cache
+						.server_in_room(services.globals.server_name(), room_id)
+						.await;
+
+					let local_knock = server_in_room
+						|| servers.is_empty()
+						|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
+
+					if local_knock {
+						knock_room_helper_local(
+							services,
+							sender_user,
+							room_id,
+							reason,
+							servers,
+							new_state_lock,
+						)
+						.boxed()
+						.await?;
+					} else {
+						knock_room_helper_remote(
+							services,
+							sender_user,
+							room_id,
+							reason,
+							servers,
+							new_state_lock,
+						)
+						.boxed()
+						.await?;
+					}
+
+					return Ok(knock_room::v3::Response::new(room_id.to_owned()));
+				},
+			}
+		}
+	} else if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
+		debug_warn!(
+			"{sender_user} attempted to knock on room {room_id} but its join rule is \
+			 {join_rule:?}, not knock or knock_restricted"
+		);
+	}
+
 	let server_in_room = services
 		.rooms
 		.state_cache
@@ -2209,6 +2312,12 @@ async fn knock_room_helper_local(
 		return Err!(Request(Forbidden("This room does not support knocking.")));
 	}

+	// Verify that this room has a valid knock or knock_restricted join rule
+	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
+	if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
+		return Err!(Request(Forbidden("This room's join rule does not allow knocking.")));
+	}
+
 	let content = RoomMemberEventContent {
 		displayname: services.users.displayname(sender_user).await.ok(),
 		avatar_url: services.users.avatar_url(sender_user).await.ok(),
@@ -1,5 +1,6 @@
 use axum::{Json, extract::State, response::IntoResponse};
 use conduwuit::{Error, Result};
+use futures::StreamExt;
 use ruma::api::client::{
 	discovery::{
 		discover_homeserver::{self, HomeserverInfo, SlidingSyncProxyInfo},
@@ -17,7 +18,7 @@ pub(crate) async fn well_known_client(
 	State(services): State<crate::State>,
 	_body: Ruma<discover_homeserver::Request>,
 ) -> Result<discover_homeserver::Response> {
-	let client_url = match services.server.config.well_known.client.as_ref() {
+	let client_url = match services.config.well_known.client.as_ref() {
 		| Some(url) => url.to_string(),
 		| None => return Err(Error::BadRequest(ErrorKind::NotFound, "Not found.")),
 	};
@@ -33,44 +34,63 @@ pub(crate) async fn well_known_client(
 /// # `GET /.well-known/matrix/support`
 ///
 /// Server support contact and support page of a homeserver's domain.
+/// Implements MSC1929 for server discovery.
+/// If no configuration is set, uses admin users as contacts.
 pub(crate) async fn well_known_support(
 	State(services): State<crate::State>,
 	_body: Ruma<discover_support::Request>,
 ) -> Result<discover_support::Response> {
 	let support_page = services
-		.server
 		.config
 		.well_known
 		.support_page
 		.as_ref()
 		.map(ToString::to_string);

-	let role = services.server.config.well_known.support_role.clone();
-
-	// support page or role must be either defined for this to be valid
-	if support_page.is_none() && role.is_none() {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Not found."));
-	}
-
-	let email_address = services.server.config.well_known.support_email.clone();
-	let matrix_id = services.server.config.well_known.support_mxid.clone();
-
-	// if a role is specified, an email address or matrix id is required
-	if role.is_some() && (email_address.is_none() && matrix_id.is_none()) {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Not found."));
-	}
+	let email_address = services.config.well_known.support_email.clone();
+	let matrix_id = services.config.well_known.support_mxid.clone();

 	// TODO: support defining multiple contacts in the config
 	let mut contacts: Vec<Contact> = vec![];

-	if let Some(role) = role {
-		let contact = Contact { role, email_address, matrix_id };
+	let role_value = services
+		.config
+		.well_known
+		.support_role
+		.clone()
+		.unwrap_or_else(|| "m.role.admin".to_owned().into());

-		contacts.push(contact);
+	// Add configured contact if at least one contact method is specified
+	if email_address.is_some() || matrix_id.is_some() {
+		contacts.push(Contact {
+			role: role_value.clone(),
+			email_address: email_address.clone(),
+			matrix_id: matrix_id.clone(),
+		});
+	}
+
+	// Try to add admin users as contacts if no contacts are configured
+	if contacts.is_empty() {
+		if let Ok(admin_room) = services.admin.get_admin_room().await {
+			let admin_users = services.rooms.state_cache.room_members(&admin_room);
+			let mut stream = admin_users;
+
+			while let Some(user_id) = stream.next().await {
+				// Skip server user
+				if *user_id == services.globals.server_user {
+					break;
+				}
+				contacts.push(Contact {
+					role: role_value.clone(),
+					email_address: None,
+					matrix_id: Some(user_id.to_owned()),
+				});
+			}
+		}
 	}

-	// support page or role+contacts must be either defined for this to be valid
 	if contacts.is_empty() && support_page.is_none() {
+		// No admin room, no configured contacts, and no support page
 		return Err(Error::BadRequest(ErrorKind::NotFound, "Not found."));
 	}

@@ -84,9 +104,9 @@ pub(crate) async fn well_known_support(
 pub(crate) async fn syncv3_client_server_json(
 	State(services): State<crate::State>,
 ) -> Result<impl IntoResponse> {
-	let server_url = match services.server.config.well_known.client.as_ref() {
+	let server_url = match services.config.well_known.client.as_ref() {
 		| Some(url) => url.to_string(),
-		| None => match services.server.config.well_known.server.as_ref() {
+		| None => match services.config.well_known.server.as_ref() {
 			| Some(url) => url.to_string(),
 			| None => return Err(Error::BadRequest(ErrorKind::NotFound, "Not found.")),
 		},
@@ -13,13 +13,13 @@ version.workspace = true
 build = "build.rs"
 # [[bin]]
 # path = "main.rs"
-# name = "conduwuit_build_metadata" 
+# name = "conduwuit_build_metadata"

 [lib]
 path = "mod.rs"
 crate-type = [
-	"rlib",
-#	"dylib",
+    "rlib",
+    # "dylib",
 ]

 [features]
@@ -28,7 +28,7 @@ crate-type = [
 [dependencies]

 [build-dependencies]
-built = {version = "0.7", features = ["cargo-lock", "dependency-tree"]}
+built = { version = "0.8", features = [] }

 [lints]
 workspace = true
@@ -78,12 +78,13 @@ fn main() {
 	}

 	// --- Rerun Triggers ---
-	// Rerun if the git HEAD changes
-	println!("cargo:rerun-if-changed=.git/HEAD");
-	// Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
-	if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"]) {
-		println!("cargo:rerun-if-changed=.git/{ref_path}");
-	}
+	// TODO: The git rerun triggers seem to always run
+	// // Rerun if the git HEAD changes
+	// println!("cargo:rerun-if-changed=.git/HEAD");
+	// // Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
+	// if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"])
+	// { 	println!("cargo:rerun-if-changed=.git/{ref_path}");
+	// }

 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH");
 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH_SHORT");
@@ -12,11 +12,17 @@ pub static VERSION_EXTRA: Option<&str> =
 		v
 	} else if let v @ Some(_) = option_env!("CONDUWUIT_VERSION_EXTRA") {
 		v
-	} else if let v @ Some(_) = option_env!("CONDUIT_VERSION_EXTRA") {
-		v
 	} else {
-		GIT_COMMIT_HASH_SHORT
+		option_env!("CONDUIT_VERSION_EXTRA")
 	};
+
+#[must_use]
+pub fn version_tag() -> Option<&'static str> {
+	VERSION_EXTRA
+		.filter(|s| !s.is_empty())
+		.or(GIT_COMMIT_HASH_SHORT)
+}
+
 pub static GIT_REMOTE_WEB_URL: Option<&str> = option_env!("GIT_REMOTE_WEB_URL");
 pub static GIT_REMOTE_COMMIT_URL: Option<&str> = option_env!("GIT_REMOTE_COMMIT_URL");

@@ -274,6 +274,10 @@ pub fn set_dirty_decay<I: Into<Option<usize>>>(arena: I, decay_ms: isize) -> Res
 	}
 }

+pub fn background_thread_enable(enable: bool) -> Result<bool> {
+	set::<u8>(&mallctl!("background_thread"), enable.into()).map(is_nonzero!())
+}
+
 #[inline]
 #[must_use]
 pub fn is_affine_arena() -> bool { is_percpu_arena() || is_phycpu_arena() }
@@ -118,7 +118,7 @@ pub fn check(config: &Config) -> Result {
 	if cfg!(not(debug_assertions)) && config.server_name == "your.server.name" {
 		return Err!(Config(
 			"server_name",
-			"You must specify a valid server name for production usage of conduwuit."
+			"You must specify a valid server name for production usage of continuwuity."
 		));
 	}

@@ -219,6 +219,15 @@ pub fn check(config: &Config) -> Result {
 		));
 	}

+	// Check if support contact information is configured
+	if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
+		warn!(
+			"No support contact information (support_email or support_mxid) is configured in \
+			 the well_known section. Users in the admin room will be automatically listed as \
+			 support contacts in the /.well-known/matrix/support endpoint."
+		);
+	}
+
 	if config
 		.url_preview_domain_contains_allowlist
 		.contains(&"*".to_owned())
@@ -290,7 +299,7 @@ fn warn_deprecated(config: &Config) {

 	if was_deprecated {
 		warn!(
-			"Read conduwuit config documentation at https://conduwuit.puppyirl.gay/configuration.html and check your \
+			"Read continuwuity config documentation at https://continuwuity.org/configuration.html and check your \
 			 configuration if any new configuration parameters should be adjusted"
 		);
 	}
@@ -27,7 +27,7 @@ use self::proxy::ProxyConfig;
 pub use self::{check::check, manager::Manager};
 use crate::{Result, err, error::Error, utils::sys};

-/// All the config options for conduwuit.
+/// All the config options for continuwuity.
 #[allow(clippy::struct_excessive_bools)]
 #[allow(rustdoc::broken_intra_doc_links, rustdoc::bare_urls)]
 #[derive(Clone, Debug, Deserialize)]
@@ -35,7 +35,7 @@ use crate::{Result, err, error::Error, utils::sys};
 	filename = "conduwuit-example.toml",
 	section = "global",
 	undocumented = "# This item is undocumented. Please contribute documentation for it.",
-	header = r#"### conduwuit Configuration
+	header = r#"### continuwuity Configuration
 ###
 ### THIS FILE IS GENERATED. CHANGES/CONTRIBUTIONS IN THE REPO WILL BE
 ### OVERWRITTEN!
@@ -50,7 +50,7 @@ use crate::{Result, err, error::Error, utils::sys};
 ### that say "YOU NEED TO EDIT THIS".
 ###
 ### For more information, see:
-### https://conduwuit.puppyirl.gay/configuration.html
+### https://continuwuity.org/configuration.html
 "#,
 	ignore = "catchall well_known tls blurhashing allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure"
 )]
@@ -59,7 +59,7 @@ pub struct Config {
 	/// suffix for user and room IDs/aliases.
 	///
 	/// See the docs for reverse proxying and delegation:
-	/// https://conduwuit.puppyirl.gay/deploying/generic.html#setting-up-the-reverse-proxy
+	/// https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
 	///
 	/// Also see the `[global.well_known]` config section at the very bottom.
 	///
@@ -70,10 +70,10 @@ pub struct Config {
 	/// YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
 	/// WIPE.
 	///
-	/// example: "conduwuit.woof"
+	/// example: "continuwuity.org"
 	pub server_name: OwnedServerName,

-	/// The default address (IPv4 or IPv6) conduwuit will listen on.
+	/// The default address (IPv4 or IPv6) continuwuity will listen on.
 	///
 	/// If you are using Docker or a container NAT networking setup, this must
 	/// be "0.0.0.0".
@@ -85,10 +85,10 @@ pub struct Config {
 	#[serde(default = "default_address")]
 	address: ListeningAddr,

-	/// The port(s) conduwuit will listen on.
+	/// The port(s) continuwuity will listen on.
 	///
 	/// For reverse proxying, see:
-	/// https://conduwuit.puppyirl.gay/deploying/generic.html#setting-up-the-reverse-proxy
+	/// https://continuwuity.org/deploying/generic.html#setting-up-the-reverse-proxy
 	///
 	/// If you are using Docker, don't change this, you'll need to map an
 	/// external port to this.
@@ -103,16 +103,17 @@ pub struct Config {
 	#[serde(default)]
 	pub tls: TlsConfig,

-	/// The UNIX socket conduwuit will listen on.
+	/// The UNIX socket continuwuity will listen on.
 	///
-	/// conduwuit cannot listen on both an IP address and a UNIX socket. If
+	/// continuwuity cannot listen on both an IP address and a UNIX socket. If
 	/// listening on a UNIX socket, you MUST remove/comment the `address` key.
 	///
 	/// Remember to make sure that your reverse proxy has access to this socket
-	/// file, either by adding your reverse proxy to the 'conduwuit' group or
-	/// granting world R/W permissions with `unix_socket_perms` (666 minimum).
+	/// file, either by adding your reverse proxy to the appropriate user group
+	/// or granting world R/W permissions with `unix_socket_perms` (666
+	/// minimum).
 	///
-	/// example: "/run/conduwuit/conduwuit.sock"
+	/// example: "/run/continuwuity/continuwuity.sock"
 	pub unix_socket_path: Option<PathBuf>,

 	/// The default permissions (in octal) to create the UNIX socket with.
@@ -121,22 +122,22 @@ pub struct Config {
 	#[serde(default = "default_unix_socket_perms")]
 	pub unix_socket_perms: u32,

-	/// This is the only directory where conduwuit will save its data, including
-	/// media. Note: this was previously "/var/lib/matrix-conduit".
+	/// This is the only directory where continuwuity will save its data,
+	/// including media. Note: this was previously "/var/lib/matrix-conduit".
 	///
 	/// YOU NEED TO EDIT THIS.
 	///
-	/// example: "/var/lib/conduwuit"
+	/// example: "/var/lib/continuwuity"
 	pub database_path: PathBuf,

-	/// conduwuit supports online database backups using RocksDB's Backup engine
-	/// API. To use this, set a database backup path that conduwuit can write
-	/// to.
+	/// continuwuity supports online database backups using RocksDB's Backup
+	/// engine API. To use this, set a database backup path that continuwuity
+	/// can write to.
 	///
 	/// For more information, see:
-	/// https://conduwuit.puppyirl.gay/maintenance.html#backups
+	/// https://continuwuity.org/maintenance.html#backups
 	///
-	/// example: "/opt/conduwuit-db-backups"
+	/// example: "/opt/continuwuity-db-backups"
 	pub database_backup_path: Option<PathBuf>,

 	/// The amount of online RocksDB database backups to keep/retain, if using
@@ -160,7 +161,7 @@ pub struct Config {
 	#[serde(default = "default_new_user_displayname_suffix")]
 	pub new_user_displayname_suffix: String,

-	/// If enabled, conduwuit will send a simple GET request periodically to
+	/// If enabled, continuwuity will send a simple GET request periodically to
 	/// `https://continuwuity.org/.well-known/continuwuity/announcements` for any new
 	/// announcements or major updates. This is not an update check endpoint.
 	///
@@ -168,8 +169,8 @@ pub struct Config {
 	#[serde(alias = "allow_check_for_updates", default = "true_fn")]
 	pub allow_announcements_check: bool,

-	/// Set this to any float value to multiply conduwuit's in-memory LRU caches
-	/// with such as "auth_chain_cache_capacity".
+	/// Set this to any float value to multiply continuwuity's in-memory LRU
+	/// caches with such as "auth_chain_cache_capacity".
 	///
 	/// May be useful if you have significant memory to spare to increase
 	/// performance.
@@ -186,7 +187,7 @@ pub struct Config {
 	)]
 	pub cache_capacity_modifier: f64,

-	/// Set this to any float value in megabytes for conduwuit to tell the
+	/// Set this to any float value in megabytes for continuwuity to tell the
 	/// database engine that this much memory is available for database read
 	/// caches.
 	///
@@ -202,7 +203,7 @@ pub struct Config {
 	#[serde(default = "default_db_cache_capacity_mb")]
 	pub db_cache_capacity_mb: f64,

-	/// Set this to any float value in megabytes for conduwuit to tell the
+	/// Set this to any float value in megabytes for continuwuity to tell the
 	/// database engine that this much memory is available for database write
 	/// caches.
 	///
@@ -319,9 +320,9 @@ pub struct Config {
 	/// Enable using *only* TCP for querying your specified nameservers instead
 	/// of UDP.
 	///
-	/// If you are running conduwuit in a container environment, this config
+	/// If you are running continuwuity in a container environment, this config
 	/// option may need to be enabled. For more details, see:
-	/// https://conduwuit.puppyirl.gay/troubleshooting.html#potential-dns-issues-when-using-docker
+	/// https://continuwuity.org/troubleshooting.html#potential-dns-issues-when-using-docker
 	#[serde(default)]
 	pub query_over_tcp_only: bool,

@@ -534,9 +535,9 @@ pub struct Config {
 	/// tokens. Multiple tokens can be added if you separate them with
 	/// whitespace
 	///
-	/// conduwuit must be able to access the file, and it must not be empty
+	/// continuwuity must be able to access the file, and it must not be empty
 	///
-	/// example: "/etc/conduwuit/.reg_token"
+	/// example: "/etc/continuwuity/.reg_token"
 	pub registration_token_file: Option<PathBuf>,

 	/// Controls whether encrypted rooms and events are allowed.
@@ -627,16 +628,16 @@ pub struct Config {
 	pub allow_room_creation: bool,

 	/// Set to false to disable users from joining or creating room versions
-	/// that aren't officially supported by conduwuit.
+	/// that aren't officially supported by continuwuity.
 	///
-	/// conduwuit officially supports room versions 6 - 11.
+	/// continuwuity officially supports room versions 6 - 11.
 	///
-	/// conduwuit has slightly experimental (though works fine in practice)
+	/// continuwuity has slightly experimental (though works fine in practice)
 	/// support for versions 3 - 5.
 	#[serde(default = "true_fn")]
 	pub allow_unstable_room_versions: bool,

-	/// Default room version conduwuit will create rooms with.
+	/// Default room version continuwuity will create rooms with.
 	///
 	/// Per spec, room version 11 is the default.
 	///
@@ -710,7 +711,7 @@ pub struct Config {
 	/// Servers listed here will be used to gather public keys of other servers
 	/// (notary trusted key servers).
 	///
-	/// Currently, conduwuit doesn't support inbound batched key requests, so
+	/// Currently, continuwuity doesn't support inbound batched key requests, so
 	/// this list should only contain other Synapse servers.
 	///
 	/// example: ["matrix.org", "tchncs.de"]
@@ -755,7 +756,7 @@ pub struct Config {
 	#[serde(default = "default_trusted_server_batch_size")]
 	pub trusted_server_batch_size: usize,

-	/// Max log level for conduwuit. Allows debug, info, warn, or error.
+	/// Max log level for continuwuity. Allows debug, info, warn, or error.
 	///
 	/// See also:
 	/// https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
@@ -780,8 +781,9 @@ pub struct Config {
 	#[serde(default = "default_log_span_events")]
 	pub log_span_events: String,

-	/// Configures whether CONDUWUIT_LOG EnvFilter matches values using regular
-	/// expressions. See the tracing_subscriber documentation on Directives.
+	/// Configures whether CONTINUWUITY_LOG EnvFilter matches values using
+	/// regular expressions. See the tracing_subscriber documentation on
+	/// Directives.
 	///
 	/// default: true
 	#[serde(default = "true_fn")]
@@ -863,7 +865,7 @@ pub struct Config {
 	/// This takes priority over "turn_secret" first, and falls back to
 	/// "turn_secret" if invalid or failed to open.
 	///
-	/// example: "/etc/conduwuit/.turn_secret"
+	/// example: "/etc/continuwuity/.turn_secret"
 	pub turn_secret_file: Option<PathBuf>,

 	/// TURN TTL, in seconds.
@@ -872,12 +874,12 @@ pub struct Config {
 	#[serde(default = "default_turn_ttl")]
 	pub turn_ttl: u64,

-	/// List/vector of room IDs or room aliases that conduwuit will make newly
-	/// registered users join. The rooms specified must be rooms that you have
-	/// joined at least once on the server, and must be public.
+	/// List/vector of room IDs or room aliases that continuwuity will make
+	/// newly registered users join. The rooms specified must be rooms that you
+	/// have joined at least once on the server, and must be public.
 	///
-	/// example: ["#conduwuit:puppygock.gay",
-	/// "!eoIzvAvVwY23LPDay8:puppygock.gay"]
+	/// example: ["#continuwuity:continuwuity.org",
+	/// "!main-1:continuwuity.org"]
 	///
 	/// default: []
 	#[serde(default = "Vec::new")]
@@ -902,10 +904,10 @@ pub struct Config {
 	#[serde(default)]
 	pub auto_deactivate_banned_room_attempts: bool,

-	/// RocksDB log level. This is not the same as conduwuit's log level. This
-	/// is the log level for the RocksDB engine/library which show up in your
-	/// database folder/path as `LOG` files. conduwuit will log RocksDB errors
-	/// as normal through tracing or panics if severe for safety.
+	/// RocksDB log level. This is not the same as continuwuity's log level.
+	/// This is the log level for the RocksDB engine/library which show up in
+	/// your database folder/path as `LOG` files. continuwuity will log RocksDB
+	/// errors as normal through tracing or panics if severe for safety.
 	///
 	/// default: "error"
 	#[serde(default = "default_rocksdb_log_level")]
@@ -930,7 +932,7 @@ pub struct Config {
 	/// Set this to true to use RocksDB config options that are tailored to HDDs
 	/// (slower device storage).
 	///
-	/// It is worth noting that by default, conduwuit will use RocksDB with
+	/// It is worth noting that by default, continuwuity will use RocksDB with
 	/// Direct IO enabled. *Generally* speaking this improves performance as it
 	/// bypasses buffered I/O (system page cache). However there is a potential
 	/// chance that Direct IO may cause issues with database operations if your
@@ -938,7 +940,7 @@ pub struct Config {
 	/// possibly ZFS filesystem. RocksDB generally deals/corrects these issues
 	/// but it cannot account for all setups. If you experience any weird
 	/// RocksDB issues, try enabling this option as it turns off Direct IO and
-	/// feel free to report in the conduwuit Matrix room if this option fixes
+	/// feel free to report in the continuwuity Matrix room if this option fixes
 	/// your DB issues.
 	///
 	/// For more information, see:
@@ -999,7 +1001,7 @@ pub struct Config {
 	/// as they all differ. See their `kDefaultCompressionLevel`.
 	///
 	/// Note when using the default value we may override it with a setting
-	/// tailored specifically conduwuit.
+	/// tailored specifically for continuwuity.
 	///
 	/// default: 32767
 	#[serde(default = "default_rocksdb_compression_level")]
@@ -1017,7 +1019,7 @@ pub struct Config {
 	/// algorithm.
 	///
 	/// Note when using the default value we may override it with a setting
-	/// tailored specifically conduwuit.
+	/// tailored specifically for continuwuity.
 	///
 	/// default: 32767
 	#[serde(default = "default_rocksdb_bottommost_compression_level")]
@@ -1059,13 +1061,13 @@ pub struct Config {
 	/// 0 = AbsoluteConsistency
 	/// 1 = TolerateCorruptedTailRecords (default)
 	/// 2 = PointInTime (use me if trying to recover)
-	/// 3 = SkipAnyCorruptedRecord (you now voided your Conduwuit warranty)
+	/// 3 = SkipAnyCorruptedRecord (you now voided your Continuwuity warranty)
 	///
 	/// For more information on these modes, see:
 	/// https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes
 	///
 	/// For more details on recovering a corrupt database, see:
-	/// https://conduwuit.puppyirl.gay/troubleshooting.html#database-corruption
+	/// https://continuwuity.org/troubleshooting.html#database-corruption
 	///
 	/// default: 1
 	#[serde(default = "default_rocksdb_recovery_mode")]
@@ -1109,7 +1111,7 @@ pub struct Config {
 	/// - Disabling repair mode and restarting the server is recommended after
 	///   running the repair.
 	///
-	/// See https://conduwuit.puppyirl.gay/troubleshooting.html#database-corruption for more details on recovering a corrupt database.
+	/// See https://continuwuity.org/troubleshooting.html#database-corruption for more details on recovering a corrupt database.
 	#[serde(default)]
 	pub rocksdb_repair: bool,

@@ -1134,7 +1136,7 @@ pub struct Config {
 	/// Enables RocksDB compaction. You should never ever have to set this
 	/// option to false. If you for some reason find yourself needing to use
 	/// this option as part of troubleshooting or a bug, please reach out to us
-	/// in the conduwuit Matrix room with information and details.
+	/// in the continuwuity Matrix room with information and details.
 	///
 	/// Disabling compaction will lead to a significantly bloated and
 	/// explosively large database, gradually poor performance, unnecessarily
@@ -1162,7 +1164,7 @@ pub struct Config {
 	/// purposes such as recovering/recreating your admin room, or inviting
 	/// yourself back.
 	///
-	/// See https://conduwuit.puppyirl.gay/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room.
+	/// See https://continuwuity.org/troubleshooting.html#lost-access-to-admin-room for other ways to get back into your admin room.
 	///
 	/// Once this password is unset, all sessions will be logged out for
 	/// security purposes.
@@ -1178,8 +1180,8 @@ pub struct Config {

 	/// Allow local (your server only) presence updates/requests.
 	///
-	/// Note that presence on conduwuit is very fast unlike Synapse's. If using
-	/// outgoing presence, this MUST be enabled.
+	/// Note that presence on continuwuity is very fast unlike Synapse's. If
+	/// using outgoing presence, this MUST be enabled.
 	#[serde(default = "true_fn")]
 	pub allow_local_presence: bool,

@@ -1187,7 +1189,7 @@ pub struct Config {
 	///
 	/// This option receives presence updates from other servers, but does not
 	/// send any unless `allow_outgoing_presence` is true. Note that presence on
-	/// conduwuit is very fast unlike Synapse's.
+	/// continuwuity is very fast unlike Synapse's.
 	#[serde(default = "true_fn")]
 	pub allow_incoming_presence: bool,

@@ -1195,8 +1197,8 @@ pub struct Config {
 	///
 	/// This option sends presence updates to other servers, but does not
 	/// receive any unless `allow_incoming_presence` is true. Note that presence
-	/// on conduwuit is very fast unlike Synapse's. If using outgoing presence,
-	/// you MUST enable `allow_local_presence` as well.
+	/// on continuwuity is very fast unlike Synapse's. If using outgoing
+	/// presence, you MUST enable `allow_local_presence` as well.
 	#[serde(default = "true_fn")]
 	pub allow_outgoing_presence: bool,

@@ -1259,8 +1261,8 @@ pub struct Config {
 	#[serde(default = "default_typing_client_timeout_max_s")]
 	pub typing_client_timeout_max_s: u64,

-	/// Set this to true for conduwuit to compress HTTP response bodies using
-	/// zstd. This option does nothing if conduwuit was not built with
+	/// Set this to true for continuwuity to compress HTTP response bodies using
+	/// zstd. This option does nothing if continuwuity was not built with
 	/// `zstd_compression` feature. Please be aware that enabling HTTP
 	/// compression may weaken TLS. Most users should not need to enable this.
 	/// See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
@@ -1268,8 +1270,8 @@ pub struct Config {
 	#[serde(default)]
 	pub zstd_compression: bool,

-	/// Set this to true for conduwuit to compress HTTP response bodies using
-	/// gzip. This option does nothing if conduwuit was not built with
+	/// Set this to true for continuwuity to compress HTTP response bodies using
+	/// gzip. This option does nothing if continuwuity was not built with
 	/// `gzip_compression` feature. Please be aware that enabling HTTP
 	/// compression may weaken TLS. Most users should not need to enable this.
 	/// See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH before
@@ -1280,8 +1282,8 @@ pub struct Config {
 	#[serde(default)]
 	pub gzip_compression: bool,

-	/// Set this to true for conduwuit to compress HTTP response bodies using
-	/// brotli. This option does nothing if conduwuit was not built with
+	/// Set this to true for continuwuity to compress HTTP response bodies using
+	/// brotli. This option does nothing if continuwuity was not built with
 	/// `brotli_compression` feature. Please be aware that enabling HTTP
 	/// compression may weaken TLS. Most users should not need to enable this.
 	/// See https://breachattack.com/ and https://wikipedia.org/wiki/BREACH
@@ -1342,7 +1344,7 @@ pub struct Config {
 	/// Otherwise setting this to false reduces filesystem clutter and overhead
 	/// for managing these symlinks in the directory. This is now disabled by
 	/// default. You may still return to upstream Conduit but you have to run
-	/// conduwuit at least once with this set to true and allow the
+	/// continuwuity at least once with this set to true and allow the
 	/// media_startup_check to take place before shutting down to return to
 	/// Conduit.
 	#[serde(default)]
@@ -1391,8 +1393,8 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub allowed_remote_server_names: RegexSet,

-	/// Vector list of regex patterns of server names that conduwuit will refuse
-	/// to download remote media from.
+	/// Vector list of regex patterns of server names that continuwuity will
+	/// refuse to download remote media from.
 	///
 	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
@@ -1410,7 +1412,7 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub forbidden_remote_room_directory_server_names: RegexSet,

-	/// Vector list of regex patterns of server names that conduwuit will not
+	/// Vector list of regex patterns of server names that continuwuity will not
 	/// send messages to the client from.
 	///
 	/// Note that there is no way for clients to receive messages once a server
@@ -1436,7 +1438,7 @@ pub struct Config {
 	pub send_messages_from_ignored_users_to_client: bool,

 	/// Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
-	/// do not want conduwuit to send outbound requests to. Defaults to
+	/// do not want continuwuity to send outbound requests to. Defaults to
 	/// RFC1918, unroutable, loopback, multicast, and testnet addresses for
 	/// security.
 	///
@@ -1604,26 +1606,26 @@ pub struct Config {

 	/// Allow admins to enter commands in rooms other than "#admins" (admin
 	/// room) by prefixing your message with "\!admin" or "\\!admin" followed up
-	/// a normal conduwuit admin command. The reply will be publicly visible to
-	/// the room, originating from the sender.
+	/// a normal continuwuity admin command. The reply will be publicly visible
+	/// to the room, originating from the sender.
 	///
 	/// example: \\!admin debug ping puppygock.gay
 	#[serde(default = "true_fn")]
 	pub admin_escape_commands: bool,

-	/// Automatically activate the conduwuit admin room console / CLI on
-	/// startup. This option can also be enabled with `--console` conduwuit
+	/// Automatically activate the continuwuity admin room console / CLI on
+	/// startup. This option can also be enabled with `--console` continuwuity
 	/// argument.
 	#[serde(default)]
 	pub admin_console_automatic: bool,

 	/// List of admin commands to execute on startup.
 	///
-	/// This option can also be configured with the `--execute` conduwuit
+	/// This option can also be configured with the `--execute` continuwuity
 	/// argument and can take standard shell commands and environment variables
 	///
-	/// For example: `./conduwuit --execute "server admin-notice conduwuit has
-	/// started up at $(date)"`
+	/// For example: `./continuwuity --execute "server admin-notice continuwuity
+	/// has started up at $(date)"`
 	///
 	/// example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
 	///
@@ -1633,7 +1635,7 @@ pub struct Config {

 	/// Ignore errors in startup commands.
 	///
-	/// If false, conduwuit will error and fail to start if an admin execute
+	/// If false, continuwuity will error and fail to start if an admin execute
 	/// command (`--execute` / `admin_execute`) fails.
 	#[serde(default)]
 	pub admin_execute_errors_ignore: bool,
@@ -1658,17 +1660,16 @@ pub struct Config {
 	/// The default room tag to apply on the admin room.
 	///
 	/// On some clients like Element, the room tag "m.server_notice" is a
-	/// special pinned room at the very bottom of your room list. The conduwuit
-	/// admin room can be pinned here so you always have an easy-to-access
-	/// shortcut dedicated to your admin room.
+	/// special pinned room at the very bottom of your room list. The
+	/// continuwuity admin room can be pinned here so you always have an
+	/// easy-to-access shortcut dedicated to your admin room.
 	///
 	/// default: "m.server_notice"
 	#[serde(default = "default_admin_room_tag")]
 	pub admin_room_tag: String,

 	/// Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
-	/// This is NOT enabled by default. conduwuit's default Sentry reporting
-	/// endpoint domain is `o4506996327251968.ingest.us.sentry.io`.
+	/// This is NOT enabled by default.
 	#[serde(default)]
 	pub sentry: bool,

@@ -1679,7 +1680,7 @@ pub struct Config {
 	#[serde(default = "default_sentry_endpoint")]
 	pub sentry_endpoint: Option<Url>,

-	/// Report your conduwuit server_name in Sentry.io crash reports and
+	/// Report your continuwuity server_name in Sentry.io crash reports and
 	/// metrics.
 	#[serde(default)]
 	pub sentry_send_server_name: bool,
@@ -1720,7 +1721,7 @@ pub struct Config {
 	/// Enable the tokio-console. This option is only relevant to developers.
 	///
 	///	For more information, see:
-	/// https://conduwuit.puppyirl.gay/development.html#debugging-with-tokio-console
+	/// https://continuwuity.org/development.html#debugging-with-tokio-console
 	#[serde(default)]
 	pub tokio_console: bool,

@@ -1896,12 +1897,28 @@ pub struct WellKnownConfig {
 	/// example: "matrix.example.com:443"
 	pub server: Option<OwnedServerName>,

+	/// URL to a support page for the server, which will be served as part of
+	/// the MSC1929 server support endpoint at /.well-known/matrix/support.
+	/// Will be included alongside any contact information
 	pub support_page: Option<Url>,

+	/// Role string for server support contacts, to be served as part of the
+	/// MSC1929 server support endpoint at /.well-known/matrix/support.
+	///
+	/// default: "m.role.admin"
 	pub support_role: Option<ContactRole>,

+	/// Email address for server support contacts, to be served as part of the
+	/// MSC1929 server support endpoint.
+	/// This will be used along with support_mxid if specified.
 	pub support_email: Option<String>,

+	/// Matrix ID for server support contacts, to be served as part of the
+	/// MSC1929 server support endpoint.
+	/// This will be used along with support_email if specified.
+	///
+	/// If no email or mxid is specified, all of the server's admins will be
+	/// listed.
 	pub support_mxid: Option<OwnedUserId>,
 }

@@ -1962,7 +1979,11 @@ impl Config {
 	where
 		I: Iterator<Item = &'a Path>,
 	{
-		let envs = [Env::var("CONDUIT_CONFIG"), Env::var("CONDUWUIT_CONFIG")];
+		let envs = [
+			Env::var("CONDUIT_CONFIG"),
+			Env::var("CONDUWUIT_CONFIG"),
+			Env::var("CONTINUWUITY_CONFIG"),
+		];

 		let config = envs
 			.into_iter()
@@ -1971,7 +1992,8 @@ impl Config {
 			.chain(paths.map(Toml::file))
 			.fold(Figment::new(), |config, file| config.merge(file.nested()))
 			.merge(Env::prefixed("CONDUIT_").global().split("__"))
-			.merge(Env::prefixed("CONDUWUIT_").global().split("__"));
+			.merge(Env::prefixed("CONDUWUIT_").global().split("__"))
+			.merge(Env::prefixed("CONTINUWUITY_").global().split("__"));

 		Ok(config)
 	}
@@ -26,6 +26,6 @@ pub fn user_agent() -> &'static str { USER_AGENT.get_or_init(init_user_agent) }
 fn init_user_agent() -> String { format!("{}/{}", name(), version()) }

 fn init_version() -> String {
-	conduwuit_build_metadata::VERSION_EXTRA
+	conduwuit_build_metadata::version_tag()
 		.map_or(SEMANTIC.to_owned(), |extra| format!("{SEMANTIC} ({extra})"))
 }
@@ -1,18 +1,10 @@
-use std::{
-	borrow::Borrow,
-	fmt::{Debug, Display},
-	hash::Hash,
-};
-
 use ruma::{EventId, MilliSecondsSinceUnixEpoch, RoomId, UserId, events::TimelineEventType};
 use serde_json::value::RawValue as RawJsonValue;

 /// Abstraction of a PDU so users can have their own PDU types.
 pub trait Event {
-	type Id: Clone + Debug + Display + Eq + Ord + Hash + Send + Borrow<EventId>;
-
 	/// The `EventId` of this event.
-	fn event_id(&self) -> &Self::Id;
+	fn event_id(&self) -> &EventId;

 	/// The `RoomId` of this event.
 	fn room_id(&self) -> &RoomId;
@@ -34,20 +26,18 @@ pub trait Event {

 	/// The events before this event.
 	// Requires GATs to avoid boxing (and TAIT for making it convenient).
-	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_;
+	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Send + '_;

 	/// All the authenticating events for this event.
 	// Requires GATs to avoid boxing (and TAIT for making it convenient).
-	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_;
+	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Send + '_;

 	/// If this event is a redaction event this is the event it redacts.
-	fn redacts(&self) -> Option<&Self::Id>;
+	fn redacts(&self) -> Option<&EventId>;
 }

 impl<T: Event> Event for &T {
-	type Id = T::Id;
-
-	fn event_id(&self) -> &Self::Id { (*self).event_id() }
+	fn event_id(&self) -> &EventId { (*self).event_id() }

 	fn room_id(&self) -> &RoomId { (*self).room_id() }

@@ -61,13 +51,13 @@ impl<T: Event> Event for &T {

 	fn state_key(&self) -> Option<&str> { (*self).state_key() }

-	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
+	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Send + '_ {
 		(*self).prev_events()
 	}

-	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
+	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Send + '_ {
 		(*self).auth_events()
 	}

-	fn redacts(&self) -> Option<&Self::Id> { (*self).redacts() }
+	fn redacts(&self) -> Option<&EventId> { (*self).redacts() }
 }
@@ -79,9 +79,7 @@ impl Pdu {
 }

 impl Event for Pdu {
-	type Id = OwnedEventId;
-
-	fn event_id(&self) -> &Self::Id { &self.event_id }
+	fn event_id(&self) -> &EventId { &self.event_id }

 	fn room_id(&self) -> &RoomId { &self.room_id }

@@ -97,15 +95,15 @@ impl Event for Pdu {

 	fn state_key(&self) -> Option<&str> { self.state_key.as_deref() }

-	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
-		self.prev_events.iter()
+	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Send + '_ {
+		self.prev_events.iter().map(AsRef::as_ref)
 	}

-	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
-		self.auth_events.iter()
+	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Send + '_ {
+		self.auth_events.iter().map(AsRef::as_ref)
 	}

-	fn redacts(&self) -> Option<&Self::Id> { self.redacts.as_ref() }
+	fn redacts(&self) -> Option<&EventId> { self.redacts.as_deref() }
 }

 /// Prevent derived equality which wouldn't limit itself to event_id
@@ -1,8 +1,8 @@
 use ruma::{
 	events::{
-		AnyEphemeralRoomEvent, AnyMessageLikeEvent, AnyStateEvent, AnyStrippedStateEvent,
-		AnySyncStateEvent, AnySyncTimelineEvent, AnyTimelineEvent, StateEvent,
-		room::member::RoomMemberEventContent, space::child::HierarchySpaceChildEvent,
+		AnyMessageLikeEvent, AnyStateEvent, AnyStrippedStateEvent, AnySyncStateEvent,
+		AnySyncTimelineEvent, AnyTimelineEvent, StateEvent, room::member::RoomMemberEventContent,
+		space::child::HierarchySpaceChildEvent,
 	},
 	serde::Raw,
 };
@@ -10,41 +10,6 @@ use serde_json::{json, value::Value as JsonValue};

 use crate::implement;

-/// This only works for events that are also AnyRoomEvents.
-#[must_use]
-#[implement(super::Pdu)]
-pub fn into_any_event(self) -> Raw<AnyEphemeralRoomEvent> {
-	serde_json::from_value(self.into_any_event_value()).expect("Raw::from_value always works")
-}
-
-/// This only works for events that are also AnyRoomEvents.
-#[implement(super::Pdu)]
-#[must_use]
-#[inline]
-pub fn into_any_event_value(self) -> JsonValue {
-	let (redacts, content) = self.copy_redacts();
-	let mut json = json!({
-		"content": content,
-		"type": self.kind,
-		"event_id": self.event_id,
-		"sender": self.sender,
-		"origin_server_ts": self.origin_server_ts,
-		"room_id": self.room_id,
-	});
-
-	if let Some(unsigned) = &self.unsigned {
-		json["unsigned"] = json!(unsigned);
-	}
-	if let Some(state_key) = &self.state_key {
-		json["state_key"] = json!(state_key);
-	}
-	if let Some(redacts) = &redacts {
-		json["redacts"] = json!(redacts);
-	}
-
-	json
-}
-
 #[implement(super::Pdu)]
 #[must_use]
 #[inline]
@@ -53,7 +18,8 @@ pub fn into_room_event(self) -> Raw<AnyTimelineEvent> { self.to_room_event() }
 #[implement(super::Pdu)]
 #[must_use]
 pub fn to_room_event(&self) -> Raw<AnyTimelineEvent> {
-	serde_json::from_value(self.to_room_event_value()).expect("Raw::from_value always works")
+	let value = self.to_room_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -91,8 +57,8 @@ pub fn into_message_like_event(self) -> Raw<AnyMessageLikeEvent> { self.to_messa
 #[implement(super::Pdu)]
 #[must_use]
 pub fn to_message_like_event(&self) -> Raw<AnyMessageLikeEvent> {
-	serde_json::from_value(self.to_message_like_event_value())
-		.expect("Raw::from_value always works")
+	let value = self.to_message_like_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -130,7 +96,8 @@ pub fn into_sync_room_event(self) -> Raw<AnySyncTimelineEvent> { self.to_sync_ro
 #[implement(super::Pdu)]
 #[must_use]
 pub fn to_sync_room_event(&self) -> Raw<AnySyncTimelineEvent> {
-	serde_json::from_value(self.to_sync_room_event_value()).expect("Raw::from_value always works")
+	let value = self.to_sync_room_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -162,7 +129,8 @@ pub fn to_sync_room_event_value(&self) -> JsonValue {
 #[implement(super::Pdu)]
 #[must_use]
 pub fn into_state_event(self) -> Raw<AnyStateEvent> {
-	serde_json::from_value(self.into_state_event_value()).expect("Raw::from_value always works")
+	let value = self.into_state_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -189,8 +157,8 @@ pub fn into_state_event_value(self) -> JsonValue {
 #[implement(super::Pdu)]
 #[must_use]
 pub fn into_sync_state_event(self) -> Raw<AnySyncStateEvent> {
-	serde_json::from_value(self.into_sync_state_event_value())
-		.expect("Raw::from_value always works")
+	let value = self.into_sync_state_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -223,8 +191,8 @@ pub fn into_stripped_state_event(self) -> Raw<AnyStrippedStateEvent> {
 #[implement(super::Pdu)]
 #[must_use]
 pub fn to_stripped_state_event(&self) -> Raw<AnyStrippedStateEvent> {
-	serde_json::from_value(self.to_stripped_state_event_value())
-		.expect("Raw::from_value always works")
+	let value = self.to_stripped_state_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -242,8 +210,8 @@ pub fn to_stripped_state_event_value(&self) -> JsonValue {
 #[implement(super::Pdu)]
 #[must_use]
 pub fn into_stripped_spacechild_state_event(self) -> Raw<HierarchySpaceChildEvent> {
-	serde_json::from_value(self.into_stripped_spacechild_state_event_value())
-		.expect("Raw::from_value always works")
+	let value = self.into_stripped_spacechild_state_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -262,7 +230,8 @@ pub fn into_stripped_spacechild_state_event_value(self) -> JsonValue {
 #[implement(super::Pdu)]
 #[must_use]
 pub fn into_member_event(self) -> Raw<StateEvent<RoomMemberEventContent>> {
-	serde_json::from_value(self.into_member_event_value()).expect("Raw::from_value always works")
+	let value = self.into_member_event_value();
+	serde_json::from_value(value).expect("Failed to serialize Event value")
 }

 #[implement(super::Pdu)]
@@ -52,7 +52,6 @@ fn lexico_topo_sort(c: &mut test::Bencher) {
 #[cfg(conduwuit_bench)]
 #[cfg_attr(conduwuit_bench, bench)]
 fn resolution_shallow_auth_chain(c: &mut test::Bencher) {
-	let parallel_fetches = 32;
 	let mut store = TestStore(hashmap! {});

 	// build up the DAG
@@ -78,7 +77,6 @@ fn resolution_shallow_auth_chain(c: &mut test::Bencher) {
 			&auth_chain_sets,
 			&fetch,
 			&exists,
-			parallel_fetches,
 		)
 		.await
 		{
@@ -91,7 +89,6 @@ fn resolution_shallow_auth_chain(c: &mut test::Bencher) {
 #[cfg(conduwuit_bench)]
 #[cfg_attr(conduwuit_bench, bench)]
 fn resolve_deeper_event_set(c: &mut test::Bencher) {
-	let parallel_fetches = 32;
 	let mut inner = INITIAL_EVENTS();
 	let ban = BAN_STATE_SET();

@@ -153,7 +150,6 @@ fn resolve_deeper_event_set(c: &mut test::Bencher) {
 			&auth_chain_sets,
 			&fetch,
 			&exists,
-			parallel_fetches,
 		)
 		.await
 		{
@@ -190,7 +186,11 @@ impl<E: Event + Clone> TestStore<E> {
 	}

 	/// Returns a Vec of the related auth events to the given `event`.
-	fn auth_event_ids(&self, room_id: &RoomId, event_ids: Vec<E::Id>) -> Result<HashSet<E::Id>> {
+	fn auth_event_ids(
+		&self,
+		room_id: &RoomId,
+		event_ids: Vec<OwnedEventId>,
+	) -> Result<HashSet<OwnedEventId>> {
 		let mut result = HashSet::new();
 		let mut stack = event_ids;

@@ -216,8 +216,8 @@ impl<E: Event + Clone> TestStore<E> {
 	fn auth_chain_diff(
 		&self,
 		room_id: &RoomId,
-		event_ids: Vec<Vec<E::Id>>,
-	) -> Result<Vec<E::Id>> {
+		event_ids: Vec<Vec<OwnedEventId>>,
+	) -> Result<Vec<OwnedEventId>> {
 		let mut auth_chain_sets = vec![];
 		for ids in event_ids {
 			// TODO state store `auth_event_ids` returns self in the event ids list
@@ -238,7 +238,7 @@ impl<E: Event + Clone> TestStore<E> {
 			Ok(auth_chain_sets
 				.into_iter()
 				.flatten()
-				.filter(|id| !common.contains(id.borrow()))
+				.filter(|id| !common.contains(id))
 				.collect())
 		} else {
 			Ok(vec![])
@@ -565,7 +565,7 @@ impl EventTypeExt for &TimelineEventType {

 mod event {
 	use ruma::{
-		MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, UserId,
+		EventId, MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, UserId,
 		events::{TimelineEventType, pdu::Pdu},
 	};
 	use serde::{Deserialize, Serialize};
@@ -574,9 +574,7 @@ mod event {
 	use super::Event;

 	impl Event for PduEvent {
-		type Id = OwnedEventId;
-
-		fn event_id(&self) -> &Self::Id { &self.event_id }
+		fn event_id(&self) -> &EventId { &self.event_id }

 		fn room_id(&self) -> &RoomId {
 			match &self.rest {
@@ -632,28 +630,30 @@ mod event {
 			}
 		}

-		fn prev_events(&self) -> Box<dyn DoubleEndedIterator<Item = &Self::Id> + Send + '_> {
+		fn prev_events(&self) -> Box<dyn DoubleEndedIterator<Item = &EventId> + Send + '_> {
 			match &self.rest {
-				| Pdu::RoomV1Pdu(ev) => Box::new(ev.prev_events.iter().map(|(id, _)| id)),
-				| Pdu::RoomV3Pdu(ev) => Box::new(ev.prev_events.iter()),
+				| Pdu::RoomV1Pdu(ev) =>
+					Box::new(ev.prev_events.iter().map(|(id, _)| id.as_ref())),
+				| Pdu::RoomV3Pdu(ev) => Box::new(ev.prev_events.iter().map(AsRef::as_ref)),
 				#[cfg(not(feature = "unstable-exhaustive-types"))]
 				| _ => unreachable!("new PDU version"),
 			}
 		}

-		fn auth_events(&self) -> Box<dyn DoubleEndedIterator<Item = &Self::Id> + Send + '_> {
+		fn auth_events(&self) -> Box<dyn DoubleEndedIterator<Item = &EventId> + Send + '_> {
 			match &self.rest {
-				| Pdu::RoomV1Pdu(ev) => Box::new(ev.auth_events.iter().map(|(id, _)| id)),
-				| Pdu::RoomV3Pdu(ev) => Box::new(ev.auth_events.iter()),
+				| Pdu::RoomV1Pdu(ev) =>
+					Box::new(ev.auth_events.iter().map(|(id, _)| id.as_ref())),
+				| Pdu::RoomV3Pdu(ev) => Box::new(ev.auth_events.iter().map(AsRef::as_ref)),
 				#[cfg(not(feature = "unstable-exhaustive-types"))]
 				| _ => unreachable!("new PDU version"),
 			}
 		}

-		fn redacts(&self) -> Option<&Self::Id> {
+		fn redacts(&self) -> Option<&EventId> {
 			match &self.rest {
-				| Pdu::RoomV1Pdu(ev) => ev.redacts.as_ref(),
-				| Pdu::RoomV3Pdu(ev) => ev.redacts.as_ref(),
+				| Pdu::RoomV1Pdu(ev) => ev.redacts.as_deref(),
+				| Pdu::RoomV3Pdu(ev) => ev.redacts.as_deref(),
 				#[cfg(not(feature = "unstable-exhaustive-types"))]
 				| _ => unreachable!("new PDU version"),
 			}
@@ -133,7 +133,7 @@ pub fn auth_types_for_event(
 	level = "debug",
 	skip_all,
 	fields(
-		event_id = incoming_event.event_id().borrow().as_str()
+		event_id = incoming_event.event_id().as_str(),
 	)
 )]
 pub async fn auth_check<F, Fut, Fetched, Incoming>(
@@ -259,7 +259,7 @@ where
 	// 3. If event does not have m.room.create in auth_events reject
 	if !incoming_event
 		.auth_events()
-		.any(|id| id.borrow() == room_create_event.event_id().borrow())
+		.any(|id| id == room_create_event.event_id())
 	{
 		warn!("no m.room.create event in auth events");
 		return Ok(false);
@@ -638,7 +638,7 @@ fn valid_membership_change(
 				warn!(?target_user_membership_event_id, "Banned user can't join");
 				false
 			} else if (join_rules == JoinRule::Invite
-                    || room_version.allow_knocking && join_rules == JoinRule::Knock)
+                    || room_version.allow_knocking && (join_rules == JoinRule::Knock || matches!(join_rules, JoinRule::KnockRestricted(_))))
                // If the join_rule is invite then allow if membership state is invite or join
                    && (target_user_current_membership == MembershipState::Join
                        || target_user_current_membership == MembershipState::Invite)
@@ -1021,11 +1021,11 @@ fn check_redaction(

 	// If the domain of the event_id of the event being redacted is the same as the
 	// domain of the event_id of the m.room.redaction, allow
-	if redaction_event.event_id().borrow().server_name()
+	if redaction_event.event_id().server_name()
 		== redaction_event
 			.redacts()
 			.as_ref()
-			.and_then(|&id| id.borrow().server_name())
+			.and_then(|&id| id.server_name())
 	{
 		debug!("redaction event allowed via room version 1 rules");
 		return Ok(true);
@@ -20,7 +20,7 @@ use std::{

 use futures::{Future, FutureExt, Stream, StreamExt, TryFutureExt, TryStreamExt, future};
 use ruma::{
-	EventId, Int, MilliSecondsSinceUnixEpoch, RoomVersionId,
+	EventId, Int, MilliSecondsSinceUnixEpoch, OwnedEventId, RoomVersionId,
 	events::{
 		StateEventType, TimelineEventType,
 		room::member::{MembershipState, RoomMemberEventContent},
@@ -39,9 +39,7 @@ use crate::{
 	debug, debug_error,
 	matrix::{event::Event, pdu::StateKey},
 	trace,
-	utils::stream::{
-		BroadbandExt, IterStream, ReadyExt, TryBroadbandExt, TryReadyExt, WidebandExt,
-	},
+	utils::stream::{BroadbandExt, IterStream, ReadyExt, TryBroadbandExt, WidebandExt},
 	warn,
 };

@@ -69,9 +67,6 @@ type Result<T, E = Error> = crate::Result<T, E>;
 /// * `event_fetch` - Any event not found in the `event_map` will defer to this
 ///   closure to find the event.
 ///
-/// * `parallel_fetches` - The number of asynchronous fetch requests in-flight
-///   for any given operation.
-///
 /// ## Invariants
 ///
 /// The caller of `resolve` must ensure that all the events are from the same
@@ -82,21 +77,19 @@ type Result<T, E = Error> = crate::Result<T, E>;
 pub async fn resolve<'a, E, Sets, SetIter, Hasher, Fetch, FetchFut, Exists, ExistsFut>(
 	room_version: &RoomVersionId,
 	state_sets: Sets,
-	auth_chain_sets: &'a [HashSet<E::Id, Hasher>],
+	auth_chain_sets: &'a [HashSet<OwnedEventId, Hasher>],
 	event_fetch: &Fetch,
 	event_exists: &Exists,
-	parallel_fetches: usize,
-) -> Result<StateMap<E::Id>>
+) -> Result<StateMap<OwnedEventId>>
 where
-	Fetch: Fn(E::Id) -> FetchFut + Sync,
+	Fetch: Fn(OwnedEventId) -> FetchFut + Sync,
 	FetchFut: Future<Output = Option<E>> + Send,
-	Exists: Fn(E::Id) -> ExistsFut + Sync,
+	Exists: Fn(OwnedEventId) -> ExistsFut + Sync,
 	ExistsFut: Future<Output = bool> + Send,
 	Sets: IntoIterator<IntoIter = SetIter> + Send,
-	SetIter: Iterator<Item = &'a StateMap<E::Id>> + Clone + Send,
+	SetIter: Iterator<Item = &'a StateMap<OwnedEventId>> + Clone + Send,
 	Hasher: BuildHasher + Send + Sync,
 	E: Event + Clone + Send + Sync,
-	E::Id: Borrow<EventId> + Send + Sync,
 	for<'b> &'b E: Send,
 {
 	debug!("State resolution starting");
@@ -147,13 +140,8 @@ where

 	// Sort the control events based on power_level/clock/event_id and
 	// outgoing/incoming edges
-	let sorted_control_levels = reverse_topological_power_sort(
-		control_events,
-		&all_conflicted,
-		&event_fetch,
-		parallel_fetches,
-	)
-	.await?;
+	let sorted_control_levels =
+		reverse_topological_power_sort(control_events, &all_conflicted, &event_fetch).await?;

 	debug!(count = sorted_control_levels.len(), "power events");
 	trace!(list = ?sorted_control_levels, "sorted power events");
@@ -162,7 +150,7 @@ where
 	// Sequentially auth check each control event.
 	let resolved_control = iterative_auth_check(
 		&room_version,
-		sorted_control_levels.iter().stream(),
+		sorted_control_levels.iter().stream().map(AsRef::as_ref),
 		clean.clone(),
 		&event_fetch,
 	)
@@ -179,7 +167,7 @@ where
 	// that failed auth
 	let events_to_resolve: Vec<_> = all_conflicted
 		.iter()
-		.filter(|&id| !deduped_power_ev.contains(id.borrow()))
+		.filter(|&id| !deduped_power_ev.contains(id))
 		.cloned()
 		.collect();

@@ -199,7 +187,7 @@ where

 	let mut resolved_state = iterative_auth_check(
 		&room_version,
-		sorted_left_events.iter().stream(),
+		sorted_left_events.iter().stream().map(AsRef::as_ref),
 		resolved_control, // The control events are added to the final resolved state
 		&event_fetch,
 	)
@@ -292,16 +280,14 @@ where
 /// earlier (further back in time) origin server timestamp.
 #[tracing::instrument(level = "debug", skip_all)]
 async fn reverse_topological_power_sort<E, F, Fut>(
-	events_to_sort: Vec<E::Id>,
-	auth_diff: &HashSet<E::Id>,
+	events_to_sort: Vec<OwnedEventId>,
+	auth_diff: &HashSet<OwnedEventId>,
 	fetch_event: &F,
-	parallel_fetches: usize,
-) -> Result<Vec<E::Id>>
+) -> Result<Vec<OwnedEventId>>
 where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	E::Id: Borrow<EventId> + Send + Sync,
 {
 	debug!("reverse topological sort of power events");

@@ -311,35 +297,36 @@ where
 	}

 	// This is used in the `key_fn` passed to the lexico_topo_sort fn
-	let event_to_pl = graph
+	let event_to_pl: HashMap<_, _> = graph
 		.keys()
+		.cloned()
 		.stream()
-		.map(|event_id| {
-			get_power_level_for_sender(event_id.clone(), fetch_event)
-				.map(move |res| res.map(|pl| (event_id, pl)))
+		.broad_filter_map(async |event_id| {
+			let pl = get_power_level_for_sender(&event_id, fetch_event)
+				.await
+				.ok()?;
+			Some((event_id, pl))
 		})
-		.buffer_unordered(parallel_fetches)
-		.ready_try_fold(HashMap::new(), |mut event_to_pl, (event_id, pl)| {
+		.inspect(|(event_id, pl)| {
 			debug!(
-				event_id = event_id.borrow().as_str(),
-				power_level = i64::from(pl),
+				event_id = event_id.as_str(),
+				power_level = i64::from(*pl),
 				"found the power level of an event's sender",
 			);
-
-			event_to_pl.insert(event_id.clone(), pl);
-			Ok(event_to_pl)
 		})
+		.collect()
 		.boxed()
-		.await?;
+		.await;

-	let event_to_pl = &event_to_pl;
-	let fetcher = |event_id: E::Id| async move {
+	let fetcher = async |event_id: OwnedEventId| {
 		let pl = *event_to_pl
-			.get(event_id.borrow())
+			.get(&event_id)
 			.ok_or_else(|| Error::NotFound(String::new()))?;
+
 		let ev = fetch_event(event_id)
 			.await
 			.ok_or_else(|| Error::NotFound(String::new()))?;
+
 		Ok((pl, ev.origin_server_ts()))
 	};

@@ -476,18 +463,17 @@ where
 /// the eventId at the eventId's generation (we walk backwards to `EventId`s
 /// most recent previous power level event).
 async fn get_power_level_for_sender<E, F, Fut>(
-	event_id: E::Id,
+	event_id: &EventId,
 	fetch_event: &F,
 ) -> serde_json::Result<Int>
 where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send,
-	E::Id: Borrow<EventId> + Send,
 {
 	debug!("fetch event ({event_id}) senders power level");

-	let event = fetch_event(event_id).await;
+	let event = fetch_event(event_id.to_owned()).await;

 	let auth_events = event.as_ref().map(Event::auth_events);

@@ -495,7 +481,7 @@ where
 		.into_iter()
 		.flatten()
 		.stream()
-		.broadn_filter_map(5, |aid| fetch_event(aid.clone()))
+		.broadn_filter_map(5, |aid| fetch_event(aid.to_owned()))
 		.ready_find(|aev| is_type_and_key(aev, &TimelineEventType::RoomPowerLevels, ""))
 		.await;

@@ -528,14 +514,13 @@ where
 async fn iterative_auth_check<'a, E, F, Fut, S>(
 	room_version: &RoomVersion,
 	events_to_check: S,
-	unconflicted_state: StateMap<E::Id>,
+	unconflicted_state: StateMap<OwnedEventId>,
 	fetch_event: &F,
-) -> Result<StateMap<E::Id>>
+) -> Result<StateMap<OwnedEventId>>
 where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
-	E::Id: Borrow<EventId> + Clone + Eq + Ord + Send + Sync + 'a,
-	S: Stream<Item = &'a E::Id> + Send + 'a,
+	S: Stream<Item = &'a EventId> + Send + 'a,
 	E: Event + Clone + Send + Sync,
 {
 	debug!("starting iterative auth check");
@@ -543,7 +528,7 @@ where
 	let events_to_check: Vec<_> = events_to_check
 		.map(Result::Ok)
 		.broad_and_then(async |event_id| {
-			fetch_event(event_id.clone())
+			fetch_event(event_id.to_owned())
 				.await
 				.ok_or_else(|| Error::NotFound(format!("Failed to find {event_id}")))
 		})
@@ -551,16 +536,16 @@ where
 		.boxed()
 		.await?;

-	let auth_event_ids: HashSet<E::Id> = events_to_check
+	let auth_event_ids: HashSet<OwnedEventId> = events_to_check
 		.iter()
-		.flat_map(|event: &E| event.auth_events().map(Clone::clone))
+		.flat_map(|event: &E| event.auth_events().map(ToOwned::to_owned))
 		.collect();

-	let auth_events: HashMap<E::Id, E> = auth_event_ids
+	let auth_events: HashMap<OwnedEventId, E> = auth_event_ids
 		.into_iter()
 		.stream()
 		.broad_filter_map(fetch_event)
-		.map(|auth_event| (auth_event.event_id().clone(), auth_event))
+		.map(|auth_event| (auth_event.event_id().to_owned(), auth_event))
 		.collect()
 		.boxed()
 		.await;
@@ -581,7 +566,7 @@ where

 		let mut auth_state = StateMap::new();
 		for aid in event.auth_events() {
-			if let Some(ev) = auth_events.get(aid.borrow()) {
+			if let Some(ev) = auth_events.get(aid) {
 				//TODO: synapse checks "rejected_reason" which is most likely related to
 				// soft-failing
 				auth_state.insert(
@@ -592,7 +577,7 @@ where
 					ev.clone(),
 				);
 			} else {
-				warn!(event_id = aid.borrow().as_str(), "missing auth event");
+				warn!(event_id = aid.as_str(), "missing auth event");
 			}
 		}

@@ -601,7 +586,7 @@ where
 			.stream()
 			.ready_filter_map(|key| Some((key, resolved_state.get(key)?)))
 			.filter_map(|(key, ev_id)| async move {
-				if let Some(event) = auth_events.get(ev_id.borrow()) {
+				if let Some(event) = auth_events.get(ev_id) {
 					Some((key, event.clone()))
 				} else {
 					Some((key, fetch_event(ev_id.clone()).await?))
@@ -633,7 +618,7 @@ where
 				// add event to resolved state map
 				resolved_state.insert(
 					event.event_type().with_state_key(state_key),
-					event.event_id().clone(),
+					event.event_id().to_owned(),
 				);
 			},
 			| Ok(false) => {
@@ -660,15 +645,14 @@ where
 /// level as a parent) will be marked as depth 1. depth 1 is "older" than depth
 /// 0.
 async fn mainline_sort<E, F, Fut>(
-	to_sort: &[E::Id],
-	resolved_power_level: Option<E::Id>,
+	to_sort: &[OwnedEventId],
+	resolved_power_level: Option<OwnedEventId>,
 	fetch_event: &F,
-) -> Result<Vec<E::Id>>
+) -> Result<Vec<OwnedEventId>>
 where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Clone + Send + Sync,
-	E::Id: Borrow<EventId> + Clone + Send + Sync,
 {
 	debug!("mainline sort of events");

@@ -688,7 +672,7 @@ where

 		pl = None;
 		for aid in event.auth_events() {
-			let ev = fetch_event(aid.clone())
+			let ev = fetch_event(aid.to_owned())
 				.await
 				.ok_or_else(|| Error::NotFound(format!("Failed to find {aid}")))?;

@@ -734,26 +718,25 @@ where
 /// that has an associated mainline depth.
 async fn get_mainline_depth<E, F, Fut>(
 	mut event: Option<E>,
-	mainline_map: &HashMap<E::Id, usize>,
+	mainline_map: &HashMap<OwnedEventId, usize>,
 	fetch_event: &F,
 ) -> Result<usize>
 where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	E::Id: Borrow<EventId> + Send + Sync,
 {
 	while let Some(sort_ev) = event {
-		debug!(event_id = sort_ev.event_id().borrow().as_str(), "mainline");
+		debug!(event_id = sort_ev.event_id().as_str(), "mainline");

 		let id = sort_ev.event_id();
-		if let Some(depth) = mainline_map.get(id.borrow()) {
+		if let Some(depth) = mainline_map.get(id) {
 			return Ok(*depth);
 		}

 		event = None;
 		for aid in sort_ev.auth_events() {
-			let aev = fetch_event(aid.clone())
+			let aev = fetch_event(aid.to_owned())
 				.await
 				.ok_or_else(|| Error::NotFound(format!("Failed to find {aid}")))?;

@@ -768,15 +751,14 @@ where
 }

 async fn add_event_and_auth_chain_to_graph<E, F, Fut>(
-	graph: &mut HashMap<E::Id, HashSet<E::Id>>,
-	event_id: E::Id,
-	auth_diff: &HashSet<E::Id>,
+	graph: &mut HashMap<OwnedEventId, HashSet<OwnedEventId>>,
+	event_id: OwnedEventId,
+	auth_diff: &HashSet<OwnedEventId>,
 	fetch_event: &F,
 ) where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	E::Id: Borrow<EventId> + Clone + Send + Sync,
 {
 	let mut state = vec![event_id];
 	while let Some(eid) = state.pop() {
@@ -786,26 +768,27 @@ async fn add_event_and_auth_chain_to_graph<E, F, Fut>(

 		// Prefer the store to event as the store filters dedups the events
 		for aid in auth_events {
-			if auth_diff.contains(aid.borrow()) {
-				if !graph.contains_key(aid.borrow()) {
+			if auth_diff.contains(aid) {
+				if !graph.contains_key(aid) {
 					state.push(aid.to_owned());
 				}

-				// We just inserted this at the start of the while loop
-				graph.get_mut(eid.borrow()).unwrap().insert(aid.to_owned());
+				graph
+					.get_mut(&eid)
+					.expect("We just inserted this at the start of the while loop")
+					.insert(aid.to_owned());
 			}
 		}
 	}
 }

-async fn is_power_event_id<E, F, Fut>(event_id: &E::Id, fetch: &F) -> bool
+async fn is_power_event_id<E, F, Fut>(event_id: &EventId, fetch: &F) -> bool
 where
-	F: Fn(E::Id) -> Fut + Sync,
+	F: Fn(OwnedEventId) -> Fut + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send,
-	E::Id: Borrow<EventId> + Send + Sync,
 {
-	match fetch(event_id.clone()).await.as_ref() {
+	match fetch(event_id.to_owned()).await.as_ref() {
 		| Some(state) => is_power_event(state),
 		| _ => false,
 	}
@@ -909,13 +892,13 @@ mod tests {

 		let fetcher = |id| ready(events.get(&id).cloned());
 		let sorted_power_events =
-			super::reverse_topological_power_sort(power_events, &auth_chain, &fetcher, 1)
+			super::reverse_topological_power_sort(power_events, &auth_chain, &fetcher)
 				.await
 				.unwrap();

 		let resolved_power = super::iterative_auth_check(
 			&RoomVersion::V6,
-			sorted_power_events.iter().stream(),
+			sorted_power_events.iter().map(AsRef::as_ref).stream(),
 			HashMap::new(), // unconflicted events
 			&fetcher,
 		)
@@ -1300,7 +1283,7 @@ mod tests {
 		let ev_map = store.0.clone();
 		let fetcher = |id| ready(ev_map.get(&id).cloned());

-		let exists = |id: <PduEvent as Event>::Id| ready(ev_map.get(&*id).is_some());
+		let exists = |id: OwnedEventId| ready(ev_map.get(&*id).is_some());

 		let state_sets = [state_at_bob, state_at_charlie];
 		let auth_chain: Vec<_> = state_sets
@@ -1312,19 +1295,13 @@ mod tests {
 			})
 			.collect();

-		let resolved = match super::resolve(
-			&RoomVersionId::V2,
-			&state_sets,
-			&auth_chain,
-			&fetcher,
-			&exists,
-			1,
-		)
-		.await
-		{
-			| Ok(state) => state,
-			| Err(e) => panic!("{e}"),
-		};
+		let resolved =
+			match super::resolve(&RoomVersionId::V2, &state_sets, &auth_chain, &fetcher, &exists)
+				.await
+			{
+				| Ok(state) => state,
+				| Err(e) => panic!("{e}"),
+			};

 		assert_eq!(expected, resolved);
 	}
@@ -1429,21 +1406,15 @@ mod tests {
 			})
 			.collect();

-		let fetcher = |id: <PduEvent as Event>::Id| ready(ev_map.get(&id).cloned());
-		let exists = |id: <PduEvent as Event>::Id| ready(ev_map.get(&id).is_some());
-		let resolved = match super::resolve(
-			&RoomVersionId::V6,
-			&state_sets,
-			&auth_chain,
-			&fetcher,
-			&exists,
-			1,
-		)
-		.await
-		{
-			| Ok(state) => state,
-			| Err(e) => panic!("{e}"),
-		};
+		let fetcher = |id: OwnedEventId| ready(ev_map.get(&id).cloned());
+		let exists = |id: OwnedEventId| ready(ev_map.get(&id).is_some());
+		let resolved =
+			match super::resolve(&RoomVersionId::V6, &state_sets, &auth_chain, &fetcher, &exists)
+				.await
+			{
+				| Ok(state) => state,
+				| Err(e) => panic!("{e}"),
+			};

 		debug!(
 			resolved = ?resolved
@@ -133,17 +133,11 @@ pub(crate) async fn do_check(
 				.collect();

 			let event_map = &event_map;
-			let fetch = |id: <PduEvent as Event>::Id| ready(event_map.get(&id).cloned());
-			let exists = |id: <PduEvent as Event>::Id| ready(event_map.get(&id).is_some());
-			let resolved = super::resolve(
-				&RoomVersionId::V6,
-				state_sets,
-				&auth_chain_sets,
-				&fetch,
-				&exists,
-				1,
-			)
-			.await;
+			let fetch = |id: OwnedEventId| ready(event_map.get(&id).cloned());
+			let exists = |id: OwnedEventId| ready(event_map.get(&id).is_some());
+			let resolved =
+				super::resolve(&RoomVersionId::V6, state_sets, &auth_chain_sets, &fetch, &exists)
+					.await;

 			match resolved {
 				| Ok(state) => state,
@@ -247,8 +241,8 @@ impl<E: Event + Clone> TestStore<E> {
 	pub(crate) fn auth_event_ids(
 		&self,
 		room_id: &RoomId,
-		event_ids: Vec<E::Id>,
-	) -> Result<HashSet<E::Id>> {
+		event_ids: Vec<OwnedEventId>,
+	) -> Result<HashSet<OwnedEventId>> {
 		let mut result = HashSet::new();
 		let mut stack = event_ids;

@@ -584,7 +578,7 @@ pub(crate) fn INITIAL_EDGES() -> Vec<OwnedEventId> {

 pub(crate) mod event {
 	use ruma::{
-		MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, UserId,
+		EventId, MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, UserId,
 		events::{TimelineEventType, pdu::Pdu},
 	};
 	use serde::{Deserialize, Serialize};
@@ -593,9 +587,7 @@ pub(crate) mod event {
 	use crate::Event;

 	impl Event for PduEvent {
-		type Id = OwnedEventId;
-
-		fn event_id(&self) -> &Self::Id { &self.event_id }
+		fn event_id(&self) -> &EventId { &self.event_id }

 		fn room_id(&self) -> &RoomId {
 			match &self.rest {
@@ -652,29 +644,31 @@ pub(crate) mod event {
 		}

 		#[allow(refining_impl_trait)]
-		fn prev_events(&self) -> Box<dyn DoubleEndedIterator<Item = &Self::Id> + Send + '_> {
+		fn prev_events(&self) -> Box<dyn DoubleEndedIterator<Item = &EventId> + Send + '_> {
 			match &self.rest {
-				| Pdu::RoomV1Pdu(ev) => Box::new(ev.prev_events.iter().map(|(id, _)| id)),
-				| Pdu::RoomV3Pdu(ev) => Box::new(ev.prev_events.iter()),
+				| Pdu::RoomV1Pdu(ev) =>
+					Box::new(ev.prev_events.iter().map(|(id, _)| id.as_ref())),
+				| Pdu::RoomV3Pdu(ev) => Box::new(ev.prev_events.iter().map(AsRef::as_ref)),
 				#[allow(unreachable_patterns)]
 				| _ => unreachable!("new PDU version"),
 			}
 		}

 		#[allow(refining_impl_trait)]
-		fn auth_events(&self) -> Box<dyn DoubleEndedIterator<Item = &Self::Id> + Send + '_> {
+		fn auth_events(&self) -> Box<dyn DoubleEndedIterator<Item = &EventId> + Send + '_> {
 			match &self.rest {
-				| Pdu::RoomV1Pdu(ev) => Box::new(ev.auth_events.iter().map(|(id, _)| id)),
-				| Pdu::RoomV3Pdu(ev) => Box::new(ev.auth_events.iter()),
+				| Pdu::RoomV1Pdu(ev) =>
+					Box::new(ev.auth_events.iter().map(|(id, _)| id.as_ref())),
+				| Pdu::RoomV3Pdu(ev) => Box::new(ev.auth_events.iter().map(AsRef::as_ref)),
 				#[allow(unreachable_patterns)]
 				| _ => unreachable!("new PDU version"),
 			}
 		}

-		fn redacts(&self) -> Option<&Self::Id> {
+		fn redacts(&self) -> Option<&EventId> {
 			match &self.rest {
-				| Pdu::RoomV1Pdu(ev) => ev.redacts.as_ref(),
-				| Pdu::RoomV3Pdu(ev) => ev.redacts.as_ref(),
+				| Pdu::RoomV1Pdu(ev) => ev.redacts.as_deref(),
+				| Pdu::RoomV3Pdu(ev) => ev.redacts.as_deref(),
 				#[allow(unreachable_patterns)]
 				| _ => unreachable!("new PDU version"),
 			}
@@ -21,7 +21,10 @@ pub use ::toml;
 pub use ::tracing;
 pub use config::Config;
 pub use error::Error;
-pub use info::{rustc_flags_capture, version, version::version};
+pub use info::{
+	rustc_flags_capture, version,
+	version::{name, version},
+};
 pub use matrix::{Event, EventTypeExt, PduCount, PduEvent, PduId, RoomVersion, pdu, state_res};
 pub use server::Server;
 pub use utils::{ctor, dtor, implement, result, result::Result};
@@ -15,7 +15,7 @@ use conduwuit_core::{
 #[clap(
 	about,
 	long_about = None,
-	name = "conduwuit",
+	name = conduwuit_core::name(),
 	version = conduwuit_core::version(),
 )]
 pub(crate) struct Args {
@@ -74,17 +74,30 @@ pub(crate) struct Args {
 	/// with the exception of the last bucket, try increasing this value to e.g.
 	/// 50 or 100. Inversely, decrease to 10 etc if the histogram lacks
 	/// resolution.
-	#[arg(long, hide(true), env = "CONDUWUIT_RUNTIME_HISTOGRAM_INTERVAL", default_value = "25")]
+	#[arg(
+		long,
+		hide(true),
+		env = "CONTINUWUITY_RUNTIME_HISTOGRAM_INTERVAL",
+		env = "CONDUWUIT_RUNTIME_HISTOGRAM_INTERVAL",
+		default_value = "25"
+	)]
 	pub(crate) worker_histogram_interval: u64,

 	/// Set the histogram bucket count (tokio_unstable). Default is 20.
-	#[arg(long, hide(true), env = "CONDUWUIT_RUNTIME_HISTOGRAM_BUCKETS", default_value = "20")]
+	#[arg(
+		long,
+		hide(true),
+		env = "CONTINUWUITY_RUNTIME_HISTOGRAM_BUCKETS",
+		env = "CONDUWUIT_RUNTIME_HISTOGRAM_BUCKETS",
+		default_value = "20"
+	)]
 	pub(crate) worker_histogram_buckets: usize,

 	/// Toggles worker affinity feature.
 	#[arg(
 		long,
 		hide(true),
+		env = "CONTINUWUITY_RUNTIME_WORKER_AFFINITY",
 		env = "CONDUWUIT_RUNTIME_WORKER_AFFINITY",
 		action = ArgAction::Set,
 		num_args = 0..=1,
@@ -99,6 +112,7 @@ pub(crate) struct Args {
 	#[arg(
 		long,
 		hide(true),
+		env = "CONTINUWUITY_RUNTIME_GC_ON_PARK",
 		env = "CONDUWUIT_RUNTIME_GC_ON_PARK",
 		action = ArgAction::Set,
 		num_args = 0..=1,
@@ -98,12 +98,7 @@ pub(super) fn shutdown(server: &Arc<Server>, runtime: tokio::runtime::Runtime) {
 		Level::INFO
 	};

-	debug!(
-		timeout = ?SHUTDOWN_TIMEOUT,
-		"Waiting for runtime..."
-	);
-
-	runtime.shutdown_timeout(SHUTDOWN_TIMEOUT);
+	wait_shutdown(server, runtime);
 	let runtime_metrics = server.server.metrics.runtime_interval().unwrap_or_default();

 	event!(LEVEL, ?runtime_metrics, "Final runtime metrics");
@@ -111,13 +106,23 @@ pub(super) fn shutdown(server: &Arc<Server>, runtime: tokio::runtime::Runtime) {

 #[cfg(not(tokio_unstable))]
 #[tracing::instrument(name = "stop", level = "info", skip_all)]
-pub(super) fn shutdown(_server: &Arc<Server>, runtime: tokio::runtime::Runtime) {
+pub(super) fn shutdown(server: &Arc<Server>, runtime: tokio::runtime::Runtime) {
+	wait_shutdown(server, runtime);
+}
+
+fn wait_shutdown(_server: &Arc<Server>, runtime: tokio::runtime::Runtime) {
 	debug!(
 		timeout = ?SHUTDOWN_TIMEOUT,
 		"Waiting for runtime..."
 	);

 	runtime.shutdown_timeout(SHUTDOWN_TIMEOUT);
+
+	// Join any jemalloc threads so they don't appear in use at exit.
+	#[cfg(all(not(target_env = "msvc"), feature = "jemalloc"))]
+	conduwuit_core::alloc::je::background_thread_enable(false)
+		.log_debug_err()
+		.ok();
 }

 #[tracing::instrument(
@@ -165,7 +165,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 		.timeline
 		.build_and_append_pdu(
 			PduBuilder::state(String::new(), &RoomTopicEventContent {
-				topic: format!("Manage {} | Run commands prefixed with `!admin` | Run `!admin -h` for help | Documentation: https://conduwuit.puppyirl.gay/", services.config.server_name),
+				topic: format!("Manage {} | Run commands prefixed with `!admin` | Run `!admin -h` for help | Documentation: https://continuwuity.org/", services.config.server_name),
 			}),
 			server_user,
 			&room_id,
@@ -20,7 +20,7 @@ use std::{sync::Arc, time::Duration};
 use async_trait::async_trait;
 use conduwuit::{Result, Server, debug, info, warn};
 use database::{Deserialized, Map};
-use ruma::events::room::message::RoomMessageEventContent;
+use ruma::events::{Mentions, room::message::RoomMessageEventContent};
 use serde::Deserialize;
 use tokio::{
 	sync::Notify,
@@ -53,6 +53,8 @@ struct CheckForAnnouncementsResponseEntry {
 	id: u64,
 	date: Option<String>,
 	message: String,
+	#[serde(default, skip_serializing_if = "bool::not")]
+	mention_room: bool,
 }

 const CHECK_FOR_ANNOUNCEMENTS_URL: &str =
@@ -139,19 +141,20 @@ impl Service {
 		} else {
 			info!("[announcements] {:#}", announcement.message);
 		}
+		let mut message = RoomMessageEventContent::text_markdown(format!(
+			"### New announcement{}\n\n{}",
+			announcement
+				.date
+				.as_ref()
+				.map_or_else(String::new, |date| format!(" - `{date}`")),
+			announcement.message
+		));

-		self.services
-			.admin
-			.send_message(RoomMessageEventContent::text_markdown(format!(
-				"### New announcement{}\n\n{}",
-				announcement
-					.date
-					.as_ref()
-					.map_or_else(String::new, |date| format!(" - `{date}`")),
-				announcement.message
-			)))
-			.await
-			.ok();
+		if announcement.mention_room {
+			message = message.add_mentions(Mentions::with_room_mention());
+		}
+
+		self.services.admin.send_message(message).await.ok();
 	}

 	#[inline]
@@ -8,7 +8,7 @@ use conduwuit::{
 	Error, Result, err, implement,
 	state_res::{self, StateMap},
 	trace,
-	utils::stream::{IterStream, ReadyExt, TryWidebandExt, WidebandExt, automatic_width},
+	utils::stream::{IterStream, ReadyExt, TryWidebandExt, WidebandExt},
 };
 use futures::{FutureExt, StreamExt, TryFutureExt, TryStreamExt, future::try_join};
 use ruma::{OwnedEventId, RoomId, RoomVersionId};
@@ -112,14 +112,7 @@ where
 {
 	let event_fetch = |event_id| self.event_fetch(event_id);
 	let event_exists = |event_id| self.event_exists(event_id);
-	state_res::resolve(
-		room_version,
-		state_sets,
-		auth_chain_sets,
-		&event_fetch,
-		&event_exists,
-		automatic_width(),
-	)
-	.map_err(|e| err!(error!("State resolution failed: {e:?}")))
-	.await
+	state_res::resolve(room_version, state_sets, auth_chain_sets, &event_fetch, &event_exists)
+		.map_err(|e| err!(error!("State resolution failed: {e:?}")))
+		.await
 }
@@ -6,7 +6,7 @@ use axum::{
 	response::{Html, IntoResponse, Response},
 	routing::get,
 };
-use conduwuit_build_metadata::{GIT_REMOTE_COMMIT_URL, GIT_REMOTE_WEB_URL, VERSION_EXTRA};
+use conduwuit_build_metadata::{GIT_REMOTE_COMMIT_URL, GIT_REMOTE_WEB_URL, version_tag};
 use conduwuit_service::state;

 pub fn build() -> Router<state::State> {
@@ -18,7 +18,7 @@
    {%~ block footer ~%}
        <footer>
            <p>Powered by <a href="https://continuwuity.org">Continuwuity</a>
-                {%~ if let Some(version_info) = VERSION_EXTRA ~%}
+                {%~ if let Some(version_info) = self::version_tag() ~%}
                    {%~ if let Some(url) = GIT_REMOTE_COMMIT_URL.or(GIT_REMOTE_WEB_URL) ~%}
                        (<a href="{{ url }}">{{ version_info }}</a>)
                    {%~ else ~%}
Author	SHA1	Message	Date
Jade Ellis	c90216d37f	docs: Generated database docs	2025-06-19 23:46:49 +01:00
Jade Ellis	6e16a6ef8f	chore: Release announcement	2025-06-14 22:34:24 +01:00
Jade Ellis	0870c8d647	chore: Release	2025-06-14 20:53:00 +01:00
Jade Ellis	d0f00e6f5c	feat: Allow mentioning @room in an admin announcement	2025-06-14 19:09:54 +01:00
Jade Ellis	5d44653e3a	fix: Incorrect command descriptions	2025-06-14 16:51:24 +01:00
Jade Ellis	44e60d0ea6	docs: Tiny phrasing changes to the security policy	2025-06-14 16:34:58 +01:00
Jade Ellis	d7514178ab	ci: Fix extra bracket in commit shorthash	2025-06-13 14:30:26 +01:00
Jade Ellis	1d45e0b68c	feat: Add warning when admin users will be exposed as support contacts	2025-06-13 13:39:50 +01:00
Jade Ellis	3c44dccd65	ci: HACK, disable saving to actions cache	2025-05-26 19:16:50 +01:00
Jade Ellis	b57be072c7	build: Don't rerun on git changes	2025-05-26 19:16:05 +01:00
Jade Ellis	ea5dc8e09d	fix: Use correct brand in clap version string	2025-05-26 19:16:05 +01:00
Jade Ellis	b9d60c64e5	ci: Don't specify container for image builder	2025-05-26 19:16:04 +01:00
Jade Ellis	94ae824149	ci: Don't install rustup if it's already there	2025-05-26 19:16:03 +01:00
Jade Ellis	640714922b	feat: For knock_restricted rooms, automatically join rooms we meet restrictions for rather than knocking	2025-05-26 19:16:03 +01:00
Jade Ellis	2b268fdaf3	fix: Allow joining via invite for knock_restricted rooms	2025-05-26 19:16:01 +01:00
Jade Ellis	e8d823a653	docs: Apply feedback on security policy	2025-05-26 15:01:58 +01:00
Jade Ellis	0ba77674c7	docs: Security policy	2025-05-25 00:36:28 +01:00
Jade Ellis	2ccbd7d60b	fix: Reference config directly	2025-05-21 21:06:44 +01:00
Jade Ellis	60960c6e09	feat: Automatically set well-known support contacts	2025-05-21 20:32:53 +01:00
Jade Ellis	ce40304667	chore: Upgrade deps	2025-05-21 15:28:46 +01:00
Jade Ellis	dcbc4b54c5	ci: Always show sccache stats	2025-05-21 12:45:25 +01:00
Jade Ellis	fce024b30b	chore: Add must_use annotation	2025-05-21 12:45:14 +01:00
Jade Ellis	3e4e696761	fix: Make sure empty VERSION_EXTRA strings are ignored Also updates built & removes unused optional features	2025-05-21 12:35:36 +01:00
Jason Volk	f605913ea9	Eliminate associated Id type from trait Event. Co-authored-by: Jade Ellis <jade@ellis.link> Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:15 +01:00
Jason Volk	44302ce732	Eliminate explicit parallel_fetches argument. Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:15 +01:00
Jason Volk	bfb0a2b76a	Remove unused Pdu::into_any_event(). Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:14 +01:00
Jason Volk	fcd5669aa1	Join jemalloc background threads prior to exit. Co-authored-by: Jade Ellis <jade@ellis.link> Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:13 +01:00
Jade Ellis	9b8b37f162	docs: Badges for mirrors	2025-05-21 02:51:09 +01:00
Jade Ellis	7a46563f23	ci: Cache docker image build mounts	2025-05-21 01:48:25 +01:00
Jade Ellis	1bf6537319	build: Split docker target cache by target platform	2025-05-20 22:47:55 +01:00
Jade Ellis	4ed04b343a	build: Use xtrace in bash scripts in Dockerfile	2025-05-20 22:13:13 +01:00
Jade Ellis	a4ad72e11d	ci: Run `cargo test`	2025-05-20 21:48:40 +01:00
Jade Ellis	1f57508879	ci: Don't clippy check dependancies	2025-05-20 21:47:35 +01:00
Jade Ellis	a325dfa56a	ci: Use timelord in clippy check	2025-05-20 21:47:27 +01:00
Jade Ellis	b5d2ef9a4a	ci: Refactor timelord to its own action	2025-05-20 21:36:01 +01:00
Jade Ellis	e200a7d991	ci: Cache Rust registry	2025-05-20 21:36:01 +01:00
Jade Ellis	034762c619	chore: Allow raw string hashes for metadata crate	2025-05-20 21:36:00 +01:00
Jade Ellis	e31d261e66	ci: Run clippy check	2025-05-20 21:36:00 +01:00
Jade Ellis	c5db43ba9a	chore: Docker ignore forgejo files	2025-05-20 21:31:41 +01:00
Jade Ellis	ec08e16b9f	build: Allow builder to decide on incremental or not	2025-05-20 21:31:41 +01:00
Jade Ellis	f14725a51b	ci: Check formatting Also moves rustup installation to a seperate workflow and enables caching. The sccache action required a github.com api token, so we set all that up too.	2025-05-20 21:31:41 +01:00
Jade Ellis	d03325c65a	chore: Set editorconfig for workflows	2025-05-20 21:31:40 +01:00
Jade Ellis	066794fe90	ci: Don't try build images on PR	2025-05-20 21:31:40 +01:00
Jade Ellis	beee996f72	docs: Rename conduwuit to continuwuity in more places	2025-05-10 20:37:08 +01:00
Jade Ellis	7c58e40c96	chore(typos): Ignore certificate files	2025-05-10 19:42:40 +01:00
Jade Ellis	5577ddca27	chore: Add CONTINUWUITY_ environment variables Also updates some examples to match	2025-05-10 12:54:33 +01:00