{"id":50758590,"url":"https://github.com/flammafex/clout","last_synced_at":"2026-06-11T07:33:16.435Z","repository":{"id":336738636,"uuid":"1126972132","full_name":"flammafex/clout","owner":"flammafex","description":"Clout is a censorship-resistant social protocol built on Web of Trust. Your feed is filtered by trust distance, not engagement algorithms. Your social graph is stored locally and encrypted.","archived":false,"fork":false,"pushed_at":"2026-03-15T08:42:14.000Z","size":979,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-15T21:46:10.880Z","etag":null,"topics":["censorship-resistant","crdt","decentralized-social","end-to-end-encryption","fediverse","offline-first","p2p","privacy","pwa","self-hosted","social-network","web-of-trust","webrtc"],"latest_commit_sha":null,"homepage":"https://cloutsocial.net/about","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flammafex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY_AUDIT.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-02T23:11:51.000Z","updated_at":"2026-03-15T08:42:17.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/flammafex/clout","commit_stats":null,"previous_names":["flammafex/clout"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/flammafex/clout","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fclout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fclout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fclout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fclout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flammafex","download_url":"https://codeload.github.com/flammafex/clout/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flammafex%2Fclout/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34188272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["censorship-resistant","crdt","decentralized-social","end-to-end-encryption","fediverse","offline-first","p2p","privacy","pwa","self-hosted","social-network","web-of-trust","webrtc"],"created_at":"2026-06-11T07:33:15.665Z","updated_at":"2026-06-11T07:33:16.427Z","avatar_url":"https://github.com/flammafex.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🌑 Clout\n\n**Clout** is a decentralized social protocol that gives you complete control over your feed through transparent, user-controlled content filtering—not hidden algorithms.\n\n\u003cdiv align=center\u003e\u003cbr\u003e\u003cimg src=\"screenshot.webp\"\u003e\u003c/div\u003e\n\n## The Problem with Social Media Today\n\nModern social platforms share the same fundamental flaws:\n\n| Problem | How Platforms Fail You |\n|---------|----------------------|\n| **Invisible Censorship** | Algorithms shadowban content with no transparency or appeal |\n| **Algorithmic Radicalization** | Engagement-driven feeds amplify extreme content for clicks |\n| **Privacy Exploitation** | Your social graph is mapped, sold, and weaponized against you |\n| **Spam \u0026 Bot Armies** | Creating fake accounts is free and instant |\n| **Cognitive Overload** | Feeds exceed human processing limits, requiring algorithmic curation |\n| **Data Hostage** | Your content and connections are locked in corporate silos |\n\n**Clout solves all of these.**\n\n---\n\n## BE A PART OF IT - Quick Start\n\nGet running in one command:\n\n```bash\ngit clone https://git.carpocratian.org/sibyl/clout \u0026\u0026 cd clout\ndocker compose up --build\n```\n\nOpen **http://localhost:3000** — you're now running your own Clout node.\n\n### CLI Commands\n\n```bash\n# Create your identity\ndocker compose run --rm cli identity create\n\n# Post to the network\ndocker compose run --rm cli post \"Hello, decentralized world!\"\n\n# View your feed\ndocker compose run --rm cli feed\n\n# Trust someone\ndocker compose run --rm cli follow \u003cpublicKey\u003e\n\n# Send encrypted DM\ndocker compose run --rm cli slide \u003cpublicKey\u003e \"Private message\"\n```\n\n### What Gets Deployed\n\n| Service | Port | Purpose |\n|---------|------|---------|\n| **Clout** | 3000 | Web UI + API server |\n| **Witness Cluster** | 8080 | Distributed timestamping (3 nodes + gateway) |\n| **Freebird Issuer** | 8081 | Anti-spam token generation |\n| **Freebird Verifier** | 8082 | Token validation + Redis cache |\n| **HyperToken Relay** | 3001 | P2P WebRTC signaling |\n\nAll services run locally—no external dependencies, no data leaves your machine.\n\n---\n\n## Install Anywhere: Progressive Web App\n\nClout is a **Progressive Web App**—install it on any device without app stores:\n\n| Platform | How to Install |\n|----------|---------------|\n| **Android** | Chrome menu → \"Add to Home Screen\" |\n| **iOS/Safari** | Share button → \"Add to Home Screen\" |\n| **Desktop** | Click install icon in address bar |\n\n### What You Get\n\n- **Native app experience**: Standalone window, no browser chrome\n- **Offline shell**: App loads instantly from cache\n- **Background updates**: New versions install automatically\n- **Shortcuts**: Jump directly to New Post or Messages\n\nNo app store approval. No middleman. No tracking.\n\n---\n\n## The Dark Social Graph\n\nYour social relationships are **yours**—stored in your browser, invisible to servers.\n\n| Data | Where It Lives | Who Can See It |\n|------|----------------|----------------|\n| Trust connections | Your browser (IndexedDB) | Only you |\n| Nicknames | Your browser | Only you |\n| Mutes | Your browser | Only you |\n| Bookmarks | Your browser | Only you |\n| Tags | Your browser | Only you |\n\n**Why \"Dark\"?** Because your social graph is cryptographically hidden. When you trust someone, only they know. Third parties—including the server you connect through—cannot map your relationships.\n\n### Export Everything\n\nYour Dark Social Graph travels with you:\n\n```bash\n# Download complete encrypted backup (JSON)\nSettings → Data Management → Download Backup\n\n# Import on any device\nSettings → Data Management → Select Backup File\n```\n\nBackup includes: identity keys, profile data, trust signals, nicknames, tags, mutes, bookmarks, and settings—all in a single encrypted file.\n\n---\n\n## The Auto-Shadowban: Transparent Content Filtering\n\nClout's core innovation is the **auto-shadowban**—content filtering that's transparent, user-controlled, and impossible to weaponize against you.\n\n### How It Works\n\nWhen your node receives content from the network:\n\n```\n1. TRUST CHECK: Is the author within your trust graph?\n   ├─ YES → Accept post, add to feed, propagate to peers\n   └─ NO  → Silently drop (auto-shadowban)\n\n2. REPUTATION CHECK: Does author meet your minimum trust score?\n   ├─ YES → Continue processing\n   └─ NO  → Auto-shadowban\n\n3. VERIFICATION: Valid timestamp? Content hash matches? Signature valid?\n   ├─ YES → Display in feed\n   └─ NO  → Reject as invalid\n```\n\n### Why This Changes Everything\n\n| Traditional Shadowban | Clout Auto-Shadowban |\n|----------------------|---------------------|\n| Hidden, arbitrary, centralized | Transparent, rule-based, personal |\n| Platform decides who you see | **You** decide who you see |\n| No appeal, no explanation | Rules are visible and configurable |\n| Weaponized for censorship | Impossible to censor—only you control your graph |\n\n**The key insight**: On Clout, \"shadowbanning\" isn't censorship—it's your personal spam filter. You define the rules. No central authority can silence anyone; they can only choose not to listen.\n\n---\n\n## Trust Graph: Your Personal Algorithm\n\nInstead of a black-box algorithm, your feed is determined by your **trust graph**—people you trust, and people they trust.\n\n\u003cdiv align=center\u003e\u003cbr\u003e\u003cimg src=\"screenshot2.webp\"\u003e\u003c/div\u003e\n\n```\nDistance 0: You (trust score: 1.0)\n    │\nDistance 1: People you directly trust (score: 0.9)\n    │\nDistance 2: Friends of friends (score: 0.6)\n    │\nDistance 3: Extended network (score: 0.3)\n    │\nDistance 4+: Auto-shadowbanned (not in your reality)\n```\n\n### Consent-Based Trust Requests\n\nTrust is mutual. When you want to follow someone, you send a **trust request**—an encrypted message only they can read:\n\n```\n1. You → Send trust request (encrypted via slide)\n   ├─ Includes: your profile, desired weight, optional message\n   └─ Only recipient can decrypt and see the request\n\n2. Recipient → Decides to accept or ignore\n   ├─ ACCEPT → Mutual trust established, you enter each other's feeds\n   └─ IGNORE → Request stays pending (no notification to sender)\n\n3. Both parties can withdraw/revoke at any time\n```\n\nTrust requests prevent spam follows and ensure relationships are consensual. The sender never knows if they were rejected—they only see \"pending\" or \"accepted.\"\n\n### Weighted Trust\n\nNot all relationships are equal. Assign trust weights from 0.1 to 1.0:\n\n```typescript\nawait clout.trust(aliceKey, 1.0);   // Close friend: full trust\nawait clout.trust(bobKey, 0.5);     // Acquaintance: half trust\nawait clout.trust(carolKey, 0.1);   // Ugh, fucking Carol? minimal trust\n```\n\nTrust multiplies through paths: if you trust Alice (0.8) and Alice trusts Bob (0.7), your effective trust in Bob is 0.56.\n\n### Temporal Decay\n\nTrust naturally fades over time, reflecting real relationships:\n\n- Fresh trust: 1.0× multiplier\n- 1 year old: 0.5× multiplier\n- 2 years old: 0.25× multiplier\n\nInactive connections gradually drop out of your feed. Active relationships stay strong.\n\n---\n\n## Village-Scale Networking\n\nClout respects **Dunbar's number** (~150)—the cognitive limit for stable social relationships.\n\n### The Math\n\nWith `maxHops: 3` (default):\n\n| Distance | Reach | Trust Score |\n|----------|-------|-------------|\n| 1 hop | ~50-150 people | 0.9 |\n| 2 hops | ~2,500-22,500 people | 0.6 |\n| 3 hops | ~125k-3.3M people | 0.3 |\n\nYour feed stays cognitively manageable while your network provides content diversity.\n\n### Contrast with Legacy Platforms\n\n| Platform | Approach | Result |\n|----------|----------|--------|\n| Facebook | 338 average \"friends\" (2× Dunbar) | Algorithmic curation required |\n| Twitter/X | Unlimited follows | Information firehose, algorithmic sorting |\n| **Clout** | Trust graph with natural limits | No algorithm needed—trust itself is the filter |\n\n---\n\n## Browser-Native Identity\n\nYour identity is a **cryptographic keypair generated in your browser**. No server ever sees your private key.\n\n| Component | Where It Lives |\n|-----------|---------------|\n| Private key | Your browser (IndexedDB) |\n| Public key | Shared with network (your address) |\n| Signatures | Generated client-side |\n\n### Identity Operations\n\n```bash\n# View your public key (shareable)\nProfile → Your Public Key → Copy\n\n# Generate QR code for easy sharing\nProfile → QR Code\n\n# Backup identity (encrypted)\nProfile → Export Identity → Enter Password\n\n# Restore on new device\nProfile → Import Identity → Select File\n```\n\n**Key insight**: Because your private key never leaves your browser, no server—not even the one you're connected to—can impersonate you or read your encrypted messages.\n\n---\n\n## Privacy by Default\n\n### Encrypted Trust Signals\n\nWhen you trust someone, only they know. Third parties cannot map your social graph.\n\n### Tor Integration\n\nFull anonymity with circuit isolation per destination:\n\n```typescript\nconst torProxy = new TorProxy({\n  proxyHost: 'localhost',\n  proxyPort: 9050,\n  circuitIsolation: true  // Prevents correlation attacks\n});\n```\n\n### Ephemeral Keys\n\nPosts use rotating keys (24-hour rotation) for forward secrecy. Even if a key is compromised, historical posts remain protected.\n\n---\n\n## Spam Resistance: Economic Friction for Bad Actors\n\n### Day Pass System\n\nPosting requires a **Day Pass**, obtained through Freebird tokens (proof-of-work or invitation):\n\n| Reputation | Pass Duration | Rationale |\n|------------|---------------|-----------|\n| ≥0.9 | 7 days | Highly trusted: minimal friction |\n| ≥0.7 | 3 days | Established: light friction |\n| ≥0.5 | 2 days | Building trust: moderate friction |\n| \u003c0.5 | 1 day | New/unvetted: high friction |\n\n### Invitation System\n\nNew users join through **invitation codes** from existing members:\n\n1. Existing member generates invitation code\n2. New user redeems code → creates browser identity\n3. Mutual trust established automatically (inviter ↔ invitee)\n4. New user receives Day Pass to start posting\n\n**Web of trust, not corporate gatekeeping**: You vouch for people you know. Bad actors must infiltrate real social networks—expensive at scale.\n\n### Delegated Passes\n\nHigh-reputation users can vouch for newcomers:\n\n```typescript\n// Sponsor a new user (requires reputation ≥0.7)\nawait clout.delegatePass(newUserKey, 24);  // 24-hour pass\n```\n\nDelegation limits prevent abuse:\n- Reputation ≥0.9: 10 passes/week\n- Reputation ≥0.7: 5 passes/week\n\n---\n\n## Rich Media: Share More Than Text\n\nClout supports content-addressed media storage—your files live on the distributed network, not corporate servers:\n\n| Media Type | Supported Formats |\n|------------|-------------------|\n| **Images** | PNG, JPEG, GIF, WebP, SVG |\n| **Video** | MP4, WebM, OGG |\n| **Audio** | MP3, WAV, OGG |\n| **Documents** | PDF |\n\n```bash\nclout post \"Check this out!\" --media ./photo.jpg\nclout post \"New track\" --media ./song.mp3\n```\n\n### P2P Media Fetching\n\nMedia is fetched directly from authors' nodes:\n\n| Trust Distance | Media Access |\n|---------------|--------------|\n| 1 hop (direct) | Always available |\n| 2 hops | Configurable per media type |\n| 3+ hops | Requires explicit trust settings |\n\nConfigure per content type:\n```\nSettings → Media Trust Settings → Images/Videos/Audio → Max Distance\n```\n\n---\n\n## Real-Time Updates\n\nStay connected with live updates through Server-Sent Events (SSE):\n\n- New posts from your trust graph appear instantly\n- Replies and reactions notify you immediately\n- Direct messages arrive in real-time\n- Offline indicator shows connection status\n- No polling required—efficient push-based architecture\n\n---\n\n## Feed Sorting \u0026 Discovery\n\nControl how content appears in your feed:\n\n| Sort Option | Algorithm |\n|-------------|-----------|\n| **Newest** | Chronological, most recent first |\n| **Reactions** | Posts with most reactions (👍❤️🔥) |\n| **Replies** | Posts generating most discussion |\n| **Hot** | Engagement weighted by recency: `(reactions + replies×2) / (age+2)^1.5` |\n\n```bash\n# API examples\ncurl /api/feed?sort=hot\ncurl /api/feed?sort=reactions\u0026limit=20\u0026offset=40\n```\n\n---\n\n## Link Previews\n\nPosts containing URLs automatically display OpenGraph metadata:\n\n- **Title** and **description** from the linked page\n- **Site name** for context\n- Privacy-focused: no images fetched to prevent tracking\n- Server-side proxy prevents CORS issues\n\nWhen you post a link, the preview data is stored with the post and displayed inline—giving your network context without requiring them to click.\n\n---\n\n## Encrypted Direct Messages (Slides)\n\nEnd-to-end encrypted DMs that propagate through the gossip network:\n\n- **X25519 key exchange** + **XChaCha20-Poly1305 AEAD**\n- Ephemeral keypairs for forward secrecy\n- No day pass required\n- Only sender and recipient can read content\n\n```bash\nclout slide \u003crecipientKey\u003e \"Your private message\"\nclout slides  # View inbox\n```\n\n---\n\n## Author Control: Edit \u0026 Retract\n\nUnlike centralized platforms where your content lives forever at their mercy, Clout gives you complete control:\n\n### Edit Posts\nUpdate your posts while preserving thread integrity:\n```bash\nclout edit \u003cpostId\u003e \"Updated content\"\n```\n\nEdits create a transparent version chain—viewers see the current version with full history available. **Edit chain resolution** ensures replies always link to the latest version of the post, not orphaned old versions.\n\n### Retract Posts\nRemove your content from circulation:\n```bash\nclout retract \u003cpostId\u003e\n```\nRetracted posts are marked as withdrawn. Nodes respect author intent and filter them from feeds.\n\n### Mute Users\nHide content without affecting trust relationships:\n```bash\nclout mute \u003cpublicKey\u003e    # Silence without unfollowing\nclout unmute \u003cpublicKey\u003e\n```\n\nMutes are stored locally in your Dark Social Graph—the muted person never knows.\n\n---\n\n## Content Warnings \u0026 NSFW Controls\n\nMark sensitive content and let viewers decide what they see:\n\n```bash\nclout post --nsfw \"Adult content here\"\nclout post --cw \"Spoilers for latest episode\" \"The ending was...\"\n```\n\nConfigure your feed preferences:\n```\nSettings → Content Filtering → Show NSFW content\n```\n\n**User control, not platform censorship**: Content isn't removed—you choose whether to see it.\n\n---\n\n## Content-Type Filtering\n\nSet different trust thresholds per content type:\n\n```typescript\nconst clout = new Clout({\n  // ...\n  contentTypeFilters: {\n    'slide': { maxHops: 5, minReputation: 0.2 },      // DMs: permissive\n    'image/png': { maxHops: 2, minReputation: 0.7 },  // Images: strict\n    'text/plain': { maxHops: 3, minReputation: 0.4 }  // Text: moderate\n  }\n});\n```\n\n---\n\n## Web Interface Features\n\n**Full-featured social experience:**\n\n| Feature | Description |\n|---------|-------------|\n| **Feed** | Personalized content from your trust graph with real-time updates |\n| **Feed Sorting** | Newest, most reactions, most replies, or \"hot\" algorithm |\n| **Posts** | Rich content with images, video, audio, and PDFs |\n| **Link Previews** | OpenGraph metadata for shared URLs |\n| **Threads** | Full conversation views with nested replies and edit chain resolution |\n| **Reactions** | Express yourself (👍 ❤️ 🔥 😂 😮 🙏) |\n| **Trust Requests** | Consent-based following with encrypted requests |\n| **Bookmarks** | Save posts locally (never leaves your browser) |\n| **Search** | Find posts and users across your network |\n| **Tags** | Organize trusted users into groups, filter feed by tag |\n| **Nicknames** | Set private names for users (only you see them) |\n| **Slides (DMs)** | End-to-end encrypted direct messages |\n| **Profiles** | Display name, bio, and avatar (embedded in posts) |\n| **QR Codes** | Share your public key easily |\n| **Notifications** | Badge counts for replies, mentions, and DMs |\n| **Offline Mode** | View cached content when disconnected |\n| **Owner Dashboard** | Invitation management and member moderation |\n\n---\n\n## API Reference\n\nFull REST API for programmatic access:\n\n### Feed \u0026 Posts\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/feed` | GET | Get personalized feed (supports `?sort=newest\\|reactions\\|replies\\|hot`) |\n| `/api/feed/tag/:tag` | GET | Get posts from tagged users |\n| `/api/post` | POST | Create new post |\n| `/api/post/:id` | PUT | Edit post |\n| `/api/post/:id/retract` | POST | Retract post |\n| `/api/thread/:id` | GET | Get thread with replies (resolves edit chains) |\n| `/api/search` | GET | Search posts |\n\n### Reactions \u0026 Bookmarks\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/react` | POST | Add reaction |\n| `/api/unreact` | POST | Remove reaction |\n| `/api/bookmark` | POST | Save post |\n| `/api/unbookmark` | POST | Remove bookmark |\n| `/api/bookmarks` | GET | Get bookmarked posts |\n| `/api/mentions` | GET | Get posts mentioning you |\n\n### Trust \u0026 Social Graph\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/trust` | POST | Trust a user (direct trust) |\n| `/api/trust/:publicKey` | DELETE | Revoke trust |\n| `/api/trusted` | GET | List trusted users |\n| `/api/reputation/:publicKey` | GET | Get reputation score |\n| `/api/mute` | POST | Mute user |\n| `/api/unmute` | POST | Unmute user |\n| `/api/muted` | GET | List muted users |\n| `/api/tags` | GET/POST/DELETE | Manage user tags |\n| `/api/nickname` | POST | Set nickname |\n| `/api/nicknames` | GET | List all nicknames |\n\n### Trust Requests (Consent-Based)\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/trust-request` | POST | Send trust request |\n| `/api/trust-requests/incoming` | GET | Get pending requests |\n| `/api/trust-requests/outgoing` | GET | Get sent requests |\n| `/api/trust-request/:id/accept` | POST | Accept request |\n| `/api/trust-request/:id/reject` | POST | Reject request (silent) |\n| `/api/trust-request/:id` | DELETE | Withdraw request |\n| `/api/trust-request/:id/retry` | POST | Retry ghosted request |\n\n### Slides (DMs)\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/slides` | POST | Send encrypted message |\n| `/api/slides` | GET | Get inbox |\n\n### Media\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/media/upload` | POST | Upload media file |\n| `/api/media/:cid` | GET | Fetch media by CID |\n| `/api/media/post/:postId` | GET | Fetch media for post |\n\n### Link Previews\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/opengraph/fetch` | GET | Fetch OpenGraph metadata for URL |\n\n### Identity \u0026 Settings\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/identity` | GET | Get current identity |\n| `/api/identity/current` | GET | Get current identity details |\n| `/api/identities` | GET | List all identities |\n| `/api/identities` | POST | Create new identity |\n| `/api/identities/switch` | POST | Switch default identity |\n| `/api/identities/:name/export` | GET | Export identity secret key |\n| `/api/identities/import` | POST | Import identity from secret key |\n| `/api/profile` | POST | Update profile |\n| `/api/settings` | GET/POST | Manage settings |\n| `/api/data/export` | GET | Export encrypted backup |\n| `/api/data/import` | POST | Import backup |\n\n### Real-Time\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/live` | GET (SSE) | Real-time event stream |\n| `/api/live/status` | GET | Connected client count |\n| `/api/notifications/counts` | GET | Notification badges |\n| `/api/notifications/replies` | GET | Get replies to my posts |\n| `/api/notifications/mark-seen` | POST | Mark notifications as seen |\n\n### Admin (Instance Owner)\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `/api/admin/members` | GET | List members with quota |\n| `/api/admin/quota/grant` | POST | Grant invitation quota |\n| `/api/admin/invitations` | GET | List all invitations |\n| `/api/admin/invitations` | POST | Create invitations (bypass quota) |\n| `/api/admin/stats` | GET | Freebird statistics |\n| `/api/admin/users` | GET | List all Freebird users |\n| `/api/admin/users/ban` | POST | Ban a user |\n| `/api/admin/user-lookup` | GET | Lookup user by public key |\n| `/api/invitations/quota` | GET | Get my quota status |\n| `/api/invitations/mine` | GET | List my created invitations |\n| `/api/invitations/create` | POST | Create invitation (uses quota) |\n\n---\n\n## Instance Administration\n\nWhen you deploy a Clout instance, you become the **instance owner**—responsible for onboarding members and maintaining community health.\n\n### Owner Capabilities\n\n| Feature | Description |\n|---------|-------------|\n| **Create Invitations** | Generate invitation codes without quota limits |\n| **Grant Quota** | Allow trusted members to invite others |\n| **User Lookup** | Find which invitation code a user redeemed |\n| **Ban Users** | Remove bad actors (optionally including their invite tree) |\n| **View Statistics** | Monitor Freebird token usage and member counts |\n\n### Invitation Quota System\n\nMembers can invite others—but only if the owner grants them quota:\n\n```\n1. Owner grants quota to Alice (5 invitations)\n2. Alice creates invitation code\n3. Bob redeems code → joins network\n4. Alice's quota decreases (4 remaining)\n5. Owner can trace: Bob → Alice → Owner\n```\n\nThis creates an **accountability chain**: every member can be traced back through their invitation path. Bad actors can be banned along with everyone they invited.\n\n### Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `CLOUT_AUTH` | Require authentication | `false` |\n| `FREEBIRD_ADMIN_KEY` | Admin API key for Freebird | (required for admin) |\n| `FREEBIRD_SYBIL_MODE` | `invitation` or `pow` | `invitation` |\n| `WITNESS_NETWORK_ID` | Witness cluster ID | `clout-testnet` |\n\n---\n\n## Programmatic Usage\n\n```typescript\nimport { Clout, Crypto, FreebirdAdapter, WitnessAdapter } from 'clout';\n\nconst keypair = Crypto.generateKeyPair();\nconst clout = new Clout({\n  publicKey: keypair.publicKey,\n  privateKey: keypair.privateKey.bytes,\n  freebird: new FreebirdAdapter({ /* config */ }),\n  witness: new WitnessAdapter({ /* config */ }),\n  maxHops: 3,\n  minReputation: 0.3\n});\n\n// Build your trust network\nawait clout.trust(aliceKey, 1.0);\nclout.addTrustTag(aliceKey, 'friends');\n\n// Post content\nconst post = await clout.post('Hello world!');\n\n// Get your personalized feed\nconst feed = await clout.getFeed();\nconst friendsPosts = await clout.getFeed({ tag: 'friends' });\n\n// Edit a post (creates version chain, preserves replies)\nawait clout.editPost(post.id, 'Updated hello world!');\n\n// Send encrypted DM\nawait clout.sendSlide(aliceKey, 'Private message');\n```\n\n---\n\n## Architecture\n\nClout inverts [Scarcity](https://git.carpocratian.org/sibyl/Scarcity)'s money protocol into a reputation protocol:\n\n| Component | Scarcity (Money) | Clout (Reputation) |\n|-----------|------------------|-------------------|\n| Primitive | Token (value) | Post (content) |\n| Operation | transfer() | post() |\n| Gossip Logic | \"Seen this? REJECT\" | \"Trust author? ACCEPT\" |\n| Validation | Prevent double-spend | Check trust distance |\n\n### Core Modules\n\nThe codebase is organized into focused modules:\n\n**Backend (`src/clout/`)**\n| Module | Responsibility |\n|--------|----------------|\n| `economics.ts` | Day passes, tickets, delegation |\n| `content.ts` | Post creation, editing, retraction |\n| `media.ts` | WNFS storage, P2P media fetch |\n| `trust.ts` | Social graph, encrypted signals |\n| `reactions.ts` | Trust-weighted reactions |\n| `feed.ts` | Feed filtering, caching, edit chain resolution |\n| `backup.ts` | Export/import |\n| `relay.ts` | Browser identity relay |\n\n**Frontend (`src/web/public/js/`)**\n| Module | Responsibility |\n|--------|----------------|\n| `state.js` | Shared application state |\n| `api.js` | HTTP communication layer |\n| `feed.js` | Feed rendering and filtering |\n| `posts.js` | Post creation and editing |\n| `trust.js` | Trust list management |\n| `thread.js` | Thread view |\n| `slides.js` | Encrypted DMs |\n| `profile.js` | Identity and settings |\n| `notifications.js` | SSE and badges |\n\n---\n\n## Dependencies\n\nBuilt on Scarcity's infrastructure:\n\n- **Freebird**: Anonymous authorization (P-256 VOPRF)\n- **Witness**: Threshold timestamping\n- **HyperToken**: P2P networking and CRDT sync\n- **@noble/curves** \u0026 **@noble/hashes**: Cryptographic primitives\n\n---\n\n## License\n\nApache-2.0\n\n## Credits\n\nBuilt by refactoring [Scarcity](https://git.carpocratian.org/sibyl/Scarcity), with:\n- [Freebird](https://git.carpocratian.org/sibyl/Freebird) | [Witness](https://git.carpocratian.org/sibyl/Witness) | [HyperToken](https://git.carpocratian.org/sibyl/Hypertoken)\n\n*The architecture inverts Scarcity's \"Conservation of Value\" into Clout's \"Propagation of Signal.\"*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflammafex%2Fclout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflammafex%2Fclout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflammafex%2Fclout/lists"}