{"id":29441201,"url":"https://github.com/zerosonesfun/peace-protocol","last_synced_at":"2026-05-15T21:03:27.292Z","repository":{"id":301657526,"uuid":"1007437817","full_name":"zerosonesfun/peace-protocol","owner":"zerosonesfun","description":"A decentralized way for WordPress admins to share peace, respect, and follow each other with cryptographic handshakes.","archived":false,"fork":false,"pushed_at":"2025-06-28T02:40:51.000Z","size":143,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-28T03:26:49.782Z","etag":null,"topics":["federation","fediverse","protocol","wordpress","wordpress-plugin"],"latest_commit_sha":null,"homepage":"https://wilcosky.com/peace-protocol","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zerosonesfun.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-24T02:12:16.000Z","updated_at":"2025-06-28T02:39:27.000Z","dependencies_parsed_at":"2025-06-28T03:37:06.475Z","dependency_job_id":null,"html_url":"https://github.com/zerosonesfun/peace-protocol","commit_stats":null,"previous_names":["zerosonesfun/peace-protocol"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/zerosonesfun/peace-protocol","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zerosonesfun%2Fpeace-protocol","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zerosonesfun%2Fpeace-protocol/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zerosonesfun%2Fpeace-protocol/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zerosonesfun%2Fpeace-protocol/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zerosonesfun","download_url":"https://codeload.github.com/zerosonesfun/peace-protocol/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zerosonesfun%2Fpeace-protocol/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265151857,"owners_count":23719124,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["federation","fediverse","protocol","wordpress","wordpress-plugin"],"created_at":"2025-07-13T13:41:40.714Z","updated_at":"2025-09-19T05:52:35.586Z","avatar_url":"https://github.com/zerosonesfun.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Peace Protocol\n\n**A secure, decentralized protocol for WordPress administrators to connect their sites and build a network of trust through cryptographic handshakes.**\n\nPeace Protocol enables WordPress site administrators to authenticate as their website and send cryptographically signed \"peace\" messages to other WordPress sites running the same protocol. This creates a decentralized network where admins can establish trust relationships, share peace, and enable cross-site interactions.\n\n## 🔒 **Security-First Design**\n\n### **Admin-Only Authentication**\n- **WordPress Administrators Only**: This plugin is designed exclusively for WordPress site administrators\n- **Site-Level Authentication**: Admins authenticate as their website, not as individual users\n- **No Public Registration**: No public user registration system - only federated users created after secure handshakes\n- **Cryptographic Tokens**: Each site uses cryptographically secure tokens for authentication\n\n### **Federated User System**\n- **Limited Permissions**: Federated users can only comment on posts, no admin access\n- **Automatic Cleanup**: Federated users are removed when the plugin is uninstalled\n- **Role-Based Security**: Federated users have the `federated_peer` role with minimal capabilities\n- **No Dashboard Access**: Federated users cannot access WordPress admin areas\n\n### **Token Security**\n- **Cryptographically Secure**: Tokens are generated using WordPress's secure password generator\n- **Token Rotation**: Support for multiple tokens with automatic rotation\n- **Secure Storage**: Tokens are stored securely in WordPress options\n- **Expiring Authorization Codes**: Authorization codes expire after 5 minutes\n\n## 🌟 **Key Features**\n\n### **Core Functionality**\n- **Send Peace**: Send cryptographically signed peace messages to other WordPress sites\n- **Peace Log Wall**: Display received peace messages using the `[peaceprotocol_log_wall]` shortcode\n- **Automatic Feed Subscription**: Automatically subscribe to peace feeds from sites you connect with\n- **Token Management**: Generate, rotate, and manage authentication tokens\n- **User Banning System**: Ban problematic users with reason tracking\n- **IndieAuth Support**: Alternative authentication using the IndieAuth standard with PKCE\n\n### **Federated Login System**\n- **Cross-Site Authentication**: Users from remote sites can comment as their site identity\n- **Seamless Integration**: Works with existing WordPress comment systems\n- **Secure Handshake**: Only sites completing the cryptographic handshake can create federated logins\n- **Automatic User Creation**: Creates federated users automatically after successful handshake\n- **Dual Authentication**: Support for both Peace Protocol tokens and IndieAuth standard\n\n### **Admin Interface**\n- **Token Management**: Generate, view, and delete authentication tokens\n- **Feed Management**: View and manage subscribed peace feeds\n- **Peace Log**: View all received peace messages in the admin area\n- **User Banning**: Ban users with reason tracking and management\n- **Settings Configuration**: Configure button position and auto-insertion\n\n### **Frontend Features**\n- **Peace Button**: Floating peace hand button (✌️) that can be positioned anywhere\n- **Auto-Insertion**: Automatically insert the peace button on your site\n- **Shortcode Support**: Use `[peaceprotocol_hand_button]` to manually place the button\n- **Responsive Design**: Works on all devices and screen sizes\n- **Dark Mode Support**: Automatically adapts to user's color scheme preference\n- **Choice Modal**: User-friendly modal to choose between Peace Protocol and IndieAuth authentication\n\n### **Technical Features**\n- **REST API**: Modern REST API endpoints for all functionality\n- **AJAX Fallback**: AJAX endpoints for sites with REST API disabled\n- **CORS Support**: Proper CORS headers for cross-site communication\n- **Translation Ready**: Full internationalization support with multiple languages\n- **Custom Post Types**: Uses custom post types for peace logs\n- **IndieAuth Endpoints**: Full IndieAuth specification compliance with authorization and token endpoints\n- **PKCE Support**: Proof Key for Code Exchange for enhanced security\n\n## 🚀 **How It Works**\n\n### **For WordPress Administrators**\n\n1. **Install \u0026 Activate**: Install the plugin and activate it on your WordPress site\n2. **Generate Tokens**: Go to Settings \u003e Peace Protocol and generate authentication tokens\n3. **Send Peace**: Use the peace button to send cryptographically signed peace to other sites\n4. **Build Network**: Connect with other WordPress sites and build a network of trust\n\n### **Federated Login Process**\n\n#### **Peace Protocol Authentication**\n1. **User from Site A** visits Site B and wants to comment\n2. **User clicks \"Send Peace\"** button on Site B\n3. **User chooses \"Login with Peace Protocol\"** from the choice modal\n4. **Site B redirects** to Site A for authentication\n5. **Site A validates** the user and generates an authorization code\n6. **User is redirected** back to Site B with the authorization code\n7. **Site B automatically** logs in the user as a federated user from Site A\n8. **User can comment** on Site B as \"Logged in as sitea.com\"\n\n#### **IndieAuth Authentication**\n1. **User from Site A** visits Site B and wants to comment\n2. **User clicks \"Send Peace\"** button on Site B\n3. **User chooses \"Login with IndieAuth\"** from the choice modal\n4. **Site B discovers** IndieAuth endpoints on Site A\n5. **Site B redirects** to Site A's IndieAuth authorization endpoint\n6. **Site A validates** the user and generates an authorization code\n7. **User is redirected** back to Site B with the authorization code\n8. **Site B exchanges** the code for an access token using PKCE\n9. **Site B automatically** logs in the user as a federated user from Site A\n10. **User can comment** on Site B as \"Logged in as sitea.com\"\n\n### **Security Flow**\n\n1. **Cryptographic Handshake**: Sites exchange cryptographically signed tokens\n2. **Token Validation**: Each peace message is validated using secure tokens\n3. **Federated User Creation**: Only after successful handshake are federated users created\n4. **Limited Permissions**: Federated users have minimal permissions and no admin access\n5. **Automatic Cleanup**: All federated data is removed on plugin uninstall\n\n## 📋 **Requirements**\n\n- **WordPress**: 6.0 or higher\n- **PHP**: 7.4 or higher\n- **Permissions**: Administrator access to WordPress site\n- **Network**: Sites must be able to communicate via HTTP/HTTPS\n\n## 🔧 **Installation**\n\n1. **Upload** the plugin files to `/wp-content/plugins/peace-protocol/`\n2. **Activate** the plugin through the 'Plugins' screen in WordPress\n3. **Configure** by going to Settings \u003e Peace Protocol\n4. **Generate Tokens** for site authentication\n5. **Customize** button position and auto-insertion settings\n\n## 📖 **Usage**\n\n### **Basic Setup**\n```php\n// The peace button is automatically inserted on your site\n// Or use the shortcode: [peaceprotocol_hand_button]\n// Display peace log wall: [peaceprotocol_log_wall]\n```\n\n### **Token Management**\n- Generate at least 3 tokens for security\n- Rotate tokens regularly\n- Keep tokens secure and private\n- Delete old tokens when no longer needed\n\n### **Sending Peace**\n1. Click the peace button (✌️) on your site\n2. Enter the target site URL\n3. Add an optional note (max 50 characters)\n4. Click \"Send Peace\"\n\n### **Managing Feeds**\n- View subscribed feeds in Settings \u003e Peace Protocol\n- Unsubscribe from feeds you no longer want to follow\n- Feeds are automatically added when you send peace to new sites\n\n## 🛡️ **Security Considerations**\n\n### **What This Plugin Does NOT Do**\n- ❌ **No Public User Registration**: Only WordPress administrators can use this plugin (federated users are created automatically after secure handshakes)\n- ❌ **No Admin Access for Federated Users**: Federated users cannot access WordPress admin\n- ❌ **No Database Access**: Federated users cannot access sensitive site data\n- ❌ **No File System Access**: Federated users cannot upload or modify files\n- ❌ **No Plugin/Theme Management**: Federated users cannot install or modify plugins/themes\n\n### **What This Plugin DOES Do**\n- ✅ **Site-to-Site Authentication**: WordPress admins authenticate as their website\n- ✅ **Cryptographic Verification**: All peace messages are cryptographically signed\n- ✅ **Limited Federated Access**: Federated users can only comment on posts\n- ✅ **Automatic Cleanup**: All federated data is removed on uninstall\n- ✅ **Secure Token Management**: Tokens are cryptographically secure and can be rotated\n\n## 🌍 **Internationalization**\n\nPeace Protocol is fully translation-ready and includes translations for:\n- English (default)\n- Spanish (es_ES)\n- French (fr_FR)\n- Japanese (ja)\n- Chinese Simplified (zh_CN)\n\n## 🔮 **Future Plans**\n\n- **Post Liking**: Like posts across federated sites\n- **Enhanced Commenting**: Rich comment interactions\n- **Site Discovery**: Automatic discovery of Peace Protocol sites\n- **Advanced Federation**: More sophisticated federated features\n\n## 🤝 **Contributing**\n\nWe welcome contributions! Please see our contributing guidelines and code of conduct.\n\n## 📄 **License**\n\nThis project is licensed under the GPL v2 or later - see the [LICENSE](LICENSE) file for details.\n\n## 🆘 **Support**\n\nFor support, questions, or security concerns:\n- **GitHub Issues**: [Create an issue](https://github.com/wilcosky/peace-protocol/issues)\n- **Author Website**: [wilcosky.com](https://wilcosky.com)\n- **Security**: For security issues, please contact the author directly\n\n---\n\n**Peace Protocol** - Building a decentralized network of trust, one WordPress site at a time. ✌️","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzerosonesfun%2Fpeace-protocol","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzerosonesfun%2Fpeace-protocol","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzerosonesfun%2Fpeace-protocol/lists"}