Message types
The address-native message set. Every committed message is user-submitted and carries a valid Ed25519 envelope. Validators do not inject Tempo events into blocks. The canonical reference is protocol/SPECIFICATION.md (AccountKeychain custody, ERC-1271 removal, chain wipe).
Projects
| Type | Description | Base scope |
|---|---|---|
PROJECT_CREATE | Create a project | SIGNING |
PROJECT_METADATA | Update project metadata | SIGNING |
PROJECT_ARCHIVE | Archive a project | SIGNING |
FORK | Fork an existing project | SIGNING |
PROJECT_REMOVE | Remove a project | SIGNING |
Project ownership is keyed by owner_address.
Refs and commits
| Type | Description | Base scope |
|---|---|---|
REF_UPDATE | Move a ref to a new hash | AGENT |
REF_DELETE | Delete a ref | AGENT |
COMMIT_BUNDLE | Append commit metadata | AGENT |
CommitMeta uses author_address.
Collaborators and account metadata
| Type | Description | Base scope |
|---|---|---|
COLLABORATOR_ADD | Add a collaborator | SIGNING |
COLLABORATOR_REMOVE | Remove a collaborator | SIGNING |
ACCOUNT_DATA | Update account metadata | SIGNING |
Collaborator targets are address-native:
CollaboratorAddBody.target_owner_addressCollaboratorRemoveBody.target_owner_address
Merge requests
| Type | Description | Base scope |
|---|---|---|
MERGE_REQUEST_ADD | Open a merge request from a fork descendant into a target project | SIGNING |
MERGE_REQUEST_REMOVE | Withdraw or close a merge request | SIGNING |
MERGE_REQUEST_ADD binds source_project_id, source_ref, source_commit_hash, and a suggested target_ref into a content-addressed request_id. The source project must be in the target project's retained fork lineage within MAX_FORK_LINEAGE_DEPTH = 256 hops. source_project_id must not equal project_id. No target-project membership is required for public projects; private targets require READ+ access. source_ref must resolve exactly to source_commit_hash at execution time.
MERGE_REQUEST_REMOVE closes an active merge request through dual authorization — the original requester may withdraw without any target-project membership, or a target project owner or collaborator with WRITE+ may close it. Merge request state is stored under the target project's namespace at prefix 0x1B with a requester reverse index at 0x1C. Closure attribution is available only from finalized message history, not from canonical state.
Verification and storage
| Type | Description | Base scope |
|---|---|---|
VERIFICATION_ADD | Prove an external address | SIGNING |
VERIFICATION_REMOVE | Remove a verification | SIGNING |
STORAGE_CLAIM | Claim raw storage units | none |
STORAGE_CLAIM is the only Tempo-backed storage ingress path in Makechain. It funds raw storage only and does not assign usernames.
It still requires finalized settlement verification. First successful application does not require delegated-key authorization, and duplicate replay remains marker-idempotent after settlement verification.
VERIFICATION_ADD carries a self-describing claim signature. ETH claims support secp256k1, P256, and WebAuthn P256 signatures over the EIP-712 VerificationClaim typed-data hash; consensus verifies them locally. ERC-1271 verification is not supported.
Username management
| Type | Description | Base scope |
|---|---|---|
USERNAME_CREATE | Claim the first canonical username for an account | SIGNING |
USERNAME_UPDATE | Replace the current canonical username | SIGNING |
USERNAME_CREATE requires active storage (at least one accepted STORAGE_CLAIM) and that no username is currently assigned.
USERNAME_UPDATE requires an active username and active storage.
Username-bearing quota requires both active storage and an active username.
Links and reactions
| Type | Description | Base scope |
|---|---|---|
LINK_ADD | Add a link | SIGNING |
LINK_REMOVE | Remove a link | SIGNING |
REACTION_ADD | Add a reaction | SIGNING |
REACTION_REMOVE | Remove a reaction | SIGNING |
FOLLOW links use target_owner_address.
STAR links use target_project_id.
Reactions remain project-and-commit scoped, but the reacting account is identified by owner_address.
Signer management
| Type | Description | Authorization |
|---|---|---|
SIGNER_ADD | Add an Ed25519 delegated key | custody-backed |
SIGNER_REMOVE | Remove an Ed25519 delegated key | custody-backed |
KEYCHAIN_AUTHORIZE | Add an AccountKeychain custody key | keychain-admin |
KEYCHAIN_REVOKE | Revoke an AccountKeychain custody key | keychain-admin |
SIGNER_ADD includes:
request_owner_addressrequest_signatureallowed_projects
Signer-management signatures are self-describing AccountKeychain signatures. SIGNER_ADD and SIGNER_REMOVE do not carry key-type or validation-block fields. (KEYCHAIN_AUTHORIZE is different: it stores an explicit signature_type and public_key for the custody key being added, and checks key_id against that public key.)
Disabled families
These message families are disabled in Makechain and must not appear at ingress, replay, or commit time:
KEY_ADDOWNERSHIP_TRANSFERSTORAGE_RENTRELAY_SIGNER_ADDRELAY_SIGNER_REMOVE