feat: Exclude undocumented commands

fix: Remove extraneous dashes from command help
feat: Add copy to admin command reference index
2026-04-01 20:26:18 +00:00 · 2026-01-12 10:51:17 -05:00 · 2026-01-12 10:47:19 -05:00 · 2026-01-12 10:36:37 -05:00 · 2026-01-12 10:36:37 -05:00 · 2026-01-12 10:36:37 -05:00
238 changed files with 8293 additions and 7861 deletions
--- a/.forgejo/actions/create-docker-manifest/action.yml
+++ b/.forgejo/actions/create-docker-manifest/action.yml
@@ -32,11 +32,13 @@ outputs:
 runs:
  using: composite
  steps:
+    - run: mkdir -p digests
+      shell: bash
    - name: Download digests
      if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
      uses: forgejo/download-artifact@v4
      with:
-        path: /tmp/digests
+        path: digests
        pattern: ${{ inputs.digest_pattern }}
        merge-multiple: true

@@ -62,6 +64,7 @@ runs:
      uses: docker/metadata-action@v5
      with:
        flavor: |
+          latest=auto
          suffix=${{ inputs.tag_suffix }},onlatest=true
        tags: |
          type=semver,pattern={{version}},prefix=v
@@ -70,7 +73,6 @@ runs:
          type=ref,event=branch,prefix=${{ format('refs/heads/{0}', github.event.repository.default_branch) != github.ref && 'branch-' || '' }},
          type=ref,event=pr
          type=sha,format=short
-          type=raw,value=latest${{ inputs.tag_suffix }},enable=${{ startsWith(github.ref, 'refs/tags/v') }},priority=1100
        images: ${{ inputs.images }}
        # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
      env:
@@ -78,7 +80,7 @@ runs:

    - name: Create manifest list and push
      if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      working-directory: /tmp/digests
+      working-directory: digests
      shell: bash
      env:
        IMAGES: ${{ inputs.images }}
--- a/.forgejo/pull_request_template.md
+++ b/.forgejo/pull_request_template.md
@@ -0,0 +1,82 @@
+---
+name: 'New pull request'
+about: 'Open a new pull request to contribute to continuwuity'
+ref: 'main'
+---
+
+<!--
+In order to help reviewers know what your pull request does at a glance, you should ensure that
+
+1. Your PR title is a short, single sentence describing what you changed
+2. You have described in more detail what you have changed, why you have changed it, what the
+   intended effect is, and why you think this will be beneficial to the project.
+
+If you have made any potentially strange/questionable design choices, but didn't feel they'd benefit
+from code comments, please don't mention them here - after opening your pull request,
+go to "files changed", and click on the "+" symbol in the line number gutter,
+and attach comments to the lines that you think would benefit from some clarification.
+-->
+
+This pull request...
+
+<!-- Example:
+This pull request allows us to warp through time and space ten times faster than before by
+double-inverting the warp drive with hyperheated jump fluid, both making the drive faster and more
+efficient. This resolves the common issue where we have to wait more than 10 milliseconds to
+engage, use, and disengage the warp drive when travelling between galaxies.
+-->
+
+<!-- Closes: #... -->
+<!-- Fixes: #...  -->
+<!-- Uncomment the above line(s) if your pull request fixes an issue or closes another pull request
+by superseding it. Replace `#...` with the issue/pr number, such as `#123`. -->
+
+**Pull request checklist:**
+
+<!-- You need to complete these before your PR can be considered.
+If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. -->
+- [ ] This pull request targets the `main` branch, and the branch is named something other than
+      `main`.
+- [ ] I have written an appropriate pull request title and my description is clear.
+- [ ] I understand I am responsible for the contents of this pull request.
+- I have followed the [contributing guidelines][c1]:
+  - [ ] My contribution follows the [code style][c2], if applicable.
+  - [ ] I ran [pre-commit checks][c1pc] before opening/drafting this pull request.
+  - [ ] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes)
+        myself, if applicable. This includes ensuring code compiles.
+  - [ ] My commit messages follow the [commit message format][c1cm] and are descriptive.
+  - [ ] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->.
+
+<!--
+Notes on these requirements:
+
+- While not required, we encourage you to sign your commits with GPG or SSH to attest the
+  authenticity of your changes.
+- While we allow LLM-assisted contributions, we do not appreciate contributions that are
+  low quality, which is typical of machine-generated contributions that have not had a lot of love
+  and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up
+  the codebase with a +-100,000 diff.
+- In the case of code style violations, reviewers may leave review comments/change requests
+  indicating what the ideal change would look like. For example, a reviewer may suggest you lower
+  a log level, or use `match` instead of `if/else` etc.
+- In the case of code style violations, pre-commit check failures, minor things like typos/spelling
+  errors, and in some cases commit format violations, reviewers may modify your branch directly,
+  typically by making changes and adding a commit. Particularly in the latter case, a reviewer may
+  rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword
+  commit messages that don't satisfy the format.
+- Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be
+  bypassed in exceptional circumstances.
+  If your CI flakes, let us know in matrix:r/dev:continuwuity.org.
+- Pull requests have to be based on the latest `main` commit before being merged. If the main branch
+  changes while you're making your changes, you should make sure you rebase on main before
+  opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind.
+- We typically only do fast-forward merges, so your entire commit log will be included. Once in
+  main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras!
+-->
+
+[c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md
+[c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx
+[c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks
+[c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally
+[c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages
+[n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
--- a/.forgejo/workflows/build-debian.yml
+++ b/.forgejo/workflows/build-debian.yml
@@ -32,12 +32,13 @@ jobs:
          echo "Debian distribution: $DISTRIBUTION ($VERSION)"

      - name: Checkout repository with full history
-        uses: https://code.forgejo.org/actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
+          ref: ${{ github.ref_name }}

      - name: Cache Cargo registry
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
@@ -58,10 +59,9 @@ jobs:
          # Aggressive GC since cache restores don't increment counter
          echo "CARGO_INCREMENTAL_GC_TRIGGER=5" >> $GITHUB_ENV

-      - name: Setup Rust nightly
+      - name: Setup Rust
        uses: ./.forgejo/actions/setup-rust
        with:
-          rust-version: nightly
          github-token: ${{ secrets.GH_PUBLIC_RO }}

      - name: Get package version and component
@@ -126,7 +126,7 @@ jobs:
          [ -f /etc/conduwuit/conduwuit.toml ] && echo "✅ Config file installed"

      - name: Upload deb artifact
-        uses: https://code.forgejo.org/actions/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
        with:
          name: continuwuity-${{ steps.debian-version.outputs.distribution }}
          path: ${{ steps.cargo-deb.outputs.path }}
--- a/.forgejo/workflows/build-fedora.yml
+++ b/.forgejo/workflows/build-fedora.yml
@@ -30,13 +30,14 @@ jobs:
          echo "Fedora version: $VERSION"

      - name: Checkout repository with full history
-        uses: https://code.forgejo.org/actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
+          ref: ${{ github.ref_name }}


      - name: Cache DNF packages
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
        with:
          path: |
            /var/cache/dnf
@@ -46,7 +47,7 @@ jobs:
            dnf-fedora${{ steps.fedora.outputs.version }}-

      - name: Cache Cargo registry
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
@@ -56,7 +57,7 @@ jobs:
            cargo-fedora${{ steps.fedora.outputs.version }}-

      - name: Cache Rust build dependencies
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
        with:
          path: |
            ~/rpmbuild/BUILD/*/target/release/deps
@@ -238,13 +239,13 @@ jobs:
          cp $BIN_RPM upload-bin/

      - name: Upload binary RPM
-        uses: https://code.forgejo.org/actions/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
        with:
          name: continuwuity
          path: upload-bin/

      - name: Upload debug RPM artifact
-        uses: https://code.forgejo.org/actions/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
        with:
          name: continuwuity-debug
          path: artifacts/*debuginfo*.rpm
--- a/.forgejo/workflows/documentation.yml
+++ b/.forgejo/workflows/documentation.yml
@@ -21,7 +21,7 @@ jobs:

    steps:
      - name: Sync repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false
          fetch-depth: 0
--- a/.forgejo/workflows/mirror-images.yml
+++ b/.forgejo/workflows/mirror-images.yml
@@ -38,7 +38,7 @@ jobs:
      DOCKER_MIRROR_TOKEN: ${{ secrets.DOCKER_MIRROR_TOKEN }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false

--- a/.forgejo/workflows/prek-checks.yml
+++ b/.forgejo/workflows/prek-checks.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false

@@ -47,7 +47,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false

--- a/.forgejo/workflows/release-image.yml
+++ b/.forgejo/workflows/release-image.yml
@@ -43,7 +43,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Prepare Docker build environment
@@ -97,7 +97,7 @@ jobs:
    needs: build-release
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Create multi-platform manifest
@@ -130,7 +130,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Prepare max-perf Docker build environment
@@ -184,7 +184,7 @@ jobs:
    needs: build-maxperf
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Create max-perf manifest
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -43,11 +43,11 @@ jobs:
    name: Renovate
    runs-on: ubuntu-latest
    container:
-      image: ghcr.io/renovatebot/renovate:42.11.0@sha256:656c1e5b808279eac16c37b89562fb4c699e02fc7e219244f4a1fc2f0a7ce367
+      image: ghcr.io/renovatebot/renovate:42.70.2@sha256:3c2ac1b94fa92ef2fa4d1a0493f2c3ba564454720a32fdbcac2db2846ff1ee47
      options: --tmpfs /tmp:exec
    steps:
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          show-progress: false

--- a/.forgejo/workflows/update-flake-hashes.yml
+++ b/.forgejo/workflows/update-flake-hashes.yml
@@ -14,7 +14,7 @@ jobs:
  update-flake-hashes:
    runs-on: ubuntu-latest
    steps:
-      - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
          fetch-tags: false
@@ -23,7 +23,7 @@ jobs:
          persist-credentials: true
          token: ${{ secrets.FORGEJO_TOKEN }}

-      - uses: https://github.com/cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31.8.0
+      - uses: https://github.com/cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
        with:
          nix_path: nixpkgs=channel:nixos-unstable

--- a/.mailmap
+++ b/.mailmap
@@ -2,6 +2,7 @@ AlexPewMaster <git@alex.unbox.at> <68469103+AlexPewMaster@users.noreply.github.c
 Daniel Wiesenberg <weasy@hotmail.de> <weasy666@gmail.com>
 Devin Ragotzy <devin.ragotzy@gmail.com> <d6ragotzy@wmich.edu>
 Devin Ragotzy <devin.ragotzy@gmail.com> <dragotzy7460@mail.kvcc.edu>
+Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>
 Jonas Platte <jplatte+git@posteo.de> <jplatte+gitlab@posteo.de>
 Jonas Zohren <git-pbkyr@jzohren.de> <gitlab-jfowl-0ux98@sh14.de>
 Jonathan de Jong <jonathan@automatia.nl> <jonathandejong02@gmail.com>
@@ -12,5 +13,6 @@ Olivia Lee <olivia@computer.surgery> <benjamin@computer.surgery>
 Rudi Floren <rudi.floren@gmail.com> <rudi.floren@googlemail.com>
 Tamara Schmitz <tamara.zoe.schmitz@posteo.de> <15906939+tamara-schmitz@users.noreply.github.com>
 Timo Kösters <timo@koesters.xyz>
+nexy7574 <git@nexy7574.co.uk> <nex@noreply.forgejo.ellis.link>
+nexy7574 <git@nexy7574.co.uk> <nex@noreply.localhost>
 x4u <xi.zhu@protonmail.ch> <14617923-x4u@users.noreply.gitlab.com>
-Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,7 +23,7 @@ repos:
        - id: check-added-large-files

  - repo: https://github.com/crate-ci/typos
-    rev: v1.39.2
+    rev: v1.41.0
    hooks:
      - id: typos
      - id: typos
@@ -31,7 +31,7 @@ repos:
        stages: [commit-msg]

  - repo: https://github.com/crate-ci/committed
-    rev: v1.1.7
+    rev: v1.1.9
    hooks:
    - id: committed

--- a/.typos.toml
+++ b/.typos.toml
@@ -24,3 +24,4 @@ extend-ignore-re = [
 "continuwuity" = "continuwuity"
 "continuwity" = "continuwuity"
 "execuse" = "execuse"
+"oltp" = "OTLP"
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -7,6 +7,5 @@
        "continuwuity",
        "homeserver",
        "homeservers"
-    ],
-    "rust-analyzer.cargo.features": ["full"]
+    ]
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,37 @@
+# Continuwuity 0.5.2 (2026-01-09)
+
+## Features
+
+- Added support for issuing additional registration tokens, stored in the database, which supplement the existing registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration tokens. Contributed by @ginger (#783).
+- Implemented a configuration defined admin list independent of the admin room. Contributed by @Terryiscool160. (#1253)
+- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam. Contributed by @nex. (#1263)
+- Implemented account locking functionality, to complement user suspension. Contributed by @nex. (#1266)
+- Added admin command to forcefully log out all of a user's existing sessions. Contributed by @nex. (#1271)
+- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. (#1272)
+- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs. Contributed by @nex. (#1277)
+- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server console. Contributed by @ginger.
+
+## Bugfixes
+
+- Fixed unreliable room summary fetching and improved error messages. Contributed by @nex. (#1257)
+- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now also concurrent. Contributed by @nex. (#1261)
+- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by @nex. (#1276)
+
+## Misc
+
+- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`. Contributed by @ginger.
+- We now (finally) document our container image mirrors. Contributed by @Jade
+
+
+# Continuwuity 0.5.0 (2025-12-30)
+
+**This release contains a CRITICAL vulnerability patch, and you must update as soon as possible**
+
+## Features
+
+- Enabled the OTLP exporter in default builds, and allow configuring the exporter protocol. (@Jade). (#1251)
+
+## Bug Fixes
+
+- Don't allow admin room upgrades, as this can break the admin room (@timedout) (#1245)
+- Fix invalid creators in power levels during upgrade to v12 (@timedout) (#1245)
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -72,56 +72,12 @@ dependencies = [
 "alloc-no-stdlib",
 ]

-[[package]]
-name = "anstream"
-version = "0.6.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43d5b281e737544384e969a5ccad3f1cdd24b48086a0fc1b2a5262a26b8f4f4a"
-dependencies = [
- "anstyle",
- "anstyle-parse",
- "anstyle-query",
- "anstyle-wincon",
- "colorchoice",
- "is_terminal_polyfill",
- "utf8parse",
-]
-
 [[package]]
 name = "anstyle"
 version = "1.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78"

-[[package]]
-name = "anstyle-parse"
-version = "0.2.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2"
-dependencies = [
- "utf8parse",
-]
-
-[[package]]
-name = "anstyle-query"
-version = "1.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e231f6134f61b71076a3eab506c379d4f36122f2af15a9ff04415ea4c3339e2"
-dependencies = [
- "windows-sys 0.60.2",
-]
-
-[[package]]
-name = "anstyle-wincon"
-version = "3.0.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3e0633414522a32ffaac8ac6cc8f748e090c5717661fddeea04219e2344f5f2a"
-dependencies = [
- "anstyle",
- "once_cell_polyfill",
- "windows-sys 0.60.2",
-]
-
 [[package]]
 name = "anyhow"
 version = "1.0.100"
@@ -199,7 +155,20 @@ version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f75363874b771be265f4ffe307ca705ef6f3baa19011c149da8674a87f1b75c4"
 dependencies = [
- "askama_derive",
+ "askama_derive 0.14.0",
+ "itoa",
+ "percent-encoding",
+ "serde",
+ "serde_json",
+]
+
+[[package]]
+name = "askama"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb7125972258312e79827b60c9eb93938334100245081cf701a2dee981b17427"
+dependencies = [
+ "askama_macros",
 "itoa",
 "percent-encoding",
 "serde",
@@ -212,7 +181,7 @@ version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "129397200fe83088e8a68407a8e2b1f826cf0086b21ccdb866a722c8bcd3a94f"
 dependencies = [
- "askama_parser",
+ "askama_parser 0.14.0",
 "basic-toml",
 "memchr",
 "proc-macro2",
@@ -223,6 +192,32 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "askama_derive"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ba5e7259a1580c61571e3116ebaaa01e3c001b2132b17c4cc5c70780ca3e994"
+dependencies = [
+ "askama_parser 0.15.1",
+ "basic-toml",
+ "memchr",
+ "proc-macro2",
+ "quote",
+ "rustc-hash",
+ "serde",
+ "serde_derive",
+ "syn",
+]
+
+[[package]]
+name = "askama_macros"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "236ce20b77cb13506eaf5024899f4af6e12e8825f390bd943c4c37fd8f322e46"
+dependencies = [
+ "askama_derive 0.15.1",
+]
+
 [[package]]
 name = "askama_parser"
 version = "0.14.0"
@@ -235,6 +230,19 @@ dependencies = [
 "winnow",
 ]

+[[package]]
+name = "askama_parser"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3c63392767bb2df6aa65a6e1e3b80fd89bb7af6d58359b924c0695620f1512e"
+dependencies = [
+ "rustc-hash",
+ "serde",
+ "serde_derive",
+ "unicode-ident",
+ "winnow",
+]
+
 [[package]]
 name = "asn1-rs"
 version = "0.7.1"
@@ -757,6 +765,39 @@ dependencies = [
 "pkg-config",
 ]

+[[package]]
+name = "camino"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e629a66d692cb9ff1a1c664e41771b3dcaf961985a9774c0eb0bd1b51cf60a48"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "cargo-platform"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87a0c0e6148f11f01f32650a2ea02d532b2ad4e81d8bd41e6e565b5adc5e6082"
+dependencies = [
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "cargo_metadata"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef987d17b0a113becdd19d3d0022d04d7ef41f9efe4f3fb63ac44ba61df3ade9"
+dependencies = [
+ "camino",
+ "cargo-platform",
+ "semver",
+ "serde",
+ "serde_json",
+ "thiserror 2.0.17",
+]
+
 [[package]]
 name = "cargo_toml"
 version = "0.22.3"
@@ -831,33 +872,22 @@ dependencies = [

 [[package]]
 name = "clap"
-version = "4.5.52"
+version = "4.5.53"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa8120877db0e5c011242f96806ce3c94e0737ab8108532a76a3300a01db2ab8"
+checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8"
 dependencies = [
 "clap_builder",
 "clap_derive",
 ]

-[[package]]
-name = "clap-markdown"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2a2617956a06d4885b490697b5307ebb09fec10b088afc18c81762d848c2339"
-dependencies = [
- "clap",
-]
-
 [[package]]
 name = "clap_builder"
-version = "4.5.52"
+version = "4.5.53"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02576b399397b659c26064fbc92a75fede9d18ffd5f80ca1cd74ddab167016e1"
+checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00"
 dependencies = [
- "anstream",
 "anstyle",
 "clap_lex",
- "strsim",
 ]

 [[package]]
@@ -878,16 +908,6 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"

-[[package]]
-name = "clap_mangen"
-version = "0.2.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "439ea63a92086df93893164221ad4f24142086d535b3a0957b9b9bea2dc86301"
-dependencies = [
- "clap",
- "roff",
-]
-
 [[package]]
 name = "cmake"
 version = "0.1.54"
@@ -903,12 +923,6 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"

-[[package]]
-name = "colorchoice"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75"
-
 [[package]]
 name = "compression-codecs"
 version = "0.4.31"
@@ -940,7 +954,7 @@ dependencies = [

 [[package]]
 name = "conduwuit"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "clap",
 "conduwuit_admin",
@@ -972,7 +986,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_admin"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "clap",
 "conduwuit_api",
@@ -994,7 +1008,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_api"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "async-trait",
 "axum 0.7.9",
@@ -1027,14 +1041,14 @@ dependencies = [

 [[package]]
 name = "conduwuit_build_metadata"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "built",
 ]

 [[package]]
 name = "conduwuit_core"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "argon2",
 "arrayvec",
@@ -1095,7 +1109,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_database"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "async-channel",
 "conduwuit_core",
@@ -1114,7 +1128,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_macros"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "itertools 0.14.0",
 "proc-macro2",
@@ -1124,7 +1138,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_router"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "axum 0.7.9",
 "axum-client-ip",
@@ -1159,7 +1173,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_service"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
 "async-trait",
 "base64 0.22.1",
@@ -1200,9 +1214,9 @@ dependencies = [

 [[package]]
 name = "conduwuit_web"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
- "askama",
+ "askama 0.14.0",
 "axum 0.7.9",
 "conduwuit_build_metadata",
 "conduwuit_service",
@@ -1632,6 +1646,16 @@ dependencies = [
 "litrs",
 ]

+[[package]]
+name = "draupnir-antispam"
+version = "0.1.0"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
+dependencies = [
+ "ruma-common",
+ "serde",
+ "serde_json",
+]
+
 [[package]]
 name = "dtor"
 version = "0.1.0"
@@ -2629,12 +2653,6 @@ dependencies = [
 "serde",
 ]

-[[package]]
-name = "is_terminal_polyfill"
-version = "1.70.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
-
 [[package]]
 name = "itertools"
 version = "0.12.1"
@@ -2982,6 +3000,16 @@ version = "2.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"

+[[package]]
+name = "meowlnir-antispam"
+version = "0.1.0"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
+dependencies = [
+ "ruma-common",
+ "serde",
+ "serde_json",
+]
+
 [[package]]
 name = "mime"
 version = "0.3.17"
@@ -2990,23 +3018,9 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"

 [[package]]
 name = "minicbor"
-version = "2.1.1"
+version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f182275033b808ede9427884caa8e05fa7db930801759524ca7925bd8aa7a82"
-dependencies = [
- "minicbor-derive",
-]
-
-[[package]]
-name = "minicbor-derive"
-version = "0.18.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b17290c95158a760027059fe3f511970d6857e47ff5008f9e09bffe3d3e1c6af"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
+checksum = "f9a1119e42fbacc2bb65d860de6eb7c930562bc71d42dca026d06b0228231f77"

 [[package]]
 name = "minicbor-serde"
@@ -3020,9 +3034,9 @@ dependencies = [

 [[package]]
 name = "minimad"
-version = "0.13.1"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9c5d708226d186590a7b6d4a9780e2bdda5f689e0d58cd17012a298efd745d2"
+checksum = "df8b688969b16915f3ecadc7829d5b7779dee4977e503f767f34136803d5c06f"
 dependencies = [
 "once_cell",
 ]
@@ -3266,12 +3280,6 @@ dependencies = [
 "portable-atomic",
 ]

-[[package]]
-name = "once_cell_polyfill"
-version = "1.70.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4895175b425cb1f87721b59f0f286c2092bd4af812243672510e1ac53e2e0ad"
-
 [[package]]
 name = "openssl-probe"
 version = "0.1.6"
@@ -3319,6 +3327,8 @@ dependencies = [
 "prost",
 "reqwest",
 "thiserror 2.0.17",
+ "tokio",
+ "tonic",
 "tracing",
 ]

@@ -3800,7 +3810,7 @@ dependencies = [
 "once_cell",
 "socket2 0.6.1",
 "tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
 ]

 [[package]]
@@ -4044,9 +4054,9 @@ dependencies = [

 [[package]]
 name = "resolv-conf"
-version = "0.7.5"
+version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b3789b30bd25ba102de4beabd95d21ac45b69b1be7d14522bab988c526d6799"
+checksum = "1e061d1b48cb8d38042de4ae0a7a6401009d6143dc80d2e2d6f31f0bdd6470c7"

 [[package]]
 name = "rgb"
@@ -4068,20 +4078,16 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

-[[package]]
-name = "roff"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3"
-
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "assign",
+ "draupnir-antispam",
 "js_int",
 "js_option",
+ "meowlnir-antispam",
 "ruma-appservice-api",
 "ruma-client-api",
 "ruma-common",
@@ -4097,7 +4103,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "js_int",
 "ruma-common",
@@ -4109,7 +4115,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "as_variant",
 "assign",
@@ -4132,7 +4138,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "as_variant",
 "base64 0.22.1",
@@ -4164,7 +4170,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "as_variant",
 "indexmap",
@@ -4189,7 +4195,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "bytes",
 "headers",
@@ -4211,7 +4217,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "js_int",
 "thiserror 2.0.17",
@@ -4220,7 +4226,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "js_int",
 "ruma-common",
@@ -4230,7 +4236,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "cfg-if",
 "proc-macro-crate",
@@ -4245,7 +4251,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "js_int",
 "ruma-common",
@@ -4257,7 +4263,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=f9e74cb206cfa45cf5f17d39282253b43a15fcd5#f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 dependencies = [
 "base64 0.22.1",
 "ed25519-dalek",
@@ -4496,6 +4502,10 @@ name = "semver"
 version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"
+dependencies = [
+ "serde",
+ "serde_core",
+]

 [[package]]
 name = "sentry"
@@ -4643,9 +4653,9 @@ dependencies = [

 [[package]]
 name = "serde-saphyr"
-version = "0.0.8"
+version = "0.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0916ccf524f1ccec1b3c02193c9e3d2e167aee9b6b294829dce6f4411332155"
+checksum = "9b9e06cddad47cc6214c0c456cf209b99a58b54223e7af2f6d4b88a5a9968499"
 dependencies = [
 "ahash",
 "base64 0.22.1",
@@ -4951,12 +4961,6 @@ dependencies = [
 "quote",
 ]

-[[package]]
-name = "strsim"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
-
 [[package]]
 name = "subslice"
 version = "0.2.3"
@@ -4974,9 +4978,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"

 [[package]]
 name = "syn"
-version = "2.0.110"
+version = "2.0.111"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5022,9 +5026,9 @@ dependencies = [

 [[package]]
 name = "termimad"
-version = "0.34.0"
+version = "0.34.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68ff5ca043d65d4ea43b65cdb4e3aba119657d0d12caf44f93212ec3168a8e20"
+checksum = "889a9370996b74cf46016ce35b96c248a9ac36d69aab1d112b3e09bc33affa49"
 dependencies = [
 "coolor",
 "crokey",
@@ -5420,9 +5424,9 @@ dependencies = [

 [[package]]
 name = "tower-http"
-version = "0.6.6"
+version = "0.6.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
+checksum = "9cf146f99d442e8e68e585f5d798ccd3cad9a7835b917e09728880a862706456"
 dependencies = [
 "async-compression",
 "bitflags",
@@ -5456,9 +5460,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"

 [[package]]
 name = "tracing"
-version = "0.1.41"
+version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
+checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
 dependencies = [
 "pin-project-lite",
 "tracing-attributes",
@@ -5467,9 +5471,9 @@ dependencies = [

 [[package]]
 name = "tracing-attributes"
-version = "0.1.30"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5478,9 +5482,9 @@ dependencies = [

 [[package]]
 name = "tracing-core"
-version = "0.1.34"
+version = "0.1.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
+checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
 dependencies = [
 "once_cell",
 "valuable",
@@ -5499,9 +5503,9 @@ dependencies = [

 [[package]]
 name = "tracing-journald"
-version = "0.3.1"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc0b4143302cf1022dac868d521e36e8b27691f72c84b3311750d5188ebba657"
+checksum = "2d3a81ed245bfb62592b1e2bc153e77656d94ee6a0497683a65a12ccaf2438d0"
 dependencies = [
 "libc",
 "tracing-core",
@@ -5540,9 +5544,9 @@ dependencies = [

 [[package]]
 name = "tracing-subscriber"
-version = "0.3.20"
+version = "0.3.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5"
+checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
 dependencies = [
 "matchers",
 "nu-ansi-term",
@@ -5690,12 +5694,6 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"

-[[package]]
-name = "utf8parse"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
-
 [[package]]
 name = "uuid"
 version = "1.18.1"
@@ -6218,20 +6216,11 @@ dependencies = [

 [[package]]
 name = "xtask"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"
 dependencies = [
+ "askama 0.15.1",
+ "cargo_metadata",
 "clap",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "xtask-generate-commands"
-version = "0.5.0-rc.8.1"
-dependencies = [
- "clap-markdown",
- "clap_builder",
- "clap_mangen",
 "conduwuit",
 "conduwuit_admin",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,27 +1,18 @@
-#cargo-features = ["profile-rustflags"]
-
 [workspace]
 resolver = "2"
-members = ["src/*", "xtask/*"]
+members = ["src/*", "xtask/"]
 default-members = ["src/*"]

 [workspace.package]
-authors = [
-    "June Clementine Strawberry <june@girlboss.ceo>",
-    "strawberry <strawberry@puppygock.gay>", # woof
-    "Jason Volk <jason@zemos.net>",
-]
-categories = ["network-programming"]
-description = "a very cool Matrix chat homeserver written in Rust"
+authors = ["Continuwuity Team and contributors <team@continuwuity.org>"]
+description = "A Matrix homeserver written in Rust, the official continuation of the conduwuit homeserver."
 edition = "2024"
 homepage = "https://continuwuity.org/"
-keywords = ["chat", "matrix", "networking", "server", "uwu"]
 license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-rust-version = "1.86.0"
-version = "0.5.0-rc.8.1"
+version = "0.5.2"

 [workspace.metadata.crane]
 name = "conduwuit"
@@ -33,11 +24,11 @@ features = ["serde"]
 [workspace.dependencies.smallvec]
 version = "1.14.0"
 features = [
-	"const_generics",
-	"const_new",
-	"serde",
-	"union",
-	"write",
+    "const_generics",
+    "const_new",
+    "serde",
+    "union",
+    "write",
 ]

 [workspace.dependencies.smallstr]
@@ -96,13 +87,13 @@ version = "1.11.1"
 version = "0.7.9"
 default-features = false
 features = [
-	"form",
-	"http1",
-	"http2",
-	"json",
-	"matched-path",
-	"tokio",
-	"tracing",
+    "form",
+    "http1",
+    "http2",
+    "json",
+    "matched-path",
+    "tokio",
+    "tracing",
 ]

 [workspace.dependencies.axum-extra]
@@ -149,10 +140,10 @@ features = ["aws_lc_rs"]
 version = "0.12.15"
 default-features = false
 features = [
-	"rustls-tls-native-roots",
-	"socks",
-	"hickory-dns",
-	"http2",
+    "rustls-tls-native-roots",
+    "socks",
+    "hickory-dns",
+    "http2",
 ]

 [workspace.dependencies.serde]
@@ -167,7 +158,7 @@ features = ["raw_value"]

 # Used for appservice registration files
 [workspace.dependencies.serde-saphyr]
-version = "0.0.8"
+version = "0.0.10"

 # Used to load forbidden room/user regex from config
 [workspace.dependencies.serde_regex]
@@ -188,18 +179,18 @@ default-features = false
 version = "0.25.5"
 default-features = false
 features = [
-	"jpeg",
-	"png",
-	"gif",
-	"webp",
+    "jpeg",
+    "png",
+    "gif",
+    "webp",
 ]

 [workspace.dependencies.blurhash]
 version = "0.2.3"
 default-features = false
 features = [
-	"fast-linear-to-srgb",
-	"image",
+    "fast-linear-to-srgb",
+    "image",
 ]

 # logging
@@ -229,13 +220,13 @@ default-features = false
 version = "4.5.35"
 default-features = false
 features = [
-	"derive",
-	"env",
-	"error-context",
-	"help",
-	"std",
-	"string",
-	"usage",
+    "derive",
+    "env",
+    "error-context",
+    "help",
+    "std",
+    "string",
+    "usage",
 ]

 [workspace.dependencies.futures]
@@ -247,15 +238,15 @@ features = ["std", "async-await"]
 version = "1.44.2"
 default-features = false
 features = [
-	"fs",
-	"net",
-	"macros",
-	"sync",
-	"signal",
-	"time",
-	"rt-multi-thread",
-	"io-util",
-	"tracing",
+    "fs",
+    "net",
+    "macros",
+    "sync",
+    "signal",
+    "time",
+    "rt-multi-thread",
+    "io-util",
+    "tracing",
 ]

 [workspace.dependencies.tokio-metrics]
@@ -280,18 +271,18 @@ default-features = false
 version = "1.6.0"
 default-features = false
 features = [
-	"server",
-	"http1",
-	"http2",
+    "server",
+    "http1",
+    "http2",
 ]

 [workspace.dependencies.hyper-util]
 version = "=0.1.17"
 default-features = false
 features = [
-	"server-auto",
-	"server-graceful",
-	"tokio",
+    "server-auto",
+    "server-graceful",
+    "tokio",
 ]

 # to support multiple variations of setting a config option
@@ -310,9 +301,9 @@ features = ["env", "toml"]
 version = "0.25.1"
 default-features = false
 features = [
-	"serde",
-	"system-config",
-	"tokio",
+    "serde",
+    "system-config",
+    "tokio",
 ]

 # Used for conduwuit::Error type
@@ -351,7 +342,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-rev = "50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+rev = "f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
 features = [
    "compat",
    "rand",
@@ -381,13 +372,13 @@ features = [
    "unstable-msc4095",
    "unstable-msc4121",
    "unstable-msc4125",
-	"unstable-msc4155",
+    "unstable-msc4155",
    "unstable-msc4186",
    "unstable-msc4203", # sending to-device events to appservices
    "unstable-msc4210", # remove legacy mentions
    "unstable-extensible-events",
    "unstable-pdu",
-	"unstable-msc4155"
+    "unstable-msc4155"
 ]

 [workspace.dependencies.rust-rocksdb]
@@ -395,11 +386,11 @@ git = "https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1"
 rev = "61d9d23872197e9ace4a477f2617d5c9f50ecb23"
 default-features = false
 features = [
-	"multi-threaded-cf",
-	"mt_static",
-	"lz4",
-	"zstd",
-	"bzip2",
+    "multi-threaded-cf",
+    "mt_static",
+    "lz4",
+    "zstd",
+    "bzip2",
 ]

 [workspace.dependencies.sha2]
@@ -426,7 +417,7 @@ features = ["rt-tokio"]

 [workspace.dependencies.opentelemetry-otlp]
 version = "0.31.0"
-features = ["http", "trace", "logs", "metrics"]
+features = ["http", "grpc-tonic", "trace", "logs", "metrics"]



@@ -458,16 +449,16 @@ git = "https://forgejo.ellis.link/continuwuation/jemallocator"
 rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = [
-	"background_threads_runtime_support",
-	"unprefixed_malloc_on_supported_platforms",
+    "background_threads_runtime_support",
+    "unprefixed_malloc_on_supported_platforms",
 ]
 [workspace.dependencies.tikv-jemallocator]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
 rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
 default-features = false
 features = [
-	"background_threads_runtime_support",
-	"unprefixed_malloc_on_supported_platforms",
+    "background_threads_runtime_support",
+    "unprefixed_malloc_on_supported_platforms",
 ]
 [workspace.dependencies.tikv-jemalloc-ctl]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
@@ -491,9 +482,9 @@ default-features = false
 version = "0.1.2"
 default-features = false
 features = [
-	"static",
-	"gcc",
-	"light",
+    "static",
+    "gcc",
+    "light",
 ]

 [workspace.dependencies.rustyline-async]
@@ -848,6 +839,8 @@ unknown_lints = "allow"

 ###################
 cargo = { level = "warn", priority = -1 }
+# Nobody except for us should be consuming these crates, they don't need metadata
+cargo_common_metadata = { level = "allow" }

 ## some sadness
 multiple_crate_versions = { level = "allow", priority = 1 }
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@@ -26,8 +26,8 @@
 # Also see the `[global.well_known]` config section at the very bottom.
 #
 # Examples of delegation:
-# - https://puppygock.gay/.well-known/matrix/server
-# - https://puppygock.gay/.well-known/matrix/client
+# - https://continuwuity.org/.well-known/matrix/server
+# - https://continuwuity.org/.well-known/matrix/client
 #
 # YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
 # WIPE.
@@ -340,7 +340,9 @@
 # this to be high to account for extremely large room joins, slow
 # homeservers, your own resources etc.
 #
-#federation_timeout = 300
+# Joins have 6x the timeout.
+#
+#federation_timeout = 60

 # MSC4284 Policy server request timeout (seconds). Generally policy
 # servers should respond near instantly, however may slow down under
@@ -389,7 +391,15 @@
 #
 #appservice_idle_timeout = 300

-# Notification gateway pusher idle connection pool timeout.
+# Notification gateway pusher request connection timeout (seconds).
+#
+#pusher_conn_timeout = 15
+
+# Notification gateway pusher total request timeout (seconds).
+#
+#pusher_timeout = 60
+
+# Notification gateway pusher idle connection pool timeout (seconds).
 #
 #pusher_idle_timeout = 15

@@ -421,7 +431,7 @@
 # `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
 #
 # If you would like registration only via token reg, please configure
-# `registration_token` or `registration_token_file`.
+# `registration_token`.
 #
 #allow_registration = false

@@ -452,22 +462,13 @@
 # `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`
 # to true to allow open registration without any conditions.
 #
-# YOU NEED TO EDIT THIS OR USE registration_token_file.
+# If you do not want to set a static token, the `!admin token` commands
+# may also be used to manage registration tokens.
 #
 # example: "o&^uCtes4HPf0Vu@F20jQeeWE7"
 #
 #registration_token =

-# Path to a file on the system that gets read for additional registration
-# tokens. Multiple tokens can be added if you separate them with
-# whitespace
-#
-# continuwuity must be able to access the file, and it must not be empty
-#
-# example: "/etc/continuwuity/.reg_token"
-#
-#registration_token_file =
-
 # The public site key for reCaptcha. If this is provided, reCaptcha
 # becomes required during registration. If both captcha *and*
 # registration token are enabled, both will be required during
@@ -586,10 +587,13 @@
 #allow_unstable_room_versions = true

 # Default room version continuwuity will create rooms with.
+# Note that this has to be a string since the room version is a string
+# rather than an integer. Forgetting the quotes will make the server fail
+# to start!
 #
-# Per spec, room version 11 is the default.
+# Per spec, room version "11" is the default.
 #
-#default_room_version = 11
+#default_room_version = "11"

 # Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
 # Jaeger exporter. Traces will be sent via OTLP to a collector (such as
@@ -605,6 +609,11 @@
 #
 #otlp_filter = "info"

+# Protocol to use for OTLP tracing export. Options are "http" or "grpc".
+# The HTTP protocol uses port 4318 by default, while gRPC uses port 4317.
+#
+#otlp_protocol = "http"
+
 # If the 'perf_measurements' compile-time feature is enabled, enables
 # collecting folded stack trace profile of tracing spans using
 # tracing_flame. The resulting profile can be visualized with inferno[1],
@@ -1447,6 +1456,11 @@
 #
 #url_preview_max_spider_size = 256000

+# Total request timeout for URL previews (seconds). This includes
+# connection, request, and response body reading time.
+#
+#url_preview_timeout = 120
+
 # Option to decide whether you would like to run the domain allowlist
 # checks (contains and explicit) on the root domain or not. Does not apply
 # to URL contains allowlist. Defaults to false.
@@ -1530,7 +1544,7 @@
 # a normal continuwuity admin command. The reply will be publicly visible
 # to the room, originating from the sender.
 #
-# example: \\!admin debug ping puppygock.gay
+# example: \\!admin debug ping continuwuity.org
 #
 #admin_escape_commands = true

@@ -1548,7 +1562,8 @@
 # For example: `./continuwuity --execute "server admin-notice continuwuity
 # has started up at $(date)"`
 #
-# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
+# example: admin_execute = ["debug ping continuwuity.org", "debug echo
+# hi"]`
 #
 #admin_execute = []

@@ -1581,6 +1596,18 @@
 #
 #admin_room_tag = "m.server_notice"

+# A list of Matrix IDs that are qualified as server admins.
+#
+# Any Matrix IDs within this list are regarded as an admin
+# regardless of whether they are in the admin room or not
+#
+#admins_list = []
+
+# Defines whether those within the admin room are added to the
+# admins_list.
+#
+#admins_from_room = true
+
 # Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
 # This is NOT enabled by default.
 #
@@ -1626,7 +1653,7 @@

 # Enable the tokio-console. This option is only relevant to developers.
 #
-#	For more information, see:
+#    For more information, see:
 # https://continuwuity.org/development.html#debugging-with-tokio-console
 #
 #tokio_console = false
@@ -1902,3 +1929,41 @@
 # example: "(objectClass=conduwuitAdmin)" or "(uid={username})"
 #
 #admin_filter = ""
+
+[global.antispam.meowlnir]
+
+# The base URL on which to contact Meowlnir (before /_meowlnir/antispam).
+#
+# Example: "http://127.0.0.1:29339"
+#
+#base_url =
+
+# The authentication secret defined in antispam->secret. Required for
+# continuwuity to talk to Meowlnir.
+#
+#secret =
+
+# The management room for which to send requests
+#
+#management_room =
+
+# If enabled run all federated join attempts (both federated and local)
+# through the Meowlnir anti-spam checks.
+#
+# By default, only join attempts for rooms with the `fi.mau.spam_checker`
+# restricted join rule are checked.
+#
+#check_all_joins = false
+
+[global.antispam.draupnir]
+
+# The base URL on which to contact Draupnir (before /api/).
+#
+# Example: "http://127.0.0.1:29339"
+#
+#base_url =
+
+# The authentication secret defined in
+# web->synapseHTTPAntispam->authorization
+#
+#secret =
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -48,11 +48,11 @@ EOF

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.16.0
+ENV BINSTALL_VERSION=1.16.6
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
-ENV LDDTREE_VERSION=0.3.7
+ENV LDDTREE_VERSION=0.4.0
 # renovate: datasource=crate depName=timelord-cli
 ENV TIMELORD_VERSION=3.0.1

--- a/docker/musl.Dockerfile
+++ b/docker/musl.Dockerfile
@@ -18,11 +18,11 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.16.0
+ENV BINSTALL_VERSION=1.16.6
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
-ENV LDDTREE_VERSION=0.3.7
+ENV LDDTREE_VERSION=0.4.0

 # Install unpackaged tools
 RUN <<EOF
--- a/docs/_meta.json
+++ b/docs/_meta.json
@@ -57,14 +57,9 @@
        "name": "/reference/config"
    },
    {
-        "type": "file",
+        "type": "dir",
        "label": "Admin Command Reference",
-        "name": "/reference/admin"
-    },
-    {
-        "type": "file",
-        "label": "Server Reference",
-        "name": "/reference/server"
+        "name": "/reference/admin/"
    },
    {
        "type": "divider"
--- a/docs/_nav.json
+++ b/docs/_nav.json
@@ -18,7 +18,7 @@
            },
            {
                "text": "Admin Command Reference",
-                "link": "/reference/admin"
+                "link": "/reference/admin/"
            },
            {
                "text": "Server Reference",
--- a/docs/community.mdx
+++ b/docs/community.mdx
@@ -10,7 +10,7 @@ # Continuwuity Community Guidelines
 environment where everyone feels safe and respected.

 For code and contribution guidelines, please refer to the
-[Contributor's Covenant](https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CODE_OF_CONDUCT.mdx).
+[Contributor's Covenant](https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CODE_OF_CONDUCT.md).
 Below are additional guidelines specific to the Continuwuity community.

 ## Our Values and Expected Behaviors
--- a/docs/deploying/docker-compose.for-traefik.yml
+++ b/docs/deploying/docker-compose.for-traefik.yml
@@ -2,7 +2,7 @@

 services:
  homeserver:
-    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
+    ### If you already built the continuwuity image with 'docker build' or want to use the Docker Hub image,
    ### then you are ready to go.
    image: forgejo.ellis.link/continuwuation/continuwuity:latest
    restart: unless-stopped
--- a/docs/deploying/docker-compose.with-traefik.yml
+++ b/docs/deploying/docker-compose.with-traefik.yml
@@ -114,6 +114,10 @@ services:
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"

+      # Since Traefik 3.6.3, paths with certain "encoded characters" are now blocked by default; we need a couple, or else things *will* break
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDSLASH: true
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDHASH: true
+
      TRAEFIK_PROVIDERS_DOCKER: true
      TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
--- a/docs/deploying/docker.mdx
+++ b/docs/deploying/docker.mdx
@@ -11,10 +11,10 @@ ### Use a registry

 | Registry        | Image                                                           | Notes                  |
 | --------------- | --------------------------------------------------------------- | -----------------------|
-| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest][fj]     | Latest tagged image.   |
-| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main][fj]       | Main branch image.     |
-
-[fj]: https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest)     | Latest tagged image.   |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main)       | Main branch image.     |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest-maxperf) | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main-maxperf)   | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |

 Use

@@ -24,6 +24,15 @@ ### Use a registry

 to pull it to your machine.

+#### Mirrors
+
+Images are mirrored to multiple locations automatically, on a schedule:
+
+- `ghcr.io/continuwuity/continuwuity`
+- `docker.io/jadedblueeyes/continuwuity`
+- `registry.gitlab.com/continuwuity/continuwuity`
+- `git.nexy7574.co.uk/mirrored/continuwuity` (releases only, no `main`)
+
 ### Run

 When you have the image, you can simply run it with
@@ -49,7 +58,7 @@ ### Run
 flag, which cleans up everything related to your container after you stop
 it.

-### Docker-compose
+### Docker Compose

 If the `docker run` command is not suitable for you or your setup, you can also use one
 of the provided `docker-compose` files.
@@ -158,8 +167,19 @@ # Build for the current platform and load into the local Docker daemon
 # Example: Build for specific platforms and push to a registry.
 # docker buildx build --platform linux/amd64,linux/arm64 --tag registry.io/org/continuwuity:latest -f docker/Dockerfile . --push

-# Example: Build binary optimized for the current CPU
-# docker buildx build --load --tag continuwuity:latest --build-arg TARGET_CPU=native -f docker/Dockerfile .
+# Example: Build binary optimised for the current CPU (standard release profile)
+# docker buildx build --load \
+#   --tag continuwuity:latest \
+#   --build-arg TARGET_CPU=native \
+#   -f docker/Dockerfile .
+
+# Example: Build maxperf variant (release-max-perf profile with LTO)
+# Optimised for runtime performance and smaller binary size, but requires longer build time
+# docker buildx build --load \
+#   --tag continuwuity:latest-maxperf \
+#   --build-arg TARGET_CPU=native \
+#   --build-arg RUST_PROFILE=release-max-perf \
+#   -f docker/Dockerfile .
 ```

 Refer to the Docker Buildx documentation for more advanced build options.
@@ -198,5 +218,3 @@ ### Use Traefik as Proxy
 ## Voice communication

 See the [TURN](../turn.md) page.
-
-[nix-buildlayeredimage]: https://ryantm.github.io/nixpkgs/builders/images/dockertools/#ssec-pkgs-dockerTools-buildLayeredImage
--- a/docs/deploying/generic.mdx
+++ b/docs/deploying/generic.mdx
@@ -8,29 +8,39 @@ # Generic deployment documentation

 ## Installing Continuwuity

-### Static prebuilt binary
+### Prebuilt binary

-You may simply download the binary that fits your machine architecture (x86_64
-or aarch64). Run `uname -m` to see what you need.
+Download the binary for your architecture (x86_64 or aarch64) -
+run the `uname -m` to check which you need.

-You can download prebuilt fully static musl binaries from the latest tagged
-release [here](https://forgejo.ellis.link/continuwuation/continuwuity/releases/latest) or
-from the `main` CI branch workflow artifact output. These also include Debian/Ubuntu
-packages.
+Prebuilt binaries are available from:
+- **Tagged releases**: [Latest release page](https://forgejo.ellis.link/continuwuation/continuwuity/releases/latest)
+- **Development builds**: CI artifacts from the `main` branch
+  (includes Debian/Ubuntu packages)

-You can download these directly using curl. The `ci-bins` are CI workflow binaries organized by commit
-hash/revision, and `releases` are tagged releases. Sort by descending last
-modified date to find the latest.
+When browsing CI artifacts, `ci-bins` contains binaries organised
+by commit hash, while `releases` contains tagged versions. Sort
+by last modified date to find the most recent builds.

-These binaries have jemalloc and io_uring statically linked and included with
-them, so no additional dynamic dependencies need to be installed.
+The binaries require jemalloc and io_uring on the host system. Currently
+we can't cross-build static binaries - contributions are welcome here.

-For the **best** performance: if you are using an `x86_64` CPU made in the last ~15 years,
-we recommend using the `-haswell-` optimized binaries. These set
-`-march=haswell`, which provides the most compatible and highest performance with
-optimized binaries. The database backend, RocksDB, benefits most from this as it
-uses hardware-accelerated CRC32 hashing/checksumming, which is critical
-for performance.
+#### Performance-optimised builds
+
+For x86_64 systems with CPUs from the last ~15 years, use the
+`-haswell-` optimised binaries for best performance. These
+binaries enable hardware-accelerated CRC32 checksumming in
+RocksDB, which significantly improves database performance.
+The haswell instruction set provides an excellent balance of
+compatibility and speed.
+
+If you're using Docker instead, equivalent performance-optimised
+images are available with the `-maxperf` suffix (e.g.
+`forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf`).
+These images use the `release-max-perf`
+build profile with
+[link-time optimisation (LTO)](https://doc.rust-lang.org/cargo/reference/profiles.html#lto)
+and, for amd64, target the haswell CPU architecture.

 ### Compiling

@@ -134,7 +144,7 @@ ### Example systemd Unit File
 ## Creating the Continuwuity configuration file

 Now you need to create the Continuwuity configuration file in
-`/etc/continuwuity/continuwuity.toml`. You can find an example configuration at
+`/etc/conduwuit/conduwuit.toml`. You can find an example configuration at
 [conduwuit-example.toml](../reference/config.mdx).

 **Please take a moment to read the config. You need to change at least the
--- a/docs/development/code_style.mdx
+++ b/docs/development/code_style.mdx
@@ -128,7 +128,7 @@ ### Log Levels
 ```rs
 // Good
 error!(
-    error = %err,
+    error = ?err,
    room_id = %room_id,
    "Failed to send event to room"
 );
@@ -264,7 +264,7 @@ ### Code Comments
                warn!(
                    destination = %destination,
                    attempt = attempt,
-                    error = %err,
+                    error = ?err,
                    retry_delay_ms = retry_delay.as_millis(),
                    "Federation request failed, retrying"
                );
--- a/docs/development/contributing.mdx
+++ b/docs/development/contributing.mdx
@@ -149,11 +149,12 @@ ### Creating pull requests
 *looks* done.

 Before submitting a pull request, please ensure:
-1. Your code passes all CI checks (formatting, linting, typo detection, etc.)
+1. Your code passes all CI checks (formatting, linting, typo detection, etc.). Run pre-commit for this.
 2. Your code follows the [code style guide](./code_style)
 3. Your commit messages follow the conventional commits format
 4. Tests are added for new functionality
 5. Documentation is updated if needed
+6. You have written a [news fragment](#writing-news-fragments) for your changes

 Direct all PRs/MRs to the `main` branch.

@@ -171,3 +172,32 @@ ### Creating pull requests
 [sytest]: https://github.com/matrix-org/sytest/
 [mdbook]: https://rust-lang.github.io/mdBook/
 [documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
+
+#### Writing news fragments
+
+In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
+"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
+
+When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
+describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
+of the following:
+
+- `feature` - for new features
+- `bugfix` - for bug fixes
+- `doc` - for documentation changes
+- `misc` - for other changes that don't fit the above categories
+
+For example:
+
+```bash
+$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
+```
+
+(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
+
+When the next release is made, Towncrier will automatically include your news fragment in the changelog.
+
+You can read more about writing news fragments in the [Towncrier tutorial][tt].
+
+[Towncrier]: https://towncrier.readthedocs.io/
+[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
--- a/docs/public/.well-known/continuwuity/announcements
+++ b/docs/public/.well-known/continuwuity/announcements
@@ -6,12 +6,10 @@
            "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
        },
        {
-            "id": 3,
-            "message": "_taps microphone_ The Continuwuity 0.5.0-rc.7 release is now available, and it's better than ever! **177 commits**, **35 pull requests**, **11 contributors,** and a lot of new stuff!\n\nFor highlights, we've got:\n\n* 🕵️ Full Policy Server support to fight spam!\n* 🚀 Smarter room & space upgrades.\n* 🚫 User suspension tools for better moderation.\n* 🤖 reCaptcha support for safer open registration.\n* 🔍 Ability to disable read receipts & typing indicators.\n* ⚡ Sweeping performance improvements!\n\nGet the [full changelog and downloads on our Forgejo](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.7) - and make sure you're in the [Announcements room](https://matrix.to/#/!releases:continuwuity.org/$hN9z6L2_dTAlPxFLAoXVfo_g8DyYXu4cpvWsSrWhmB0) to get stuff like this sooner."
-        },
-        {
-            "id": 5,
-            "message": "It's a bird! It's a plane! No, it's 0.5.0-rc.8.1!\n\nThis is a minor bugfix update to the rc8 which backports some important fixes from the latest main branch. If you still haven't updated to rc8, you should skip to main. Otherwise, you should upgrade to this bugfix release as soon as possible.\n\nBugfixes backported to this version:\n\n- Resolved several issues with state resolution v2.1 (room version 12)\n- Fixed issues with the `restricted` and `knock_restricted` join rules that would sometimes incorrectly disallow a valid join\n- Fixed the automatic support contact listing being a no-op\n- Fixed upgrading pre-v12 rooms to v12 rooms\n- Fixed policy servers sending the incorrect JSON objects (resulted in false positives)\n- Fixed debug build panic during MSC4133 migration\n\nIt is recommended, if you can and are comfortable with doing so, following updates to the main branch - we're in the run up to the full 0.5.0 release, and more and more bugfixes and new features are being pushed constantly. Please don't forget to join [#announcements:continuwuity.org](https://matrix.to/#/#announcements:continuwuity.org) to receive this news faster and be alerted to other important updates!"
+            "id": 7,
+            "mention_room": true,
+            "date": "2025-12-30",
+            "message": "Continuwuity v0.5.1 has been released. **The release contains a fix for the critical vulnerability [GHSA-m5p2-vccg-8c9v](https://github.com/continuwuity/continuwuity/security/advisories/GHSA-m5p2-vccg-8c9v) (embargoed) affecting all Conduit-derived servers. Update as soon as possible.**\n\nThis has been *actively exploited* to attempt account takeover and forge events bricking the Continuwuity rooms. The new space is accessible at [Continuwuity (room list)](https://matrix.to/#/!8cR4g-i9ucof69E4JHNg9LbPVkGprHb3SzcrGBDDJgk?via=continuwuity.org&via=starstruck.systems&via=gingershaped.computer)\n"
        }
    ]
 }
--- a/docs/public/.well-known/matrix/client
+++ b/docs/public/.well-known/matrix/client
@@ -1 +1 @@
-{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"}}
+{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.ellis.link"}]}
--- a/docs/reference/_meta.json
+++ b/docs/reference/_meta.json
@@ -8,10 +8,5 @@
        "type": "file",
        "name": "admin",
        "label": "Admin Commands"
-    },
-    {
-        "type": "file",
-        "name": "server",
-        "label": "Server command"
    }
 ]
--- a/docs/reference/admin.mdx
+++ b/docs/reference/admin.mdx
--- a/docs/reference/admin/appservices.md
+++ b/docs/reference/admin/appservices.md
@@ -0,0 +1,29 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin appservices`
+
+Commands for managing appservices
+
+
+## `!admin appservices register`
+
+Register an appservice using its registration YAML
+
+This command needs a YAML generated by an appservice (such as a bridge), which must be provided in a Markdown code block below the command.
+
+Registering a new bridge using the ID of an existing bridge will replace the old one.
+
+## `!admin appservices unregister`
+
+Unregister an appservice using its ID
+
+You can find the ID using the `list-appservices` command.
+
+## `!admin appservices show-appservice-config`
+
+Show an appservice's config using its ID
+
+You can find the ID using the `list-appservices` command.
+
+## `!admin appservices list-registered`
+
+List all the currently registered appservices
--- a/docs/reference/admin/check.md
+++ b/docs/reference/admin/check.md
@@ -0,0 +1,9 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin check`
+
+Commands for checking integrity
+
+
+## `!admin check check-all-users`
+
+Uses the iterator in `src/database/key_value/users.rs` to iterator over every user in our database (remote and local). Reports total count, any errors if there were any, etc
--- a/docs/reference/admin/debug.md
+++ b/docs/reference/admin/debug.md
@@ -0,0 +1,139 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin debug`
+
+Commands for debugging things
+
+
+## `!admin debug echo`
+
+Echo input of admin command
+
+## `!admin debug get-auth-chain`
+
+Get the auth_chain of a PDU
+
+## `!admin debug parse-pdu`
+
+Parse and print a PDU from a JSON
+
+The PDU event is only checked for validity and is not added to the database.
+
+This command needs a JSON blob provided in a Markdown code block below the command.
+
+## `!admin debug get-pdu`
+
+Retrieve and print a PDU by EventID from the Continuwuity database
+
+## `!admin debug get-short-pdu`
+
+Retrieve and print a PDU by PduId from the Continuwuity database
+
+## `!admin debug get-remote-pdu`
+
+Attempts to retrieve a PDU from a remote server. **Does not** insert it into the database or persist it anywhere
+
+## `!admin debug get-remote-pdu-list`
+
+Same as `get-remote-pdu` but accepts a codeblock newline delimited list of PDUs and a single server to fetch from
+
+## `!admin debug get-room-state`
+
+Gets all the room state events for the specified room.
+
+This is functionally equivalent to `GET /_matrix/client/v3/rooms/{roomid}/state`, except the admin command does *not* check if the sender user is allowed to see state events. This is done because it's implied that server admins here have database access and can see/get room info themselves anyways if they were malicious admins.
+
+Of course the check is still done on the actual client API.
+
+## `!admin debug get-signing-keys`
+
+Get and display signing keys from local cache or remote server
+
+## `!admin debug get-verify-keys`
+
+Get and display signing keys from local cache or remote server
+
+## `!admin debug ping`
+
+Sends a federation request to the remote server's `/_matrix/federation/v1/version` endpoint and measures the latency it took for the server to respond
+
+## `!admin debug force-device-list-updates`
+
+Forces device lists for all local and remote users to be updated (as having new keys available)
+
+## `!admin debug change-log-level`
+
+Change tracing log level/filter on the fly
+
+This accepts the same format as the `log` config option.
+
+## `!admin debug verify-json`
+
+Verify JSON signatures
+
+This command needs a JSON blob provided in a Markdown code block below the command.
+
+## `!admin debug verify-pdu`
+
+Verify PDU
+
+This re-verifies a PDU existing in the database found by ID.
+
+## `!admin debug first-pdu-in-room`
+
+Prints the very first PDU in the specified room (typically m.room.create)
+
+## `!admin debug latest-pdu-in-room`
+
+Prints the latest ("last") PDU in the specified room (typically a message)
+
+## `!admin debug force-set-room-state-from-server`
+
+Forcefully replaces the room state of our local copy of the specified room, with the copy (auth chain and room state events) the specified remote server says.
+
+A common desire for room deletion is to simply "reset" our copy of the room. While this admin command is not a replacement for that, if you know you have split/broken room state and you know another server in the room that has the best/working room state, this command can let you use their room state. Such example is your server saying users are in a room, but other servers are saying they're not in the room in question.
+
+This command will get the latest PDU in the room we know about, and request the room state at that point in time via `/_matrix/federation/v1/state/{roomId}`.
+
+## `!admin debug resolve-true-destination`
+
+Runs a server name through Continuwuity's true destination resolution process
+
+Useful for debugging well-known issues
+
+## `!admin debug memory-stats`
+
+Print extended memory usage
+
+Optional argument is a character mask (a sequence of characters in any order) which enable additional extended statistics. Known characters are "abdeglmx". For convenience, a '*' will enable everything.
+
+## `!admin debug runtime-metrics`
+
+Print general tokio runtime metric totals
+
+## `!admin debug runtime-interval`
+
+Print detailed tokio runtime metrics accumulated since last command invocation
+
+## `!admin debug time`
+
+Print the current time
+
+## `!admin debug list-dependencies`
+
+List dependencies
+
+## `!admin debug database-stats`
+
+Get database statistics
+
+## `!admin debug trim-memory`
+
+Trim memory usage
+
+## `!admin debug database-files`
+
+List database files
+
+## `!admin debug tester`
+
+Developer test stubs
--- a/docs/reference/admin/federation.md
+++ b/docs/reference/admin/federation.md
@@ -0,0 +1,29 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin federation`
+
+Commands for managing federation
+
+
+## `!admin federation incoming-federation`
+
+List all rooms we are currently handling an incoming pdu from
+
+## `!admin federation disable-room`
+
+Disables incoming federation handling for a room
+
+## `!admin federation enable-room`
+
+Enables incoming federation handling for a room again
+
+## `!admin federation fetch-support-well-known`
+
+Fetch `/.well-known/matrix/support` from the specified server
+
+Despite the name, this is not a federation endpoint and does not go through the federation / server resolution process as per-spec this is supposed to be served at the server_name.
+
+Respecting homeservers put this file here for listing administration, moderation, and security inquiries. This command provides a way to easily fetch that information.
+
+## `!admin federation remote-user-in-rooms`
+
+Lists all the rooms we share/track with the specified *remote* user
--- a/docs/reference/admin/index.md
+++ b/docs/reference/admin/index.md
@@ -0,0 +1,23 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# Admin Command Reference
+
+Admin commands allow server administrators to manage the server from within their Matrix client. "Server administrators" by default means only those users which are members of the admin room, but additional server admins may be added using the `admins_list` configuration option.
+
+## Running commands
+
+* All commands listed here may be used by server administrators in the admin room by sending them as messages.
+* If the `admin_escape_commands` configuration option is enabled, server administrators may run certain commands in public rooms by prefixing them with a single backslash. These commands will only run on _their_ homeserver, even if they are a member of another homeserver's admin room. Some sensitive commands cannot be used outside the admin room and will return an error.
+* All commands listed here may be used in the server's console, if it is enabled. Commands entered in the console do not require the `!admin` prefix.
+
+## Categories
+
+- [`!admin appservices`](appservices/): Commands for managing appservices
+- [`!admin users`](users/): Commands for managing local users
+- [`!admin token`](token/): Commands for managing registration tokens
+- [`!admin rooms`](rooms/): Commands for managing rooms
+- [`!admin federation`](federation/): Commands for managing federation
+- [`!admin server`](server/): Commands for managing the server
+- [`!admin media`](media/): Commands for managing media
+- [`!admin check`](check/): Commands for checking integrity
+- [`!admin debug`](debug/): Commands for debugging things
+- [`!admin query`](query/): Low-level queries for database getters and iterators
--- a/docs/reference/admin/media.md
+++ b/docs/reference/admin/media.md
@@ -0,0 +1,38 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin media`
+
+Commands for managing media
+
+
+## `!admin media delete`
+
+Deletes a single media file from our database and on the filesystem via a single MXC URL or event ID (not redacted)
+
+## `!admin media delete-list`
+
+Deletes a codeblock list of MXC URLs from our database and on the filesystem. This will always ignore errors
+
+## `!admin media delete-past-remote-media`
+
+Deletes all remote (and optionally local) media created before/after
+[duration] ago, using filesystem metadata first created at date, or
+fallback to last modified date. This will always ignore errors by
+default.
+
+* Examples:
+  * Delete all remote media older than a year:
+
+    `!admin media delete-past-remote-media -b 1y`
+
+  * Delete all remote and local media from 3 days ago, up until now:
+
+    `!admin media delete-past-remote-media -a 3d
+-yes-i-want-to-delete-local-media`
+
+## `!admin media delete-all-from-user`
+
+Deletes all the local media from a local user on our server. This will always ignore errors by default
+
+## `!admin media delete-all-from-server`
+
+Deletes all remote media from the specified remote server. This will always ignore errors by default
--- a/docs/reference/admin/query.md
+++ b/docs/reference/admin/query.md
@@ -0,0 +1,181 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin query`
+
+Low-level queries for database getters and iterators
+
+
+## `!admin query account-data`
+
+account_data.rs iterators and getters
+
+### `!admin query account-data changes-since`
+
+Returns all changes to the account data that happened after `since`
+
+### `!admin query account-data account-data-get`
+
+Searches the account data for a specific kind
+
+## `!admin query appservice`
+
+appservice.rs iterators and getters
+
+### `!admin query appservice get-registration`
+
+Gets the appservice registration info/details from the ID as a string
+
+### `!admin query appservice all`
+
+Gets all appservice registrations with their ID and registration info
+
+## `!admin query presence`
+
+presence.rs iterators and getters
+
+### `!admin query presence get-presence`
+
+Returns the latest presence event for the given user
+
+### `!admin query presence presence-since`
+
+Iterator of the most recent presence updates that happened after the event with id `since`
+
+## `!admin query room-alias`
+
+rooms/alias.rs iterators and getters
+
+### `!admin query room-alias local-aliases-for-room`
+
+Iterator of all our local room aliases for the room ID
+
+### `!admin query room-alias all-local-aliases`
+
+Iterator of all our local aliases in our database with their room IDs
+
+## `!admin query room-state-cache`
+
+rooms/state_cache iterators and getters
+
+## `!admin query room-timeline`
+
+rooms/timeline iterators and getters
+
+## `!admin query globals`
+
+globals.rs iterators and getters
+
+### `!admin query globals signing-keys-for`
+
+This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server
+
+## `!admin query sending`
+
+sending.rs iterators and getters
+
+### `!admin query sending active-requests`
+
+Queries database for all `servercurrentevent_data`
+
+### `!admin query sending active-requests-for`
+
+Queries database for `servercurrentevent_data` but for a specific destination
+
+This command takes only *one* format of these arguments:
+
+appservice_id server_name user_id AND push_key
+
+See src/service/sending/mod.rs for the definition of the `Destination` enum
+
+### `!admin query sending queued-requests`
+
+Queries database for `servernameevent_data` which are the queued up requests that will eventually be sent
+
+This command takes only *one* format of these arguments:
+
+appservice_id server_name user_id AND push_key
+
+See src/service/sending/mod.rs for the definition of the `Destination` enum
+
+## `!admin query users`
+
+users.rs iterators and getters
+
+## `!admin query resolver`
+
+resolver service
+
+### `!admin query resolver destinations-cache`
+
+Query the destinations cache
+
+### `!admin query resolver overrides-cache`
+
+Query the overrides cache
+
+## `!admin query pusher`
+
+pusher service
+
+### `!admin query pusher get-pushers`
+
+Returns all the pushers for the user
+
+## `!admin query short`
+
+short service
+
+## `!admin query raw`
+
+raw service
+
+### `!admin query raw raw-maps`
+
+List database maps
+
+### `!admin query raw raw-get`
+
+Raw database query
+
+### `!admin query raw raw-del`
+
+Raw database delete (for string keys)
+
+### `!admin query raw raw-keys`
+
+Raw database keys iteration
+
+### `!admin query raw raw-keys-sizes`
+
+Raw database key size breakdown
+
+### `!admin query raw raw-keys-total`
+
+Raw database keys total bytes
+
+### `!admin query raw raw-vals-sizes`
+
+Raw database values size breakdown
+
+### `!admin query raw raw-vals-total`
+
+Raw database values total bytes
+
+### `!admin query raw raw-iter`
+
+Raw database items iteration
+
+### `!admin query raw raw-keys-from`
+
+Raw database keys iteration
+
+### `!admin query raw raw-iter-from`
+
+Raw database items iteration
+
+### `!admin query raw raw-count`
+
+Raw database record count
+
+### `!admin query raw compact`
+
+Compact database
--- a/docs/reference/admin/rooms.md
+++ b/docs/reference/admin/rooms.md
@@ -0,0 +1,83 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin rooms`
+
+Commands for managing rooms
+
+
+## `!admin rooms list-rooms`
+
+List all rooms the server knows about
+
+## `!admin rooms info`
+
+View information about a room we know about
+
+### `!admin rooms info list-joined-members`
+
+List joined members in a room
+
+### `!admin rooms info view-room-topic`
+
+Displays room topic
+
+Room topics can be huge, so this is in its own separate command
+
+## `!admin rooms moderation`
+
+Manage moderation of remote or local rooms
+
+### `!admin rooms moderation ban-room`
+
+Bans a room from local users joining and evicts all our local users (including server admins) from the room. Also blocks any invites (local and remote) for the banned room, and disables federation entirely with it
+
+### `!admin rooms moderation ban-list-of-rooms`
+
+Bans a list of rooms (room IDs and room aliases) from a newline delimited codeblock similar to `user deactivate-all`. Applies the same steps as ban-room
+
+### `!admin rooms moderation unban-room`
+
+Unbans a room to allow local users to join again
+
+### `!admin rooms moderation list-banned-rooms`
+
+List of all rooms we have banned
+
+## `!admin rooms alias`
+
+Manage rooms' aliases
+
+### `!admin rooms alias set`
+
+Make an alias point to a room
+
+### `!admin rooms alias remove`
+
+Remove a local alias
+
+### `!admin rooms alias which`
+
+Show which room is using an alias
+
+### `!admin rooms alias list`
+
+List aliases currently being used
+
+## `!admin rooms directory`
+
+Manage the room directory
+
+### `!admin rooms directory publish`
+
+Publish a room to the room directory
+
+### `!admin rooms directory unpublish`
+
+Unpublish a room to the room directory
+
+### `!admin rooms directory list`
+
+List rooms that are published
+
+## `!admin rooms exists`
+
+Check if we know about a room
--- a/docs/reference/admin/server.md
+++ b/docs/reference/admin/server.md
@@ -0,0 +1,53 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin server`
+
+Commands for managing the server
+
+
+## `!admin server uptime`
+
+Time elapsed since startup
+
+## `!admin server show-config`
+
+Show configuration values
+
+## `!admin server reload-config`
+
+Reload configuration values
+
+## `!admin server list-features`
+
+List the features built into the server
+
+## `!admin server memory-usage`
+
+Print database memory usage statistics
+
+## `!admin server clear-caches`
+
+Clears all of Continuwuity's caches
+
+## `!admin server backup-database`
+
+Performs an online backup of the database (only available for RocksDB at the moment)
+
+## `!admin server list-backups`
+
+List database backups
+
+## `!admin server admin-notice`
+
+Send a message to the admin room
+
+## `!admin server reload-mods`
+
+Hot-reload the server
+
+## `!admin server restart`
+
+Restart the server
+
+## `!admin server shutdown`
+
+Shutdown the server
--- a/docs/reference/admin/token.md
+++ b/docs/reference/admin/token.md
@@ -0,0 +1,17 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin token`
+
+Commands for managing registration tokens
+
+
+## `!admin token issue`
+
+Issue a new registration token
+
+## `!admin token revoke`
+
+Revoke a registration token
+
+## `!admin token list`
+
+List all registration tokens
--- a/docs/reference/admin/users.md
+++ b/docs/reference/admin/users.md
@@ -0,0 +1,141 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin users`
+
+Commands for managing local users
+
+
+## `!admin users create-user`
+
+Create a new user
+
+## `!admin users reset-password`
+
+Reset user password
+
+## `!admin users deactivate`
+
+Deactivate a user
+
+User will be removed from all rooms by default. Use --no-leave-rooms to not leave all rooms by default.
+
+## `!admin users deactivate-all`
+
+Deactivate a list of users
+
+Recommended to use in conjunction with list-local-users.
+
+Users will be removed from joined rooms by default.
+
+Can be overridden with --no-leave-rooms.
+
+Removing a mass amount of users from a room may cause a significant amount of leave events. The time to leave rooms may depend significantly on joined rooms and servers.
+
+This command needs a newline separated list of users provided in a Markdown code block below the command.
+
+## `!admin users logout`
+
+Forcefully log a user out of all of their devices.
+
+This will invalidate all access tokens for the specified user, effectively logging them out from all sessions. Note that this is destructive and may result in data loss for the user, such as encryption keys. Use with caution. Can only be used in the admin room.
+
+## `!admin users suspend`
+
+Suspend a user
+
+Suspended users are able to log in, sync, and read messages, but are not able to send events nor redact them, cannot change their profile, and are unable to join, invite to, or knock on rooms.
+
+Suspended users can still leave rooms and deactivate their account. Suspending them effectively makes them read-only.
+
+## `!admin users unsuspend`
+
+Unsuspend a user
+
+Reverses the effects of the `suspend` command, allowing the user to send messages, change their profile, create room invites, etc.
+
+## `!admin users lock`
+
+Lock a user
+
+Locked users are unable to use their accounts beyond logging out. This is akin to a temporary deactivation that does not change the user's password. This can be used to quickly prevent a user from accessing their account.
+
+## `!admin users unlock`
+
+Unlock a user
+
+Reverses the effects of the `lock` command, allowing the user to use their account again.
+
+## `!admin users enable-login`
+
+Enable login for a user
+
+## `!admin users disable-login`
+
+Disable login for a user
+
+Disables login for the specified user without deactivating or locking their account. This prevents the user from obtaining new access tokens, but does not invalidate existing sessions.
+
+## `!admin users list-users`
+
+List local users in the database
+
+## `!admin users list-joined-rooms`
+
+Lists all the rooms (local and remote) that the specified user is joined in
+
+## `!admin users force-join-room`
+
+Manually join a local user to a room
+
+## `!admin users force-leave-room`
+
+Manually leave a local user from a room
+
+## `!admin users force-leave-remote-room`
+
+Manually leave a remote room for a local user
+
+## `!admin users force-demote`
+
+Forces the specified user to drop their power levels to the room default, if their permissions allow and the auth check permits
+
+## `!admin users make-user-admin`
+
+Grant server-admin privileges to a user
+
+## `!admin users put-room-tag`
+
+Puts a room tag for the specified user and room ID.
+
+This is primarily useful if you'd like to set your admin room to the special "System Alerts" section in Element as a way to permanently see your admin room without it being buried away in your favourites or rooms. To do this, you would pass your user, your admin room's internal ID, and the tag name `m.server_notice`.
+
+## `!admin users delete-room-tag`
+
+Deletes the room tag for the specified user and room ID
+
+## `!admin users get-room-tags`
+
+Gets all the room tags for the specified user and room ID
+
+## `!admin users redact-event`
+
+Attempts to forcefully redact the specified event ID from the sender user
+
+This is only valid for local users
+
+## `!admin users force-join-list-of-local-users`
+
+Force joins a specified list of local users to join the specified room.
+
+Specify a codeblock of usernames.
+
+At least 1 server admin must be in the room to reduce abuse.
+
+Requires the `--yes-i-want-to-do-this` flag.
+
+## `!admin users force-join-all-local-users`
+
+Force joins all local users to the specified room.
+
+At least 1 server admin must be in the room to reduce abuse.
+
+Requires the `--yes-i-want-to-do-this` flag.
--- a/docs/reference/server.mdx
+++ b/docs/reference/server.mdx
@@ -1,21 +0,0 @@
-# Command-Line Help for `continuwuity`
-
-This document contains the help content for the `continuwuity` command-line program.
-
-**Command Overview:**
-
-* [`continuwuity`↴](#continuwuity)
-
-## `continuwuity`
-
-a very cool Matrix chat homeserver written in Rust
-
-**Usage:** `continuwuity [OPTIONS]`
-
-###### **Options:**
-
-* `-c`, `--config <CONFIG>` — Path to the config TOML file (optional)
-* `-O`, `--option <OPTION>` — Override a configuration variable using TOML 'key=value' syntax
-* `--read-only` — Run in a stricter read-only --maintenance mode
-* `--maintenance` — Run in maintenance mode while refusing connections
-* `--execute <EXECUTE>` — Execute console command automatically after startup
--- a/flake.lock
+++ b/flake.lock
@@ -3,11 +3,11 @@
    "advisory-db": {
      "flake": false,
      "locked": {
-        "lastModified": 1761112158,
-        "narHash": "sha256-RIXu/7eyKpQHjsPuAUODO81I4ni8f+WYSb7K4mTG6+0=",
+        "lastModified": 1766324728,
+        "narHash": "sha256-9C+WyE5U3y5w4WQXxmb0ylRyMMsPyzxielWXSHrcDpE=",
        "owner": "rustsec",
        "repo": "advisory-db",
-        "rev": "58f3aaec0e1776f4a900737be8cd7cb00972210d",
+        "rev": "c88b88c62bda077be8aa621d4e89d8701e39cb5d",
        "type": "github"
      },
      "original": {
@@ -18,11 +18,11 @@
    },
    "crane": {
      "locked": {
-        "lastModified": 1760924934,
-        "narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=",
+        "lastModified": 1766194365,
+        "narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "c6b4d5308293d0d04fcfeee92705017537cad02f",
+        "rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379",
        "type": "github"
      },
      "original": {
@@ -39,11 +39,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1761115517,
-        "narHash": "sha256-Fev/ag/c3Fp3JBwHfup3lpA5FlNXfkoshnQ7dssBgJ0=",
+        "lastModified": 1766299592,
+        "narHash": "sha256-7u+q5hexu2eAxL2VjhskHvaUKg+GexmelIR2ve9Nbb4=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "320433651636186ea32b387cff05d6bbfa30cea7",
+        "rev": "381579dee168d5ced412e2990e9637ecc7cf1c5d",
        "type": "github"
      },
      "original": {
@@ -55,11 +55,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1765121682,
+        "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
        "type": "github"
      },
      "original": {
@@ -74,11 +74,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1760948891,
-        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
+        "lastModified": 1765835352,
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
        "type": "github"
      },
      "original": {
@@ -89,11 +89,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1760878510,
-        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
        "type": "github"
      },
      "original": {
@@ -105,11 +105,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1754788789,
-        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
+        "lastModified": 1765674936,
+        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
+        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
        "type": "github"
      },
      "original": {
@@ -132,11 +132,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1761077270,
-        "narHash": "sha256-O1uTuvI/rUlubJ8AXKyzh1WSWV3qCZX0huTFUvWLN4E=",
+        "lastModified": 1766253897,
+        "narHash": "sha256-ChK07B1aOlJ4QzWXpJo+y8IGAxp1V9yQ2YloJ+RgHRw=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "39990a923c8bca38f5bd29dc4c96e20ee7808d5d",
+        "rev": "765b7bdb432b3740f2d564afccfae831d5a972e4",
        "type": "github"
      },
      "original": {
@@ -153,11 +153,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760945191,
-        "narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=",
+        "lastModified": 1766000401,
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
        "type": "github"
      },
      "original": {
--- a/nix/packages/uwulib/build.nix
+++ b/nix/packages/uwulib/build.nix
@@ -97,6 +97,9 @@ rec {
    craneLib.buildPackage (
      (commonAttrs commonAttrsArgs)
      // {
+        postFixup = ''
+          patchelf --set-rpath "$(${pkgs.patchelf}/bin/patchelf --print-rpath $out/bin/${crateInfo.pname}):${rocksdb}/lib" $out/bin/${crateInfo.pname}
+        '';
        cargoArtifacts = deps;
        doCheck = true;
        env = uwuenv.buildPackageEnv // rocksdbEnv;
--- a/nix/tests/default.nix
+++ b/nix/tests/default.nix
@@ -6,6 +6,69 @@
      pkgs,
      ...
    }:
+    let
+      baseTestScript =
+        pkgs.writers.writePython3Bin "do_test" { libraries = [ pkgs.python3Packages.matrix-nio ]; }
+          ''
+            import asyncio
+            import nio
+
+
+            async def main() -> None:
+                # Connect to continuwuity
+                client = nio.AsyncClient("http://continuwuity:6167", "alice")
+
+                # Register as user alice
+                response = await client.register("alice", "my-secret-password")
+
+                # Log in as user alice
+                response = await client.login("my-secret-password")
+
+                # Create a new room
+                response = await client.room_create(federate=False)
+                print("Matrix room create response:", response)
+                assert isinstance(response, nio.RoomCreateResponse)
+                room_id = response.room_id
+
+                # Join the room
+                response = await client.join(room_id)
+                print("Matrix join response:", response)
+                assert isinstance(response, nio.JoinResponse)
+
+                # Send a message to the room
+                response = await client.room_send(
+                    room_id=room_id,
+                    message_type="m.room.message",
+                    content={
+                        "msgtype": "m.text",
+                        "body": "Hello continuwuity!"
+                    }
+                )
+                print("Matrix room send response:", response)
+                assert isinstance(response, nio.RoomSendResponse)
+
+                # Sync responses
+                response = await client.sync(timeout=30000)
+                print("Matrix sync response:", response)
+                assert isinstance(response, nio.SyncResponse)
+
+                # Check the message was received by continuwuity
+                last_message = response.rooms.join[room_id].timeline.events[-1].body
+                assert last_message == "Hello continuwuity!"
+
+                # Leave the room
+                response = await client.room_leave(room_id)
+                print("Matrix room leave response:", response)
+                assert isinstance(response, nio.RoomLeaveResponse)
+
+                # Close the client
+                await client.close()
+
+
+            if __name__ == "__main__":
+                asyncio.run(main())
+          '';
+    in
    {
      # run some nixos tests as checks
      checks = lib.pipe self'.packages [
@@ -18,106 +81,69 @@
        # this test was initially yoinked from
        #
        # https://github.com/NixOS/nixpkgs/blob/960ce26339661b1b69c6f12b9063ca51b688615f/nixos/tests/matrix/continuwuity.nix
-        (builtins.map (name: {
-          name = "test-${name}";
-          value = pkgs.testers.runNixOSTest {
-            inherit name;
+        (builtins.concatMap (
+          name:
+          builtins.map
+            (
+              { config, suffix }:
+              {
+                name = "test-${name}-${suffix}";
+                value = pkgs.testers.runNixOSTest {
+                  inherit name;

-            nodes = {
-              continuwuity = {
-                services.matrix-continuwuity = {
-                  enable = true;
-                  package = self'.packages.${name};
-                  settings.global = {
+                  nodes = {
+                    continuwuity = {
+                      services.matrix-continuwuity = {
+                        enable = true;
+                        package = self'.packages.${name};
+                        settings = config;
+                        extraEnvironment.RUST_BACKTRACE = "yes";
+                      };
+                      networking.firewall.allowedTCPPorts = [ 6167 ];
+                    };
+                    client.environment.systemPackages = [ baseTestScript ];
+                  };
+
+                  testScript = ''
+                    start_all()
+
+                    with subtest("start continuwuity"):
+                          continuwuity.wait_for_unit("continuwuity.service")
+                          continuwuity.wait_for_open_port(6167)
+
+                    with subtest("ensure messages can be exchanged"):
+                          client.succeed("${lib.getExe baseTestScript} >&2")
+                  '';
+
+                };
+              }
+            )
+            [
+              {
+                suffix = "base";
+                config = {
+                  global = {
                    server_name = name;
                    address = [ "0.0.0.0" ];
                    allow_registration = true;
                    yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
                  };
-                  extraEnvironment.RUST_BACKTRACE = "yes";
                };
-                networking.firewall.allowedTCPPorts = [ 6167 ];
-              };
-              client =
-                { pkgs, ... }:
-                {
-                  environment.systemPackages = [
-                    (pkgs.writers.writePython3Bin "do_test" { libraries = [ pkgs.python3Packages.matrix-nio ]; } ''
-                      import asyncio
-                      import nio
-
-
-                      async def main() -> None:
-                          # Connect to continuwuity
-                          client = nio.AsyncClient("http://continuwuity:6167", "alice")
-
-                          # Register as user alice
-                          response = await client.register("alice", "my-secret-password")
-
-                          # Log in as user alice
-                          response = await client.login("my-secret-password")
-
-                          # Create a new room
-                          response = await client.room_create(federate=False)
-                          print("Matrix room create response:", response)
-                          assert isinstance(response, nio.RoomCreateResponse)
-                          room_id = response.room_id
-
-                          # Join the room
-                          response = await client.join(room_id)
-                          print("Matrix join response:", response)
-                          assert isinstance(response, nio.JoinResponse)
-
-                          # Send a message to the room
-                          response = await client.room_send(
-                              room_id=room_id,
-                              message_type="m.room.message",
-                              content={
-                                  "msgtype": "m.text",
-                                  "body": "Hello continuwuity!"
-                              }
-                          )
-                          print("Matrix room send response:", response)
-                          assert isinstance(response, nio.RoomSendResponse)
-
-                          # Sync responses
-                          response = await client.sync(timeout=30000)
-                          print("Matrix sync response:", response)
-                          assert isinstance(response, nio.SyncResponse)
-
-                          # Check the message was received by continuwuity
-                          last_message = response.rooms.join[room_id].timeline.events[-1].body
-                          assert last_message == "Hello continuwuity!"
-
-                          # Leave the room
-                          response = await client.room_leave(room_id)
-                          print("Matrix room leave response:", response)
-                          assert isinstance(response, nio.RoomLeaveResponse)
-
-                          # Close the client
-                          await client.close()
-
-
-                      if __name__ == "__main__":
-                          asyncio.run(main())
-                    '')
-                  ];
+              }
+              {
+                suffix = "with-room-version";
+                config = {
+                  global = {
+                    server_name = name;
+                    address = [ "0.0.0.0" ];
+                    allow_registration = true;
+                    yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
+                    default_room_version = "12";
+                  };
                };
-            };
-
-            testScript = ''
-              start_all()
-
-              with subtest("start continuwuity"):
-                    continuwuity.wait_for_unit("continuwuity.service")
-                    continuwuity.wait_for_open_port(6167)
-
-              with subtest("ensure messages can be exchanged"):
-                    client.succeed("do_test >&2")
-            '';
-
-          };
-        }))
+              }
+            ]
+        ))
        builtins.listToAttrs
      ];
    };
--- a/package-lock.json
+++ b/package-lock.json
--- a/pkg/conduwuit.service
+++ b/pkg/conduwuit.service
@@ -63,7 +63,7 @@ Restart=on-failure
 RestartSec=5

 TimeoutStopSec=4m
-TimeoutStartSec=4m
+TimeoutStartSec=10m

 StartLimitInterval=1m
 StartLimitBurst=5
--- a/pkg/fedora/continuwuity.spec.rpkg
+++ b/pkg/fedora/continuwuity.spec.rpkg
@@ -4,7 +4,7 @@
 Name:           continuwuity
 Version:        {{{ git_repo_version }}}
 Release:        1%{?dist}
-Summary:        Very cool Matrix chat homeserver written in Rust
+Summary:        A Matrix homeserver written in Rust.

 License:        Apache-2.0 AND MIT

@@ -23,7 +23,7 @@ Requires:       glibc
 Requires:       libstdc++

 %global _description %{expand:
-A cool hard fork of Conduit, a Matrix homeserver written in Rust}
+A Matrix homeserver written in Rust, the official continuation of the conduwuit homeserver.}

 %description %{_description}

--- a/release.toml
+++ b/release.toml
@@ -0,0 +1 @@
+tag-message = "chore: Release v{{version}}"
--- a/src/admin/Cargo.toml
+++ b/src/admin/Cargo.toml
@@ -1,9 +1,7 @@
 [package]
 name = "conduwuit_admin"
-categories.workspace = true
 description.workspace = true
 edition.workspace = true
-keywords.workspace = true
 license.workspace = true
 readme.workspace = true
 repository.workspace = true
--- a/src/admin/admin.rs
+++ b/src/admin/admin.rs
@@ -2,65 +2,93 @@
 use conduwuit::Result;

 use crate::{
-	appservice, appservice::AppserviceCommand, check, check::CheckCommand, context::Context,
-	debug, debug::DebugCommand, federation, federation::FederationCommand, media,
-	media::MediaCommand, query, query::QueryCommand, room, room::RoomCommand, server,
-	server::ServerCommand, user, user::UserCommand,
+	appservice::{self, AppserviceCommand},
+	check::{self, CheckCommand},
+	context::Context,
+	debug::{self, DebugCommand},
+	federation::{self, FederationCommand},
+	media::{self, MediaCommand},
+	query::{self, QueryCommand},
+	room::{self, RoomCommand},
+	server::{self, ServerCommand},
+	token::{self, TokenCommand},
+	user::{self, UserCommand},
 };

 #[derive(Debug, Parser)]
 #[command(name = conduwuit_core::name(), version = conduwuit_core::version())]
 pub enum AdminCommand {
 	#[command(subcommand)]
-	/// - Commands for managing appservices
+	/// Commands for managing appservices
 	Appservices(AppserviceCommand),

 	#[command(subcommand)]
-	/// - Commands for managing local users
+	/// Commands for managing local users
 	Users(UserCommand),

 	#[command(subcommand)]
-	/// - Commands for managing rooms
+	/// Commands for managing registration tokens
+	Token(TokenCommand),
+
+	#[command(subcommand)]
+	/// Commands for managing rooms
 	Rooms(RoomCommand),

 	#[command(subcommand)]
-	/// - Commands for managing federation
+	/// Commands for managing federation
 	Federation(FederationCommand),

 	#[command(subcommand)]
-	/// - Commands for managing the server
+	/// Commands for managing the server
 	Server(ServerCommand),

 	#[command(subcommand)]
-	/// - Commands for managing media
+	/// Commands for managing media
 	Media(MediaCommand),

 	#[command(subcommand)]
-	/// - Commands for checking integrity
+	/// Commands for checking integrity
 	Check(CheckCommand),

 	#[command(subcommand)]
-	/// - Commands for debugging things
+	/// Commands for debugging things
 	Debug(DebugCommand),

 	#[command(subcommand)]
-	/// - Low-level queries for database getters and iterators
+	/// Low-level queries for database getters and iterators
 	Query(QueryCommand),
 }

-#[tracing::instrument(skip_all, name = "command")]
+#[tracing::instrument(skip_all, name = "command", level = "info")]
 pub(super) async fn process(command: AdminCommand, context: &Context<'_>) -> Result {
 	use AdminCommand::*;

 	match command {
-		| Appservices(command) => appservice::process(command, context).await,
+		| Appservices(command) => {
+			// appservice commands are all restricted
+			context.bail_restricted()?;
+			appservice::process(command, context).await
+		},
 		| Media(command) => media::process(command, context).await,
-		| Users(command) => user::process(command, context).await,
+		| Users(command) => {
+			// user commands are all restricted
+			context.bail_restricted()?;
+			user::process(command, context).await
+		},
+		| Token(command) => {
+			// token commands are all restricted
+			context.bail_restricted()?;
+			token::process(command, context).await
+		},
 		| Rooms(command) => room::process(command, context).await,
 		| Federation(command) => federation::process(command, context).await,
 		| Server(command) => server::process(command, context).await,
 		| Debug(command) => debug::process(command, context).await,
-		| Query(command) => query::process(command, context).await,
+		| Query(command) => {
+			// query commands are all restricted
+			context.bail_restricted()?;
+			query::process(command, context).await
+		},
 		| Check(command) => check::process(command, context).await,
 	}
 }
--- a/src/admin/appservice/mod.rs
+++ b/src/admin/appservice/mod.rs
@@ -8,7 +8,7 @@
 #[derive(Debug, Subcommand)]
 #[admin_command_dispatch]
 pub enum AppserviceCommand {
-	/// - Register an appservice using its registration YAML
+	/// Register an appservice using its registration YAML
 	///
 	/// This command needs a YAML generated by an appservice (such as a bridge),
 	/// which must be provided in a Markdown code block below the command.
@@ -17,7 +17,7 @@ pub enum AppserviceCommand {
 	/// the old one.
 	Register,

-	/// - Unregister an appservice using its ID
+	/// Unregister an appservice using its ID
 	///
 	/// You can find the ID using the `list-appservices` command.
 	Unregister {
@@ -25,7 +25,7 @@ pub enum AppserviceCommand {
 		appservice_identifier: String,
 	},

-	/// - Show an appservice's config using its ID
+	/// Show an appservice's config using its ID
 	///
 	/// You can find the ID using the `list-appservices` command.
 	#[clap(alias("show"))]
@@ -34,7 +34,7 @@ pub enum AppserviceCommand {
 		appservice_identifier: String,
 	},

-	/// - List all the currently registered appservices
+	/// List all the currently registered appservices
 	#[clap(alias("list"))]
 	ListRegistered,
 }
--- a/src/admin/check/commands.rs
+++ b/src/admin/check/commands.rs
@@ -4,9 +4,6 @@

 use crate::Context;

-/// Uses the iterator in `src/database/key_value/users.rs` to iterator over
-/// every user in our database (remote and local). Reports total count, any
-/// errors if there were any, etc
 #[implement(Context, params = "<'_>")]
 pub(super) async fn check_all_users(&self) -> Result {
 	let timer = tokio::time::Instant::now();
--- a/src/admin/check/mod.rs
+++ b/src/admin/check/mod.rs
@@ -8,5 +8,8 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum CheckCommand {
+	/// Uses the iterator in `src/database/key_value/users.rs` to iterator over
+	/// every user in our database (remote and local). Reports total count, any
+	/// errors if there were any, etc
 	CheckAllUsers,
 }
--- a/src/admin/context.rs
+++ b/src/admin/context.rs
@@ -1,6 +1,6 @@
 use std::{fmt, time::SystemTime};

-use conduwuit::Result;
+use conduwuit::{Err, Result};
 use conduwuit_service::Services;
 use futures::{
 	Future, FutureExt, TryFutureExt,
@@ -8,6 +8,7 @@
 	lock::Mutex,
 };
 use ruma::{EventId, UserId};
+use service::admin::InvocationSource;

 pub(crate) struct Context<'a> {
 	pub(crate) services: &'a Services,
@@ -16,6 +17,7 @@ pub(crate) struct Context<'a> {
 	pub(crate) reply_id: Option<&'a EventId>,
 	pub(crate) sender: Option<&'a UserId>,
 	pub(crate) output: Mutex<BufWriter<Vec<u8>>>,
+	pub(crate) source: InvocationSource,
 }

 impl Context<'_> {
@@ -43,4 +45,22 @@ pub(crate) fn sender_or_service_user(&self) -> &UserId {
 		self.sender
 			.unwrap_or_else(|| self.services.globals.server_user.as_ref())
 	}
+
+	/// Returns an Err if the [`Self::source`] of this context does not allow
+	/// restricted commands to be executed.
+	///
+	/// This is intended to be placed at the start of restricted commands'
+	/// implementations, like so:
+	///
+	/// ```ignore
+	/// self.bail_restricted()?;
+	/// // actual command impl
+	/// ```
+	pub(crate) fn bail_restricted(&self) -> Result {
+		if self.source.allows_restricted() {
+			Ok(())
+		} else {
+			Err!("This command can only be used in the admin room.")
+		}
+	}
 }
--- a/src/admin/debug/commands.rs
+++ b/src/admin/debug/commands.rs
@@ -291,6 +291,8 @@ pub(super) async fn get_remote_pdu(

 #[admin_command]
 pub(super) async fn get_room_state(&self, room: OwnedRoomOrAliasId) -> Result {
+	self.bail_restricted()?;
+
 	let room_id = self.services.rooms.alias.resolve(&room).await?;
 	let room_state: Vec<Raw<AnyStateEvent>> = self
 		.services
@@ -417,27 +419,6 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)
 	Err!("No log level was specified.")
 }

-#[admin_command]
-pub(super) async fn sign_json(&self) -> Result {
-	if self.body.len() < 2
-		|| !self.body[0].trim().starts_with("```")
-		|| self.body.last().unwrap_or(&"").trim() != "```"
-	{
-		return Err!("Expected code block in command body. Add --help for details.");
-	}
-
-	let string = self.body[1..self.body.len().checked_sub(1).unwrap()].join("\n");
-	match serde_json::from_str(&string) {
-		| Err(e) => return Err!("Invalid json: {e}"),
-		| Ok(mut value) => {
-			self.services.server_keys.sign_json(&mut value)?;
-			let json_text = serde_json::to_string_pretty(&value)?;
-			write!(self, "{json_text}")
-		},
-	}
-	.await
-}
-
 #[admin_command]
 pub(super) async fn verify_json(&self) -> Result {
 	if self.body.len() < 2
@@ -475,8 +456,10 @@ pub(super) async fn verify_pdu(&self, event_id: OwnedEventId) -> Result {
 }

 #[admin_command]
-#[tracing::instrument(skip(self))]
+#[tracing::instrument(skip(self), level = "info")]
 pub(super) async fn first_pdu_in_room(&self, room_id: OwnedRoomId) -> Result {
+	self.bail_restricted()?;
+
 	if !self
 		.services
 		.rooms
@@ -500,8 +483,10 @@ pub(super) async fn first_pdu_in_room(&self, room_id: OwnedRoomId) -> Result {
 }

 #[admin_command]
-#[tracing::instrument(skip(self))]
+#[tracing::instrument(skip(self), level = "info")]
 pub(super) async fn latest_pdu_in_room(&self, room_id: OwnedRoomId) -> Result {
+	self.bail_restricted()?;
+
 	if !self
 		.services
 		.rooms
@@ -525,13 +510,15 @@ pub(super) async fn latest_pdu_in_room(&self, room_id: OwnedRoomId) -> Result {
 }

 #[admin_command]
-#[tracing::instrument(skip(self))]
+#[tracing::instrument(skip(self), level = "info")]
 pub(super) async fn force_set_room_state_from_server(
 	&self,
 	room_id: OwnedRoomId,
 	server_name: OwnedServerName,
 	at_event: Option<OwnedEventId>,
 ) -> Result {
+	self.bail_restricted()?;
+
 	if !self
 		.services
 		.rooms
--- a/src/admin/debug/mod.rs
+++ b/src/admin/debug/mod.rs
@@ -12,18 +12,18 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum DebugCommand {
-	/// - Echo input of admin command
+	/// Echo input of admin command
 	Echo {
 		message: Vec<String>,
 	},

-	/// - Get the auth_chain of a PDU
+	/// Get the auth_chain of a PDU
 	GetAuthChain {
 		/// An event ID (the $ character followed by the base64 reference hash)
 		event_id: OwnedEventId,
 	},

-	/// - Parse and print a PDU from a JSON
+	/// Parse and print a PDU from a JSON
 	///
 	/// The PDU event is only checked for validity and is not added to the
 	/// database.
@@ -32,13 +32,13 @@ pub enum DebugCommand {
 	/// the command.
 	ParsePdu,

-	/// - Retrieve and print a PDU by EventID from the Continuwuity database
+	/// Retrieve and print a PDU by EventID from the Continuwuity database
 	GetPdu {
 		/// An event ID (a $ followed by the base64 reference hash)
 		event_id: OwnedEventId,
 	},

-	/// - Retrieve and print a PDU by PduId from the Continuwuity database
+	/// Retrieve and print a PDU by PduId from the Continuwuity database
 	GetShortPdu {
 		/// Shortroomid integer
 		shortroomid: ShortRoomId,
@@ -47,9 +47,9 @@ pub enum DebugCommand {
 		shorteventid: ShortEventId,
 	},

-	/// - Attempts to retrieve a PDU from a remote server. Inserts it into our
-	///   database/timeline if found and we do not have this PDU already
-	///   (following normal event auth rules, handles it as an incoming PDU).
+	/// Attempts to retrieve a PDU from a remote server. **Does not** insert
+	///   it into the database
+	/// or persist it anywhere.
 	GetRemotePdu {
 		/// An event ID (a $ followed by the base64 reference hash)
 		event_id: OwnedEventId,
@@ -59,7 +59,7 @@ pub enum DebugCommand {
 		server: OwnedServerName,
 	},

-	/// - Same as `get-remote-pdu` but accepts a codeblock newline delimited
+	/// Same as `get-remote-pdu` but accepts a codeblock newline delimited
 	///   list of PDUs and a single server to fetch from
 	GetRemotePduList {
 		/// Argument for us to attempt to fetch all the events from the
@@ -71,7 +71,7 @@ pub enum DebugCommand {
 		force: bool,
 	},

-	/// - Gets all the room state events for the specified room.
+	/// Gets all the room state events for the specified room.
 	///
 	/// This is functionally equivalent to `GET
 	/// /_matrix/client/v3/rooms/{roomid}/state`, except the admin command does
@@ -86,7 +86,7 @@ pub enum DebugCommand {
 		room_id: OwnedRoomOrAliasId,
 	},

-	/// - Get and display signing keys from local cache or remote server.
+	/// Get and display signing keys from local cache or remote server.
 	GetSigningKeys {
 		server_name: Option<OwnedServerName>,

@@ -97,23 +97,23 @@ pub enum DebugCommand {
 		query: bool,
 	},

-	/// - Get and display signing keys from local cache or remote server.
+	/// Get and display signing keys from local cache or remote server.
 	GetVerifyKeys {
 		server_name: Option<OwnedServerName>,
 	},

-	/// - Sends a federation request to the remote server's
+	/// Sends a federation request to the remote server's
 	///   `/_matrix/federation/v1/version` endpoint and measures the latency it
 	///   took for the server to respond
 	Ping {
 		server: OwnedServerName,
 	},

-	/// - Forces device lists for all local and remote users to be updated (as
+	/// Forces device lists for all local and remote users to be updated (as
 	///   having new keys available)
 	ForceDeviceListUpdates,

-	/// - Change tracing log level/filter on the fly
+	/// Change tracing log level/filter on the fly
 	///
 	/// This accepts the same format as the `log` config option.
 	ChangeLogLevel {
@@ -125,40 +125,34 @@ pub enum DebugCommand {
 		reset: bool,
 	},

-	/// - Sign JSON blob
-	///
-	/// This command needs a JSON blob provided in a Markdown code block below
-	/// the command.
-	SignJson,
-
-	/// - Verify JSON signatures
+	/// Verify JSON signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	VerifyJson,

-	/// - Verify PDU
+	/// Verify PDU
 	///
 	/// This re-verifies a PDU existing in the database found by ID.
 	VerifyPdu {
 		event_id: OwnedEventId,
 	},

-	/// - Prints the very first PDU in the specified room (typically
+	/// Prints the very first PDU in the specified room (typically
 	///   m.room.create)
 	FirstPduInRoom {
 		/// The room ID
 		room_id: OwnedRoomId,
 	},

-	/// - Prints the latest ("last") PDU in the specified room (typically a
+	/// Prints the latest ("last") PDU in the specified room (typically a
 	///   message)
 	LatestPduInRoom {
 		/// The room ID
 		room_id: OwnedRoomId,
 	},

-	/// - Forcefully replaces the room state of our local copy of the specified
+	/// Forcefully replaces the room state of our local copy of the specified
 	///   room, with the copy (auth chain and room state events) the specified
 	///   remote server says.
 	///
@@ -182,7 +176,7 @@ pub enum DebugCommand {
 		event_id: Option<OwnedEventId>,
 	},

-	/// - Runs a server name through Continuwuity's true destination resolution
+	/// Runs a server name through Continuwuity's true destination resolution
 	///   process
 	///
 	/// Useful for debugging well-known issues
@@ -193,7 +187,7 @@ pub enum DebugCommand {
 		no_cache: bool,
 	},

-	/// - Print extended memory usage
+	/// Print extended memory usage
 	///
 	/// Optional argument is a character mask (a sequence of characters in any
 	/// order) which enable additional extended statistics. Known characters are
@@ -202,23 +196,23 @@ pub enum DebugCommand {
 		opts: Option<String>,
 	},

-	/// - Print general tokio runtime metric totals.
+	/// Print general tokio runtime metric totals.
 	RuntimeMetrics,

-	/// - Print detailed tokio runtime metrics accumulated since last command
+	/// Print detailed tokio runtime metrics accumulated since last command
 	///   invocation.
 	RuntimeInterval,

-	/// - Print the current time
+	/// Print the current time
 	Time,

-	/// - List dependencies
+	/// List dependencies
 	ListDependencies {
 		#[arg(short, long)]
 		names: bool,
 	},

-	/// - Get database statistics
+	/// Get database statistics
 	DatabaseStats {
 		property: Option<String>,

@@ -226,10 +220,10 @@ pub enum DebugCommand {
 		map: Option<String>,
 	},

-	/// - Trim memory usage
+	/// Trim memory usage
 	TrimMemory,

-	/// - List database files
+	/// List database files
 	DatabaseFiles {
 		map: Option<String>,

@@ -237,7 +231,7 @@ pub enum DebugCommand {
 		level: Option<i32>,
 	},

-	/// - Developer test stubs
+	/// Developer test stubs
 	#[command(subcommand)]
 	#[allow(non_snake_case)]
 	#[clap(hide(true))]
--- a/src/admin/federation/commands.rs
+++ b/src/admin/federation/commands.rs
@@ -8,12 +8,14 @@

 #[admin_command]
 pub(super) async fn disable_room(&self, room_id: OwnedRoomId) -> Result {
+	self.bail_restricted()?;
 	self.services.rooms.metadata.disable_room(&room_id, true);
 	self.write_str("Room disabled.").await
 }

 #[admin_command]
 pub(super) async fn enable_room(&self, room_id: OwnedRoomId) -> Result {
+	self.bail_restricted()?;
 	self.services.rooms.metadata.disable_room(&room_id, false);
 	self.write_str("Room enabled.").await
 }
--- a/src/admin/federation/mod.rs
+++ b/src/admin/federation/mod.rs
@@ -9,20 +9,20 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum FederationCommand {
-	/// - List all rooms we are currently handling an incoming pdu from
+	/// List all rooms we are currently handling an incoming pdu from
 	IncomingFederation,

-	/// - Disables incoming federation handling for a room.
+	/// Disables incoming federation handling for a room.
 	DisableRoom {
 		room_id: OwnedRoomId,
 	},

-	/// - Enables incoming federation handling for a room again.
+	/// Enables incoming federation handling for a room again.
 	EnableRoom {
 		room_id: OwnedRoomId,
 	},

-	/// - Fetch `/.well-known/matrix/support` from the specified server
+	/// Fetch `/.well-known/matrix/support` from the specified server
 	///
 	/// Despite the name, this is not a federation endpoint and does not go
 	/// through the federation / server resolution process as per-spec this is
@@ -35,7 +35,7 @@ pub enum FederationCommand {
 		server_name: OwnedServerName,
 	},

-	/// - Lists all the rooms we share/track with the specified *remote* user
+	/// Lists all the rooms we share/track with the specified *remote* user
 	RemoteUserInRooms {
 		user_id: OwnedUserId,
 	},
--- a/src/admin/media/commands.rs
+++ b/src/admin/media/commands.rs
@@ -16,6 +16,8 @@ pub(super) async fn delete(
 	mxc: Option<OwnedMxcUri>,
 	event_id: Option<OwnedEventId>,
 ) -> Result {
+	self.bail_restricted()?;
+
 	if event_id.is_some() && mxc.is_some() {
 		return Err!("Please specify either an MXC or an event ID, not both.",);
 	}
@@ -176,6 +178,8 @@ pub(super) async fn delete(

 #[admin_command]
 pub(super) async fn delete_list(&self) -> Result {
+	self.bail_restricted()?;
+
 	if self.body.len() < 2
 		|| !self.body[0].trim().starts_with("```")
 		|| self.body.last().unwrap_or(&"").trim() != "```"
@@ -231,6 +235,8 @@ pub(super) async fn delete_past_remote_media(
 	after: bool,
 	yes_i_want_to_delete_local_media: bool,
 ) -> Result {
+	self.bail_restricted()?;
+
 	if before && after {
 		return Err!("Please only pick one argument, --before or --after.",);
 	}
@@ -273,6 +279,8 @@ pub(super) async fn delete_all_from_server(
 	server_name: OwnedServerName,
 	yes_i_want_to_delete_local_media: bool,
 ) -> Result {
+	self.bail_restricted()?;
+
 	if server_name == self.services.globals.server_name() && !yes_i_want_to_delete_local_media {
 		return Err!("This command only works for remote media by default.",);
 	}
--- a/src/admin/media/mod.rs
+++ b/src/admin/media/mod.rs
@@ -10,20 +10,20 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum MediaCommand {
-	/// - Deletes a single media file from our database and on the filesystem
+	/// Deletes a single media file from our database and on the filesystem
 	///   via a single MXC URL or event ID (not redacted)
 	Delete {
 		/// The MXC URL to delete
 		#[arg(long)]
 		mxc: Option<OwnedMxcUri>,

-		/// - The message event ID which contains the media and thumbnail MXC
+		/// The message event ID which contains the media and thumbnail MXC
 		///   URLs
 		#[arg(long)]
 		event_id: Option<OwnedEventId>,
 	},

-	/// - Deletes a codeblock list of MXC URLs from our database and on the
+	/// Deletes a codeblock list of MXC URLs from our database and on the
 	///   filesystem. This will always ignore errors.
 	DeleteList,

@@ -40,33 +40,33 @@ pub enum MediaCommand {
 	///   * Delete all remote and local media from 3 days ago, up until now:
 	///
 	///     `!admin media delete-past-remote-media -a 3d
-	/// --yes-i-want-to-delete-local-media`
+	///-yes-i-want-to-delete-local-media`
 	#[command(verbatim_doc_comment)]
 	DeletePastRemoteMedia {
-		/// - The relative time (e.g. 30s, 5m, 7d) from now within which to
+		/// The relative time (e.g. 30s, 5m, 7d) from now within which to
 		///   search
 		duration: String,

-		/// - Only delete media created before [duration] ago
+		/// Only delete media created before [duration] ago
 		#[arg(long, short)]
 		before: bool,

-		/// - Only delete media created after [duration] ago
+		/// Only delete media created after [duration] ago
 		#[arg(long, short)]
 		after: bool,

-		/// - Long argument to additionally delete local media
+		/// Long argument to additionally delete local media
 		#[arg(long)]
 		yes_i_want_to_delete_local_media: bool,
 	},

-	/// - Deletes all the local media from a local user on our server. This will
+	/// Deletes all the local media from a local user on our server. This will
 	///   always ignore errors by default.
 	DeleteAllFromUser {
 		username: String,
 	},

-	/// - Deletes all remote media from the specified remote server. This will
+	/// Deletes all remote media from the specified remote server. This will
 	///   always ignore errors by default.
 	DeleteAllFromServer {
 		server_name: OwnedServerName,
--- a/src/admin/mod.rs
+++ b/src/admin/mod.rs
@@ -17,6 +17,7 @@
 pub(crate) mod query;
 pub(crate) mod room;
 pub(crate) mod server;
+pub(crate) mod token;
 pub(crate) mod user;

 extern crate conduwuit_api as api;
--- a/src/admin/processor.rs
+++ b/src/admin/processor.rs
@@ -37,7 +37,7 @@ pub(super) fn dispatch(services: Arc<Services>, command: CommandInput) -> Proces
 	Box::pin(handle_command(services, command))
 }

-#[tracing::instrument(skip_all, name = "admin")]
+#[tracing::instrument(skip_all, name = "admin", level = "info")]
 async fn handle_command(services: Arc<Services>, command: CommandInput) -> ProcessorResult {
 	AssertUnwindSafe(Box::pin(process_command(services, &command)))
 		.catch_unwind()
@@ -59,6 +59,7 @@ async fn process_command(services: Arc<Services>, input: &CommandInput) -> Proce
 		reply_id: input.reply_id.as_deref(),
 		sender: input.sender.as_deref(),
 		output: BufWriter::new(Vec::new()).into(),
+		source: input.source,
 	};

 	let (result, mut logs) = process(&context, command, &args).await;
--- a/src/admin/query/account_data.rs
+++ b/src/admin/query/account_data.rs
@@ -9,7 +9,7 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/account_data.rs
 pub enum AccountDataCommand {
-	/// - Returns all changes to the account data that happened after `since`.
+	/// Returns all changes to the account data that happened after `since`.
 	ChangesSince {
 		/// Full user ID
 		user_id: OwnedUserId,
@@ -19,7 +19,7 @@ pub enum AccountDataCommand {
 		room_id: Option<OwnedRoomId>,
 	},

-	/// - Searches the account data for a specific kind.
+	/// Searches the account data for a specific kind.
 	AccountDataGet {
 		/// Full user ID
 		user_id: OwnedUserId,
@@ -41,7 +41,7 @@ async fn changes_since(
 	let results: Vec<_> = self
 		.services
 		.account_data
-		.changes_since(room_id.as_deref(), &user_id, since, None)
+		.changes_since(room_id.as_deref(), &user_id, Some(since), None)
 		.collect()
 		.await;
 	let query_time = timer.elapsed();
--- a/src/admin/query/appservice.rs
+++ b/src/admin/query/appservice.rs
@@ -7,13 +7,13 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/appservice.rs
 pub enum AppserviceCommand {
-	/// - Gets the appservice registration info/details from the ID as a string
+	/// Gets the appservice registration info/details from the ID as a string
 	GetRegistration {
 		/// Appservice registration ID
 		appservice_id: String,
 	},

-	/// - Gets all appservice registrations with their ID and registration info
+	/// Gets all appservice registrations with their ID and registration info
 	All,
 }

--- a/src/admin/query/globals.rs
+++ b/src/admin/query/globals.rs
@@ -13,7 +13,7 @@ pub enum GlobalsCommand {

 	LastCheckForAnnouncementsId,

-	/// - This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
+	/// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
 	///   for the server.
 	SigningKeysFor {
 		origin: OwnedServerName,
--- a/src/admin/query/mod.rs
+++ b/src/admin/query/mod.rs
@@ -28,55 +28,55 @@
 #[derive(Debug, Subcommand)]
 /// Query tables from database
 pub enum QueryCommand {
-	/// - account_data.rs iterators and getters
+	/// account_data.rs iterators and getters
 	#[command(subcommand)]
 	AccountData(AccountDataCommand),

-	/// - appservice.rs iterators and getters
+	/// appservice.rs iterators and getters
 	#[command(subcommand)]
 	Appservice(AppserviceCommand),

-	/// - presence.rs iterators and getters
+	/// presence.rs iterators and getters
 	#[command(subcommand)]
 	Presence(PresenceCommand),

-	/// - rooms/alias.rs iterators and getters
+	/// rooms/alias.rs iterators and getters
 	#[command(subcommand)]
 	RoomAlias(RoomAliasCommand),

-	/// - rooms/state_cache iterators and getters
+	/// rooms/state_cache iterators and getters
 	#[command(subcommand)]
 	RoomStateCache(RoomStateCacheCommand),

-	/// - rooms/timeline iterators and getters
+	/// rooms/timeline iterators and getters
 	#[command(subcommand)]
 	RoomTimeline(RoomTimelineCommand),

-	/// - globals.rs iterators and getters
+	/// globals.rs iterators and getters
 	#[command(subcommand)]
 	Globals(GlobalsCommand),

-	/// - sending.rs iterators and getters
+	/// sending.rs iterators and getters
 	#[command(subcommand)]
 	Sending(SendingCommand),

-	/// - users.rs iterators and getters
+	/// users.rs iterators and getters
 	#[command(subcommand)]
 	Users(UsersCommand),

-	/// - resolver service
+	/// resolver service
 	#[command(subcommand)]
 	Resolver(ResolverCommand),

-	/// - pusher service
+	/// pusher service
 	#[command(subcommand)]
 	Pusher(PusherCommand),

-	/// - short service
+	/// short service
 	#[command(subcommand)]
 	Short(ShortCommand),

-	/// - raw service
+	/// raw service
 	#[command(subcommand)]
 	Raw(RawCommand),
 }
--- a/src/admin/query/presence.rs
+++ b/src/admin/query/presence.rs
@@ -8,13 +8,13 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/presence.rs
 pub enum PresenceCommand {
-	/// - Returns the latest presence event for the given user.
+	/// Returns the latest presence event for the given user.
 	GetPresence {
 		/// Full user ID
 		user_id: OwnedUserId,
 	},

-	/// - Iterator of the most recent presence updates that happened after the
+	/// Iterator of the most recent presence updates that happened after the
 	///   event with id `since`.
 	PresenceSince {
 		/// UNIX timestamp since (u64)
--- a/src/admin/query/pusher.rs
+++ b/src/admin/query/pusher.rs
@@ -6,7 +6,7 @@

 #[derive(Debug, Subcommand)]
 pub enum PusherCommand {
-	/// - Returns all the pushers for the user.
+	/// Returns all the pushers for the user.
 	GetPushers {
 		/// Full user ID
 		user_id: OwnedUserId,
--- a/src/admin/query/raw.rs
+++ b/src/admin/query/raw.rs
@@ -20,10 +20,10 @@
 #[allow(clippy::enum_variant_names)]
 /// Query tables from database
 pub enum RawCommand {
-	/// - List database maps
+	/// List database maps
 	RawMaps,

-	/// - Raw database query
+	/// Raw database query
 	RawGet {
 		/// Map name
 		map: String,
@@ -32,7 +32,7 @@ pub enum RawCommand {
 		key: String,
 	},

-	/// - Raw database delete (for string keys)
+	/// Raw database delete (for string keys)
 	RawDel {
 		/// Map name
 		map: String,
@@ -41,7 +41,7 @@ pub enum RawCommand {
 		key: String,
 	},

-	/// - Raw database keys iteration
+	/// Raw database keys iteration
 	RawKeys {
 		/// Map name
 		map: String,
@@ -50,7 +50,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Raw database key size breakdown
+	/// Raw database key size breakdown
 	RawKeysSizes {
 		/// Map name
 		map: Option<String>,
@@ -59,7 +59,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Raw database keys total bytes
+	/// Raw database keys total bytes
 	RawKeysTotal {
 		/// Map name
 		map: Option<String>,
@@ -68,7 +68,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Raw database values size breakdown
+	/// Raw database values size breakdown
 	RawValsSizes {
 		/// Map name
 		map: Option<String>,
@@ -77,7 +77,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Raw database values total bytes
+	/// Raw database values total bytes
 	RawValsTotal {
 		/// Map name
 		map: Option<String>,
@@ -86,7 +86,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Raw database items iteration
+	/// Raw database items iteration
 	RawIter {
 		/// Map name
 		map: String,
@@ -95,7 +95,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Raw database keys iteration
+	/// Raw database keys iteration
 	RawKeysFrom {
 		/// Map name
 		map: String,
@@ -108,7 +108,7 @@ pub enum RawCommand {
 		limit: Option<usize>,
 	},

-	/// - Raw database items iteration
+	/// Raw database items iteration
 	RawIterFrom {
 		/// Map name
 		map: String,
@@ -121,7 +121,7 @@ pub enum RawCommand {
 		limit: Option<usize>,
 	},

-	/// - Raw database record count
+	/// Raw database record count
 	RawCount {
 		/// Map name
 		map: Option<String>,
@@ -130,7 +130,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},

-	/// - Compact database
+	/// Compact database
 	Compact {
 		#[arg(short, long, alias("column"))]
 		map: Option<Vec<String>>,
--- a/src/admin/query/room_alias.rs
+++ b/src/admin/query/room_alias.rs
@@ -13,13 +13,13 @@ pub enum RoomAliasCommand {
 		alias: OwnedRoomAliasId,
 	},

-	/// - Iterator of all our local room aliases for the room ID
+	/// Iterator of all our local room aliases for the room ID
 	LocalAliasesForRoom {
 		/// Full room ID
 		room_id: OwnedRoomId,
 	},

-	/// - Iterator of all our local aliases in our database with their room IDs
+	/// Iterator of all our local aliases in our database with their room IDs
 	AllLocalAliases,
 }

--- a/src/admin/query/room_timeline.rs
+++ b/src/admin/query/room_timeline.rs
@@ -31,7 +31,7 @@ pub(super) async fn last(&self, room_id: OwnedRoomOrAliasId) -> Result {
 		.services
 		.rooms
 		.timeline
-		.last_timeline_count(None, &room_id)
+		.last_timeline_count(&room_id)
 		.await?;

 	self.write_str(&format!("{result:#?}")).await
@@ -52,7 +52,7 @@ pub(super) async fn pdus(
 		.services
 		.rooms
 		.timeline
-		.pdus_rev(None, &room_id, from)
+		.pdus_rev(&room_id, from)
 		.try_take(limit.unwrap_or(3))
 		.try_collect()
 		.await?;
--- a/src/admin/query/sending.rs
+++ b/src/admin/query/sending.rs
@@ -9,10 +9,10 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/sending.rs
 pub enum SendingCommand {
-	/// - Queries database for all `servercurrentevent_data`
+	/// Queries database for all `servercurrentevent_data`
 	ActiveRequests,

-	/// - Queries database for `servercurrentevent_data` but for a specific
+	/// Queries database for `servercurrentevent_data` but for a specific
 	///   destination
 	///
 	/// This command takes only *one* format of these arguments:
@@ -34,7 +34,7 @@ pub enum SendingCommand {
 		push_key: Option<String>,
 	},

-	/// - Queries database for `servernameevent_data` which are the queued up
+	/// Queries database for `servernameevent_data` which are the queued up
 	///   requests that will eventually be sent
 	///
 	/// This command takes only *one* format of these arguments:
--- a/src/admin/room/alias.rs
+++ b/src/admin/room/alias.rs
@@ -9,7 +9,7 @@

 #[derive(Debug, Subcommand)]
 pub enum RoomAliasCommand {
-	/// - Make an alias point to a room.
+	/// Make an alias point to a room.
 	Set {
 		#[arg(short, long)]
 		/// Set the alias even if a room is already using it
@@ -22,20 +22,20 @@ pub enum RoomAliasCommand {
 		room_alias_localpart: String,
 	},

-	/// - Remove a local alias
+	/// Remove a local alias
 	Remove {
 		/// The alias localpart to remove (`alias`, not `#alias:servername.tld`)
 		room_alias_localpart: String,
 	},

-	/// - Show which room is using an alias
+	/// Show which room is using an alias
 	Which {
 		/// The alias localpart to look up (`alias`, not
 		/// `#alias:servername.tld`)
 		room_alias_localpart: String,
 	},

-	/// - List aliases currently being used
+	/// List aliases currently being used
 	List {
 		/// If set, only list the aliases for this room
 		room_id: Option<OwnedRoomId>,
--- a/src/admin/room/directory.rs
+++ b/src/admin/room/directory.rs
@@ -7,19 +7,19 @@

 #[derive(Debug, Subcommand)]
 pub enum RoomDirectoryCommand {
-	/// - Publish a room to the room directory
+	/// Publish a room to the room directory
 	Publish {
 		/// The room id of the room to publish
 		room_id: OwnedRoomId,
 	},

-	/// - Unpublish a room to the room directory
+	/// Unpublish a room to the room directory
 	Unpublish {
 		/// The room id of the room to unpublish
 		room_id: OwnedRoomId,
 	},

-	/// - List rooms that are published
+	/// List rooms that are published
 	List {
 		page: Option<usize>,
 	},
--- a/src/admin/room/info.rs
+++ b/src/admin/room/info.rs
@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum RoomInfoCommand {
-	/// - List joined members in a room
+	/// List joined members in a room
 	ListJoinedMembers {
 		room_id: OwnedRoomId,

@@ -17,7 +17,7 @@ pub enum RoomInfoCommand {
 		local_only: bool,
 	},

-	/// - Displays room topic
+	/// Displays room topic
 	///
 	/// Room topics can be huge, so this is in its
 	/// own separate command
--- a/src/admin/room/mod.rs
+++ b/src/admin/room/mod.rs
@@ -17,7 +17,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum RoomCommand {
-	/// - List all rooms the server knows about
+	/// List all rooms the server knows about
 	#[clap(alias = "list")]
 	ListRooms {
 		page: Option<usize>,
@@ -37,22 +37,22 @@ pub enum RoomCommand {
 	},

 	#[command(subcommand)]
-	/// - View information about a room we know about
+	/// View information about a room we know about
 	Info(RoomInfoCommand),

 	#[command(subcommand)]
-	/// - Manage moderation of remote or local rooms
+	/// Manage moderation of remote or local rooms
 	Moderation(RoomModerationCommand),

 	#[command(subcommand)]
-	/// - Manage rooms' aliases
+	/// Manage rooms' aliases
 	Alias(RoomAliasCommand),

 	#[command(subcommand)]
-	/// - Manage the room directory
+	/// Manage the room directory
 	Directory(RoomDirectoryCommand),

-	/// - Check if we know about a room
+	/// Check if we know about a room
 	Exists {
 		room_id: OwnedRoomId,
 	},
--- a/src/admin/room/moderation.rs
+++ b/src/admin/room/moderation.rs
@@ -13,7 +13,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum RoomModerationCommand {
-	/// - Bans a room from local users joining and evicts all our local users
+	/// Bans a room from local users joining and evicts all our local users
 	///   (including server
 	/// admins)
 	///   from the room. Also blocks any invites (local and remote) for the
@@ -24,19 +24,19 @@ pub enum RoomModerationCommand {
 		room: OwnedRoomOrAliasId,
 	},

-	/// - Bans a list of rooms (room IDs and room aliases) from a newline
+	/// Bans a list of rooms (room IDs and room aliases) from a newline
 	///   delimited codeblock similar to `user deactivate-all`. Applies the same
 	///   steps as ban-room
 	BanListOfRooms,

-	/// - Unbans a room to allow local users to join again
+	/// Unbans a room to allow local users to join again
 	UnbanRoom {
 		/// The room in the format of `!roomid:example.com` or a room alias in
 		/// the format of `#roomalias:example.com`
 		room: OwnedRoomOrAliasId,
 	},

-	/// - List of all rooms we have banned
+	/// List of all rooms we have banned
 	ListBannedRooms {
 		#[arg(long)]
 		/// Whether to only output room IDs without supplementary room
@@ -98,7 +98,7 @@ async fn ban_room(&self, room: OwnedRoomOrAliasId) -> Result {
 		{
 			| Ok((room_id, servers)) => {
 				debug!(
-					?room_id,
+					%room_id,
 					?servers,
 					"Got federation response fetching room ID for room {room}"
 				);
@@ -240,7 +240,7 @@ async fn ban_list_of_rooms(&self) -> Result {
 									{
 										| Ok((room_id, servers)) => {
 											debug!(
-												?room_id,
+												%room_id,
 												?servers,
 												"Got federation response fetching room ID for \
 												 {room}",
@@ -397,7 +397,7 @@ async fn unban_room(&self, room: OwnedRoomOrAliasId) -> Result {
 				{
 					| Ok((room_id, servers)) => {
 						debug!(
-							?room_id,
+							%room_id,
 							?servers,
 							"Got federation response fetching room ID for room {room}"
 						);
--- a/src/admin/server/commands.rs
+++ b/src/admin/server/commands.rs
@@ -24,16 +24,39 @@ pub(super) async fn uptime(&self) -> Result {

 #[admin_command]
 pub(super) async fn show_config(&self) -> Result {
+	self.bail_restricted()?;
+
 	self.write_str(&format!("{}", *self.services.server.config))
 		.await
 }

 #[admin_command]
 pub(super) async fn reload_config(&self, path: Option<PathBuf>) -> Result {
-	let path = path.as_deref().into_iter();
-	self.services.config.reload(path)?;
+	// The path argument is only what's optionally passed via the admin command,
+	// so we need to merge it with the existing paths if any were given at startup.
+	let mut paths = Vec::new();

-	self.write_str("Successfully reconfigured.").await
+	// Add previously saved paths to the argument list
+	self.services
+		.config
+		.config_paths
+		.clone()
+		.unwrap_or_default()
+		.iter()
+		.for_each(|p| paths.push(p.to_owned()));
+
+	// If a path is given, and it's not already in the list,
+	// add it last, so that it overrides earlier files
+	if let Some(p) = path {
+		if !paths.contains(&p) {
+			paths.push(p);
+		}
+	}
+
+	self.services.config.reload(&paths)?;
+
+	self.write_str(&format!("Successfully reconfigured from paths: {paths:?}"))
+		.await
 }

 #[admin_command]
@@ -97,6 +120,8 @@ pub(super) async fn list_backups(&self) -> Result {

 #[admin_command]
 pub(super) async fn backup_database(&self) -> Result {
+	self.bail_restricted()?;
+
 	let db = Arc::clone(&self.services.db);
 	let result = self
 		.services
@@ -123,6 +148,8 @@ pub(super) async fn admin_notice(&self, message: Vec<String>) -> Result {

 #[admin_command]
 pub(super) async fn reload_mods(&self) -> Result {
+	self.bail_restricted()?;
+
 	self.services.server.reload()?;

 	self.write_str("Reloading server...").await
@@ -147,6 +174,8 @@ pub(super) async fn restart(&self, force: bool) -> Result {

 #[admin_command]
 pub(super) async fn shutdown(&self) -> Result {
+	self.bail_restricted()?;
+
 	warn!("shutdown command");
 	self.services.server.shutdown()?;

--- a/src/admin/server/mod.rs
+++ b/src/admin/server/mod.rs
@@ -10,18 +10,18 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum ServerCommand {
-	/// - Time elapsed since startup
+	/// Time elapsed since startup
 	Uptime,

-	/// - Show configuration values
+	/// Show configuration values
 	ShowConfig,

-	/// - Reload configuration values
+	/// Reload configuration values
 	ReloadConfig {
 		path: Option<PathBuf>,
 	},

-	/// - List the features built into the server
+	/// List the features built into the server
 	ListFeatures {
 		#[arg(short, long)]
 		available: bool,
@@ -33,35 +33,35 @@ pub enum ServerCommand {
 		comma: bool,
 	},

-	/// - Print database memory usage statistics
+	/// Print database memory usage statistics
 	MemoryUsage,

-	/// - Clears all of Continuwuity's caches
+	/// Clears all of Continuwuity's caches
 	ClearCaches,

-	/// - Performs an online backup of the database (only available for RocksDB
+	/// Performs an online backup of the database (only available for RocksDB
 	///   at the moment)
 	BackupDatabase,

-	/// - List database backups
+	/// List database backups
 	ListBackups,

-	/// - Send a message to the admin room.
+	/// Send a message to the admin room.
 	AdminNotice {
 		message: Vec<String>,
 	},

-	/// - Hot-reload the server
+	/// Hot-reload the server
 	#[clap(alias = "reload")]
 	ReloadMods,

 	#[cfg(unix)]
-	/// - Restart the server
+	/// Restart the server
 	Restart {
 		#[arg(short, long)]
 		force: bool,
 	},

-	/// - Shutdown the server
+	/// Shutdown the server
 	Shutdown,
 }
--- a/src/admin/token/commands.rs
+++ b/src/admin/token/commands.rs
@@ -0,0 +1,76 @@
+use conduwuit::{Err, Result, utils};
+use conduwuit_macros::admin_command;
+use futures::StreamExt;
+use service::registration_tokens::TokenExpires;
+
+#[admin_command]
+pub(super) async fn issue_token(&self, expires: super::TokenExpires) -> Result {
+	let expires = {
+		if expires.immortal {
+			None
+		} else if let Some(max_uses) = expires.max_uses {
+			Some(TokenExpires::AfterUses(max_uses))
+		} else if expires.once {
+			Some(TokenExpires::AfterUses(1))
+		} else if let Some(max_age) = expires
+			.max_age
+			.as_deref()
+			.map(|max_age| utils::time::timepoint_from_now(utils::time::parse_duration(max_age)?))
+			.transpose()?
+		{
+			Some(TokenExpires::AfterTime(max_age))
+		} else {
+			unreachable!();
+		}
+	};
+
+	let (token, info) = self
+		.services
+		.registration_tokens
+		.issue_token(self.sender_or_service_user().into(), expires);
+
+	self.write_str(&format!(
+		"New registration token issued: `{token}`. {}.",
+		if let Some(expires) = info.expires {
+			format!("{expires}")
+		} else {
+			"Never expires".to_owned()
+		}
+	))
+	.await
+}
+
+#[admin_command]
+pub(super) async fn revoke_token(&self, token: String) -> Result {
+	let Some(token) = self
+		.services
+		.registration_tokens
+		.validate_token(token)
+		.await
+	else {
+		return Err!("This token does not exist or has already expired.");
+	};
+
+	self.services.registration_tokens.revoke_token(token)?;
+
+	self.write_str("Token revoked successfully.").await
+}
+
+#[admin_command]
+pub(super) async fn list_tokens(&self) -> Result {
+	let tokens: Vec<_> = self
+		.services
+		.registration_tokens
+		.iterate_tokens()
+		.collect()
+		.await;
+
+	self.write_str(&format!("Found {} registration tokens:\n", tokens.len()))
+		.await?;
+
+	for token in tokens {
+		self.write_str(&format!("- {token}\n")).await?;
+	}
+
+	Ok(())
+}
--- a/src/admin/token/mod.rs
+++ b/src/admin/token/mod.rs
@@ -0,0 +1,51 @@
+mod commands;
+
+use clap::{Args, Subcommand};
+use conduwuit::Result;
+
+use crate::admin_command_dispatch;
+
+#[admin_command_dispatch]
+#[derive(Debug, Subcommand)]
+pub enum TokenCommand {
+	/// Issue a new registration token
+	#[clap(name = "issue")]
+	IssueToken {
+		/// When this token will expire.
+		#[command(flatten)]
+		expires: TokenExpires,
+	},
+
+	/// Revoke a registration token
+	#[clap(name = "revoke")]
+	RevokeToken {
+		/// The token to revoke.
+		token: String,
+	},
+
+	/// List all registration tokens
+	#[clap(name = "list")]
+	ListTokens,
+}
+
+#[derive(Debug, Args)]
+#[group(required = true, multiple = false)]
+pub struct TokenExpires {
+	/// The maximum number of times this token is allowed to be used before it
+	/// expires.
+	#[arg(long)]
+	max_uses: Option<u64>,
+
+	/// The maximum age of this token (e.g. 30s, 5m, 7d). It will expire after
+	/// this much time has passed.
+	#[arg(long)]
+	max_age: Option<String>,
+
+	/// This token will never expire.
+	#[arg(long)]
+	immortal: bool,
+
+	/// A shortcut for `--max-uses 1`.
+	#[arg(long)]
+	once: bool,
+}
--- a/src/admin/user/commands.rs
+++ b/src/admin/user/commands.rs
@@ -1,4 +1,7 @@
-use std::{collections::BTreeMap, fmt::Write as _};
+use std::{
+	collections::{BTreeMap, HashSet},
+	fmt::Write as _,
+};

 use api::client::{
 	full_user_deactivate, join_room_by_id_helper, leave_all_rooms, leave_room, remote_leave_room,
@@ -12,7 +15,7 @@
 };
 use futures::{FutureExt, StreamExt};
 use ruma::{
-	OwnedEventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedUserId, UserId,
+	OwnedEventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedServerName, OwnedUserId, UserId,
 	events::{
 		RoomAccountDataEventType, StateEventType,
 		room::{
@@ -235,6 +238,7 @@ pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) ->

 #[admin_command]
 pub(super) async fn suspend(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
 	let user_id = parse_local_user_id(self.services, &user_id)?;

 	if user_id == self.services.globals.server_user {
@@ -259,6 +263,7 @@ pub(super) async fn suspend(&self, user_id: String) -> Result {

 #[admin_command]
 pub(super) async fn unsuspend(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
 	let user_id = parse_local_user_id(self.services, &user_id)?;

 	if user_id == self.services.globals.server_user {
@@ -275,7 +280,12 @@ pub(super) async fn unsuspend(&self, user_id: String) -> Result {
 }

 #[admin_command]
-pub(super) async fn reset_password(&self, username: String, password: Option<String>) -> Result {
+pub(super) async fn reset_password(
+	&self,
+	logout: bool,
+	username: String,
+	password: Option<String>,
+) -> Result {
 	let user_id = parse_local_user_id(self.services, &username)?;

 	if user_id == self.services.globals.server_user {
@@ -298,7 +308,18 @@ pub(super) async fn reset_password(&self, username: String, password: Option<Str
 			write!(self, "Successfully reset the password for user {user_id}: `{new_password}`")
 		},
 	}
-	.await
+	.await?;
+
+	if logout {
+		self.services
+			.users
+			.all_device_ids(&user_id)
+			.for_each(|device_id| self.services.users.remove_device(&user_id, device_id))
+			.await;
+		write!(self, "\nAll existing sessions have been logged out.").await?;
+	}
+
+	Ok(())
 }

 #[admin_command]
@@ -458,9 +479,11 @@ pub(super) async fn force_join_list_of_local_users(
 		);
 	}

-	let Ok(admin_room) = self.services.admin.get_admin_room().await else {
-		return Err!("There is not an admin room to check for server admins.",);
-	};
+	let server_admins = self.services.admin.get_admins().await;
+
+	if server_admins.is_empty() {
+		return Err!("There are no admins set for this server.");
+	}

 	let (room_id, servers) = self
 		.services
@@ -479,15 +502,6 @@ pub(super) async fn force_join_list_of_local_users(
 		return Err!("We are not joined in this room.");
 	}

-	let server_admins: Vec<_> = self
-		.services
-		.rooms
-		.state_cache
-		.active_local_users_in_room(&admin_room)
-		.map(ToOwned::to_owned)
-		.collect()
-		.await;
-
 	if !self
 		.services
 		.rooms
@@ -580,9 +594,11 @@ pub(super) async fn force_join_all_local_users(
 		);
 	}

-	let Ok(admin_room) = self.services.admin.get_admin_room().await else {
-		return Err!("There is not an admin room to check for server admins.",);
-	};
+	let server_admins = self.services.admin.get_admins().await;
+
+	if server_admins.is_empty() {
+		return Err!("There are no admins set for this server.");
+	}

 	let (room_id, servers) = self
 		.services
@@ -601,15 +617,6 @@ pub(super) async fn force_join_all_local_users(
 		return Err!("We are not joined in this room.");
 	}

-	let server_admins: Vec<_> = self
-		.services
-		.rooms
-		.state_cache
-		.active_local_users_in_room(&admin_room)
-		.map(ToOwned::to_owned)
-		.collect()
-		.await;
-
 	if !self
 		.services
 		.rooms
@@ -950,23 +957,148 @@ pub(super) async fn force_leave_remote_room(
 	&self,
 	user_id: String,
 	room_id: OwnedRoomOrAliasId,
+	via: Option<String>,
 ) -> Result {
 	let user_id = parse_local_user_id(self.services, &user_id)?;
-	let (room_id, _) = self
+	let (room_id, vias_raw) = self
 		.services
 		.rooms
 		.alias
-		.resolve_with_servers(&room_id, None)
+		.resolve_with_servers(
+			&room_id,
+			if let Some(v) = via.clone() {
+				Some(vec![OwnedServerName::parse(v)?])
+			} else {
+				None
+			},
+		)
 		.await?;

 	assert!(
 		self.services.globals.user_is_local(&user_id),
 		"Parsed user_id must be a local user"
 	);
-	remote_leave_room(self.services, &user_id, &room_id, None)
+	let mut vias: HashSet<OwnedServerName> = HashSet::new();
+	if let Some(via) = via {
+		vias.insert(OwnedServerName::parse(via)?);
+	}
+	for server in vias_raw {
+		vias.insert(server);
+	}
+	remote_leave_room(self.services, &user_id, &room_id, None, vias)
 		.boxed()
 		.await?;

-	self.write_str(&format!("{user_id} has been joined to {room_id}.",))
+	self.write_str(&format!("{user_id} successfully left {room_id} via remote server."))
 		.await
 }
+
+#[admin_command]
+pub(super) async fn lock(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
+	let user_id = parse_local_user_id(self.services, &user_id)?;
+	assert!(
+		self.services.globals.user_is_local(&user_id),
+		"Parsed user_id must be a local user"
+	);
+	if user_id == self.services.globals.server_user {
+		return Err!("Not allowed to lock the server service account.",);
+	}
+
+	if !self.services.users.exists(&user_id).await {
+		return Err!("User {user_id} does not exist.");
+	}
+	if self.services.users.is_admin(&user_id).await {
+		return Err!("Admin users cannot be locked.");
+	}
+	self.services
+		.users
+		.lock_account(&user_id, self.sender_or_service_user())
+		.await;
+
+	self.write_str(&format!("User {user_id} has been locked."))
+		.await
+}
+
+#[admin_command]
+pub(super) async fn unlock(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
+	let user_id = parse_local_user_id(self.services, &user_id)?;
+	assert!(
+		self.services.globals.user_is_local(&user_id),
+		"Parsed user_id must be a local user"
+	);
+	self.services.users.unlock_account(&user_id).await;
+
+	self.write_str(&format!("User {user_id} has been unlocked."))
+		.await
+}
+
+#[admin_command]
+pub(super) async fn logout(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
+	let user_id = parse_local_user_id(self.services, &user_id)?;
+	assert!(
+		self.services.globals.user_is_local(&user_id),
+		"Parsed user_id must be a local user"
+	);
+	if user_id == self.services.globals.server_user {
+		return Err!("Not allowed to log out the server service account.",);
+	}
+
+	if !self.services.users.exists(&user_id).await {
+		return Err!("User {user_id} does not exist.");
+	}
+	if self.services.users.is_admin(&user_id).await {
+		return Err!("You cannot forcefully log out admin users.");
+	}
+	self.services
+		.users
+		.all_device_ids(&user_id)
+		.for_each(|device_id| self.services.users.remove_device(&user_id, device_id))
+		.await;
+	self.write_str(&format!("User {user_id} has been logged out from all devices."))
+		.await
+}
+
+#[admin_command]
+pub(super) async fn disable_login(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
+	let user_id = parse_local_user_id(self.services, &user_id)?;
+	assert!(
+		self.services.globals.user_is_local(&user_id),
+		"Parsed user_id must be a local user"
+	);
+	if user_id == self.services.globals.server_user {
+		return Err!("Not allowed to disable login for the server service account.",);
+	}
+
+	if !self.services.users.exists(&user_id).await {
+		return Err!("User {user_id} does not exist.");
+	}
+	if self.services.users.is_admin(&user_id).await {
+		return Err!("Admin users cannot have their login disallowed.");
+	}
+	self.services.users.disable_login(&user_id);
+
+	self.write_str(&format!(
+		"{user_id} can no longer log in. Their existing sessions remain unaffected."
+	))
+	.await
+}
+
+#[admin_command]
+pub(super) async fn enable_login(&self, user_id: String) -> Result {
+	self.bail_restricted()?;
+	let user_id = parse_local_user_id(self.services, &user_id)?;
+	assert!(
+		self.services.globals.user_is_local(&user_id),
+		"Parsed user_id must be a local user"
+	);
+	if !self.services.users.exists(&user_id).await {
+		return Err!("User {user_id} does not exist.");
+	}
+	self.services.users.enable_login(&user_id);
+
+	self.write_str(&format!("{user_id} can now log in.")).await
+}
--- a/src/admin/user/mod.rs
+++ b/src/admin/user/mod.rs
@@ -9,7 +9,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum UserCommand {
-	/// - Create a new user
+	/// Create a new user
 	#[clap(alias = "create")]
 	CreateUser {
 		/// Username of the new user
@@ -18,15 +18,18 @@ pub enum UserCommand {
 		password: Option<String>,
 	},

-	/// - Reset user password
+	/// Reset user password
 	ResetPassword {
+		/// Log out existing sessions
+		#[arg(short, long)]
+		logout: bool,
 		/// Username of the user for whom the password should be reset
 		username: String,
 		/// New password for the user, if unspecified one is generated
 		password: Option<String>,
 	},

-	/// - Deactivate a user
+	/// Deactivate a user
 	///
 	/// User will be removed from all rooms by default.
 	/// Use --no-leave-rooms to not leave all rooms by default.
@@ -36,7 +39,7 @@ pub enum UserCommand {
 		user_id: String,
 	},

-	/// - Deactivate a list of users
+	/// Deactivate a list of users
 	///
 	/// Recommended to use in conjunction with list-local-users.
 	///
@@ -59,7 +62,19 @@ pub enum UserCommand {
 		force: bool,
 	},

-	/// - Suspend a user
+	/// Forcefully log a user out of all of their devices.
+	///
+	/// This will invalidate all access tokens for the specified user,
+	/// effectively logging them out from all sessions.
+	/// Note that this is destructive and may result in data loss for the user,
+	/// such as encryption keys. Use with caution. Can only be used in the admin
+	/// room.
+	Logout {
+		/// Username of the user to log out
+		user_id: String,
+	},
+
+	/// Suspend a user
 	///
 	/// Suspended users are able to log in, sync, and read messages, but are not
 	/// able to send events nor redact them, cannot change their profile, and
@@ -72,7 +87,7 @@ pub enum UserCommand {
 		user_id: String,
 	},

-	/// - Unsuspend a user
+	/// Unsuspend a user
 	///
 	/// Reverses the effects of the `suspend` command, allowing the user to send
 	/// messages, change their profile, create room invites, etc.
@@ -81,47 +96,84 @@ pub enum UserCommand {
 		user_id: String,
 	},

-	/// - List local users in the database
+	/// Lock a user
+	///
+	/// Locked users are unable to use their accounts beyond logging out. This
+	/// is akin to a temporary deactivation that does not change the user's
+	/// password. This can be used to quickly prevent a user from accessing
+	/// their account.
+	Lock {
+		/// Username of the user to lock
+		user_id: String,
+	},
+
+	/// Unlock a user
+	///
+	/// Reverses the effects of the `lock` command, allowing the user to use
+	/// their account again.
+	Unlock {
+		/// Username of the user to unlock
+		user_id: String,
+	},
+
+	/// Enable login for a user
+	EnableLogin {
+		/// Username of the user to enable login for
+		user_id: String,
+	},
+
+	/// Disable login for a user
+	///
+	/// Disables login for the specified user without deactivating or locking
+	/// their account. This prevents the user from obtaining new access tokens,
+	/// but does not invalidate existing sessions.
+	DisableLogin {
+		/// Username of the user to disable login for
+		user_id: String,
+	},
+
+	/// List local users in the database
 	#[clap(alias = "list")]
 	ListUsers,

-	/// - Lists all the rooms (local and remote) that the specified user is
+	/// Lists all the rooms (local and remote) that the specified user is
 	///   joined in
 	ListJoinedRooms {
 		user_id: String,
 	},

-	/// - Manually join a local user to a room.
+	/// Manually join a local user to a room.
 	ForceJoinRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 	},

-	/// - Manually leave a local user from a room.
+	/// Manually leave a local user from a room.
 	ForceLeaveRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 	},

-	/// - Manually leave a remote room for a local user.
+	/// Manually leave a remote room for a local user.
 	ForceLeaveRemoteRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
+		via: Option<String>,
 	},

-	/// - Forces the specified user to drop their power levels to the room
+	/// Forces the specified user to drop their power levels to the room
 	///   default, if their permissions allow and the auth check permits
 	ForceDemote {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 	},

-	/// - Grant server-admin privileges to a user.
+	/// Grant server-admin privileges to a user.
 	MakeUserAdmin {
 		user_id: String,
 	},

-	/// - Puts a room tag for the specified user and room ID.
+	/// Puts a room tag for the specified user and room ID.
 	///
 	/// This is primarily useful if you'd like to set your admin room
 	/// to the special "System Alerts" section in Element as a way to
@@ -134,20 +186,20 @@ pub enum UserCommand {
 		tag: String,
 	},

-	/// - Deletes the room tag for the specified user and room ID
+	/// Deletes the room tag for the specified user and room ID
 	DeleteRoomTag {
 		user_id: String,
 		room_id: OwnedRoomId,
 		tag: String,
 	},

-	/// - Gets all the room tags for the specified user and room ID
+	/// Gets all the room tags for the specified user and room ID
 	GetRoomTags {
 		user_id: String,
 		room_id: OwnedRoomId,
 	},

-	/// - Attempts to forcefully redact the specified event ID from the sender
+	/// Attempts to forcefully redact the specified event ID from the sender
 	///   user
 	///
 	/// This is only valid for local users
@@ -155,7 +207,7 @@ pub enum UserCommand {
 		event_id: OwnedEventId,
 	},

-	/// - Force joins a specified list of local users to join the specified
+	/// Force joins a specified list of local users to join the specified
 	///   room.
 	///
 	/// Specify a codeblock of usernames.
@@ -170,7 +222,7 @@ pub enum UserCommand {
 		yes_i_want_to_do_this: bool,
 	},

-	/// - Force joins all local users to the specified room.
+	/// Force joins all local users to the specified room.
 	///
 	/// At least 1 server admin must be in the room to reduce abuse.
 	///
--- a/src/api/Cargo.toml
+++ b/src/api/Cargo.toml
@@ -1,9 +1,7 @@
 [package]
 name = "conduwuit_api"
-categories.workspace = true
 description.workspace = true
 edition.workspace = true
-keywords.workspace = true
 license.workspace = true
 readme.workspace = true
 repository.workspace = true
--- a/src/api/client/account.rs
+++ b/src/api/client/account.rs
@@ -49,7 +49,7 @@
 ///
 /// Note: This will not reserve the username, so the username might become
 /// invalid when trying to register
-#[tracing::instrument(skip_all, fields(%client), name = "register_available")]
+#[tracing::instrument(skip_all, fields(%client), name = "register_available", level = "info")]
 pub(crate) async fn get_register_available_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -138,7 +138,7 @@ pub(crate) async fn get_register_available_route(
 /// - If `inhibit_login` is false: Creates a device and returns device id and
 ///   access_token
 #[allow(clippy::doc_markdown)]
-#[tracing::instrument(skip_all, fields(%client), name = "register")]
+#[tracing::instrument(skip_all, fields(%client), name = "register", level = "info")]
 pub(crate) async fn register_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -179,13 +179,18 @@ pub(crate) async fn register_route(
 			},
 		}

-		return Err!(Request(Forbidden("Registration has been disabled.")));
+		return Err!(Request(Forbidden(
+			"This server is not accepting registrations at this time."
+		)));
 	}

 	if is_guest
 		&& (!services.config.allow_guest_registration
 			|| (services.config.allow_registration
-				&& services.globals.registration_token.is_some()))
+				&& services
+					.registration_tokens
+					.get_config_file_token()
+					.is_some()))
 	{
 		info!(
 			"Guest registration disabled / registration enabled with token configured, \
@@ -203,7 +208,9 @@ pub(crate) async fn register_route(
 			 rejecting registration. Guest's initial device name: \"{}\"",
 			body.initial_device_display_name.as_deref().unwrap_or("")
 		);
-		return Err!(Request(Forbidden("Registration is temporarily disabled.")));
+		return Err!(Request(Forbidden(
+			"This server is not accepting registrations at this time."
+		)));
 	}

 	let user_id = match (body.username.as_ref(), is_guest) {
@@ -301,7 +308,13 @@ pub(crate) async fn register_route(
 	let skip_auth = body.appservice_info.is_some() || is_guest;

 	// Populate required UIAA flows
-	if services.globals.registration_token.is_some() {
+	if services
+		.registration_tokens
+		.iterate_tokens()
+		.next()
+		.await
+		.is_some()
+	{
 		// Registration token required
 		uiaainfo.flows.push(AuthFlow {
 			stages: vec![AuthType::RegistrationToken],
@@ -323,7 +336,19 @@ pub(crate) async fn register_route(
 	}

 	if uiaainfo.flows.is_empty() && !skip_auth {
-		// No registration token necessary, but clients must still go through the flow
+		// Registration isn't _disabled_, but there's no captcha configured and no
+		// registration tokens currently set. Bail out by default unless open
+		// registration was explicitly enabled.
+		if !services
+			.config
+			.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
+		{
+			return Err!(Request(Forbidden(
+				"This server is not accepting registrations at this time."
+			)));
+		}
+
+		// We have open registration enabled (😧), provide a dummy stage
 		uiaainfo = UiaaInfo {
 			flows: vec![AuthFlow { stages: vec![AuthType::Dummy] }],
 			completed: Vec::new(),
@@ -603,7 +628,7 @@ pub(crate) async fn register_route(
 ///   last seen ts)
 /// - Forgets to-device events
 /// - Triggers device list updates
-#[tracing::instrument(skip_all, fields(%client), name = "change_password")]
+#[tracing::instrument(skip_all, fields(%client), name = "change_password", level = "info")]
 pub(crate) async fn change_password_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -699,7 +724,7 @@ pub(crate) async fn change_password_route(
 	Ok(change_password::v3::Response {})
 }

-/// # `GET _matrix/client/r0/account/whoami`
+/// # `GET /_matrix/client/v3/account/whoami`
 ///
 /// Get `user_id` of the sender user.
 ///
@@ -708,11 +733,17 @@ pub(crate) async fn whoami_route(
 	State(services): State<crate::State>,
 	body: Ruma<whoami::v3::Request>,
 ) -> Result<whoami::v3::Response> {
+	let is_guest = services
+		.users
+		.is_deactivated(body.sender_user())
+		.await
+		.map_err(|_| {
+			err!(Request(Forbidden("Application service has not registered this user.")))
+		})? && body.appservice_info.is_none();
 	Ok(whoami::v3::Response {
 		user_id: body.sender_user().to_owned(),
 		device_id: body.sender_device.clone(),
-		is_guest: services.users.is_deactivated(body.sender_user()).await?
-			&& body.appservice_info.is_none(),
+		is_guest,
 	})
 }

@@ -727,7 +758,7 @@ pub(crate) async fn whoami_route(
 /// - Forgets all to-device events
 /// - Triggers device list updates
 /// - Removes ability to log in again
-#[tracing::instrument(skip_all, fields(%client), name = "deactivate")]
+#[tracing::instrument(skip_all, fields(%client), name = "deactivate", level = "info")]
 pub(crate) async fn deactivate_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -846,19 +877,20 @@ pub(crate) async fn request_3pid_management_token_via_msisdn_route(

 /// # `GET /_matrix/client/v1/register/m.login.registration_token/validity`
 ///
-/// Checks if the provided registration token is valid at the time of checking
-///
-/// Currently does not have any ratelimiting, and this isn't very practical as
-/// there is only one registration token allowed.
+/// Checks if the provided registration token is valid at the time of checking.
 pub(crate) async fn check_registration_token_validity(
 	State(services): State<crate::State>,
 	body: Ruma<check_registration_token_validity::v1::Request>,
 ) -> Result<check_registration_token_validity::v1::Response> {
-	let Some(reg_token) = services.globals.registration_token.clone() else {
-		return Err!(Request(Forbidden("Server does not allow token registration")));
-	};
+	// TODO: ratelimit this pretty heavily

-	Ok(check_registration_token_validity::v1::Response { valid: reg_token == body.token })
+	let valid = services
+		.registration_tokens
+		.validate_token(body.token.clone())
+		.await
+		.is_some();
+
+	Ok(check_registration_token_validity::v1::Response { valid })
 }

 /// Runs through all the deactivation steps:
--- a/src/api/client/alias.rs
+++ b/src/api/client/alias.rs
@@ -102,7 +102,7 @@ pub(crate) async fn get_alias_route(
 	};

 	let servers = room_available_servers(&services, &room_id, &room_alias, servers).await;
-	debug!(?room_alias, ?room_id, "available servers: {servers:?}");
+	debug!(%room_alias, %room_id, "available servers: {servers:?}");

 	Ok(get_alias::v3::Response::new(room_id, servers))
 }
--- a/src/api/client/context.rs
+++ b/src/api/client/context.rs
@@ -59,7 +59,7 @@ pub(crate) async fn get_context_route(
 		.rooms
 		.timeline
 		.get_pdu(event_id)
-		.map_err(|_| err!(Request(NotFound("Base event not found."))));
+		.map_err(|_| err!(Request(NotFound("Event not found."))));

 	let visible = services
 		.rooms
@@ -70,11 +70,11 @@ pub(crate) async fn get_context_route(
 	let (base_id, base_pdu, visible) = try_join3(base_id, base_pdu, visible).await?;

 	if base_pdu.room_id_or_hash() != *room_id || base_pdu.event_id != *event_id {
-		return Err!(Request(NotFound("Base event not found.")));
+		return Err!(Request(NotFound("Event not found.")));
 	}

 	if !visible {
-		debug_warn!(req_evt = ?event_id, ?base_id, ?room_id, "Event requested by {sender_user} but is not allowed to see it, returning 404");
+		debug_warn!(req_evt = %event_id, ?base_id, %room_id, "Event requested by {sender_user} but is not allowed to see it, returning 404");
 		return Err!(Request(NotFound("Event not found.")));
 	}

@@ -82,11 +82,25 @@ pub(crate) async fn get_context_route(

 	let base_event = ignored_filter(&services, (base_count, base_pdu), sender_user);

+	// PDUs are used to get seen user IDs and then returned in response.
+
 	let events_before = services
 		.rooms
 		.timeline
-		.pdus_rev(Some(sender_user), room_id, Some(base_count))
+		.pdus_rev(room_id, Some(base_count))
 		.ignore_err()
+		.then(async |mut pdu| {
+			pdu.1.set_unsigned(Some(sender_user));
+			if let Err(e) = services
+				.rooms
+				.pdu_metadata
+				.add_bundled_aggregations_to_pdu(sender_user, &mut pdu.1)
+				.await
+			{
+				debug_warn!("Failed to add bundled aggregations: {e}");
+			}
+			pdu
+		})
 		.ready_filter_map(|item| event_filter(item, filter))
 		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
 		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
@@ -96,8 +110,20 @@ pub(crate) async fn get_context_route(
 	let events_after = services
 		.rooms
 		.timeline
-		.pdus(Some(sender_user), room_id, Some(base_count))
+		.pdus(room_id, Some(base_count))
 		.ignore_err()
+		.then(async |mut pdu| {
+			pdu.1.set_unsigned(Some(sender_user));
+			if let Err(e) = services
+				.rooms
+				.pdu_metadata
+				.add_bundled_aggregations_to_pdu(sender_user, &mut pdu.1)
+				.await
+			{
+				debug_warn!("Failed to add bundled aggregations: {e}");
+			}
+			pdu
+		})
 		.ready_filter_map(|item| event_filter(item, filter))
 		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
 		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
--- a/src/api/client/device.rs
+++ b/src/api/client/device.rs
@@ -49,7 +49,7 @@ pub(crate) async fn get_device_route(
 /// # `PUT /_matrix/client/r0/devices/{deviceId}`
 ///
 /// Updates the metadata on a given device of the sender user.
-#[tracing::instrument(skip_all, fields(%client), name = "update_device")]
+#[tracing::instrument(skip_all, fields(%client), name = "update_device", level = "debug")]
 pub(crate) async fn update_device_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
--- a/src/api/client/directory.rs
+++ b/src/api/client/directory.rs
@@ -44,7 +44,7 @@
 /// Lists the public rooms on this server.
 ///
 /// - Rooms are ordered by the number of joined members
-#[tracing::instrument(skip_all, fields(%client), name = "publicrooms")]
+#[tracing::instrument(skip_all, fields(%client), name = "publicrooms", level = "info")]
 pub(crate) async fn get_public_rooms_filtered_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -80,7 +80,7 @@ pub(crate) async fn get_public_rooms_filtered_route(
 /// Lists the public rooms on this server.
 ///
 /// - Rooms are ordered by the number of joined members
-#[tracing::instrument(skip_all, fields(%client), name = "publicrooms")]
+#[tracing::instrument(skip_all, fields(%client), name = "publicrooms", level = "info")]
 pub(crate) async fn get_public_rooms_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -116,7 +116,7 @@ pub(crate) async fn get_public_rooms_route(
 /// # `PUT /_matrix/client/r0/directory/list/room/{roomId}`
 ///
 /// Sets the visibility of a given room in the room directory.
-#[tracing::instrument(skip_all, fields(%client), name = "room_directory")]
+#[tracing::instrument(skip_all, fields(%client), name = "room_directory", level = "info")]
 pub(crate) async fn set_room_visibility_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
--- a/src/api/client/keys.rs
+++ b/src/api/client/keys.rs
@@ -1,7 +1,15 @@
-use std::collections::{BTreeMap, HashMap, HashSet};
+use std::{
+	collections::{BTreeMap, HashMap, HashSet},
+	time::Duration,
+};

 use axum::extract::State;
-use conduwuit::{Err, Error, Result, debug, debug_warn, err, result::NotFound, utils};
+use conduwuit::{
+	Err, Error, Result, debug, debug_warn, err,
+	result::NotFound,
+	utils,
+	utils::{IterStream, stream::WidebandExt},
+};
 use conduwuit_service::{Services, users::parse_master_key};
 use futures::{StreamExt, stream::FuturesUnordered};
 use ruma::{
@@ -44,7 +52,7 @@ pub(crate) async fn upload_keys_route(
 			.deserialize()
 			.inspect_err(|e| {
 				debug_warn!(
-					?key_id,
+					%key_id,
 					?one_time_key,
 					"Invalid one time key JSON submitted by client, skipping: {e}"
 				);
@@ -86,8 +94,8 @@ pub(crate) async fn upload_keys_route(
 		{
 			if existing_keys.json().get() == device_keys.json().get() {
 				debug!(
-					?sender_user,
-					?sender_device,
+					%sender_user,
+					%sender_device,
 					?device_keys,
 					"Ignoring user uploaded keys as they are an exact copy already in the \
 					 database"
@@ -134,6 +142,7 @@ pub(crate) async fn get_keys_route(
 		&body.device_keys,
 		|u| u == sender_user,
 		true, // Always allow local users to see device names of other local users
+		body.timeout.unwrap_or(Duration::from_secs(10)),
 	)
 	.await
 }
@@ -145,7 +154,12 @@ pub(crate) async fn claim_keys_route(
 	State(services): State<crate::State>,
 	body: Ruma<claim_keys::v3::Request>,
 ) -> Result<claim_keys::v3::Response> {
-	claim_keys_helper(&services, &body.one_time_keys).await
+	claim_keys_helper(
+		&services,
+		&body.one_time_keys,
+		body.timeout.unwrap_or(Duration::from_secs(10)),
+	)
+	.await
 }

 /// # `POST /_matrix/client/r0/keys/device_signing/upload`
@@ -324,7 +338,7 @@ pub(crate) async fn upload_signatures_route(
 	for (user_id, keys) in &body.signed_keys {
 		for (key_id, key) in keys {
 			let Ok(key) = serde_json::to_value(key)
-				.inspect_err(|e| debug_warn!(?key_id, "Invalid \"key\" JSON: {e}"))
+				.inspect_err(|e| debug_warn!(%key_id, "Invalid \"key\" JSON: {e}"))
 			else {
 				continue;
 			};
@@ -389,7 +403,7 @@ pub(crate) async fn get_key_changes_route(
 	device_list_updates.extend(
 		services
 			.users
-			.keys_changed(sender_user, from, Some(to))
+			.keys_changed(sender_user, Some(from), Some(to))
 			.map(ToOwned::to_owned)
 			.collect::<Vec<_>>()
 			.await,
@@ -401,7 +415,7 @@ pub(crate) async fn get_key_changes_route(
 		device_list_updates.extend(
 			services
 				.users
-				.room_keys_changed(room_id, from, Some(to))
+				.room_keys_changed(room_id, Some(from), Some(to))
 				.map(|(user_id, _)| user_id)
 				.map(ToOwned::to_owned)
 				.collect::<Vec<_>>()
@@ -421,6 +435,7 @@ pub(crate) async fn get_keys_helper<F>(
 	device_keys_input: &BTreeMap<OwnedUserId, Vec<OwnedDeviceId>>,
 	allowed_signatures: F,
 	include_display_names: bool,
+	timeout: Duration,
 ) -> Result<get_keys::v3::Response>
 where
 	F: Fn(&UserId) -> bool + Send + Sync,
@@ -512,9 +527,10 @@ pub(crate) async fn get_keys_helper<F>(

 	let mut failures = BTreeMap::new();

-	let mut futures: FuturesUnordered<_> = get_over_federation
+	let futures = get_over_federation
 		.into_iter()
-		.map(|(server, vec)| async move {
+		.stream()
+		.wide_filter_map(|(server, vec)| async move {
 			let mut device_keys_input_fed = BTreeMap::new();
 			for (user_id, keys) in vec {
 				device_keys_input_fed.insert(user_id.to_owned(), keys.clone());
@@ -522,17 +538,22 @@ pub(crate) async fn get_keys_helper<F>(

 			let request =
 				federation::keys::get_keys::v1::Request { device_keys: device_keys_input_fed };
+			let response = tokio::time::timeout(
+				timeout,
+				services.sending.send_federation_request(server, request),
+			)
+			.await
+			// Need to flatten the Result<Result<V, E>, E> into Result<V, E>
+			.map_err(|_| err!(Request(Unknown("Timeout when getting keys over federation."))))
+			.and_then(|res| res);

-			let response = services
-				.sending
-				.send_federation_request(server, request)
-				.await;
-
-			(server, response)
+			Some((server, response))
 		})
-		.collect();
+		.collect::<FuturesUnordered<_>>()
+		.await
+		.into_iter();

-	while let Some((server, response)) = futures.next().await {
+	for (server, response) in futures {
 		match response {
 			| Ok(response) => {
 				for (user, master_key) in response.master_keys {
@@ -564,8 +585,8 @@ pub(crate) async fn get_keys_helper<F>(
 				self_signing_keys.extend(response.self_signing_keys);
 				device_keys.extend(response.device_keys);
 			},
-			| _ => {
-				failures.insert(server.to_string(), json!({}));
+			| Err(e) => {
+				failures.insert(server.to_string(), json!({ "error": e.to_string() }));
 			},
 		}
 	}
@@ -608,6 +629,7 @@ fn add_unsigned_device_display_name(
 pub(crate) async fn claim_keys_helper(
 	services: &Services,
 	one_time_keys_input: &BTreeMap<OwnedUserId, BTreeMap<OwnedDeviceId, OneTimeKeyAlgorithm>>,
+	timeout: Duration,
 ) -> Result<claim_keys::v3::Response> {
 	let mut one_time_keys = BTreeMap::new();

@@ -638,32 +660,39 @@ pub(crate) async fn claim_keys_helper(

 	let mut failures = BTreeMap::new();

-	let mut futures: FuturesUnordered<_> = get_over_federation
+	let futures = get_over_federation
 		.into_iter()
-		.map(|(server, vec)| async move {
+		.stream()
+		.wide_filter_map(|(server, vec)| async move {
 			let mut one_time_keys_input_fed = BTreeMap::new();
 			for (user_id, keys) in vec {
 				one_time_keys_input_fed.insert(user_id.clone(), keys.clone());
 			}
-			(
-				server,
-				services
-					.sending
-					.send_federation_request(server, federation::keys::claim_keys::v1::Request {
+			let response = tokio::time::timeout(
+				timeout,
+				services.sending.send_federation_request(
+					server,
+					federation::keys::claim_keys::v1::Request {
 						one_time_keys: one_time_keys_input_fed,
-					})
-					.await,
+					},
+				),
 			)
+			.await
+			.map_err(|_| err!(Request(Unknown("Timeout when claiming keys over federation."))))
+			.and_then(|res| res);
+			Some((server, response))
 		})
-		.collect();
+		.collect::<FuturesUnordered<_>>()
+		.await
+		.into_iter();

-	while let Some((server, response)) = futures.next().await {
+	for (server, response) in futures {
 		match response {
 			| Ok(keys) => {
 				one_time_keys.extend(keys.one_time_keys);
 			},
-			| Err(_e) => {
-				failures.insert(server.to_string(), json!({}));
+			| Err(e) => {
+				failures.insert(server.to_string(), json!({"error": e.to_string()}));
 			},
 		}
 	}
--- a/src/api/client/membership/invite.rs
+++ b/src/api/client/membership/invite.rs
@@ -3,10 +3,11 @@
 use conduwuit::{
 	Err, Result, debug_error, err, info,
 	matrix::{event::gen_event_id_canonical_json, pdu::PduBuilder},
+	warn,
 };
 use futures::FutureExt;
 use ruma::{
-	OwnedServerName, RoomId, UserId,
+	RoomId, UserId,
 	api::{client::membership::invite_user, federation::membership::create_invite},
 	events::{
 		invite_permission_config::FilterLevel,
@@ -21,7 +22,7 @@
 /// # `POST /_matrix/client/r0/rooms/{roomId}/invite`
 ///
 /// Tries to send an invite event into the room.
-#[tracing::instrument(skip_all, fields(%client), name = "invite")]
+#[tracing::instrument(skip_all, fields(%client), name = "invite", level = "info")]
 pub(crate) async fn invite_user_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -124,6 +125,18 @@ pub(crate) async fn invite_helper(
 		return Err!(Request(Forbidden("Invites are not allowed on this server.")));
 	}

+	if let Err(e) = services
+		.antispam
+		.user_may_invite(sender_user.to_owned(), recipient_user.to_owned(), room_id.to_owned())
+		.await
+	{
+		warn!(
+			"Invite from {} to {} in room {} blocked by antispam: {e:?}",
+			sender_user, recipient_user, room_id
+		);
+		return Err!(Request(Forbidden("Invite blocked by antispam service.")));
+	}
+
 	if !services.globals.user_is_local(recipient_user) {
 		let (pdu, pdu_json, invite_room_state) = {
 			let state_lock = services.rooms.state.mutex.lock(room_id).await;
@@ -190,19 +203,10 @@ pub(crate) async fn invite_helper(
 			))));
 		}

-		let origin: OwnedServerName = serde_json::from_value(serde_json::to_value(
-			value
-				.get("origin")
-				.ok_or_else(|| err!(Request(BadJson("Event missing origin field."))))?,
-		)?)
-		.map_err(|e| {
-			err!(Request(BadJson(warn!("Origin field in event is not a valid server name: {e}"))))
-		})?;
-
 		let pdu_id = services
 			.rooms
 			.event_handler
-			.handle_incoming_pdu(&origin, room_id, &event_id, value, true)
+			.handle_incoming_pdu(recipient_user.server_name(), room_id, &event_id, value, true)
 			.boxed()
 			.await?
 			.ok_or_else(|| {
--- a/src/api/client/membership/join.rs
+++ b/src/api/client/membership/join.rs
@@ -33,7 +33,7 @@
 	events::{
 		StateEventType,
 		room::{
-			join_rules::{AllowRule, JoinRule, RoomJoinRulesEventContent},
+			join_rules::{AllowRule, JoinRule},
 			member::{MembershipState, RoomMemberEventContent},
 		},
 	},
@@ -44,10 +44,11 @@
 	rooms::{
 		state::RoomMutexGuard,
 		state_compressor::{CompressedState, HashSetCompressStateEvent},
+		timeline::pdu_fits,
 	},
 };

-use super::banned_room_check;
+use super::{banned_room_check, validate_remote_member_event_stub};
 use crate::Ruma;

 /// # `POST /_matrix/client/r0/rooms/{roomId}/join`
@@ -58,7 +59,7 @@
 ///   rules locally
 /// - If the server does not know about the room: asks other servers over
 ///   federation
-#[tracing::instrument(skip_all, fields(%client), name = "join")]
+#[tracing::instrument(skip_all, fields(%client), name = "join", level = "info")]
 pub(crate) async fn join_room_by_id_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -130,7 +131,7 @@ pub(crate) async fn join_room_by_id_route(
 /// - If the server does not know about the room: use the server name query
 ///   param if specified. if not specified, asks other servers over federation
 ///   via room alias server name and room ID server name
-#[tracing::instrument(skip_all, fields(%client), name = "join")]
+#[tracing::instrument(skip_all, fields(%client), name = "join", level = "info")]
 pub(crate) async fn join_room_by_id_or_alias_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -287,6 +288,23 @@ pub async fn join_room_by_id_helper(
 		return Ok(join_room_by_id::v3::Response { room_id: room_id.into() });
 	}

+	if let Err(e) = services
+		.antispam
+		.user_may_join_room(
+			sender_user.to_owned(),
+			room_id.to_owned(),
+			services
+				.rooms
+				.state_cache
+				.is_invited(sender_user, room_id)
+				.await,
+		)
+		.await
+	{
+		warn!("Antispam prevented user {} from joining room {}: {}", sender_user, room_id, e);
+		return Err!(Request(Forbidden("You are not allowed to join this room.")));
+	}
+
 	let server_in_room = services
 		.rooms
 		.state_cache
@@ -320,6 +338,17 @@ pub async fn join_room_by_id_helper(
 		)));
 	}

+	if services.antispam.check_all_joins() {
+		if let Err(e) = services
+			.antispam
+			.meowlnir_accept_make_join(room_id.to_owned(), sender_user.to_owned())
+			.await
+		{
+			warn!("Antispam prevented user {} from joining room {}: {}", sender_user, room_id, e);
+			return Err!(Request(Forbidden("Antispam rejected join request.")));
+		}
+	}
+
 	if server_in_room {
 		join_room_by_id_helper_local(
 			services,
@@ -346,11 +375,10 @@ pub async fn join_room_by_id_helper(
 		.boxed()
 		.await?;
 	}
-
 	Ok(join_room_by_id::v3::Response::new(room_id.to_owned()))
 }

-#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_remote")]
+#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_remote", level = "info")]
 async fn join_room_by_id_helper_remote(
 	services: &Services,
 	sender_user: &UserId,
@@ -573,6 +601,13 @@ async fn join_room_by_id_helper_remote(
 					return state;
 				},
 			};
+			if !pdu_fits(&mut value.clone()) {
+				warn!(
+					"dropping incoming PDU {event_id} in room {room_id} from room join because \
+					 it exceeds 65535 bytes or is otherwise too large."
+				);
+				return state;
+			}
 			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
 			if let Some(state_key) = &pdu.state_key {
 				let shortstatekey = services
@@ -701,7 +736,7 @@ async fn join_room_by_id_helper_remote(
 	Ok(())
 }

-#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_local")]
+#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_local", level = "info")]
 async fn join_room_by_id_helper_local(
 	services: &Services,
 	sender_user: &UserId,
@@ -712,45 +747,51 @@ async fn join_room_by_id_helper_local(
 	state_lock: RoomMutexGuard,
 ) -> Result {
 	debug_info!("We can join locally");
+	let join_rules = services.rooms.state_accessor.get_join_rules(room_id).await;

-	let join_rules_event_content = services
-		.rooms
-		.state_accessor
-		.room_state_get_content::<RoomJoinRulesEventContent>(
-			room_id,
-			&StateEventType::RoomJoinRules,
-			"",
-		)
-		.await;
-
-	let restriction_rooms = match join_rules_event_content {
-		| Ok(RoomJoinRulesEventContent {
-			join_rule: JoinRule::Restricted(restricted) | JoinRule::KnockRestricted(restricted),
-		}) => restricted
-			.allow
-			.into_iter()
-			.filter_map(|a| match a {
-				| AllowRule::RoomMembership(r) => Some(r.room_id),
-				| _ => None,
-			})
-			.collect(),
-		| _ => Vec::new(),
-	};
-
-	let join_authorized_via_users_server: Option<OwnedUserId> = {
-		if restriction_rooms
-			.iter()
-			.stream()
-			.any(|restriction_room_id| {
-				trace!("Checking if {sender_user} is joined to {restriction_room_id}");
-				services
-					.rooms
-					.state_cache
-					.is_joined(sender_user, restriction_room_id)
-			})
-			.await
-		{
-			services
+	let mut restricted_join_authorized = None;
+	match join_rules {
+		| JoinRule::Restricted(restricted) | JoinRule::KnockRestricted(restricted) => {
+			for restriction in restricted.allow {
+				match restriction {
+					| AllowRule::RoomMembership(membership) => {
+						if services
+							.rooms
+							.state_cache
+							.is_joined(sender_user, &membership.room_id)
+							.await
+						{
+							restricted_join_authorized = Some(true);
+							break;
+						}
+					},
+					| AllowRule::UnstableSpamChecker => {
+						match services
+							.antispam
+							.meowlnir_accept_make_join(room_id.to_owned(), sender_user.to_owned())
+							.await
+						{
+							| Ok(()) => {
+								restricted_join_authorized = Some(true);
+								break;
+							},
+							| Err(_) =>
+								return Err!(Request(Forbidden(
+									"Antispam rejected join request."
+								))),
+						}
+					},
+					| _ => {},
+				}
+			}
+		},
+		| _ => {},
+	}
+	let join_authorized_via_users_server = if restricted_join_authorized.is_none() {
+		None
+	} else {
+		match restricted_join_authorized.unwrap() {
+			| true => services
 				.rooms
 				.state_cache
 				.local_users_in_room(room_id)
@@ -766,10 +807,14 @@ async fn join_room_by_id_helper_local(
 				.boxed()
 				.next()
 				.await
-				.map(ToOwned::to_owned)
-		} else {
-			trace!("No restriction rooms are joined by {sender_user}");
-			None
+				.map(ToOwned::to_owned),
+			| false => {
+				warn!(
+					"Join authorization failed for restricted join in room {room_id} for user \
+					 {sender_user}"
+				);
+				return Err!(Request(Forbidden("You are not authorized to join this room.")));
+			},
 		}
 	};

@@ -797,16 +842,14 @@ async fn join_room_by_id_helper_local(
 		return Ok(());
 	};

-	if restriction_rooms.is_empty()
-		&& (servers.is_empty()
-			|| servers.len() == 1 && services.globals.server_is_ours(&servers[0]))
-	{
+	if servers.is_empty() || servers.len() == 1 && services.globals.server_is_ours(&servers[0]) {
 		return Err(error);
 	}

 	warn!(
-		"We couldn't do the join locally, maybe federation can help to satisfy the restricted \
-		 join requirements"
+		?error,
+		servers = %servers.len(),
+		"Could not join restricted room locally, attempting remote join",
 	);
 	let Ok((make_join_response, remote_server)) =
 		make_join_request(services, sender_user, room_id, servers).await
@@ -829,6 +872,13 @@ async fn join_room_by_id_helper_local(
 			err!(BadServerResponse("Invalid make_join event json received from server: {e:?}"))
 		})?;

+	validate_remote_member_event_stub(
+		&MembershipState::Join,
+		sender_user,
+		room_id,
+		&join_event_stub,
+	)?;
+
 	let join_authorized_via_users_server = join_event_stub
 		.get("content")
 		.map(|s| {
--- a/src/api/client/membership/knock.rs
+++ b/src/api/client/membership/knock.rs
@@ -5,7 +5,7 @@
 use conduwuit::{
 	Err, Result, debug, debug_info, debug_warn, err, info,
 	matrix::{
-		event::{Event, gen_event_id},
+		event::gen_event_id,
 		pdu::{PduBuilder, PduEvent},
 	},
 	result::FlatOk,
@@ -38,13 +38,13 @@
 	},
 };

-use super::{banned_room_check, join::join_room_by_id_helper};
+use super::{banned_room_check, join::join_room_by_id_helper, validate_remote_member_event_stub};
 use crate::Ruma;

 /// # `POST /_matrix/client/*/knock/{roomIdOrAlias}`
 ///
 /// Tries to knock the room to ask permission to join for the sender user.
-#[tracing::instrument(skip_all, fields(%client), name = "knock")]
+#[tracing::instrument(skip_all, fields(%client), name = "knock", level = "info")]
 pub(crate) async fn knock_room_route(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
@@ -408,6 +408,13 @@ async fn knock_room_helper_local(
 		err!(BadServerResponse("Invalid make_knock event json received from server: {e:?}"))
 	})?;

+	validate_remote_member_event_stub(
+		&MembershipState::Knock,
+		sender_user,
+		room_id,
+		&knock_event_stub,
+	)?;
+
 	knock_event_stub.insert(
 		"origin".to_owned(),
 		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
@@ -458,7 +465,7 @@ async fn knock_room_helper_local(
 			.await,
 	};

-	let send_knock_response = services
+	services
 		.sending
 		.send_federation_request(&remote_server, send_knock_request)
 		.await?;
@@ -477,20 +484,14 @@ async fn knock_room_helper_local(
 		.map_err(|e| err!(BadServerResponse("Invalid knock event PDU: {e:?}")))?;

 	info!("Updating membership locally to knock state with provided stripped state events");
+	// TODO: this call does not appear to do anything because `update_membership`
+	// doesn't call `mark_as_knock`. investigate further, ideally with the aim of
+	// removing this call entirely -- Ginger thinks `update_membership` should only
+	// be called from `force_state` and `append_pdu`.
 	services
 		.rooms
 		.state_cache
-		.update_membership(
-			room_id,
-			sender_user,
-			parsed_knock_pdu
-				.get_content::<RoomMemberEventContent>()
-				.expect("we just created this"),
-			sender_user,
-			Some(send_knock_response.knock_room_state),
-			None,
-			false,
-		)
+		.update_membership(room_id, sender_user, &parsed_knock_pdu, false)
 		.await?;

 	info!("Appending room knock event locally");
@@ -677,20 +678,11 @@ async fn knock_room_helper_remote(
 		.await?;

 	info!("Updating membership locally to knock state with provided stripped state events");
+	// TODO: see TODO on the other call to `update_membership`
 	services
 		.rooms
 		.state_cache
-		.update_membership(
-			room_id,
-			sender_user,
-			parsed_knock_pdu
-				.get_content::<RoomMemberEventContent>()
-				.expect("we just created this"),
-			sender_user,
-			Some(send_knock_response.knock_room_state),
-			None,
-			false,
-		)
+		.update_membership(room_id, sender_user, &parsed_knock_pdu, false)
 		.await?;

 	info!("Appending room knock event locally");
--- a/src/api/client/membership/leave.rs
+++ b/src/api/client/membership/leave.rs
@@ -2,12 +2,12 @@

 use axum::extract::State;
 use conduwuit::{
-	Err, Result, debug_info, debug_warn, err,
+	Err, Pdu, Result, debug_info, debug_warn, err,
 	matrix::{event::gen_event_id, pdu::PduBuilder},
 	utils::{self, FutureBoolExt, future::ReadyEqExt},
 	warn,
 };
-use futures::{FutureExt, StreamExt, TryFutureExt, pin_mut};
+use futures::{FutureExt, StreamExt, pin_mut};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedServerName, RoomId, RoomVersionId, UserId,
 	api::{
@@ -21,6 +21,7 @@
 };
 use service::Services;

+use super::validate_remote_member_event_stub;
 use crate::Ruma;

 /// # `POST /_matrix/client/v3/rooms/{roomId}/leave`
@@ -81,42 +82,9 @@ pub async fn leave_room(
 	room_id: &RoomId,
 	reason: Option<String>,
 ) -> Result {
-	let default_member_content = RoomMemberEventContent {
-		membership: MembershipState::Leave,
-		reason: reason.clone(),
-		join_authorized_via_users_server: None,
-		is_direct: None,
-		avatar_url: None,
-		displayname: None,
-		third_party_invite: None,
-		blurhash: None,
-		redact_events: None,
-	};
-
 	let is_banned = services.rooms.metadata.is_banned(room_id);
 	let is_disabled = services.rooms.metadata.is_disabled(room_id);

-	pin_mut!(is_banned, is_disabled);
-	if is_banned.or(is_disabled).await {
-		// the room is banned/disabled, the room must be rejected locally since we
-		// cant/dont want to federate with this server
-		services
-			.rooms
-			.state_cache
-			.update_membership(
-				room_id,
-				user_id,
-				default_member_content,
-				user_id,
-				None,
-				None,
-				true,
-			)
-			.await?;
-
-		return Ok(());
-	}
-
 	let dont_have_room = services
 		.rooms
 		.state_cache
@@ -129,43 +97,41 @@ pub async fn leave_room(
 		.is_knocked(user_id, room_id)
 		.eq(&false);

-	// Ask a remote server if we don't have this room and are not knocking on it
-	if dont_have_room.and(not_knocked).await {
-		if let Err(e) = remote_leave_room(services, user_id, room_id, reason.clone())
-			.boxed()
-			.await
-		{
-			warn!(%user_id, "Failed to leave room {room_id} remotely: {e}");
-			// Don't tell the client about this error
-		}
+	pin_mut!(is_banned, is_disabled);

-		let last_state = services
-			.rooms
-			.state_cache
-			.invite_state(user_id, room_id)
-			.or_else(|_| services.rooms.state_cache.knock_state(user_id, room_id))
-			.or_else(|_| services.rooms.state_cache.left_state(user_id, room_id))
-			.await
-			.ok();
+	/*
+	there are three possible cases when leaving a room:
+	1. the room is banned or disabled, so we're not federating with it.
+	2. nobody on the homeserver is in the room, which can happen if the user is rejecting an invite
+	   to a room that we don't have any members in.
+	3. someone else on the homeserver is in the room. in this case we can leave like normal by sending a PDU over federation.

-		// We always drop the invite, we can't rely on other servers
-		services
-			.rooms
-			.state_cache
-			.update_membership(
-				room_id,
-				user_id,
-				default_member_content,
-				user_id,
-				last_state,
-				None,
-				true,
-			)
-			.await?;
+	in cases 1 and 2, we have to update the state cache using `mark_as_left` directly.
+	otherwise `build_and_append_pdu` will take care of updating the state cache for us.
+	*/
+
+	// `leave_pdu` is the outlier `m.room.member` event which will be synced to the
+	// user. if it's None the sync handler will create a dummy PDU.
+	let leave_pdu = if is_banned.or(is_disabled).await {
+		// case 1: the room is banned/disabled. we don't want to federate with another
+		// server to leave, so we can't create an outlier PDU.
+		None
+	} else if dont_have_room.and(not_knocked).await {
+		// case 2: ask a remote server to assist us with leaving
+		// we always mark the room as left locally, regardless of if the federated leave
+		// failed
+
+		remote_leave_room(services, user_id, room_id, reason.clone(), HashSet::new())
+			.await
+			.inspect_err(|err| {
+				warn!(%user_id, "Failed to leave room {room_id} remotely: {err}");
+			})
+			.ok()
 	} else {
+		// case 3: we can leave by sending a PDU.
 		let state_lock = services.rooms.state.mutex.lock(room_id).await;

-		let Ok(event) = services
+		let user_member_event_content = services
 			.rooms
 			.state_accessor
 			.room_state_get_content::<RoomMemberEventContent>(
@@ -173,64 +139,97 @@ pub async fn leave_room(
 				&StateEventType::RoomMember,
 				user_id.as_str(),
 			)
-			.await
-		else {
-			debug_warn!(
-				"Trying to leave a room you are not a member of, marking room as left locally."
-			);
+			.await;

-			return services
-				.rooms
-				.state_cache
-				.update_membership(
-					room_id,
-					user_id,
-					default_member_content,
-					user_id,
-					None,
-					None,
-					true,
-				)
-				.await;
-		};
+		match user_member_event_content {
+			| Ok(content) => {
+				services
+					.rooms
+					.timeline
+					.build_and_append_pdu(
+						PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
+							membership: MembershipState::Leave,
+							reason,
+							join_authorized_via_users_server: None,
+							is_direct: None,
+							..content
+						}),
+						user_id,
+						Some(room_id),
+						&state_lock,
+					)
+					.await?;

-		services
-			.rooms
-			.timeline
-			.build_and_append_pdu(
-				PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
-					membership: MembershipState::Leave,
-					reason,
-					join_authorized_via_users_server: None,
-					is_direct: None,
-					..event
-				}),
-				user_id,
-				Some(room_id),
-				&state_lock,
-			)
-			.await?;
-	}
+				// `build_and_append_pdu` calls `mark_as_left` internally, so we return early.
+				return Ok(());
+			},
+			| Err(_) => {
+				// an exception to case 3 is if the user isn't even in the room they're trying
+				// to leave. this can happen if the client's caching is wrong.
+				debug_warn!(
+					"Trying to leave a room you are not a member of, marking room as left \
+					 locally."
+				);
+
+				// return the existing leave state, if one exists. `mark_as_left` will then
+				// update the `roomuserid_leftcount` table, making the leave come down sync
+				// again.
+				services
+					.rooms
+					.state_cache
+					.left_state(user_id, room_id)
+					.await
+					.inspect_err(|err| {
+						// `left_state` may return an Err if the user _is_ in the room they're
+						// trying to leave, but the membership cache is incorrect and
+						// they're cached as being joined. In this situation
+						// we save a `None` to the `roomuserid_leftcount` table, which generates
+						// and sends a dummy leave to the client.
+						warn!(
+							?err,
+							"Trying to leave room not cached as leave, sending dummy leave \
+							 event to client"
+						);
+					})
+					.unwrap_or_default()
+			},
+		}
+	};
+
+	services
+		.rooms
+		.state_cache
+		.mark_as_left(user_id, room_id, leave_pdu)
+		.await;
+
+	services
+		.rooms
+		.state_cache
+		.update_joined_count(room_id)
+		.await;

 	Ok(())
 }

-pub async fn remote_leave_room(
+pub async fn remote_leave_room<S: ::std::hash::BuildHasher>(
 	services: &Services,
 	user_id: &UserId,
 	room_id: &RoomId,
 	reason: Option<String>,
-) -> Result<()> {
+	mut servers: HashSet<OwnedServerName, S>,
+) -> Result<Pdu> {
 	let mut make_leave_response_and_server =
 		Err!(BadServerResponse("No remote server available to assist in leaving {room_id}."));

-	let mut servers: HashSet<OwnedServerName> = services
-		.rooms
-		.state_cache
-		.servers_invite_via(room_id)
-		.map(ToOwned::to_owned)
-		.collect()
-		.await;
+	servers.extend(
+		services
+			.rooms
+			.state_cache
+			.servers_invite_via(room_id)
+			.map(ToOwned::to_owned)
+			.collect::<HashSet<OwnedServerName>>()
+			.await,
+	);

 	match services
 		.rooms
@@ -277,6 +276,11 @@ pub async fn remote_leave_room(
 	if let Some(room_id_server_name) = room_id.server_name() {
 		servers.insert(room_id_server_name.to_owned());
 	}
+	if servers.is_empty() {
+		return Err!(BadServerResponse(warn!(
+			"No remote servers found to assist in leaving {room_id}."
+		)));
+	}

 	debug_info!("servers in remote_leave_room: {servers:?}");

@@ -284,7 +288,7 @@ pub async fn remote_leave_room(
 		let make_leave_response = services
 			.sending
 			.send_federation_request(
-				&remote_server,
+				remote_server.as_ref(),
 				federation::membership::prepare_leave_event::v1::Request {
 					room_id: room_id.to_owned(),
 					user_id: user_id.to_owned(),
@@ -292,11 +296,21 @@ pub async fn remote_leave_room(
 			)
 			.await;

-		make_leave_response_and_server = make_leave_response.map(|r| (r, remote_server));
+		let error = make_leave_response.as_ref().err().map(ToString::to_string);
+		make_leave_response_and_server = make_leave_response.map(|r| (r, remote_server.clone()));

 		if make_leave_response_and_server.is_ok() {
+			debug_info!(
+				"Received make_leave_response from {} for leaving {room_id}",
+				remote_server
+			);
 			break;
 		}
+		debug_warn!(
+			"Failed to get make_leave_response from {} for leaving {room_id}: {}",
+			remote_server,
+			error.unwrap()
+		);
 	}

 	let (make_leave_response, remote_server) = make_leave_response_and_server?;
@@ -304,13 +318,14 @@ pub async fn remote_leave_room(
 	let Some(room_version_id) = make_leave_response.room_version else {
 		return Err!(BadServerResponse(warn!(
 			"No room version was returned by {remote_server} for {room_id}, room version is \
-			 likely not supported by conduwuit"
+			 likely not supported by continuwuity"
 		)));
 	};

 	if !services.server.supported_room_version(&room_version_id) {
 		return Err!(BadServerResponse(warn!(
-			"Remote room version {room_version_id} for {room_id} is not supported by conduwuit",
+			"Remote room version {room_version_id} for {room_id} is not supported by \
+			 continuwuity",
 		)));
 	}

@@ -323,6 +338,13 @@ pub async fn remote_leave_room(
 		)))
 	})?;

+	validate_remote_member_event_stub(
+		&MembershipState::Leave,
+		user_id,
+		room_id,
+		&leave_event_stub,
+	)?;
+
 	// TODO: Is origin needed?
 	leave_event_stub.insert(
 		"origin".to_owned(),
@@ -373,7 +395,7 @@ pub async fn remote_leave_room(
 			&remote_server,
 			federation::membership::create_leave_event::v2::Request {
 				room_id: room_id.to_owned(),
-				event_id,
+				event_id: event_id.clone(),
 				pdu: services
 					.sending
 					.convert_to_outgoing_federation_event(leave_event.clone())
@@ -382,5 +404,14 @@ pub async fn remote_leave_room(
 		)
 		.await?;

-	Ok(())
+	services
+		.rooms
+		.outlier
+		.add_pdu_outlier(&event_id, &leave_event);
+
+	let leave_pdu = Pdu::from_id_val(&event_id, leave_event).map_err(|e| {
+		err!(BadServerResponse("Invalid leave PDU received during federated leave: {e:?}"))
+	})?;
+
+	Ok(leave_pdu)
 }
--- a/src/api/client/membership/mod.rs
+++ b/src/api/client/membership/mod.rs
@@ -13,7 +13,14 @@
 use axum::extract::State;
 use conduwuit::{Err, Result, warn};
 use futures::{FutureExt, StreamExt};
-use ruma::{OwnedRoomId, RoomId, ServerName, UserId, api::client::membership::joined_rooms};
+use ruma::{
+	CanonicalJsonObject, OwnedRoomId, RoomId, ServerName, UserId,
+	api::client::membership::joined_rooms,
+	events::{
+		StaticEventContent,
+		room::member::{MembershipState, RoomMemberEventContent},
+	},
+};
 use service::Services;

 pub(crate) use self::{
@@ -56,7 +63,7 @@ pub(crate) async fn joined_rooms_route(
 ///
 /// Performs automatic deactivation if `auto_deactivate_banned_room_attempts` is
 /// enabled
-#[tracing::instrument(skip(services))]
+#[tracing::instrument(skip(services), level = "info")]
 pub(crate) async fn banned_room_check(
 	services: &Services,
 	user_id: &UserId,
@@ -153,3 +160,80 @@ pub(crate) async fn banned_room_check(

 	Ok(())
 }
+
+/// Validates that an event returned from a remote server by `/make_*`
+/// actually is a membership event with the expected fields.
+///
+/// Without checking this, the remote server could use the remote membership
+/// mechanism to trick our server into signing arbitrary malicious events.
+pub(crate) fn validate_remote_member_event_stub(
+	membership: &MembershipState,
+	user_id: &UserId,
+	room_id: &RoomId,
+	event_stub: &CanonicalJsonObject,
+) -> Result<()> {
+	let Some(event_type) = event_stub.get("type") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing type field"
+		));
+	};
+	if event_type != &RoomMemberEventContent::TYPE {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with invalid event type"
+		));
+	}
+
+	let Some(sender) = event_stub.get("sender") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing sender field"
+		));
+	};
+	if sender != &user_id.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect sender"
+		));
+	}
+
+	let Some(state_key) = event_stub.get("state_key") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing state_key field"
+		));
+	};
+	if state_key != &user_id.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect state_key"
+		));
+	}
+
+	let Some(event_room_id) = event_stub.get("room_id") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing room_id field"
+		));
+	};
+	if event_room_id != &room_id.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect room_id"
+		));
+	}
+
+	let Some(content) = event_stub
+		.get("content")
+		.and_then(|content| content.as_object())
+	else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing content field"
+		));
+	};
+	let Some(event_membership) = content.get("membership") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing membership field"
+		));
+	};
+	if event_membership != &membership.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect room_id"
+		));
+	}
+
+	Ok(())
+}
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@@ -1,6 +1,7 @@
 use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Result, at,
+	Err, Result, at, debug_warn,
 	matrix::{
 		event::{Event, Matches},
 		pdu::PduCount,
@@ -16,7 +17,7 @@
 	Services,
 	rooms::{
 		lazy_loading,
-		lazy_loading::{Options, Witness},
+		lazy_loading::{MemberSet, Options},
 		timeline::PdusIterItem,
 	},
 };
@@ -70,6 +71,7 @@
 ///   where the user was joined, depending on `history_visibility`)
 pub(crate) async fn get_message_events_route(
 	State(services): State<crate::State>,
+	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<get_message_events::v3::Request>,
 ) -> Result<get_message_events::v3::Response> {
 	debug_assert!(IGNORED_MESSAGE_TYPES.is_sorted(), "IGNORED_MESSAGE_TYPES is not sorted");
@@ -78,6 +80,11 @@ pub(crate) async fn get_message_events_route(
 	let room_id = &body.room_id;
 	let filter = &body.filter;

+	services
+		.users
+		.update_device_last_seen(sender_user, sender_device, client_ip)
+		.await;
+
 	if !services.rooms.metadata.exists(room_id).await {
 		return Err!(Request(Forbidden("Room does not exist to this server")));
 	}
@@ -115,14 +122,14 @@ pub(crate) async fn get_message_events_route(
 		| Direction::Forward => services
 			.rooms
 			.timeline
-			.pdus(Some(sender_user), room_id, Some(from))
+			.pdus(room_id, Some(from))
 			.ignore_err()
 			.boxed(),

 		| Direction::Backward => services
 			.rooms
 			.timeline
-			.pdus_rev(Some(sender_user), room_id, Some(from))
+			.pdus_rev(room_id, Some(from))
 			.ignore_err()
 			.boxed(),
 	};
@@ -133,6 +140,18 @@ pub(crate) async fn get_message_events_route(
 		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
 		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
 		.take(limit)
+		.then(async |mut pdu| {
+			pdu.1.set_unsigned(Some(sender_user));
+			if let Err(e) = services
+				.rooms
+				.pdu_metadata
+				.add_bundled_aggregations_to_pdu(sender_user, &mut pdu.1)
+				.await
+			{
+				debug_warn!("Failed to add bundled aggregations: {e}");
+			}
+			pdu
+		})
 		.collect()
 		.await;

@@ -162,7 +181,7 @@ pub(crate) async fn get_message_events_route(

 	let state = witness
 		.map(Option::into_iter)
-		.map(|option| option.flat_map(Witness::into_iter))
+		.map(|option| option.flat_map(MemberSet::into_iter))
 		.map(IterStream::stream)
 		.into_stream()
 		.flatten()
@@ -192,7 +211,7 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 	services: &Services,
 	lazy_loading_context: &lazy_loading::Context<'_>,
 	events: I,
-) -> Witness
+) -> MemberSet
 where
 	I: Iterator<Item = &'a PdusIterItem> + Clone + Send,
 {
@@ -213,10 +232,10 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 	let receipts = services
 		.rooms
 		.read_receipt
-		.readreceipts_since(lazy_loading_context.room_id, oldest.into_unsigned());
+		.readreceipts_since(lazy_loading_context.room_id, Some(oldest.into_unsigned()));

 	pin_mut!(receipts);
-	let witness: Witness = events
+	let witness: MemberSet = events
 		.stream()
 		.map(ref_at!(1))
 		.map(Event::sender)
@@ -224,7 +243,7 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 		.chain(
 			receipts
 				.ready_take_while(|(_, c, _)| *c <= newest.into_unsigned())
-				.map(|(user_id, ..)| user_id.to_owned()),
+				.map(|(user_id, ..)| user_id),
 		)
 		.collect()
 		.await;
@@ -232,7 +251,7 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 	services
 		.rooms
 		.lazy_loading
-		.witness_retain(witness, lazy_loading_context)
+		.retain_lazy_members(witness, lazy_loading_context)
 		.await
 }

--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`tag-message = "chore: Release v{{version}}"`