2026-05-02 15:14:09 +02:00
112 changed files with 1474 additions and 1382 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -1,9 +1,8 @@
 name: "Spec"
 env:
-  HUGO_VERSION: 0.153.3
+  HUGO_VERSION: 0.148.1
  PYTHON_VERSION: 3.13
  NODE_VERSION: 24
 on:
  push:
@ -28,7 +27,7 @@ jobs:
      - name: "➕ Setup Node"
        uses: actions/setup-node@v4
        with:
-          node-version: ${{ env.NODE_VERSION }}
+          node-version: '20'
      - name: "🔎 Run validator"
        run: |
          npx @redocly/cli@latest lint data/api/*/*.yaml
@ -196,13 +195,11 @@ jobs:
    needs: [calculate-baseurl, build-openapi, generate-changelog]
    # run even if generate-changelog was skipped
    if: ${{ always() }}
    env:
      baseURL: "${{ needs.calculate-baseurl.outputs.baseURL }}"
    steps:
      - name: "➕ Setup Node"
        uses: actions/setup-node@v4
        with:
-          node-version: ${{ env.NODE_VERSION }}
+          node-version: '20'
      - name: "➕ Setup Hugo"
        uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
        with:
@ -220,10 +217,8 @@ jobs:
        with:
          name: changelog-artifact
          path: content/changelog
      - name: "⚙️ hugo"
-        run: hugo --baseURL "${baseURL}" -d "spec${baseURL}"
+        run: hugo --baseURL "${{ needs.calculate-baseurl.outputs.baseURL }}" -d "spec"
      # We manually unpack the spec OpenAPI definition JSON to the website tree
      # to make it available to the world in a canonical place:
      # https://spec.matrix.org/latest/client-server-api/api.json
@ -234,13 +229,10 @@ jobs:
          name: openapi-artifact
      - name: "📝 Unpack the OpenAPI definitions in the right location"
        run: |
-          tar -C "spec${baseURL}" --strip-components=1 -xzf openapi.tar.gz
+          tar -xzf openapi.tar.gz
      - name: "📦 Tarball creation"
-        run: |
+        run: tar -czf spec.tar.gz spec
          cd spec
          tar -czf ../spec.tar.gz *
      - name: "📤 Artifact upload"
        uses: actions/upload-artifact@v4
        with:
@ -251,14 +243,6 @@ jobs:
    name: "🔎 Validate generated HTML"
    runs-on: ubuntu-latest
    needs: [calculate-baseurl, build-spec]
    # Run even if `generate-changelog` was skipped.
    #
    # `build-spec` has a dependency on `generate-changelog` to ensure order of execution
    # and to access `needs.generate-changelog.result`. However, `generate-changelog` is
    # skipped on tag builds; even a transient dependency on `generate-changelog` is then
    # enough for this step to also be skipped by default on tag builds. Hence the need for
    # this explicit `if`.
    if: ${{ !failure() && !cancelled() }}
    steps:
      - name: "📥 Source checkout"
        uses: actions/checkout@v4
@ -269,9 +253,14 @@ jobs:
          name: spec-artifact
      - name: "📝 Unpack the spec"
        # we have to unpack it into the right path given the baseurl, so that the
        # links are correct.
        # eg if baseurl is `/unstable`, we want to put the site in `spec/unstable`.
        run: |
-          mkdir spec
+          mkdir -p "spec${baseURL}"
-          tar -C spec -xvzf spec.tar.gz
+          tar -C "spec${baseURL}" --strip-components=1 -xvzf spec.tar.gz
        env:
          baseURL: "${{ needs.calculate-baseurl.outputs.baseURL }}"
      - name: "Run htmltest"
        uses: wjdp/htmltest-action@master
@ -281,15 +270,13 @@ jobs:
  build-historical-spec:
    name: "📖 Build the historical backup spec"
    runs-on: ubuntu-latest
-    needs: [calculate-baseurl, build-openapi]
+    needs: [build-openapi]
    if: ${{ startsWith(github.ref, 'refs/tags/') }}
    env:
      baseURL: "${{ needs.calculate-baseurl.outputs.baseURL }}"
    steps:
      - name: "➕ Setup Node"
        uses: actions/setup-node@v4
        with:
-          node-version: ${{ env.NODE_VERSION }}
+          node-version: '20'
      - name: "➕ Setup Hugo"
        uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
        with:
@ -304,8 +291,9 @@ jobs:
      - name: "⚙️ hugo"
        env:
          HUGO_PARAMS_VERSION_STATUS: "historical"
        # Create a baseURL like `/v1.2` out of the `v1.2` tag
        run: |
-          hugo --baseURL "${baseURL}" -d "spec${baseURL}"
+          hugo --baseURL "/${GITHUB_REF/refs\/tags\//}" -d "spec"
      - name: "📥 Spec definition download"
        uses: actions/download-artifact@v4
@ -313,51 +301,12 @@ jobs:
          name: openapi-artifact
      - name: "📝 Unpack the OpenAPI definitions in the right location"
        run: |
-          tar -C "spec${baseURL}" --strip-components=1 -xzf openapi.tar.gz
+          tar -xzf openapi.tar.gz
      - name: "📦 Tarball creation"
-        run: |
+        run: tar -czf spec-historical.tar.gz spec
          cd spec
          tar -czf ../spec-historical.tar.gz *
      - name: "📤 Artifact upload"
        uses: actions/upload-artifact@v4
        with:
          name: spec-historical-artifact
          path: spec-historical.tar.gz
  # If we're building a tag, create a release and publish the artifacts
  create_release:
    name: "Create release"
    if: ${{ !failure() && !cancelled() && startsWith(github.ref, 'refs/tags/') }}
    needs:
      - build-spec
      - build-historical-spec
    runs-on: ubuntu-latest
    steps:
      - name: "📥 Check out changelogs"
        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          sparse-checkout: |
            content/changelog
      - name: "📥 Download built spec"
        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: spec-artifact
      - name: "📥 Download historical spec artifact"
        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: spec-historical-artifact
      - name: "✨ Create draft release"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          # Remove front-matter from changelog
          sed '1,/^---$/d' "content/changelog/${{ github.ref_name }}.md" > changelog.md
          # Create a draft release, using the changelog as release notes, and attaching the spec artifacts.
          gh release create -d -t "${{ github.ref_name }}" \
            -F "changelog.md" \
            "${{ github.ref_name }}" \
            spec.tar.gz \
            spec-historical.tar.gz
--- a/.github/workflows/netlify.yaml
+++ b/.github/workflows/netlify.yaml
@ -45,9 +45,7 @@ jobs:
          name: spec-artifact
      - name: "📦 Extract Artifacts"
-        run: |
+        run: tar -xzvf spec.tar.gz && rm spec.tar.gz
          mkdir spec
          tar -C spec -xzvf spec.tar.gz && rm spec.tar.gz
      - name: "📤 Deploy to Netlify"
        id: netlify
--- a/assets/js/toc.js
+++ b/assets/js/toc.js
@ -50,7 +50,7 @@ function getHeadings() {
  let headings = [];
  // First get the anchors in the ToC.
-  const toc_anchors = document.querySelectorAll("#TableOfContents a");
+  const toc_anchors = document.querySelectorAll("#toc nav a");
  for (const anchor of toc_anchors) {
    // Then get the heading from its selector in the anchor's href.
@ -122,13 +122,13 @@ function getCurrentHeading(headings, headerOffset) {
 */
 function selectTocEntry(id) {
  // Deselect previously selected entries.
-  const activeEntries = document.querySelectorAll("#TableOfContents a.active");
+  const activeEntries = document.querySelectorAll("#toc nav a.active");
  for (const activeEntry of activeEntries) {
    activeEntry.classList.remove('active');
  }
  // Find the new entry and select it.
-  const newEntry = document.querySelector(`#TableOfContents a[href="#${id}"]`);
+  const newEntry = document.querySelector(`#toc nav a[href="#${id}"]`);
  if (!newEntry) {
    console.error("ToC entry not found for ID:", id);
    return;
--- a/assets/scss/_styles_project.scss
+++ b/assets/scss/_styles_project.scss
@ -78,8 +78,9 @@ Custom SCSS for the Matrix spec
  &>.td-sidebar-nav__section {
    margin-top: 1rem;
  }
-    .ul-1 ul {
+  .td-sidebar-nav__section .ul-1 ul {
    padding-left: 0;
  }
@ -96,83 +97,8 @@ Custom SCSS for the Matrix spec
  .ul-2 > li > a {
    padding-left: 2rem !important;
  }
  }
-  /* Styles for the table of contents */
+  a.td-sidebar-link.tree-root {
  & > .td-toc {
    padding-top: 1rem;
    padding-left: 1.5rem;
    /* Add border above the toc */
    border-top: 1px solid var(--bs-tertiary-color);
    ol {
      padding-left: 1rem;
      counter-reset: section;
      list-style-type: none;
    }
    #TableOfContents {
      /* Remove the space between the title and the ToC */
      margin-top: 0;
      &>ol>li {
        margin-bottom: .5rem;
        &>a {
          font-weight: $font-weight-bold;
        }
      }
      ol {
        padding-left: 0;
      }
      &>ol>li>a {
        padding-left: 1rem;
      }
      &>ol>li>ol>li>a {
        padding-left: 2rem;
      }
      &>ol>li>ol>li>ol>li>a {
        padding-left: 3rem;
      }
      &>ol>li>ol>li>ol>li>ol>li>a {
        padding-left: 4rem;
      }
      &>ol>li>ol>li>ol>li>ol>li>ol>li>a {
        padding-left: 5rem;
      }
    }
    li a:before {
      counter-increment: section;
      content: counters(section, ".") " ";
    }
    .td-toc-title {
      font-weight: $font-weight-bold;
      font-size: 1.3rem;
      /* Remove the border under the title */
      border-bottom: 0;
      /* Remove the space under the title */
      margin-bottom: 0;
      /* Fix the top of page link color */
      a, a:hover {
        color: $secondary;
      }
    }
  }
  /* Apply the same style to links in the navigation and in the ToC */
  & > .td-sidebar-nav__section, & > .td-toc #TableOfContents {
    li a.td-sidebar-link.tree-root {
    color: $gray-800;
    font-weight: $font-weight-bold;
    font-size: 1.3rem;
@ -180,12 +106,13 @@ Custom SCSS for the Matrix spec
    border-bottom: none;
  }
-    li a, li a.td-sidebar-link {
+  a, a.td-sidebar-link {
    color: $gray-800;
    font-weight: $font-weight-normal;
    padding-top: .2rem;
    padding-bottom: .2rem;
    display: block;
    transition: all 100ms ease-in-out;
    &:hover {
@ -198,7 +125,6 @@ Custom SCSS for the Matrix spec
    }
  }
 }
 }
@include media-breakpoint-up(md) {
  @supports (position: sticky) {
@ -273,6 +199,64 @@ Custom SCSS for the Matrix spec
  scroll-margin-top: 5.5rem;
 }
 /* Styles for the table of contents */
 #toc {
  padding-top: .5rem;
  padding-left: 1.5rem;
  ol {
    padding-left: 1rem;
    counter-reset: section;
    list-style-type: none;
  }
  #TableOfContents {
    &>ol>li {
      margin-bottom: .5rem;
      &>a {
        font-weight: $font-weight-bold;
      }
    }
    ol {
      padding-left: 0;
    }
    &>ol>li>a {
      padding-left: 1rem;
    }
    &>ol>li>ol>li>a {
      padding-left: 2rem;
    }
    &>ol>li>ol>li>ol>li>a {
      padding-left: 3rem;
    }
    &>ol>li>ol>li>ol>li>ol>li>a {
      padding-left: 4rem;
    }
    &>ol>li>ol>li>ol>li>ol>li>ol>li>a {
      padding-left: 5rem;
    }
  }
  li a:before {
    counter-increment: section;
    content: counters(section, ".") " ";
  }
  #toc-title {
    font-weight: $font-weight-bold;
    font-size: 1.3rem;
  }
 }
 .endpoints-toc {
  summary {
    cursor: pointer;
--- a/assets/scss/_variables_project.scss
+++ b/assets/scss/_variables_project.scss
@ -18,7 +18,6 @@ $primary: #FFF;
 $secondary: #0098D4;
 $dark: #333;
 $gray-100: #FBFBFB;
 $code-color: #005b7f;
 $secondary-background: #E5F5FB;
 $secondary-lighter-background: #F4FAFC;
--- a/changelogs/appendices/newsfragments/2307.clarification
+++ b/changelogs/appendices/newsfragments/2307.clarification
@ -1 +0,0 @@
 Add identifier pronunciation guidelines. Contributed by @HarHarLinks.
--- a/changelogs/client_server/newsfragments/2270.feature
+++ b/changelogs/client_server/newsfragments/2270.feature
@ -1 +0,0 @@
 Add the account management capabilities for the OAuth 2.0 authentication API, as per [MSC4191](https://github.com/matrix-org/matrix-spec-proposals/pull/4191).
--- a/changelogs/client_server/newsfragments/2272.feature
+++ b/changelogs/client_server/newsfragments/2272.feature
@ -1 +0,0 @@
 Add OAuth 2.0 aware clients, as per [MSC3824](https://github.com/matrix-org/matrix-spec-proposals/pull/3824).
--- a/changelogs/client_server/newsfragments/2277.clarification
+++ b/changelogs/client_server/newsfragments/2277.clarification
@ -1,3 +0,0 @@
 The optional `submit_url` response parameter of the `/requestToken` endpoints uses the same request
 and response parameters and error codes as the Identity Service API's `POST /_matrix/identity/v2/validate/email/submitToken`,
 as per [MSC4183](https://github.com/matrix-org/matrix-spec-proposals/pull/4183).
--- a/changelogs/client_server/newsfragments/2280.clarification
+++ b/changelogs/client_server/newsfragments/2280.clarification
@ -1 +0,0 @@
 Update non-historic mentions of matrix-doc repo to matrix-spec/-proposals. Contributed by @HarHarLinks.
--- a/changelogs/client_server/newsfragments/2283.clarification
+++ b/changelogs/client_server/newsfragments/2283.clarification
@ -1 +0,0 @@
 Remove unintended TeX formatting. Contributed by @HarHarLinks.
--- a/changelogs/client_server/newsfragments/2291.feature
+++ b/changelogs/client_server/newsfragments/2291.feature
@ -1 +0,0 @@
 Add `m.recent_emoji` account data event to track recently used emoji as per [MSC4356](https://github.com/matrix-org/matrix-spec-proposals/pull/4356).
--- a/changelogs/client_server/newsfragments/2292.feature
+++ b/changelogs/client_server/newsfragments/2292.feature
@ -1 +0,0 @@
 Add `m.forget_forced_upon_leave` capability for servers to transparently auto-forget rooms that the user leaves as per [MSC4267](https://github.com/matrix-org/matrix-spec-proposals/pull/4267).
--- a/changelogs/client_server/newsfragments/2298.feature
+++ b/changelogs/client_server/newsfragments/2298.feature
@ -1 +0,0 @@
 Add support for `m.room.redaction` events at the `PUT /rooms/{roomId}/send/{eventType}/{txnId}` endpoint, as per [MSC4169](https://github.com/matrix-org/matrix-spec-proposals/pull/4169).
--- a/changelogs/client_server/newsfragments/2299.feature
+++ b/changelogs/client_server/newsfragments/2299.feature
@ -1 +0,0 @@
 Clients supporting the `ol` HTML element must also support the `start` attribute, as per [MSC4313](https://github.com/matrix-org/matrix-spec-proposals/pull/4313).
--- a/changelogs/client_server/newsfragments/2305.feature
+++ b/changelogs/client_server/newsfragments/2305.feature
@ -1 +0,0 @@
 Add invite blocking, as per [MSC4380](https://github.com/matrix-org/matrix-spec-proposals/pull/4380).
--- a/changelogs/identity_service/newsfragments/2277.clarification
+++ b/changelogs/identity_service/newsfragments/2277.clarification
@ -1,3 +0,0 @@
 Clarify the error codes that can be returned with a 400 HTTP status code by the `POST /_matrix/identity/v2/validate/email/submitToken`
 and `POST /_matrix/identity/v2/validate/msisdn/submitToken` endpoints, introducing the `M_TOKEN_INCORRECT`
 error code, as per [MSC4183](https://github.com/matrix-org/matrix-spec-proposals/pull/4183).
--- a/changelogs/internal/newsfragments/2222.clarification
+++ b/changelogs/internal/newsfragments/2222.clarification
@ -1 +0,0 @@
 Clarify vendor prefixing requirements.
--- a/changelogs/internal/newsfragments/2275.clarification
+++ b/changelogs/internal/newsfragments/2275.clarification
@ -1 +0,0 @@
 Auto-create draft releases when building release tags.
--- a/changelogs/internal/newsfragments/2276.feature
+++ b/changelogs/internal/newsfragments/2276.feature
@ -1 +0,0 @@
 Include the spec release version in the filenames in the tarballs generated by CI.
--- a/changelogs/internal/newsfragments/2287.clarification
+++ b/changelogs/internal/newsfragments/2287.clarification
@ -1 +0,0 @@
 Upgrade to docsy v0.13.0.
--- a/changelogs/internal/newsfragments/2289.clarification
+++ b/changelogs/internal/newsfragments/2289.clarification
@ -1 +0,0 @@
 Updates to the release documentation.
--- a/changelogs/internal/newsfragments/2290.clarification
+++ b/changelogs/internal/newsfragments/2290.clarification
@ -1 +0,0 @@
 Remove unused leftover CSS files.
--- a/changelogs/room_versions/newsfragments/2303.clarification
+++ b/changelogs/room_versions/newsfragments/2303.clarification
@ -1 +0,0 @@
 Remove the post-1.16 release note for room version 12.
--- a/changelogs/server_server/newsfragments/2191.clarification
+++ b/changelogs/server_server/newsfragments/2191.clarification
@ -1 +0,0 @@
 Clarify what the `minimum_valid_until_ts` field means when it is set in key queries.
--- a/changelogs/server_server/newsfragments/2284.clarification
+++ b/changelogs/server_server/newsfragments/2284.clarification
@ -1 +1 @@
-Specified input validation for PDUs passed to and returned from federation membership endpoints.
+Specified input validation for PDUs passed to federation membership endpoints.
--- a/changelogs/server_server/newsfragments/2288.clarification
+++ b/changelogs/server_server/newsfragments/2288.clarification
@ -1 +0,0 @@
 Specify that callers of `/_matrix/federation/v1/openid/userinfo` must validate the returned user ID.
--- a/changelogs/server_server/newsfragments/2300.clarification
+++ b/changelogs/server_server/newsfragments/2300.clarification
@ -1 +0,0 @@
 Change `m.signing_update` typo to `m.signing_key_update`. Contributed by @velikopter
--- a/config/_default/hugo.toml
+++ b/config/_default/hugo.toml
@ -166,11 +166,3 @@ sidebar_menu_compact = true
    mediaType = "text/markdown"
    isPlainText = true
    baseName = "checklist"
 # Add font media types for downloading KaTeX fonts.
 # See: https://www.docsy.dev/docs/content/diagrams-and-formulae/#create-media-types-for-katex-fonts
 [mediaTypes]
  [mediaTypes.'font/woff']
    suffixes = ['woff']
  [mediaTypes.'font/woff2']
    suffixes = ['woff2']
--- a/content/appendices.md
+++ b/content/appendices.md
@ -533,11 +533,6 @@ where `domain` is the [server name](#server-name) of the homeserver
 which allocated the identifier, and `localpart` is an identifier
 allocated by that homeserver.
 Because the domain part identifies the server on which the ID resolves,
 the canonical pronunciation of the separating `:` is "on".
 For example, `@user:matrix.org` would be pronounced as "at user on matrix dot
 org".
 The precise grammar defining the allowable format of an identifier
 depends on the type of identifier. For example, event IDs can sometimes
 be represented with a `domain` component under some conditions - see the
--- a/content/client-server-api/_index.md
+++ b/content/client-server-api/_index.md
@ -480,13 +480,6 @@ Currently the OAuth 2.0 API doesn't cover all the use cases of the legacy API,
 such as automated applications that cannot use a web browser.
 {{% /boxes/note %}}
 {{% boxes/note %}}
 {{% added-in v="1.18" %}}
 A compatibility feature, called [OAuth 2.0 aware clients](#oauth-20-aware-clients),
 is available to ease the transition to the OAuth 2.0 API for clients that only
 support the legacy API.
 {{% /boxes/note %}}
 ### Authentication API discovery
 To discover if a homeserver supports the legacy API, the [`GET /login`](#get_matrixclientv3login)
@ -652,7 +645,7 @@ manage their account like [changing their password](#password-management),
 [deactivating their account](#account-deactivation).
 With the OAuth 2.0 API, all account management is done via the homeserver's web
-UI that can be accessed by users via the [account management URL](#oauth-20-account-management).
+UI.
 ### Legacy API
@ -1619,73 +1612,6 @@ MAY reject weak passwords with an error code `M_WEAK_PASSWORD`.
 {{% http-api spec="client-server" api="account_deactivation" %}}
 #### OAuth 2.0 aware clients
 {{% added-in v="1.18" %}}
 This is a compatibility feature to aide clients in the transition to the OAuth
 2.0 API. It allows clients that only support the legacy API to make some
 less-invasive changes to improve the user experience when talking to a
 homeserver that is using the OAuth 2.0 API without actually having to implement
 the full OAuth 2.0 API.
 ##### Client behaviour
 For a client to be considered fully OAuth 2.0 aware it MUST:
 * Support the [`m.login.sso` authentication flow](#client-login-via-sso).
 * Where a `oauth_aware_preferred` value of `true` is present on an `m.login.sso`
  flow, *only* offer that auth flow to the user.
 * Append `action=login` or `action=register` parameters to the [SSO redirect
  endpoints](#get_matrixclientv3loginssoredirect). The client might determine
  the value to use based on whether the user clicked a "Login" or "Register"
  button.
 * Check and honour the [`m.3pid_changes` capability](#m3pid_changes-capability)
  so that the user is not offered the ability to add or remove 3PIDs if the
  homeserver says the capability is not available.
 * Determine if the homeserver is using the OAuth 2.0 API by using
  [server metadata discovery](#get_matrixclientv1auth_metadata) from the OAuth
  2.0 API.
 * If a homeserver is using the OAuth 2.0 API as discovered in the previous step
  then the client MUST redirect users to manage their account at the [account
  management URL](#oauth-20-account-management), if available, instead of
  providing a native UI using the legacy API endpoints.
  * If the user wishes to deactivate their account then the client MUST refer
    them to the account management URL.
  * If the user wishes to sign out a device other than its own then the client
    MUST deep link the user to the account management URL by adding the
    `action=org.matrix.device_delete` and `device_id=<device_id>` parameters so
    that the web UI knows that the user wishes to sign out a device and which
    one it is.
 Optionally, an OAuth 2.0 aware client MAY:
 * Label the SSO button as "Continue" rather than "SSO" when
  `oauth_aware_preferred` is `true`. This is because after redirect the server
  may then offer a password and/or further upstream IdPs.
 * Pass other [account management URL parameters](#account-management-url-parameters)
  for context when linking to the account web UI.
 ##### Server behaviour
 For a homeserver to provide support for OAuth 2.0 aware clients it MUST:
 * Support the [OAuth 2.0 API](#oauth-20-api).
 * Provide an implementation of the [`m.login.sso` authentication flow](#client-login-via-sso)
  from the legacy API.
 * If password authentication was previously enabled on the homeserver then
  provide an implementation of the [`m.login.password` authentication flow](#legacy-login)
  from the legacy API.
 * Indicate that the `m.login.sso` flow is preferred by setting
  `oauth_aware_preferred` to `true`.
 * Support a value for the `action` param on the [SSO redirect endpoints](#get_matrixclientv3loginssoredirect).
 Additionally, the homeserver SHOULD:
 * Advertise the [account management URL](#oauth-20-account-management) in the
  [server metadata](#get_matrixclientv1auth_metadata).
 ### OAuth 2.0 API
 {{% added-in v="1.15" %}}
@ -2345,46 +2271,6 @@ The server SHOULD return one of the following responses:
 - For other errors, the server returns a `400 Bad Request` response with error
  details
 #### Account management {id="oauth-20-account-management"}
 {{% added-in v="1.18" %}}
 All account management is done via the homeserver's web UI.
 This specification defines extensions to the [OAuth Authorization Server
 Metadata registry](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#authorization-server-metadata)
 to offer clients a way to deep-link to the account management capabilities of
 the homeserver to allow the user to complete the account management operations
 in a browser.
 ##### Account management URL discovery
 The [OAuth 2.0 authorization server metadata](#server-metadata-discovery) is
 extended to include the following **optional** fields.
 {{% definition path="schemas/oauth2-account-management-server-metadata" %}}
 ##### Account management URL parameters
 The account management URL MAY accept the following minimum query parameters.
 {{% definition path="schemas/oauth2-account-management-url" %}}
 ##### Account management URL actions
 Account management actions are unique to the application. They SHOULD follow the
 [Common Namespaced Identifier Grammar](/appendices/#common-namespaced-identifier-grammar)
 where feasible. The Matrix-specific actions are:
 | Action                           | Description                                                                                                                                          |
 |----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `org.matrix.profile`             | The user wishes to view/edit their profile (name, avatar, contact details).                                                                          |
 | `org.matrix.devices_list`        | The user wishes to view a list of their devices.                                                                                                     |
 | `org.matrix.device_view`         | The user wishes to view the details of a specific device. A `device_id` SHOULD be provided.                                                          |
 | `org.matrix.device_delete`       | The user wishes to delete/log out a specific device. A `device_id` SHOULD be provided.                                                               |
 | `org.matrix.account_deactivate`  | The user wishes to deactivate their account.                                                                                                         |
 | `org.matrix.cross_signing_reset` | The user wishes to reset their cross-signing identity. Servers SHOULD use this action in the URL of the [`m.oauth`](#oauth-authentication) UIA type. |
 ### Account moderation
 #### Account locking
@ -2619,40 +2505,6 @@ An example of the capability API's response for this capability is:
 }
 ```
 ### `m.forget_forced_upon_leave` capability
 {{% added-in v="1.18" %}}
 This capability has a single flag, `enabled`, which indicates whether or
 not the server automatically forgets rooms which the user has left.
 When `enabled` is `true` and the user leaves a room, the server will automatically
 forget the room — just as if the user had called [`/forget`](#post_matrixclientv3roomsroomidforget)
 themselves. This behavior applies irrespective of whether the user has left the
 room on their own (through [`/leave`](#post_matrixclientv3roomsroomidleave)) or
 has been kicked or banned from the room by another user.
 When `enabled` is `false`, the server does not automatically forget rooms
 upon leave. In this case, clients MAY distinguish the actions of leaving
 and forgetting a room in their UI. Similarly, clients MAY retrieve and
 visualize left but unforgotten rooms using a [filter](#filtering) with
 `include_leave = true`.
 When the capability or the `enabled` property are not present, clients SHOULD
 assume that the server does not automatically forget rooms.
 An example of the capability API's response for this capability is:
 ```json
 {
  "capabilities": {
    "m.forget_forced_upon_leave": {
      "enabled": true
    }
  }
 }
 ```
 ### `m.room_versions` capability
 This capability describes the default and available room versions a
@ -3349,14 +3201,6 @@ the topic to be removed from the room.
 #### Client behaviour
 {{% changed-in v="1.18" %}}
 If the server advertises support for a spec version that supports it, clients
 MAY use the [`PUT /rooms/{roomId}/send/{eventType}/{txnId}`](#put_matrixclientv3roomsroomidsendeventtypetxnid)
 endpoint to send `m.room.redaction` events in all room versions.
 They can also use the following endpoint.
 {{% http-api spec="client-server" api="redaction" %}}
 ### Forming relationships between events
@ -4054,7 +3898,6 @@ that profile.
 | [Guest Access](#guest-access)                              | Optional  | Optional | Optional | Optional | Optional |
 | [Moderation Policy Lists](#moderation-policy-lists)        | Optional  | Optional | Optional | Optional | Optional |
 | [OpenID](#openid)                                          | Optional  | Optional | Optional | Optional | Optional |
 | [Recently used emoji](#recently-used-emoji)                | Optional  | Optional | Optional | Optional | Optional |
 | [Reference Relations](#reference-relations)                | Optional  | Optional | Optional | Optional | Optional |
 | [Reporting Content](#reporting-content)                    | Optional  | Optional | Optional | Optional | Optional |
 | [Rich replies](#rich-replies)                              | Optional  | Optional | Optional | Optional | Optional |
@ -4071,7 +3914,6 @@ that profile.
 | [Sticker Messages](#sticker-messages)                      | Optional  | Optional | Optional | Optional | Optional |
 | [Third-party Networks](#third-party-networks)              | Optional  | Optional | Optional | Optional | Optional |
 | [Threading](#threading)                                    | Optional  | Optional | Optional | Optional | Optional |
 | [Invite permission](#invite-permission)                    | Optional  | Optional | Optional | Optional | Optional |
 *Please see each module for more details on what clients need to
 implement.*
@ -4145,7 +3987,6 @@ systems.
 {{% cs-module name="SSO client login/authentication" filename="sso_login" %}}
 {{% cs-module name="Direct Messaging" filename="dm" %}}
 {{% cs-module name="Ignoring Users" filename="ignore_users" %}}
 {{% cs-module name="Invite permission" filename="invite_permission" %}}
 {{% cs-module name="Sticker Messages" filename="stickers" %}}
 {{% cs-module name="Reporting Content" filename="report_content" %}}
 {{% cs-module name="Third-party Networks" filename="third_party_networks" %}}
@ -4158,6 +3999,5 @@ systems.
 {{% cs-module name="Spaces" filename="spaces" %}}
 {{% cs-module name="Event replacements" filename="event_replacements" %}}
 {{% cs-module name="Event annotations and reactions" filename="event_annotations" %}}
 {{% cs-module name="Recently used emoji" filename="recent_emoji" %}}
 {{% cs-module name="Threading" filename="threading" %}}
 {{% cs-module name="Reference relations" filename="reference_relations" %}}
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@ -87,7 +87,7 @@ Matrix 1.12 is expected to be released in the July-September 2024 calendar quart
 The homeserver SHOULD be able to supply thumbnails for uploaded images
 and videos. The exact file types which can be thumbnailed are not
 currently specified - see [Issue
-\#1938](https://github.com/matrix-org/matrix-spec/issues/453) for more
+\#1938](https://github.com/matrix-org/matrix-doc/issues/1938) for more
 information.
 The thumbnail methods are "crop" and "scale". "scale" tries to return an
--- a/content/client-server-api/modules/end_to_end_encryption.md
+++ b/content/client-server-api/modules/end_to_end_encryption.md
@ -921,7 +921,7 @@ collaborate to create a common set of translations for all languages.
 {{% boxes/note %}}
 Known translations for the emoji are available from
-<https://github.com/matrix-org/matrix-spec/tree/main/data-definitions/>
+<https://github.com/matrix-org/matrix-doc/blob/master/data-definitions/>
 and can be translated online:
 <https://translate.riot.im/projects/matrix-doc/sas-emoji-v1>
 {{% /boxes/note %}}
--- a/content/client-server-api/modules/instant_messaging.md
+++ b/content/client-server-api/modules/instant_messaging.md
@ -84,10 +84,6 @@ Additionally, web clients should ensure that *all* `a` tags get a
 `rel="noopener"` to prevent the target page from referencing the
 client's tab/window.
 {{% added-in v="1.18" %}} Clients that support rendering numbered lists via the
 `ol` tag MUST also support the `start` attribute in order to prevent loss of
 meaning of a message due to the numbering of list items.
 Tags must not be nested more than 100 levels deep. Clients should only
 support the subset of tags they can render, falling back to other
 representations of the tags where possible. For example, a client may
@ -123,7 +119,7 @@ Clients SHOULD verify the structure of incoming events to ensure that
 the expected keys exist and that they are of the right type. Clients can
 discard malformed events or display a placeholder message to the user.
 Redacted `m.room.message` events MUST be removed from the client. This
-can either be replaced with placeholder text (e.g. "[REDACTED]") or
+can either be replaced with placeholder text (e.g. "\[REDACTED\]") or
 the redacted message can be removed entirely from the messages view.
 Events which have attachments (e.g. `m.image`, `m.file`) SHOULD be
--- a/content/client-server-api/modules/invite_permission.md
+++ b/content/client-server-api/modules/invite_permission.md
@ -1,51 +0,0 @@
 ### Invite permission
 {{% added-in v="1.18" %}}
 Users may want to control who is allowed to invite them to new rooms. This module defines how
 clients and servers can implement invite permission.
 #### Account data
 {{% event event="m.invite_permission_config" %}}
 #### Client behaviour
 To reject invites from all users automatically, clients MAY add an [`m.invite_permission_config`](#minvite_permission_config)
 event in the user's [account data](#client-config) with the `default_action` property set to
 `block`. To stop rejecting all invites, the same event without the `default_action` property MUST be
 added to the account data.
 When the `default_action` field is unset, other parts of the specification might still have effects
 on invites seen by clients, like [ignoring users](#ignoring-users).
 Attempting to send an invite to a user that blocks invites will result in an error response with the
 `M_INVITE_BLOCKED` error code.
 #### Server behaviour
 When invites to a given user are blocked, the user's homeserver MUST respond to the following
 endpoints with an HTTP 403 status code, with the Matrix error code `M_INVITE_BLOCKED`, if the user
 is invited:
 * [`PUT /_matrix/federation/v1/invite/{roomId}/{eventId}`](/server-server-api/#put_matrixfederationv1inviteroomideventid)
 * [`PUT /_matrix/federation/v2/invite/{roomId}/{eventId}`](/server-server-api/#put_matrixfederationv2inviteroomideventid)
 * [`POST /_matrix/client/v3/rooms/{roomId}/invite`](#post_matrixclientv3roomsroomidinvite)
 * [`POST /_matrix/client/v3/createRoom`](#post_matrixclientv3createroom), due to a user in the
  `invite` list. It is possible for one of the invited users to be rejected whilst the room creation
  as a whole succeeds.
 * [`PUT /_matrix/client/v3/rooms/{roomId}/state/m.room.member/{stateKey}`](#put_matrixclientv3roomsroomidstateeventtypestatekey),
  when the `membership` is set to `invite`.
 In addition, invite events for this user already in the database, or received over federation, MUST
 NOT be served over client synchronisation endpoints such as [`GET /sync`](#get_matrixclientv3sync).
 Servers MAY return any suppressed invite events over `GET /sync` if invite blocking is later
 disabled.
 Other endpoints, such as [`GET /rooms/{roomId}/state`](#get_matrixclientv3roomsroomidstate), are not
 affected by invite blocking: invite events are returned as normal.
 The Application Services API is also unaffected by invite blocking: invite events are sent over
 [`PUT /_matrix/app/v1/transactions/{txnId}`](/application-service-api/#put_matrixappv1transactionstxnid).
--- a/content/client-server-api/modules/recent_emoji.md
+++ b/content/client-server-api/modules/recent_emoji.md
@ -1,40 +0,0 @@
 ### Recently used emoji
 {{% added-in v="1.18" %}}
 This module enables clients to track a user's cumulated emoji usage across different
 devices. The data is stored in the [`m.recent_emoji`](#mrecent_emoji)
 global [account data](#client-config) and can, among other things, be used to
 generate recommendations in emoji pickers.
 #### Events
 {{% event event="m.recent_emoji" %}}
 #### Client behaviour
 What exactly constitutes trackable emoji usage is left as an implementation detail
 for clients. It is RECOMMENDED to include sending emoji in both messages and
 annotations.
 When an emoji is used, the sending client moves (or adds) it to the beginning of
 the `recent_emoji` array and increments (or initializes) its counter. This keeps
 the array ordered by last usage time which facilitates evaluating the data. How
 exactly the client evaluates and uses the collected data is deliberately left
 unspecified.
 To prevent excessive growth of the event as new emoji are being used, clients
 SHOULD limit the length of the `recent_emoji` array by dropping elements from
 its end. A RECOMMENDED maximum length is 100 emoji.
 To enable future extension, clients MUST tolerate and preserve array elements
 within `recent_emoji` regardless of whether they understand or support the
 contained `emoji` value. This means ignoring entries with unrecognised values
 of `emoji` when deciding what to display to the user while retaining them when
 modifying the array (unless the modification is for truncation).
 To prevent undefined behavior, clients SHOULD remove array elements that
 don't conform to the event schema such as elements with negative counters.
--- a/content/proposals.md
+++ b/content/proposals.md
@ -408,9 +408,41 @@ development or testing data.
 that a particular MSC works) do not have to follow this process.
 1.  Have an idea for a feature.
-1.  Implement the feature using [unstable endpoints, vendor prefixes, and
+1.  Implement the feature using unstable endpoints, vendor prefixes, and
-    unstable feature flags](#unstable-endpoints-features-and-vendor-prefixes)
+    unstable feature flags as appropriate.
-    as appropriate.
+    -   When using unstable endpoints, they MUST include a vendor
        prefix. For example:
        `/_matrix/client/unstable/com.example/login`. Vendor prefixes
        throughout Matrix always use the Java package naming convention.
        The MSC for the feature should identify which preferred vendor
        prefix is to be used by early adopters.
    -   Note that unstable namespaces do not automatically inherit
        endpoints from stable namespaces: for example, the fact that
        `/_matrix/client/r0/sync` exists does not imply that
        `/_matrix/client/unstable/com.example/sync` exists.
    -   If the client needs to be sure the server supports the feature,
        an unstable feature flag that MUST be vendor prefixed is to be
        used. This kind of flag shows up in the `unstable_features`
        section of `/versions` as, for example, `com.example.new_login`.
        The MSC for the feature should identify which preferred feature
        flag is to be used by early adopters.
    -   When using this approach correctly, the implementation can
        ship/release the feature at any time, so long as the
        implementation is able to accept the technical debt that results
        from needing to provide adequate backwards and forwards
        compatibility. The implementation MUST support the flag (and
        server-side implementation) disappearing and be generally safe
        for users. Note that implementations early in the MSC review
        process may also be required to provide backwards compatibility
        with earlier editions of the proposal.
    -   If the implementation cannot support the technical debt (or if
        it's impossible to provide forwards/backwards compatibility -
        e.g. a user authentication change which can't be safely rolled
        back), the implementation should not attempt to implement the
        feature and should instead wait for a spec release.
    -   If at any point after early release, the idea changes in a
        backwards-incompatible way, the feature flag should also change
        so that implementations can adapt as needed.
 1.  In parallel, or ahead of implementation, open an MSC and solicit
    review per above.
 1.  Before FCP can be called, the Spec Core Team will require evidence
@ -420,7 +452,10 @@ that a particular MSC works) do not have to follow this process.
    forwards/backwards compatibility concerns mentioned here.
 1.  The FCP process is completed, and assuming nothing is flagged the
    MSC lands.
-1.  Implementations can now switch to using stable prefixes, assuming that the change
+1.  Implementations can now switch to using stable prefixes
    (for example, for an endpoint, moving from
    `/unstable/org.matrix.mscxxxx/frobnicate`
    to `/v1/frobnicate`), assuming that the change
    is backwards compatible with older implementations. In the rare occasion
    where backwards compatibility is not possible without a new spec release,
    implementations should continue to use unstable prefixes.
@ -436,6 +471,13 @@ that a particular MSC works) do not have to follow this process.
    started supporting the new spec release, some noise should be raised
    in the general direction of the implementation.
 {{% boxes/note %}}
 MSCs MUST still describe what the stable endpoints/feature looks like
 with a note towards the bottom for what the unstable feature
 flag/prefixes are. For example, an MSC would propose `/_matrix/client/r0/new/endpoint`, not `/_matrix/client/unstable/
 com.example/new/endpoint`.
 {{% /boxes/note %}}
 In summary:
 -   Implementations MUST NOT use stable endpoints before the MSC has
@ -447,90 +489,14 @@ In summary:
 -   Implementations SHOULD be wary of the technical debt they are
    incurring by moving faster than the spec.
 -   The vendor prefix is chosen by the developer of the feature, using
-    the Java package naming convention.
+    the Java package naming convention. The foundation's preferred
    vendor prefix is `org.matrix`.
 -   The vendor prefixes, unstable feature flags, and unstable endpoints
    should be included in the MSC, though the MSC MUST be written in a
    way that proposes new stable endpoints. Typically this is solved by
    a small table at the bottom mapping the various values from stable
    to unstable.
 #### Unstable endpoints, features and vendor prefixes
 Unstable endpoints MUST use `/unstable` as the endpoint version and a
 vendor prefix in Java package naming format. For example:
 `/_matrix/client/unstable/com.example.mscxxxx/login`.
 {{% boxes/note %}}
 Proposal authors operating with a Matrix.org Foundation mandate SHOULD use
 a vendor prefix within the `org.matrix` namespace. This namespace is otherwise
 restricted. Authors who don't own a domain MAY use the `io.github` namespace
 instead.
 {{% /boxes/note %}}
 Note that unstable namespaces do not automatically inherit endpoints from
 stable namespaces: for example, the fact that `/_matrix/client/v3/sync`
 exists does not imply that `/_matrix/client/unstable/com.example.mscxxxx/sync`
 exists.
 Vendor prefixes MUST also be used for:
 -   New parameters on existing endpoints. For example:
    `/_matrix/client/v3/publicRooms?com.example.mscxxxx.ordered_by=member_count`.
 -   New properties in existing JSON objects. For example:
    ```json
    {
      "avatar_url": "mxc://matrix.org/SDGdghriugerRg",
      "displayname": "Alice Margatroid",
      "com.example.mscxxxx.phone": [{
        "type": "landline",
        "number": "+1-206-555-7000"
      }],
      ...
    }
    ```
 -   New values for existing parameters or properties. For example:
    ```json
    {
      "errcode": "COM.EXAMPLE.MSCXXXX.M_INVALID_EMAIL",
      "error": "The email address you provided is invalid."
    }
    ```
 If the client needs to be sure the server supports the feature, an
 unstable feature flag that MUST also be vendor prefixed is to be used.
 This flag shows up in the `unstable_features` section of
 [`/_matrix/client/versions`](/client-server-api/#get_matrixclientversions)
 as, for example, `com.example.mscxxxx.new_login`.
 {{% boxes/note %}}
 MSCs MUST still describe what the stable endpoints/feature looks like
 with a note towards the bottom for what the unstable feature
 flag/prefixes are. For example, an MSC would propose `/_matrix/client/v1/new/endpoint`,
 not `/_matrix/client/unstable/com.example.mscxxxx/new/endpoint`.
 {{% /boxes/note %}}
 When using this approach correctly, the implementation can release
 the feature at any time, so long as the implementation is able to
 accept the technical debt that results from needing to provide
 adequate backwards and forwards compatibility. The implementation
 MUST support the flag (and server-side implementation) disappearing
 and be generally safe for users. Note that implementations early in
 the MSC review process may also be required to provide backwards
 compatibility with earlier editions of the proposal.
 If the implementation cannot support the technical debt (or if it's
 impossible to provide forwards/backwards compatibility - e.g. a user
 authentication change which can't be safely rolled back), the
 implementation should not attempt to implement the feature and should
 instead wait for a spec release.
 If at any point after early release, the idea changes in a
 backwards-incompatible way, the feature flag should also change so
 that implementations can adapt as needed.
 ### Placeholder MSCs
 Some proposals may contain security-sensitive or private context which can't be
--- a/content/rooms/_index.md
+++ b/content/rooms/_index.md
@ -56,6 +56,19 @@ Clients should not ask room administrators to upgrade their rooms if the
 room is running a stable version. Servers SHOULD use **room version 12** as
 the default room version when creating new rooms.
 {{% boxes/note %}}
 {{% added-in v="1.16" %}}
 Room version 12 is introduced and made default in this specification release.
 Servers are encouraged to continue using room version 11 as the default room
 version for the early days and weeks following this specification release,
 and then gradually switch the default over when they deem appropriate.
 <!-- TODO(SCT): Remove this note box in Matrix 1.17 -->
 {{% /boxes/note %}}
 The available room versions are:
 -   [Version 1](/rooms/v1) - **Stable**. The initial room version.
--- a/content/server-server-api.md
+++ b/content/server-server-api.md
@ -868,10 +868,8 @@ selecting a resident from the candidate list, and using the
 enough information for the joining server to fill in the event.
 The joining server is expected to add or replace the `origin`,
-`origin_server_ts`, and `event_id` on the templated event received by the
+`origin_server_ts`, and `event_id` on the templated event received by
-resident server. The joining server MUST also verify that the `type`, `room_id`,
+the resident server. This event is then signed by the joining server.
 `sender`, `state_key` and `content.membership` fields have the expected values.
 This event is then signed by the joining server.
 To complete the join handshake, the joining server submits this new event
 to the resident server it used for `GET /make_join`, using the `PUT /send_join`
--- a/data/api/client-server/account_deactivation.yaml
+++ b/data/api/client-server/account_deactivation.yaml
@ -35,14 +35,6 @@ paths:
        Unlike other endpoints, this endpoint does not take an `id_access_token`
        parameter because the homeserver is expected to sign the request to the
        identity server instead.
        {{% boxes/warning %}}
        {{% added-in v="1.18" %}} [OAuth 2.0 aware clients](/client-server-api/#oauth-20-aware-clients)
        MUST NOT use this endpoint when the server supports the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
        Instead they MUST refer the user to the [account management URL](/client-server-api/#oauth-20-account-management),
        if available, and MAY use the `action=org.matrix.account_deactivate`
        parameter.
        {{% /boxes/warning %}}
      security:
        - {}
        - accessTokenQuery: []
--- a/data/api/client-server/capabilities.yaml
+++ b/data/api/client-server/capabilities.yaml
@ -50,12 +50,6 @@ paths:
                      m.change_password:
                        $ref: '#/components/schemas/booleanCapability'
                        description: Capability to indicate if the user can change their password.
                      m.forget_forced_upon_leave:
                        x-addedInMatrixVersion: "1.18"
                        $ref: '#/components/schemas/booleanCapability'
                        description: |-
                          Capability to indicate if the server automatically forgets rooms once the user
                          leaves.
                      m.room_versions:
                        type: object
                        description: The room versions the server supports.
--- a/data/api/client-server/create_room.yaml
+++ b/data/api/client-server/create_room.yaml
@ -250,6 +250,7 @@ paths:
                  }
        "400":
          description: |-
            The request is invalid. A meaningful `errcode` and description
            error text will be returned. Example reasons for rejection include:
@ -273,17 +274,6 @@ paths:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
        "403":
          description: |-
            Creating the room is not allowed.
            {{% added-in v="1.18"%}} The `M_INVITE_BLOCKED` error code is used to
            indicate that one of the homeservers of the invited users rejected
            the invite due to [invite blocking](/client-server-api/#invite-permission).
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
      tags:
        - Room creation
 servers:
--- a/data/api/client-server/definitions/recent_emoji.yaml
+++ b/data/api/client-server/definitions/recent_emoji.yaml
@ -1,29 +0,0 @@
 # Copyright 2026 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 title: Recent Emoji
 type: object
 properties:
  emoji:
    type: string
    description: The Unicode emoji as string.
    example: 🚀
  total:
    type: number
    description: |-
      The number of times the emoji has been used.
      MUST be non-negative and smaller than 2^53.
 required:
  - emoji
  - total
--- a/data/api/client-server/definitions/request_token_response.yaml
+++ b/data/api/client-server/definitions/request_token_response.yaml
@ -24,23 +24,16 @@ properties:
  submit_url:
    type: string
    format: uri
    x-changedInMatrixVersion:
      "1.18": |-
        The URL has the same request and response parameters and error codes as
        the Identity Service API's endpoint.
    description: |-
      An optional field containing a URL where the client must submit the
-      validation token, with identical request and response parameters and error
+      validation token to, with identical parameters to the Identity Service
-      codes to the Identity Service API's
+      API's `POST /validate/email/submitToken` endpoint (without the requirement
-      [`POST /validate/email/submitToken`](/identity-service-api/#post_matrixidentityv2validateemailsubmittoken)
+      for an access token). The homeserver must send this token to the user (if
-      and [`POST /validate/msisdn/submitToken`](/identity-service-api/#post_matrixidentityv2validatemsisdnsubmittoken)
+      applicable), who should then be prompted to provide it to the client.
      endpoints (without the requirement for an access token). The homeserver
      must send this token to the user (if applicable), who should then be
      prompted to provide it to the client.
      If this field is not present, the client can assume that verification
      will happen without the client's involvement provided the homeserver
-      advertises a sufficiently recent version in the [`GET /versions`](/client-server-api/#get_matrixclientversions)
+      advertises this specification version in the `/versions` response
-      response (ie: r0.5.0).
+      (ie: r0.5.0).
    example: "https://example.org/path/to/submitToken"
 required: ['sid']
--- a/data/api/client-server/definitions/sso_login_flow.yaml
+++ b/data/api/client-server/definitions/sso_login_flow.yaml
@ -86,13 +86,5 @@ properties:
            brand usage as intended by the server.
          example: "github"
      required: ['id', 'name']
  oauth_aware_preferred:
    type: boolean
    x-addedInMatrixVersion: "1.18"
    description: |
      Whether the `m.login.sso` flow is preferred over other flows. If this is `true`,
      [OAuth 2.0 aware clients](/client-server-api/#oauth-20-aware-clients) MUST only
      offer this flow to the user.
    example: true
 required: ['type']
--- a/data/api/client-server/device_management.yaml
+++ b/data/api/client-server/device_management.yaml
@ -170,13 +170,6 @@ paths:
        When this endpoint requires User-Interactive Authentication, it cannot be used when the access token was obtained
        via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
        {{% /boxes/warning %}}
        {{% boxes/warning %}}
        {{% added-in v="1.18" %}} [OAuth 2.0 aware clients](/client-server-api/#oauth-20-aware-clients)
        MUST NOT use this endpoint when the server supports the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
        Instead they MUST refer the user to the [account management URL](/client-server-api/#oauth-20-account-management),
        if available, with the `action=org.matrix.device_delete` and `device_id={deviceId}` parameters.
        {{% /boxes/warning %}}
      operationId: deleteDevice
      security:
        - accessTokenQuery: []
@ -239,13 +232,6 @@ paths:
        When this endpoint requires User-Interactive Authentication, it cannot be used when the access token was obtained
        via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
        {{% /boxes/warning %}}
        {{% boxes/warning %}}
        {{% added-in v="1.18" %}} [OAuth 2.0 aware clients](/client-server-api/#oauth-20-aware-clients)
        MUST NOT use this endpoint when the server supports the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
        Instead they MUST refer the user to the [account management URL](/client-server-api/#oauth-20-account-management),
        if available.
        {{% /boxes/warning %}}
      operationId: deleteDevices
      security:
        - accessTokenQuery: []
--- a/data/api/client-server/inviting.yaml
+++ b/data/api/client-server/inviting.yaml
@ -99,18 +99,12 @@ paths:
                $ref: definitions/errors/error.yaml
        "403":
          description: |-
-            You do not have permission to invite the user to the room. A
+            You do not have permission to invite the user to the room. A meaningful `errcode` and description error text will be returned. Example reasons for rejections are:
            meaningful `errcode` and description error text will be returned.
            Example reasons for rejections are:
            - The invitee has been banned from the room.
            - The invitee is already a member of the room.
            - The inviter is not currently in the room.
            - The inviter's power level is insufficient to invite users to the room.
            {{% added-in v="1.18"%}} The `M_INVITE_BLOCKED` error code is used to
            indicate that the homeserver rejected the invite due to
            [invite blocking](/client-server-api/#invite-permission).
          content:
            application/json:
              schema:
--- a/data/api/client-server/leaving.yaml
+++ b/data/api/client-server/leaving.yaml
@ -19,10 +19,6 @@ paths:
  "/rooms/{roomId}/leave":
    post:
      summary: Stop the requesting user participating in a particular room.
      x-changedInMatrixVersion:
        "1.18": |-
          Servers may additionally forget the room provided that they make this behavior
          transparent.
      description: |-
        This API stops a user participating in a particular room.
@ -33,15 +29,8 @@ paths:
        If the user was invited to the room, but had not joined, this call
        serves to reject the invite.
-        Servers MAY additionally forget the room when this endpoint is called –
+        The user will still be allowed to retrieve history from the room which
-        just as if the user had also invoked [`/forget`](/client-server-api/#post_matrixclientv3roomsroomidforget).
+        they were previously allowed to see.
        Servers that do this, MUST inform clients about this behavior using the
        [`m.forget_forced_upon_leave`](/client-server-api/#mforget_forced_upon_leave-capability)
        capability.
        If the server doesn't automatically forget the room, the user will still be
        allowed to retrieve history from the room which they were previously allowed
        to see.
      operationId: leaveRoom
      security:
        - accessTokenQuery: []
--- a/data/api/client-server/oauth_server_metadata.yaml
+++ b/data/api/client-server/oauth_server_metadata.yaml
@ -139,32 +139,6 @@ paths:
                    items:
                      type: string
                      description: A prompt value that the server supports.
                  account_management_uri:
                    x-addedInMatrixVersion: "1.18"
                    type: string
                    format: uri
                    description: |-
                      The URL where the user is able to access the account management capabilities
                      of the homeserver.
                      This is an extension [defined in this specification](/client-server-api/#oauth-20-account-management).
                  account_management_actions_supported:
                    x-addedInMatrixVersion: "1.18"
                    type: array
                    description: |-
                      List of actions that the account management URL supports.
                      This is an extension [defined in this specification](/client-server-api/#oauth-20-account-management).
                    items:
                      type: string
                      enum:
                        - "org.matrix.profile"
                        - "org.matrix.devices_list"
                        - "org.matrix.device_view"
                        - "org.matrix.device_delete"
                        - "org.matrix.account_deactivate"
                        - "org.matrix.cross_signing_reset"
                      description: An action that the account management URL supports.
                required:
                  - issuer
                  - authorization_endpoint
@ -185,15 +159,6 @@ paths:
                  "grant_types_supported": ["authorization_code", "refresh_token"],
                  "response_modes_supported": ["query", "fragment"],
                  "code_challenge_methods_supported": ["S256"],
                  "account_management_uri": "https://account.example.com/manage",
                  "account_management_actions_supported": [
                    "org.matrix.profile",
                    "org.matrix.devices_list",
                    "org.matrix.device_view",
                    "org.matrix.device_delete",
                    "org.matrix.account_deactivate",
                    "org.matrix.cross_signing_reset",
                  ],
                }
      tags:
        - Session management
--- a/data/api/client-server/registration.yaml
+++ b/data/api/client-server/registration.yaml
@ -72,15 +72,6 @@ paths:
        `inhibit_login` parameter is not set to `true`, the server MUST return a
        400 HTTP status code with an `M_APPSERVICE_LOGIN_UNSUPPORTED` error code.
        {{% /boxes/note %}}
        {{% boxes/warning %}}
        {{% added-in v="1.18" %}} [OAuth 2.0 aware clients](/client-server-api/#oauth-20-aware-clients)
        MUST NOT use this endpoint when the server offers the [`m.login.sso`
        authentication flow](/client-server-api/#client-login-via-sso) with
        `oauth_aware_preferred` set to `true`. Instead they MUST use the
        [`/login/sso/redirect`](/client-server-api/#get_matrixclientv3loginssoredirect)
        endpoint, adding the `action=register` parameter.
        {{% /boxes/warning %}}
      operationId: register
      parameters:
        - in: query
--- a/data/api/client-server/room_send.yaml
+++ b/data/api/client-server/room_send.yaml
@ -20,10 +20,6 @@ paths:
  "/rooms/{roomId}/send/{eventType}/{txnId}":
    put:
      summary: Send a message event to the given room.
      x-changedInMatrixVersion:
        "1.18": |-
          Homeservers must support sending `m.room.redaction` events with this endpoint
          for all room versions.
      description: |-
        This endpoint is used to send a message event to a room. Message events
        allow access to historical events and pagination, making them suited
@ -32,11 +28,6 @@ paths:
        The body of the request should be the content object of the event; the
        fields in this object will vary depending on the type of event. See
        [Room Events](/client-server-api/#room-events) for the m. event specification.
        Homeservers MUST allow clients to send `m.room.redaction` events with this
        endpoint for all room versions. In rooms with a version older than 11 they
        MUST move the `redacts` property inside the `content` to the top level of
        the event.
      operationId: sendMessage
      security:
        - accessTokenQuery: []
--- a/data/api/client-server/room_state.yaml
+++ b/data/api/client-server/room_state.yaml
@ -116,13 +116,7 @@ paths:
                    "error": "The alias '#hello:example.org' does not point to this room."
                  }
        "403":
-          description: |-
+          description: The sender doesn't have permission to send the event into the room.
            The sender doesn't have permission to send the event into the room.
            {{% added-in v="1.18"%}} If the `eventType` is `m.room.member` and
            the `membership` is `invite`, the `M_INVITE_BLOCKED` error code is
            used to indicate that the homeserver rejected the invite due to
            [invite blocking](/client-server-api/#invite-permission).
          content:
            application/json:
              schema:
--- a/data/api/client-server/rooms.yaml
+++ b/data/api/client-server/rooms.yaml
@ -223,7 +223,7 @@ paths:
            type: string
        # XXX: As mentioned in MSC1227, replacing `[not_]membership` with a JSON
        # filter might be a better alternative.
-        # See https://github.com/matrix-org/matrix-doc/issues/1227
+        # See https://github.com/matrix-org/matrix-doc/issues/1337
        - in: query
          name: membership
          description: |-
--- a/data/api/client-server/sso_login_redirect.yaml
+++ b/data/api/client-server/sso_login_redirect.yaml
@ -37,22 +37,6 @@ paths:
          required: true
          schema:
            type: string
        - in: query
          name: action
          x-addedInMatrixVersion: "1.18"
          description: |-
            The action that the user wishes to take at the SSO redirect.
            The following values are supported:
              * `login`: the SSO redirect is for the purposes of signing an
                existing user in.
              * `register`: the SSO redirect is for the purpose of registering a
                new user account.
          schema:
            type: string
            enum:
              - login
              - register
      responses:
        "302":
          description: A redirect to the SSO interface.
@ -91,22 +75,6 @@ paths:
          required: true
          schema:
            type: string
        - in: query
          name: action
          x-addedInMatrixVersion: "1.18"
          description: |-
            The action that the user wishes to take at the SSO redirect.
            The following values are supported:
              * `login`: the SSO redirect is for the purposes of signing an
                existing user in.
              * `register`: the SSO redirect is for the purpose of registering a
                new user account.
          schema:
            type: string
            enum:
              - login
              - register
      responses:
        "302":
          description: A redirect to the SSO interface.
--- a/data/api/client-server/third_party_lookup.yaml
+++ b/data/api/client-server/third_party_lookup.yaml
@ -78,7 +78,7 @@ paths:
                      },
                      "room": {
                        "regexp": "[^\\s]+\\/[^\\s]+",
-                        "placeholder": "matrix-org/matrix-spec"
+                        "placeholder": "matrix-org/matrix-doc"
                      }
                    },
                    "instances": [
--- a/data/api/client-server/third_party_membership.yaml
+++ b/data/api/client-server/third_party_membership.yaml
@ -97,10 +97,6 @@ paths:
            - The invitee is already a member of the room.
            - The inviter is not currently in the room.
            - The inviter's power level is insufficient to invite users to the room.
            {{% added-in v="1.18"%}} The `M_INVITE_BLOCKED` error code is used to
            indicate that the homeserver rejected the invite due to
            [invite blocking](/client-server-api/#invite-permission).
          content:
            application/json:
              schema:
--- a/data/api/identity/v2_email_associations.yaml
+++ b/data/api/identity/v2_email_associations.yaml
@ -153,24 +153,6 @@ paths:
                  value: {
                    "success": true
                  }
        "400":
          description: |
            An error occurred. Some possible errors are:
            - {{% added-in v="1.18" %}} `M_TOKEN_INCORRECT`: The token that the user entered to validate the session is
              incorrect.
            - {{% added-in v="1.18" %}} `M_INVALID_PARAM`: One of the supplied parameters is not valid.
            - {{% added-in v="1.18" %}} `M_SESSION_EXPIRED`: The validation session in question has expired.
          content:
            application/json:
              schema:
                $ref: ../client-server/definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_TOKEN_INCORRECT",
                    "error": "The token is incorrect"
                  }
        "403":
          description: |
            The user must do something in order to use this endpoint. One example
--- a/data/api/identity/v2_phone_associations.yaml
+++ b/data/api/identity/v2_phone_associations.yaml
@ -155,24 +155,6 @@ paths:
                  value: {
                    "success": true
                  }
        "400":
          description: |
            An error occurred. Some possible errors are:
            - {{% added-in v="1.18" %}} `M_TOKEN_INCORRECT`: The token that the user entered to validate the session is
              incorrect.
            - {{% added-in v="1.18" %}} `M_INVALID_PARAM`: One of the supplied parameters is not valid.
            - {{% added-in v="1.18" %}} `M_SESSION_EXPIRED`: The validation session in question has expired.
          content:
            application/json:
              schema:
                $ref: ../client-server/definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_TOKEN_INCORRECT",
                    "error": "The token is incorrect"
                  }
        "403":
          description: |
            The user must do something in order to use this endpoint. One example
--- a/data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml
+++ b/data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml
@ -25,7 +25,7 @@ allOf:
      edu_type:
        type: string
        enum: ['m.signing_key_update']
-        description: The string `m.signing_key_update`.
+        description: The string `m.signing_update`.
        example: "m.signing_key_update"
      content:
        type: object
--- a/data/api/server-server/invites-v1.yaml
+++ b/data/api/server-server/invites-v1.yaml
@ -36,30 +36,6 @@ paths:
        Also note that if the remote homeserver is already in the room, it will receive the
        invite event twice; once through this endpoint, and again through a [federation
        transaction](/server-server-api/#transactions).
        Servers MUST apply certain validation to ensure they don't accidentally sign non-invite
        events from a malicious server. The `M_MISSING_PARAM` error code is used to indicate one
        or more of the following:
        * The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `invite`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not a user ID on the receiving server.
        The `M_MISSING_PARAM` error code is also used to indicate one or more of the following
        problems in the `invite_room_state` field:
        * The `m.room.create` event is missing from `invite_room_state`.
        * One or more entries in `invite_room_state` are not formatted according
          to the room's version.
        * One or more events fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * One or more events does not reside in the same room as the invite.
          Note: Some room versions may require calculating the room ID for an
          event rather than relying on the presence of `room_id`.
        Servers MAY apply the `invite_room_state` validation to room versions 1 through 11,
        and SHOULD apply the validation to all other room versions.
      operationId: sendInviteV1
      security:
        - signedRequest: []
@ -179,17 +155,11 @@ paths:
                  ]
        "403":
          description: |-
-            The invite is not allowed.
+            The invite is not allowed. This could be for a number of reasons, including:
            The `M_FORBIDDEN` error code is used to indicate one of the following:
            * The sender is not allowed to send invites to the target user/homeserver.
            * The homeserver does not permit anyone to invite its users.
            * The homeserver refuses to participate in the room.
            {{% added-in v="1.18"%}} The `M_INVITE_BLOCKED` error code is used to
            indicate that the homeserver rejected the invite due to
            [invite blocking](/client-server-api/#invite-permission).
          content:
            application/json:
              schema:
@ -202,7 +172,34 @@ paths:
                  }
        "400":
          description: |-
-            The request is invalid in some way.
+            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
            * The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `invite`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not a user ID on the receiving server.
            Servers MUST apply the validation above to the invite event before
            signing it regardless of room version.
            The `M_MISSING_PARAM` error code is used to indicate one or more of
            the following:
            * The `m.room.create` event is missing from `invite_room_state`.
            * One or more entries in `invite_room_state` are not formatted according
              to the room's version.
            * One or more events fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * One or more events does not reside in the same room as the invite.
              Note: Some room versions may require calculating the room ID for an
              event rather than relying on the presence of `room_id`.
            Servers MAY apply the validation above to room versions 1 through 11,
            and SHOULD apply the validation above to all other room versions.
            If `M_MISSING_PARAM` or `M_INVALID_PARAM` is returned and the request
            is associated with a Client-Server API request, the Client-Server API
            request SHOULD fail with a 5xx error rather than being passed through.
          content:
            application/json:
              schema:
--- a/data/api/server-server/invites-v2.yaml
+++ b/data/api/server-server/invites-v2.yaml
@ -40,30 +40,6 @@ paths:
        Also note that if the remote homeserver is already in the room, it will receive the
        invite event twice; once through this endpoint, and again through a [federation
        transaction](/server-server-api/#transactions).
        Servers MUST apply certain validation to ensure they don't accidentally sign non-invite
        events from a malicious server. The `M_MISSING_PARAM` error code is used to indicate one
        or more of the following:
        * The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `invite`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not a user ID on the receiving server.
        The `M_MISSING_PARAM` error code is also used to indicate one or more of the following
        problems in the `invite_room_state` field:
        * The `m.room.create` event is missing from `invite_room_state`.
        * One or more entries in `invite_room_state` are not formatted according
          to the room's version.
        * One or more events fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * One or more events does not reside in the same room as the invite.
          Note: Some room versions may require calculating the room ID for an
          event rather than relying on the presence of `room_id`.
        Servers MAY apply the `invite_room_state` validation to room versions 1 through 11,
        and SHOULD apply the validation to all other room versions.
      operationId: sendInviteV2
      security:
        - signedRequest: []
@ -178,9 +154,34 @@ paths:
            The error should be passed through to clients so that they
            may give better feedback to users.
-            If `M_MISSING_PARAM` is returned and the request is associated with a
+            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
-            Client-Server API request, the Client-Server API request SHOULD fail
+
-            with a 5xx error rather than being passed through.
+            * The invite event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `invite`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not a user ID on the receiving server.
            Servers MUST apply the validation above to the invite event before
            signing it regardless of room version.
            The `M_MISSING_PARAM` error code is used to indicate one or more of
            the following:
            * The `m.room.create` event is missing from `invite_room_state`.
            * One or more entries in `invite_room_state` are not formatted according
              to the room's version.
            * One or more events fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * One or more events does not reside in the same room as the invite.
              Note: Some room versions may require calculating the room ID for an
              event rather than relying on the presence of `room_id`.
            Servers MAY apply the validation above to room versions 1 through 11,
            and SHOULD apply the validation above to all other room versions.
            If `M_MISSING_PARAM` or `M_INVALID_PARAM` is returned and the request
            is associated with a Client-Server API request, the Client-Server API
            request SHOULD fail with a 5xx error rather than being passed through.
          content:
            application/json:
              schema:
@ -202,17 +203,11 @@ paths:
                  }
        "403":
          description: |-
-            The invite is not allowed.
+            The invite is not allowed. This could be for a number of reasons, including:
            The `M_FORBIDDEN` error code is used to indicate one of the following:
            * The sender is not allowed to send invites to the target user/homeserver.
            * The homeserver does not permit anyone to invite its users.
            * The homeserver refuses to participate in the room.
            {{% added-in v="1.18"%}} The `M_INVITE_BLOCKED` error code is used to
            indicate that the homeserver rejected the invite due to
            [invite blocking](/client-server-api/#invite-permission).
          content:
            application/json:
              schema:
--- a/data/api/server-server/joins-v1.yaml
+++ b/data/api/server-server/joins-v1.yaml
@ -23,17 +23,6 @@ paths:
      description: |-
        Asks the receiving server to return information that the sending
        server will need to prepare a join event to get into the room.
        Before signing the returned template and calling `/send_join`,
        the sending server MUST verify that:
        * the `room_id` is equal to the `roomId` path parameter.
        * both the `sender` and `state_key` are equal to the `userId` path parameter.
        * the `type` of the event is `m.room.member`.
        * the `membership` field inside `content` is `join`.
        In case any of the above checks fail, the response MUST be treated as malformed and
        discarded. The caller MAY try to join through another server.
      operationId: makeJoin
      security:
        - signedRequest: []
@ -249,15 +238,6 @@ paths:
        **The request and response body here describe the common
        event fields in more detail and may be missing other required
        fields for a PDU.**
        The receiving server MUST apply certain validation before accepting the event.
        The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
        * The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `join`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not equal to the `sender`.
      operationId: sendJoinV1
      security:
        - signedRequest: []
@ -411,6 +391,16 @@ paths:
        "400":
          description: |-
            The request is invalid in some way.
            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
            * The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `join`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not equal to the `sender`.
            Servers MUST apply the validation above to the join event.
          content:
            application/json:
              schema:
--- a/data/api/server-server/joins-v2.yaml
+++ b/data/api/server-server/joins-v2.yaml
@ -38,15 +38,6 @@ paths:
        **The request and response body here describe the common
        event fields in more detail and may be missing other required
        fields for a PDU.**
        The receiving server MUST apply certain validation before accepting the event.
        The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
        * The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `join`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not equal to the `sender`.
      operationId: sendJoinV2
      security:
        - signedRequest: []
@ -256,9 +247,15 @@ paths:
            The error should be passed through to clients so that they
            may give better feedback to users.
-            If `M_MISSING_PARAM` is returned and the request is associated with a
+            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
-            Client-Server API request, the Client-Server API request SHOULD fail
+
-            with a 5xx error rather than being passed through.
+            * The join event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `join`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not equal to the `sender`.
            Servers MUST apply the validation above to the join event.
            New in `v1.2`, the following error conditions might happen:
--- a/data/api/server-server/keys_query.yaml
+++ b/data/api/server-server/keys_query.yaml
@ -34,10 +34,10 @@ paths:
        - in: query
          name: minimum_valid_until_ts
          description: |-
-            A millisecond POSIX timestamp. The returned keys SHOULD be valid
+            A millisecond POSIX timestamp in milliseconds indicating when the returned
-            until at least this timestamp.
+            certificates will need to be valid until to be useful to the requesting server.
-            If not supplied, the notary server MUST use the current time.
+            If not supplied, the current time as determined by the notary server is used.
          required: false
          example: 1234567890
          schema:
@ -98,11 +98,12 @@ paths:
                          type: integer
                          format: int64
                          description: |-
-                            A millisecond POSIX timestamp. The returned keys
+                            A millisecond POSIX timestamp in milliseconds indicating when
-                            SHOULD be valid until at least this timestamp.
+                            the returned certificates will need to be valid until to be
                            useful to the requesting server.
-                            If not supplied, the notary server MUST use the
+                            If not supplied, the current time as determined by the notary
-                            current time.
+                            server is used.
                          example: 1234567890
              required:
                - server_keys
--- a/data/api/server-server/knocks.yaml
+++ b/data/api/server-server/knocks.yaml
@ -23,17 +23,6 @@ paths:
      description: |-
        Asks the receiving server to return information that the sending
        server will need to prepare a knock event for the room.
        Before signing the returned template and calling `/send_knock`,
        the sending server MUST verify that:
        * the `room_id` is equal to the `roomId` path parameter.
        * both the `sender` and `state_key` are equal to the `userId` path parameter.
        * the `type` of the event is `m.room.member`.
        * the `membership` field inside `content` is `knock`.
        In case any of the above checks fail, the response MUST be treated as malformed and
        discarded. The caller MAY try to knock through another server.
      operationId: makeKnock
      security:
        - signedRequest: []
@ -215,15 +204,6 @@ paths:
        **The request and response body here describe the common
        event fields in more detail and may be missing other required
        fields for a PDU.**
        The receiving server MUST apply certain validation before accepting the event.
        The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
        * The knock event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `knock`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not equal to the `sender`.
      operationId: sendKnock
      security:
        - signedRequest: []
@ -352,7 +332,15 @@ paths:
                  }
        "400":
          description: |-
-            The request is invalid in some way.
+            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
            * The knock event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `knock`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not equal to the `sender`.
            Servers MUST apply the validation above to the knock event.
          content:
            application/json:
              schema:
--- a/data/api/server-server/leaving-v1.yaml
+++ b/data/api/server-server/leaving-v1.yaml
@ -23,17 +23,6 @@ paths:
      description: |-
        Asks the receiving server to return information that the sending
        server will need to prepare a leave event to get out of the room.
        Before signing the returned template and calling `/send_leave`,
        the sending server MUST verify that:
        * the `room_id` is equal to the `roomId` path parameter.
        * both the `sender` and `state_key` are equal to the `userId` path parameter.
        * the `type` of the event is `m.room.member`.
        * the `membership` field inside `content` is `leave`.
        In case any of the above checks fail, the response MUST be treated as malformed and
        discarded. The caller MAY try to leave through another server.
      operationId: makeLeave
      security:
        - signedRequest: []
@ -164,15 +153,6 @@ paths:
        **The request and response body here describe the common
        event fields in more detail and may be missing other required
        fields for a PDU.**
        The receiving server MUST apply certain validation before accepting the event.
        The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
        * The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `leave`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not equal to the `sender`.
      operationId: sendLeaveV1
      security:
        - signedRequest: []
@ -271,7 +251,15 @@ paths:
                  ]
        "400":
          description: |-
-            The request is invalid in some way.
+            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
            * The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `leave`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not equal to the `sender`.
            Servers MUST apply the validation above to the leave event.
          content:
            application/json:
              schema:
--- a/data/api/server-server/leaving-v2.yaml
+++ b/data/api/server-server/leaving-v2.yaml
@ -38,15 +38,6 @@ paths:
        **The request and response body here describe the common
        event fields in more detail and may be missing other required
        fields for a PDU.**
        The receiving server MUST apply certain validation before accepting the event.
        The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
        * The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
        * The event type is not `m.room.member`.
        * The `membership` field inside the event content is not `leave`.
        * The event sender is not a user ID on the origin server.
        * The `state_key` is not equal to the `sender`.
      operationId: sendLeaveV2
      security:
        - signedRequest: []
@ -145,7 +136,15 @@ paths:
                  value: {}
        "400":
          description: |-
-            The request is invalid in some way.
+            The `M_INVALID_PARAM` error code is used to indicate one or more of the following:
            * The leave event fails a [signature check](/server-server-api/#validating-hashes-and-signatures-on-received-events).
            * The event type is not `m.room.member`.
            * The `membership` field inside the event content is not `leave`.
            * The event sender is not a user ID on the origin server.
            * The `state_key` is not equal to the `sender`.
            Servers MUST apply the validation above to the leave event.
          content:
            application/json:
              schema:
--- a/data/api/server-server/openid.yaml
+++ b/data/api/server-server/openid.yaml
@ -43,12 +43,7 @@ paths:
                properties:
                  sub:
                    type: string
-                    description: |
+                    description: The Matrix User ID who generated the token.
                      The Matrix User ID who generated the token.
                      The caller MUST validate that the returned user ID is on the server they
                      called (i.e. if you make a request to example.com and it returns
                      `@alice:matrix.org`, the result is invalid).
                    example: "@alice:example.com"
                required:
                  - sub
--- a/data/event-schemas/examples/m.invite_permission_config.yaml
+++ b/data/event-schemas/examples/m.invite_permission_config.yaml
@ -1,7 +0,0 @@
 {
  "$ref": "core/event.json",
  "type": "m.invite_permission_config",
  "content": {
    "default_action": "block"
  }
 }
--- a/data/event-schemas/examples/m.recent_emoji.yaml
+++ b/data/event-schemas/examples/m.recent_emoji.yaml
@ -1,16 +0,0 @@
 {
  "$ref": "core/event.json",
  "type": "m.recent_emoji",
  "content": {
    "recent_emoji": [{
      "emoji": "🤔",
      "total": 19
    }, {
      "emoji": "👍",
      "total": 7
    }, {
      "emoji": "😅",
      "total": 84
    }]
  }
 }
--- a/data/event-schemas/schema/m.invite_permission_config.yaml
+++ b/data/event-schemas/schema/m.invite_permission_config.yaml
@ -1,21 +0,0 @@
 ---
 $schema: https://json-schema.org/draft/2020-12/schema
 allOf:
  - $ref: core-event-schema/event.yaml
  - title: Invite Permission
    type: object
    description: |-
      The permission configuration for receiving invites for the current account.
    properties:
      content:
        type: object
        properties:
          default_action:
            type: string
            description: |-
              When set to `block`, the user does not wish to receive *any* room invites, and they
              should be rejected automatically by the homeserver.
              A missing, invalid or unsupported value means that the user wants to receive invites
              as normal. Other parts of the specification might still have effects on invites, like
              [ignoring users](/client-server-api/#ignoring-users).
--- a/data/event-schemas/schema/m.recent_emoji.yaml
+++ b/data/event-schemas/schema/m.recent_emoji.yaml
@ -1,29 +0,0 @@
 {
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "title": "Recent Emoji Event",
  "description": "Lets clients maintain a list of recently used emoji.",
  "allOf": [{
    "$ref": "core-event-schema/event.yaml"
  }],
  "properties": {
    "type": {
      "type": "string",
      "enum": ["m.recent_emoji"]
    },
    "content": {
      "type": "object",
      "properties": {
        "recent_emoji": {
          "description": "The list of recently used emoji. Elements in the list are ordered descendingly by last usage time.",
          "type": "array",
          "items": {
            "$ref": "../../api/client-server/definitions/recent_emoji.yaml"
          },
        }
      },
      "required": ["recent_emoji"]
    }
  },
  "required": ["type", "content"]
 }
--- a/data/schemas/oauth2-account-management-server-metadata.yaml
+++ b/data/schemas/oauth2-account-management-server-metadata.yaml
@ -1,30 +0,0 @@
 # Copyright 2026 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 type: object
 title: OAuth 2.0 Server Metadata Account Management Extension
 properties:
  account_management_uri:
    type: string
    format: uri
    description: |-
      The URL where the user is able to access the account management capabilities of the
      server.
  account_management_actions_supported:
    type: array
    description: |-
      List of [actions](/client-server-api/#account-management-url-actions) that the account
      management URL supports.
    items:
      type: string
      description: An action that the account management URL supports.
--- a/data/schemas/oauth2-account-management-url.yaml
+++ b/data/schemas/oauth2-account-management-url.yaml
@ -1,29 +0,0 @@
 # Copyright 2026 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 type: object
 title: OAuth 2.0 Account Management URL Query Parameters
 properties:
  action:
    type: string
    description: |-
      The action that the user wishes to take. Must match one of the actions advertised by the
      server in [`account_management_actions_supported`](/client-server-api/#account-management-url-discovery).
  device_id:
    type: string
    description: |-
      For Matrix-specific actions, the user's device ID. Actions which don't support the device ID
      will ignore it.
      If the `org.matrix.device_view` or `org.matrix.device_delete` actions are advertised as
      supported by the server then the server SHOULD support the `device_id` parameter.
--- a/go.mod
+++ b/go.mod
@ -2,4 +2,4 @@ module github.com/matrix-org/matrix-spec
 go 1.12
-require github.com/matrix-org/docsy v0.0.0-20260106184755-71d103ebb20a // indirect
+require github.com/matrix-org/docsy v0.0.0-20250722140156-5df72519f5af // indirect
--- a/go.sum
+++ b/go.sum
@ -1,4 +1,4 @@
 github.com/FortAwesome/Font-Awesome v0.0.0-20241216213156-af620534bfc3/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo=
-github.com/matrix-org/docsy v0.0.0-20260106184755-71d103ebb20a h1:WB3unuZJy7ewAf33sxbtEwYnC+i+Jt1sJpAR3BtzvEo=
+github.com/matrix-org/docsy v0.0.0-20250722140156-5df72519f5af h1:XghgUC0H5BoGrvtT9/oWBUi+5Zux875qRHhpAZ0RURI=
-github.com/matrix-org/docsy v0.0.0-20260106184755-71d103ebb20a/go.mod h1:mdn1m5HJug6ZddQgrOyCrXNegbtdl5evHiqqbEQLzdI=
+github.com/matrix-org/docsy v0.0.0-20250722140156-5df72519f5af/go.mod h1:4/t21g/nPraob/DVMm3jrk26k0CDL5I7Mxf+ar0IAgs=
-github.com/twbs/bootstrap v5.3.8+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
+github.com/twbs/bootstrap v5.3.6+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0=
--- a/layouts/_markup/render-passthrough.html
+++ b/layouts/_markup/render-passthrough.html
@ -5,7 +5,15 @@
    We use it to send the delimited passthrough element through KaTeX to render maths
    in the Olm / Megolm spec.
-    See: https://www.docsy.dev/docs/content/diagrams-and-formulae/#add-passthrough-render-hook
+    See: https://gohugo.io/functions/transform/tomath/#step-2
 */ -}}
-{{ partial "scripts/math.html" . }}
+{{- $opts := dict "output" "htmlAndMathml" "displayMode" (eq .Type "block") }}
 {{- with try (transform.ToMath .Inner $opts) }}
  {{- with .Err }}
    {{- errorf "Unable to render mathematical markup to HTML using the transform.ToMath function. The KaTeX display engine threw the following error: %s: see %s." . $.Position }}
  {{- else }}
    {{- .Value }}
    {{- $.Page.Store.Set "hasMath" true }}
  {{- end }}
 {{- end -}}
--- a/layouts/_partials/breadcrumb.html
+++ b/layouts/_partials/breadcrumb.html
@ -1,35 +1,28 @@
 {{/*
-  A copy of the breadcrumb.html partial in Docsy, modified to:
+  A copy of the breadcrumb.html partial in Docsy, modified
-
+	to:
  * show the breadcrumbs by default by removing the `td-breadcrumbs__single`
    class
  * omit breadcrumbs when this is the homepage
  * otherwise, include the homepage in the breadcrumbs
 */}}
-{{ if not .IsHome -}}
+{{ if not .IsHome }}
 <nav aria-label="breadcrumb" class="td-breadcrumbs">
 	<ol class="breadcrumb">
-	{{- template "breadcrumbnav" (dict "p1" . "p2" .) }}
+{{ template "breadcrumbnav" (dict "p1" . "p2" .) }}
 	</ol>
 </nav	>
-{{ end -}}
+{{ end }}
-{{- define "breadcrumbnav" -}}
+{{ define "breadcrumbnav" }}
-  {{ if .p1.Parent -}}
+{{ if .p1.Parent }}
-    {{ template "breadcrumbnav" (dict "p1" .p1.Parent "p2" .p2 )  -}}
+{{ template "breadcrumbnav" (dict "p1" .p1.Parent "p2" .p2 )  }}
-  {{ else if not .p1.IsHome -}}
+{{ else if not .p1.IsHome }}
-    {{ template "breadcrumbnav" (dict "p1" .p1.Site.Home "p2" .p2 )  -}}
+{{ template "breadcrumbnav" (dict "p1" .p1.Site.Home "p2" .p2 )  }}
-  {{ end -}}
+{{ end }}
 {{ $isActive :=  eq .p1 .p2  }}
-  <li class="breadcrumb-item{{ if $isActive }} active{{ end }}"
+<li class="breadcrumb-item{{ if $isActive }} active{{ end }}" {{ if $isActive }}aria-current="page"{{ end }}>
      {{- if $isActive }}aria-current="page"{{ end }}>
    {{ if $isActive -}}
      {{ .p1.LinkTitle -}}
    {{ else -}}
 	<a href="{{ .p1.RelPermalink }}">{{ .p1.LinkTitle }}</a>
    {{- end -}}
 </li>
-{{- end -}}
+{{ end }}
--- a/layouts/_partials/navbar.html
+++ b/layouts/_partials/navbar.html
@ -1,11 +1,8 @@
 {{- /*
-  A copy of the navbar.html partial in Docsy, modified to:
+  A version of the navbar.html partial in Docsy, only modified
-
+	to include the spec version, which is calculated using an
-  * remove `data-bs-theme` at L20, otherwise the title disappears on hover.
+  inline `version-string` partial.
  * replace the site title with "specification" at L31.
  * include the spec version from the config at L34-35, which is calculated
    using an inline `version-string` partial.
 */ -}}
@ -16,8 +13,8 @@
 {{ $baseURL := urls.Parse $.Site.Params.Baseurl -}}
 <nav class="td-navbar js-navbar-scroll
-            {{- if $cover }} td-navbar-cover {{- end }}">
+            {{- if $cover }} td-navbar-cover {{- end }}" data-bs-theme="light">
-<div class="td-navbar-container container-fluid flex-column flex-md-row">
+<div class="container-fluid flex-column flex-md-row">
  <a class="navbar-brand" href="{{ .Site.Home.RelPermalink }}">
    {{- /**/ -}}
    <span class="navbar-brand__logo navbar-logo">
@ -35,8 +32,7 @@
 	  <span class="navbar-version"> &mdash; {{ partial "version-string" . }}</span>
    {{- /**/ -}}
  </a>
-  <div class="td-navbar-nav-scroll td-navbar-nav-scroll--indicator" id="main_navbar">
+  <div class="td-navbar-nav-scroll ms-md-auto" id="main_navbar">
    <div class="scroll-indicator scroll-left"></div>
    <ul class="navbar-nav">
      {{ $p := . -}}
      {{ range .Site.Menus.main -}}
@ -62,41 +58,39 @@
      </li>
      {{ end -}}
      {{ if .Site.Params.versions -}}
-      <li class="nav-item dropdown d-none d-lg-block td-navbar__version-menu">
+      <li class="nav-item dropdown d-none d-lg-block">
        {{ partial "navbar-version-selector.html" . -}}
      </li>
      {{ end -}}
      {{ if (gt (len .Site.Home.Translations) 0) -}}
-      <li class="nav-item td-navbar__lang-menu">
+      <li class="nav-item dropdown d-none d-lg-block">
        {{ partial "navbar-lang-selector.html" . -}}
      </li>
      {{ end -}}
-      {{- $darkMode := partialCached "dark-mode-config.html" "dark-mode-global" -}}
+      {{ if .Site.Params.ui.showLightDarkModeMenu -}}
-      {{ if $darkMode.showMenu -}}
+      <li class="td-light-dark-menu nav-item dropdown">
      <li class="nav-item td-navbar__light-dark-menu">
        {{ partial "theme-toggler" . }}
      </li>
      {{ end -}}
    </ul>
    <div class="scroll-indicator scroll-right"></div>
  </div>
-  <div class="d-none d-lg-block td-navbar__search">
+  <div class="d-none d-lg-block">
    {{ partial "search-input.html" . }}
  </div>
 </div>
 </nav>
-{{- define "_partials/version-string" -}}
+{{ define "_partials/version-string" }}
-    {{ $ret := "unstable version" -}}
+    {{ $ret := "unstable version"}}
-    {{ $status := .Site.Params.version.status -}}
+    {{ $status := .Site.Params.version.status }}
-    {{ if ne $status "unstable" -}}
+    {{ if ne $status "unstable"}}
-        {{ $path := path.Join "changelogs" -}}
+        {{ $path := path.Join "changelogs" }}
-        {{/* produces a string similar to "version v1.5" */ -}}
+        {{/* produces a string similar to "version v1.5" */}}
-        {{ $ret = delimit (slice "version v" .Site.Params.version.major "." .Site.Params.version.minor) "" -}}
+        {{ $ret = delimit (slice "version v" .Site.Params.version.major "." .Site.Params.version.minor) "" }}
-    {{ end -}}
+    {{ end }}
-    {{ return $ret -}}
+    {{ return $ret }}
-{{- end -}}
+{{ end }}
--- a/layouts/_partials/sidebar-tree.html
+++ b/layouts/_partials/sidebar-tree.html
@ -1,57 +1,37 @@
 {{- /*
-  A copy of the siderbar-tree.html partial in Docsy, modified to:
+  A modified version of the siderbar-tree.html partial in Docsy, adding:
-  * Ignore the `sidebarRoot` parameter, because of this regression:
+  * The "toc.html" partial at L45.
    <https://github.com/google/docsy/issues/2426>
  * Add the "toc.html" partial at L68.
 */ -}}
-{{ $context := .context -}}
+{{/* We cache this partial for bigger sites and set the active class client side. */ -}}
-{{ $sidebarRoot := .sidebarRoot -}}
+{{ $sidebarCacheLimit := .Site.Params.ui.sidebar_cache_limit | default 2000 -}}
-{{ $sidebarRootID := .sidebarRootID -}}
+{{ $shouldDelayActive := ge (len .Site.Pages) $sidebarCacheLimit -}}
 {{ $cacheSidebar := .cacheSidebar -}}
 {{ with $context -}}
 {{/* When the sidebar is cached, "active" class is set client side. */ -}}
 {{ $shouldDelayActive := $cacheSidebar -}}
 <div id="td-sidebar-menu" class="td-sidebar__inner{{ if $shouldDelayActive }} d-none{{ end }}">
  {{ if not .Site.Params.ui.sidebar_search_disable -}}
  <form class="td-sidebar__search d-flex align-items-center">
    {{ partial "search-input.html" . }}
-    <button class="btn btn-link td-sidebar__toggle" type="button" {{/**/ -}}
+    <button class="btn btn-link td-sidebar__toggle d-md-none p-0 ms-3 fas fa-bars" type="button" data-bs-toggle="collapse" data-bs-target="#td-section-nav" aria-controls="td-section-nav" aria-expanded="false" aria-label="Toggle section navigation">
      data-bs-toggle="collapse" data-bs-target="#td-section-nav" {{/**/ -}}
      aria-controls="td-section-nav" aria-expanded="false" aria-label="Toggle section navigation">
    </button>
  </form>
-
+  {{ else -}}
  {{- else -}}
  <div id="content-mobile">
  <form class="td-sidebar__search d-flex align-items-center">
    {{ partial "search-input.html" . }}
-    <button class="btn btn-link td-sidebar__toggle" type="button" {{/**/ -}}
+    <button class="btn btn-link td-sidebar__toggle d-md-none p-0 ms-3 fas fa-bars" type="button" data-bs-toggle="collapse" data-bs-target="#td-section-nav" aria-controls="td-section-nav" aria-expanded="false" aria-label="Toggle section navigation">
      data-bs-toggle="collapse" data-bs-target="#td-section-nav" {{/**/ -}}
      aria-controls="td-section-nav" aria-expanded="false" aria-label="Toggle section navigation">
    </button>
  </form>
  </div>
  <div id="content-desktop"></div>
-
+  {{ end -}}
  {{- end }}
  {{/* */ -}}
  <nav class="td-sidebar-nav collapse
      {{- if .Site.Params.ui.sidebar_search_disable }} td-sidebar-nav--search-disabled{{ end -}}
-        {{- if .Site.Params.ui.sidebar_menu_foldable }} foldable-nav{{ end }}" {{/**/ -}}
+      {{- if .Site.Params.ui.sidebar_menu_foldable }} foldable-nav{{ end -}}
-      id="td-section-nav"
+      " id="td-section-nav">
-      {{- if .Site.Params.ui.sidebar_root_enabled }} data-sidebar-root-id="{{ $sidebarRootID }}"{{ end -}}
+    {{ if  (gt (len .Site.Home.Translations) 0) -}}
-    >
+    <div class="td-sidebar-nav__section nav-item dropdown d-block d-lg-none">
    {{ if and .Site.Params.ui.sidebar_lang_menu (gt (len .Site.Home.Translations) 0) -}}
    <div class="td-sidebar-nav__section nav-item d-block d-lg-none">
      {{ partial "navbar-lang-selector.html" . }}
    </div>
    {{ end -}}
@ -65,11 +45,7 @@
    {{ partial "toc.html" . }}
  </nav>
 </div>
 {{- end }}{{/* with $context */ -}}
 {{ define "section-tree-nav-section" -}}
  {{/* cSpell:ignore manuallink manuallinkrelref manuallinktitle */ -}}
 {{ $s := .section -}}
 {{ $p := .page -}}
 {{ $shouldDelayActive := .shouldDelayActive -}}
@ -79,108 +55,27 @@
 {{ $ulShow := .ulShow -}}
 {{ $active := and (not $shouldDelayActive) (eq $s $p) -}}
 {{ $activePath := and (not $shouldDelayActive) (or (eq $p $s) ($p.IsDescendant $s)) -}}
-  {{ $show := cond
+{{ $show := cond (or (lt $ulNr $ulShow) $activePath (and (not $shouldDelayActive) (eq $s.Parent $p.Parent)) (and (not $shouldDelayActive) (eq $s.Parent $p)) (not $p.Site.Params.ui.sidebar_menu_compact) (and (not $shouldDelayActive) ($p.IsDescendant $s.Parent))) true false -}}
        (or
          (lt $ulNr $ulShow)
          $activePath
          (and (not $shouldDelayActive) (eq $s.Parent $p.Parent))
          (and (not $shouldDelayActive) (eq $s.Parent $p))
          (not $p.Site.Params.ui.sidebar_menu_compact)
          (and (not $shouldDelayActive) ($p.IsDescendant $s.Parent))
        )
        true false
  -}}
 {{ $mid := printf "m-%s" ($s.RelPermalink | anchorize) -}}
 {{ $pages_tmp := where (union $s.Pages $s.Sections).ByWeight ".Params.toc_hide" "!=" true -}}
 {{ $pages := $pages_tmp | first $sidebarMenuTruncate -}}
 {{ $truncatedEntryCount := sub (len $pages_tmp) $sidebarMenuTruncate -}}
 {{ if gt $truncatedEntryCount 0 -}}
  {{ warnf "WARNING: %d sidebar entries have been truncated. To avoid this, increase `params.ui.sidebar_menu_truncate` to at least %d (from %d) in your config file. Section: %s"
      $truncatedEntryCount (len $pages_tmp) $sidebarMenuTruncate  $s.Path -}}
 {{ end -}}
 {{ $withChild := gt (len $pages) 0 -}}
-  {{ $manualLink :=
+{{ $manualLink := cond (isset $s.Params "manuallink") $s.Params.manualLink ( cond (isset $s.Params "manuallinkrelref") (relref $s $s.Params.manualLinkRelref) $s.RelPermalink) -}}
-      cond
+{{ $manualLinkTitle := cond (isset $s.Params "manuallinktitle") $s.Params.manualLinkTitle $s.Title -}}
-        (isset $s.Params "manuallink")
+<li class="td-sidebar-nav__section-title td-sidebar-nav__section{{ if $withChild }} with-child{{ else }} without-child{{ end }}{{ if $activePath }} active-path{{ end }}{{ if (not (or $show $p.Site.Params.ui.sidebar_menu_foldable )) }} collapse{{ end }}" id="{{ $mid }}-li">
        $s.Params.manualLink
        (cond
          (isset $s.Params "manuallinkrelref")
          (relref $s $s.Params.manualLinkRelref)
          $s.RelPermalink
        )
  -}}
  {{ $manualLinkTitle :=
      cond
        (isset $s.Params "manuallinktitle")
        $s.Params.manualLinkTitle
        $s.Title
  -}}
  {{ if and $treeRoot (eq $s.Params.sidebar_root_for "self") -}}
    {{ with $s.Parent -}}
      {{ $manualLink = .RelPermalink -}}
    {{ end -}}
  {{ end -}}
  <li class="td-sidebar-nav__section-title td-sidebar-nav__section
        {{- if $withChild }} with-child{{ else }} without-child{{ end -}}
        {{ if $activePath }} active-path{{ end -}}
        {{ if (not (or $show $p.Site.Params.ui.sidebar_menu_foldable )) }} collapse{{ end -}}
      " {{/**/ -}}
      id="{{ $mid }}-li" {{- /**/ -}}
    >
  {{ if (and $p.Site.Params.ui.sidebar_menu_foldable (ge $ulNr 1)) -}}
  <input type="checkbox" id="{{ $mid }}-check"{{ if $activePath}} checked{{ end }}/>
-    <label for="{{ $mid }}-check">{{/**/ -}}
+  <label for="{{ $mid }}-check"><a href="{{ $manualLink }}"{{ if ne $s.LinkTitle $manualLinkTitle }} title="{{ $manualLinkTitle }}"{{ end }}{{ with $s.Params.manualLinkTarget }} target="{{ . }}"{{ if eq . "_blank" }} rel="noopener"{{ end }}{{ end }} class="align-left ps-0 {{ if $active}} active{{ end }} td-sidebar-link{{ if $s.IsPage }} td-sidebar-link__page{{ else }} td-sidebar-link__section{{ end }}{{ if $treeRoot }} tree-root{{ end }}" id="{{ $mid }}">{{ with $s.Params.Icon}}<i class="{{ . }}"></i>{{ end }}<span class="{{ if $active }}td-sidebar-nav-active-item{{ end }}">{{ $s.LinkTitle }}</span></a></label>
      <a href="{{ $manualLink }}"
        {{- if ne $s.LinkTitle $manualLinkTitle }} {{/**/ -}}
          title="{{ $manualLinkTitle }}"
        {{- end -}}
        {{ with $s.Params.manualLinkTarget }} {{/**/ -}}
          target="{{ . }}"
          {{- if eq . "_blank" }} rel="noopener"{{ end -}}
        {{ end }} {{/**/ -}}
        class="align-left ps-0 {{ if $active}} active{{ end }} td-sidebar-link
          {{- if $s.IsPage }} td-sidebar-link__page
          {{- else }} td-sidebar-link__section
          {{- end }}
          {{- if $treeRoot }} tree-root{{ end }}" {{/**/ -}}
        id="{{ $mid }}" {{- /**/ -}}
      >
        {{- with $s.Params.Icon -}}
          <i class="{{ . }}"></i>
        {{- end -}}
        <span class="{{ if $active }}td-sidebar-nav-active-item{{ end }}">
          {{- $s.LinkTitle -}}
        </span> {{- /**/ -}}
      </a> {{- /**/ -}}
    </label>
  {{ else -}}
-      <a href="{{ $manualLink }}"
+  <a href="{{ $manualLink }}"{{ if ne $s.LinkTitle $manualLinkTitle }} title="{{ $manualLinkTitle }}"{{ end }}{{ with $s.Params.manualLinkTarget }} target="{{ . }}"{{ if eq . "_blank" }} rel="noopener"{{ end }}{{ end }} class="align-left ps-0{{ if $active}} active{{ end }} td-sidebar-link{{ if $s.IsPage }} td-sidebar-link__page{{ else }} td-sidebar-link__section{{ end }}{{ if $treeRoot }} tree-root{{ end }}" id="{{ $mid }}">{{ with $s.Params.Icon}}<i class="{{ . }}"></i>{{ end }}<span class="{{ if $active }}td-sidebar-nav-active-item{{ end }}">{{ $s.LinkTitle }}</span></a>
-        {{- if ne $s.LinkTitle $manualLinkTitle }} title="{{ $manualLinkTitle }}"{{ end -}}
+  {{- end }}
-        {{ with $s.Params.manualLinkTarget }} {{/**/ -}}
+  {{- if $withChild }}
-          target="{{ . }}"
+  {{- $ulNr := add $ulNr 1 }}
          {{- if eq . "_blank" }} rel="noopener"{{ end -}}
        {{ end }} {{/**/ -}}
        class="align-left ps-0
          {{- if $active}} active{{ end }} {{/**/ -}}
          td-sidebar-link
          {{- if $s.IsPage }} td-sidebar-link__page{{ else }} td-sidebar-link__section{{ end }}
          {{- if $treeRoot }} tree-root{{ end }}" {{/**/ -}}
        id="{{ $mid }}" {{- /**/ -}}
      >
      {{- with $s.Params.Icon -}}
        <i class="{{ . }}"></i>
      {{- end -}}
      <span class="
        {{- if $active }}td-sidebar-nav-active-item{{ end -}}
        {{- if and $s.Params.sidebar_root_for site.Params.ui.sidebar_root_enabled }} td-sidebar-root-up-icon{{ end -}}
      ">
        {{- $s.LinkTitle -}}
      </span></a>
    {{- end -}}
    {{ if $withChild -}}
    {{ $ulNr := add $ulNr 1 }}
  <ul class="ul-{{ $ulNr }}{{ if (gt $ulNr 1)}} foldable{{end}}">
    {{ range $pages -}}
    {{ if (not (and (eq $s $p.Site.Home) (eq .Params.toc_root true))) -}}
@ -190,4 +85,4 @@
  </ul>
  {{- end }}
 </li>
-{{- end }}
+{{- end -}}
--- a/layouts/_partials/toc.html
+++ b/layouts/_partials/toc.html
@ -1,29 +1,15 @@
 {{/*
-  A copy of the toc.html partial in Docsy, modified to:
+  A modified version of the toc.html partial in Docsy.
-  * show the page's title instead of "on this page"
+*/}}
-
+{{ $page := .Params }}
 */ -}}
 {{/*
  Always render the td-toc element. ScrollSpy is counting on it to exist,
  even if it's empty.
  cSpell:ignore notoc
 */ -}}
 <div class="td-toc" data-proofer-ignore>
 {{ if not .Params.notoc -}}
-  {{ $toc := .TableOfContents -}}
+  {{ with .TableOfContents -}}
-  {{ if and $toc (ne $toc `<nav id="TableOfContents"></nav>`) -}}
+    <hr>
-    <div class="td-toc-title">
+    <div id="toc">
-      <span class="td-toc-title__text">{{ .Params.Title }}</span>
+        <a id="toc-title" href="#">{{ $page.Title }}</a>
-      <a class="td-toc-title__link" title="{{ i18n "toc_top_of_page" }}" href="#"></a>
+        {{ . }}
    </div>
    {{ $toc | safeHTML }}
  {{ end -}}
 {{ end -}}
 </div>
 {{/* */ -}}
--- a/layouts/docs/baseof.html
+++ b/layouts/docs/baseof.html
@ -1,14 +1,11 @@
 {{/*
-  A copy of the baseof.html partial in Docsy, modified to:
+  A copy of the baseof.html partial in Docsy, modified
 	to remove the right-hand column from the layout.
-  * generate a static file `versions.json` that can be used to populate the
+*/}}
    version picker.
  * remove the right-hand column from the layout.
-*/ -}}
+{{/* Generate a static file versions.json that can be used to populate the version picker */}}
 {{/* Generate a static file versions.json that can be used to populate the version picker */ -}}
 {{ if .IsHome }}
  {{- /* Load all changelog subpages, sorted by release date */ -}}
  {{ $changelog := site.GetPage "changelog" }}
@ -31,18 +28,20 @@
 <html itemscope itemtype="http://schema.org/WebPage"
    {{- with .Site.Language.LanguageDirection }} dir="{{ . }}" {{- end -}}
    {{ with .Site.Language.Lang }} lang="{{ . }}" {{- end }} {{/**/ -}}
-    class="no-js"
+    class="no-js">
    {{- $darkMode := partialCached "dark-mode-config.html" "dark-mode-global" -}}
    {{- if $darkMode.enable }} data-theme-init{{ end }}>
  <head>
    {{ partial "head.html" . }}
    {{ if .Page.Store.Get "hasMath" }}
      <link href="{{ relURL "css/katex.min.css" }}" rel="preload" as="style">
      <link href="{{ relURL "css/katex.min.css" }}" rel="stylesheet">
    {{ end }}
  </head>
  <body class="td-{{ .Kind }}{{ with .Page.Params.body_class }} {{ . }}{{ end }}">
    <header>
      {{ partial "navbar.html" . }}
    </header>
    <div class="container-fluid td-outer">
-      <div class="td-main" {{- partialCached "td/scrollspy-attr.txt" . .Section | safeHTMLAttr }}>
+      <div class="td-main">
        <div class="row flex-xl-nowrap">
          <aside class="col-12 col-md-3 col-xl-2 td-sidebar d-print-none">
            {{ partial "sidebar.html" . }}
--- a/meta/releasing.md
+++ b/meta/releasing.md
@ -50,6 +50,11 @@ First, can we even release the spec? This stage is mostly preparation work neede
 to ensure a consistent and reliable specification.
 1. Ensure `main` is committed with all the spec changes you expect to be there.
 2. Review the changelog to look for typos, wording inconsistencies, or lines which
   can be merged. For example, "Fix typos" and "Fix spelling" can be condensed to
   "Fix various typos throughout the specification".
 3. Do a quick skim to ensure changelogs reference the MSCs which brought the changes
   in. They should be linked to the GitHub MSC PR (not the markdown document).
 ## The release
@ -74,24 +79,20 @@ release.
   2. Run `./scripts/generate-changelog.sh v1.2` (using the correct version number).
      The script will use the current date. If that date is wrong, correct the document
      by using the same `YYYY-MM-DD` date format.
-   3. Review the changelog to look for typos, wording inconsistencies, or lines which
+   3. Commit the result.
      can be merged. For example, "Fix typos" and "Fix spelling" can be condensed to
      "Fix various typos throughout the specification".
   4. Do a quick skim to ensure changelogs reference the MSCs which brought the changes
      in. They should be linked to the GitHub MSC PR (not the markdown document).
   5. Commit the result.
   6. Now is a good time to have someone else review the changelog.
 5. Tag the branch with the spec release with a format of `v1.2` (if releasing Matrix 1.2).
 6. Push the release branch and the tag.
 7. GitHub Actions will run its build steps. Wait until these are successful. If fixes
   need to be made to repair the pipeline or spec build, delete and re-tag the release.
   You may need to fix up the changelog file by hand in this case.
-8. GitHub Actions should have drafted a release based on the new tag. Find it
+8. Check out and fast-forward `main` to the release branch.
-   at https://github.com/matrix-org/matrix-spec/releases.
+9. Create a new release on GitHub from the newly created tag.
-   1. Double-check the generated release notes, and check that `spec-artifact.zip` and
+   * The title should be just "v1.2" (for example).
-      `spec-historical-artifact.zip` are both attached to the draft release.
+   * The description should be a copy/paste of the changelog. The generated changelog
-   2. Publish the draft release.
+     will be at `content/changelog/v1.2.md` - copy/paste verbatim.
-9. Check out and fast-forward `main` to the release branch.
+   * Upload the artifacts of the GitHub Actions build for the release to the GitHub
     release as artifacts themselves. This should be the tarball that will be deployed
     to spec.matrix.org.
 10. Commit a reversion to `params.version` of `./config/_default/hugo.toml` on `main`:
    ```toml
    [params.version]
@ -102,8 +103,7 @@ release.
    ```
 11. Push pending commits and ensure the unstable spec updates accordingly from the
    GitHub Actions pipeline.
-12. Deploy the release on the webserver. See "Spec release process" in the
+12. Deploy the release on the webserver. See internal wiki.
    internal handbook.
 ## Patching a release
--- a/scripts/css/basic.css
+++ b/scripts/css/basic.css
@ -0,0 +1,572 @@
 /*
 * basic.css
 * ~~~~~~~~~
 *
 * Sphinx stylesheet -- basic theme.
 *
 * :copyright: Copyright 2007-2010 by the Sphinx team, see AUTHORS.
 * :license: BSD, see LICENSE for details.
 *
 */
 /* -- main layout ----------------------------------------------------------- */
 div.clearer {
    clear: both;
 }
 /* -- relbar ---------------------------------------------------------------- */
 div.related {
    width: 100%;
    font-size: 90%;
 }
 div.related h3 {
    display: none;
 }
 div.related ul {
    margin: 0;
    padding: 0 0 0 10px;
    list-style: none;
 }
 div.related li {
    display: inline;
 }
 div.related li.right {
    float: right;
    margin-right: 5px;
 }
 /* -- sidebar --------------------------------------------------------------- */
 div.sphinxsidebarwrapper {
    padding: 10px 5px 0 10px;
 }
 div.sphinxsidebar {
    float: left;
    width: 230px;
    margin-left: -100%;
    font-size: 90%;
 }
 div.sphinxsidebar ul {
    list-style: none;
 }
 div.sphinxsidebar ul ul,
 div.sphinxsidebar ul.want-points {
    margin-left: 20px;
    list-style: square;
 }
 div.sphinxsidebar ul ul {
    margin-top: 0;
    margin-bottom: 0;
 }
 div.sphinxsidebar form {
    margin-top: 10px;
 }
 div.sphinxsidebar input {
    border: 1px solid #98dbcc;
    font-family: sans-serif;
    font-size: 1em;
 }
 img {
    border: 0;
 }
 /* -- search page ----------------------------------------------------------- */
 ul.search {
    margin: 10px 0 0 20px;
    padding: 0;
 }
 ul.search li {
    padding: 5px 0 5px 20px;
    background-image: url(file.png);
    background-repeat: no-repeat;
    background-position: 0 7px;
 }
 ul.search li a {
    font-weight: bold;
 }
 ul.search li div.context {
    color: #888;
    margin: 2px 0 0 30px;
    text-align: left;
 }
 ul.keywordmatches li.goodmatch a {
    font-weight: bold;
 }
 /* -- index page ------------------------------------------------------------ */
 table.contentstable {
    width: 90%;
 }
 table.contentstable p.biglink {
    line-height: 150%;
 }
 a.biglink {
    font-size: 1.3em;
 }
 span.linkdescr {
    font-style: italic;
    padding-top: 5px;
    font-size: 90%;
 }
 /* -- general index --------------------------------------------------------- */
 table.indextable {
    width: 100%;
 }
 table.indextable td {
    text-align: left;
    vertical-align: top;
 }
 table.indextable dl, table.indextable dd {
    margin-top: 0;
    margin-bottom: 0;
 }
 table.indextable tr.pcap {
    height: 10px;
 }
 table.indextable tr.cap {
    margin-top: 10px;
    background-color: #f2f2f2;
 }
 img.toggler {
    margin-right: 3px;
    margin-top: 3px;
    cursor: pointer;
 }
 div.modindex-jumpbox {
    border-top: 1px solid #ddd;
    border-bottom: 1px solid #ddd;
    margin: 1em 0 1em 0;
    padding: 0.4em;
 }
 div.genindex-jumpbox {
    border-top: 1px solid #ddd;
    border-bottom: 1px solid #ddd;
    margin: 1em 0 1em 0;
    padding: 0.4em;
 }
 /* -- general body styles --------------------------------------------------- */
 a.headerlink {
    visibility: hidden;
 }
 h1:hover > a.headerlink,
 h2:hover > a.headerlink,
 h3:hover > a.headerlink,
 h4:hover > a.headerlink,
 h5:hover > a.headerlink,
 h6:hover > a.headerlink,
 dt:hover > a.headerlink {
    visibility: visible;
 }
 div.document p.caption {
    text-align: inherit;
 }
 div.document td {
    text-align: left;
 }
 .field-list ul {
    padding-left: 1em;
 }
 .first {
    margin-top: 0 !important;
 }
 p.rubric {
    margin-top: 30px;
    font-weight: bold;
 }
 .align-left {
    text-align: left;
 }
 .align-center {
    clear: both;
    text-align: center;
 }
 .align-right {
    text-align: right;
 }
 /* -- sidebars -------------------------------------------------------------- */
 div.sidebar {
    margin: 0 0 0.5em 1em;
    border: 1px solid #ddb;
    padding: 7px 7px 0 7px;
    background-color: #ffe;
    width: 40%;
    float: right;
 }
 p.sidebar-title {
    font-weight: bold;
 }
 /* -- topics ---------------------------------------------------------------- */
 div.topic {
    border: 1px solid #ccc;
    padding: 7px 7px 0 7px;
    margin: 10px 0 10px 0;
 }
 p.topic-title {
    font-size: 1.1em;
    font-weight: bold;
    margin-top: 10px;
 }
 /* -- admonitions ----------------------------------------------------------- */
 div.admonition {
    margin-top: 10px;
    margin-bottom: 10px;
    padding: 7px;
 }
 div.admonition dt {
    font-weight: bold;
 }
 div.admonition dl {
    margin-bottom: 0;
 }
 p.admonition-title {
    margin: 0px 10px 5px 0px;
    font-weight: bold;
 }
 div.document p.centered {
    text-align: center;
    margin-top: 25px;
 }
 /* -- tables ---------------------------------------------------------------- */
 table.docutils {
    border: 0;
    border-collapse: collapse;
 }
 table.docutils td, table.docutils th {
    padding: 1px 8px 1px 5px;
    border-top: 0;
    border-left: 0;
    border-right: 0;
    border-bottom: 1px solid #aaa;
 }
 table.field-list td, table.field-list th {
    border: 0 !important;
 }
 table.footnote td, table.footnote th {
    border: 0 !important;
 }
 th {
    text-align: left;
    padding-right: 5px;
 }
 table.citation {
    border-left: solid 1px gray;
    margin-left: 1px;
 }
 table.citation td {
    border-bottom: none;
 }
 table.colwidths-auto caption {
    font-family: 'Inconsolata', monospace;
    font-weight: 800;
    font-size: 120%;
    padding: 5px;
    text-align: left;
    margin-bottom: 2px;
 }
 .section ol, .section li {
    margin: 0px 0px 0px 30px !important;
 }
 p.httpheaders {
    font-weight: 800;
    font-size: 120%;
    padding: 5px;
    text-align: left;
    margin-bottom: 2px;
 }
 table.colwidths-auto {
    width:100%;
    margin-top: 20px;
 }
 table.colwidths-auto tr td:nth-child(1) {
    width: 15%;
 }
 table.colwidths-auto tr td:nth-child(2) {
    width: 15%;
    font-family: 'Inconsolata', monospace;
 }
 table.colwidths-auto tr td:nth-child(3) {
    width: 70%;
 }
 /* -- other body styles ----------------------------------------------------- */
 ol.arabic {
    list-style: decimal;
 }
 ol.loweralpha {
    list-style: lower-alpha;
 }
 ol.upperalpha {
    list-style: upper-alpha;
 }
 ol.lowerroman {
    list-style: lower-roman;
 }
 ol.upperroman {
    list-style: upper-roman;
 }
 dl {
    margin-bottom: 15px;
 }
 dd p {
    margin-top: 0px;
 }
 dd ul, dd table {
    margin-bottom: 10px;
 }
 dd {
    margin-top: 3px;
    margin-bottom: 10px;
    margin-left: 30px;
 }
 dt:target, .highlighted {
    background-color: #fbe54e;
 }
 dl.glossary dt {
    font-weight: bold;
    font-size: 1.1em;
 }
 .field-list ul {
    margin: 0;
    padding-left: 1em;
 }
 .field-list p {
    margin: 0;
 }
 .refcount {
    color: #060;
 }
 .optional {
    font-size: 1.3em;
 }
 .versionmodified {
    font-style: italic;
 }
 .system-message {
    background-color: #fda;
    padding: 5px;
    border: 3px solid red;
 }
 .footnote:target  {
    background-color: #ffa
 }
 .line-block {
    display: block;
    margin-top: 1em;
    margin-bottom: 1em;
 }
 .line-block .line-block {
    margin-top: 0;
    margin-bottom: 0;
    margin-left: 1.5em;
 }
 .guilabel, .menuselection {
    font-family: sans-serif;
 }
 .accelerator {
    text-decoration: underline;
 }
 .classifier {
    font-style: oblique;
 }
 /* -- proposals page -------------------------------------------------------- */
 #tables-of-tracked-proposals h2 {
    padding-left: 10px;
    position: -webkit-sticky;
    position: sticky;
 }
 /* Move sticky headers below header bar on desktop */
@media all and (min-width:980px) {
    #tables-of-tracked-proposals h2 {
        top: 52px;
    }
 }
 /* Sticky headers stick to the top on mobile */
@media all and (min-width:0px) and (max-width: 980px) {
    #tables-of-tracked-proposals h2 {
        top: 0px;
    }
 }
 /* -- code displays --------------------------------------------------------- */
 pre {
    overflow: auto;
 }
 td.linenos pre {
    padding: 5px 0px;
    border: 0;
    background-color: transparent;
    color: #aaa;
 }
 table.highlighttable {
    margin-left: 0.5em;
 }
 table.highlighttable td {
    padding: 0 0.5em 0 0.5em;
 }
 tt.descname {
    background-color: transparent;
    font-weight: bold;
    font-size: 1.2em;
 }
 tt.descclassname {
    background-color: transparent;
 }
 tt.xref, a tt {
    background-color: transparent;
    font-weight: bold;
 }
 h1 tt, h2 tt, h3 tt, h4 tt, h5 tt, h6 tt {
    background-color: transparent;
 }
 .viewcode-link {
    float: right;
 }
 .viewcode-back {
    float: right;
    font-family: sans-serif;
 }
 div.viewcode-block:target {
    margin: -1px -10px;
    padding: 0 10px;
 }
 /* -- math display ---------------------------------------------------------- */
 img.math {
    vertical-align: middle;
 }
 div.document div.math p {
    text-align: center;
 }
 span.eqno {
    float: right;
 }
 /* -- printout stylesheet --------------------------------------------------- */
@media print {
    div.document,
    div.documentwrapper,
    div.bodywrapper {
        margin: 0 !important;
        width: 100%;
    }
    div.sphinxsidebar,
    div.related,
    div.footer,
    #top-link {
        display: none;
    }
 }
--- a/scripts/css/blockquote.css
+++ b/scripts/css/blockquote.css
@ -0,0 +1,4 @@
 blockquote {
    margin: 20px 0 30px;
    padding-left: 20px;
 }
--- a/scripts/css/codehighlight.css
+++ b/scripts/css/codehighlight.css
@ -0,0 +1,16 @@
 pre.code .comment, code .comment { color: green }
 pre.code .keyword, code .keyword { color: darkred; font-weight: bold }
 pre.code .name.builtin, code .name.builtin { color: darkred; font-weight: bold }
 pre.code .name.tag, code .name.tag { color: darkgreen }
 pre.code .literal, code .literal { color: darkblue }
 pre.code .literal.number, code .literal.number { color: blue }
 /* HTTP Methods have class "name function" */
 pre.code.http .name.function,  code.http .name.function { color: black; font-weight: bold }
 /* HTTP Paths have class "name namespace" */
 pre.code.http .name.namespace, code.http .name.namespace { color: darkgreen }
 /* HTTP "HTTP" strings have class "keyword reserved" */
 pre.code.http .keyword.reserved, code.http .keyword.reserved { color: black; font-weight: bold }
 /* HTTP Header names have class "name attribute" */
 pre.code.http .name.attribute, code.http .name.attribute { color: black; font-weight: bold }
--- a/scripts/css/nature.css
+++ b/scripts/css/nature.css
@ -0,0 +1,295 @@
 /*
 * nature.css_t
 * ~~~~~~~~~~~~
 *
 * Sphinx stylesheet -- nature theme.
 *
 * :copyright: Copyright 2007-2010 by the Sphinx team, see AUTHORS.
 * :license: BSD, see LICENSE for details.
 *
 */
 /* -- page layout ----------------------------------------------------------- */
 body {
    font-family: Arial, sans-serif;
    font-size: 100%;
    /*background-color: #111;*/
    color: #555;
    margin: 0;
    padding: 0;
 }
 div.documentwrapper {
    float: left;
    width: 100%;
 }
 div.bodywrapper {
    margin: 0 0 0 230px;
 }
 hr {
    border: 1px solid #B1B4B6;
 }
 /*
 div.document {
    background-color: #eee;
 }
 */
 div.document {
    background-color: #ffffff;
    color: #3E4349;
    padding: 0 30px 30px 30px;
    font-size: 0.9em;
 }
 div.footer {
    color: #555;
    width: 100%;
    padding: 13px 0;
    text-align: center;
    font-size: 75%;
 }
 div.footer a {
    color: #444;
    text-decoration: underline;
 }
 div.related {
    background-color: #6BA81E;
    line-height: 32px;
    color: #fff;
    text-shadow: 0px 1px 0 #444;
    font-size: 0.9em;
 }
 div.related a {
    color: #E2F3CC;
 }
 div.sphinxsidebar {
    font-size: 0.75em;
    line-height: 1.5em;
 }
 div.sphinxsidebarwrapper{
    padding: 20px 0;
 }
 div.sphinxsidebar h3,
 div.sphinxsidebar h4 {
    font-family: Arial, sans-serif;
    color: #222;
    font-size: 1.2em;
    font-weight: normal;
    margin: 0;
    padding: 5px 10px;
    background-color: #ddd;
    text-shadow: 1px 1px 0 white
 }
 div.sphinxsidebar h4{
    font-size: 1.1em;
 }
 div.sphinxsidebar h3 a {
    color: #444;
 }
 div.sphinxsidebar p {
    color: #888;
    padding: 5px 20px;
 }
 div.sphinxsidebar p.topless {
 }
 div.sphinxsidebar ul {
    margin: 10px 20px;
    padding: 0;
    color: #000;
 }
 div.sphinxsidebar a {
    color: #444;
 }
 div.sphinxsidebar input {
    border: 1px solid #ccc;
    font-family: sans-serif;
    font-size: 1em;
 }
 div.sphinxsidebar input[type=text]{
    margin-left: 20px;
 }
 /* -- body styles ----------------------------------------------------------- */
 a {
    color: #005B81;
    text-decoration: none;
 }
 a:hover {
    color: #E32E00;
    text-decoration: underline;
 }
 div.document h1,
 div.document h2,
 div.document h3,
 div.document h4,
 div.document h5,
 div.document h6 {
    font-family: Arial, sans-serif;
    background-color: #BED4EB;
    font-weight: normal;
    color: #212224;
    margin: 30px 0px 10px 0px;
    padding: 5px 0 5px 10px;
    text-shadow: 0px 1px 0 white
 }
 div.document h1 { border-top: 20px solid white; margin-top: 0; font-size: 200%; }
 div.document h2 { font-size: 150%; background-color: #C8D5E3; }
 div.document h3 { font-size: 120%; background-color: #D8DEE3; }
 div.document h4 { font-size: 110%; background-color: #D8DEE3; }
 div.document h5 { font-size: 100%; background-color: #D8DEE3; }
 div.document h6 { font-size: 100%; background-color: #D8DEE3; }
 a.headerlink {
    color: #c60f0f;
    font-size: 0.8em;
    padding: 0 4px 0 4px;
    text-decoration: none;
 }
 a.headerlink:hover {
    background-color: #c60f0f;
    color: white;
 }
 div.document p, div.document dd, div.document li {
    line-height: 1.5em;
 }
 div.admonition p.admonition-title + p {
    display: inline;
 }
 div.highlight{
    background-color: white;
 }
 div.note {
    background-color: #eee;
    border: 1px solid #ccc;
 }
 div.seealso {
    background-color: #ffc;
    border: 1px solid #ff6;
 }
 div.topic {
    background-color: #eee;
 }
 div.warning {
    background-color: #ffe4e4;
    border: 1px solid #f66;
 }
 p.admonition-title {
    display: inline;
 }
 p.admonition-title:after {
    content: ":";
 }
 pre {
    padding: 10px;
    background-color: White;
    color: #222;
    line-height: 1.2em;
    border: 1px solid #C6C9CB;
    font-size: 1.1em;
    margin: 1.5em 0 1.5em 0;
    -webkit-box-shadow: 1px 1px 1px #d8d8d8;
    -moz-box-shadow: 1px 1px 1px #d8d8d8;
 }
 tt {
    background-color: #ecf0f3;
    color: #222;
    /* padding: 1px 2px; */
    font-size: 1.1em;
    font-family: monospace;
 }
 .viewcode-back {
    font-family: Arial, sans-serif;
 }
 div.viewcode-block:target {
    background-color: #f4debf;
    border-top: 1px solid #ac9;
    border-bottom: 1px solid #ac9;
 }
 ul li dd {
 	margin-top: 0;
 }
 ul li dl {
 	margin-bottom: 0;
 }
 li dl dd {
 	margin-bottom: 0;
 }
 dd ul {
 	padding-left: 0;
 }
 li dd ul {
 	margin-bottom: 0;
 }
 table {
    margin-top: 10px;
    margin-bottom: 10px;
    border: 0;
    border-collapse: collapse;
 }
 td[colspan]:not([colspan="1"]) {
    background: #eeeeee;
    text-transform: capitalize;
 }
 thead {
    background: #eeeeee;
 }
 div.admonition-rationale {
    background-color: #efe;
    border: 1px solid #ccc;
 }
 div.admonition-example {
    background-color: #eef;
    border: 1px solid #ccc;
 }
 div#table-of-contents ul {
    list-style-type: none;
 }
--- a/scripts/css/pygments.css
+++ b/scripts/css/pygments.css
@ -0,0 +1,83 @@
 /*
 Original styles generated from:
    pygmentize -f html -S colorful -a pre.code > ./scripts/css/pygments.css
 Rules for which we don't want the syntax highlighter to kick in are commented
 out at the bottom.
 Windows users: if you regenerate this file, you'll need to re-save it as utf-8
 to make docutils happy.
 */
 /* DIFFS */
 pre.code .gd { color: #A00000 } /* Generic.Deleted */
 pre.code .gi { color: #00A000 } /* Generic.Inserted */
 /* UNUSED */
 /*pre.code .hll { background-color: #ffffcc }*/
 /*pre.code  { background: #ffffff; }*/
 /*pre.code .c { color: #888888 } !* Comment *!*/
 /*pre.code .err { color: #FF0000; background-color: #FFAAAA } !* Error *!*/
 /*pre.code .k { color: #008800; font-weight: bold } !* Keyword *!*/
 /*pre.code .o { color: #333333 } !* Operator *!*/
 /*pre.code .ch { color: #888888 } !* Comment.Hashbang *!*/
 /*pre.code .cm { color: #888888 } !* Comment.Multiline *!*/
 /*pre.code .cp { color: #557799 } !* Comment.Preproc *!*/
 /*pre.code .cpf { color: #888888 } !* Comment.PreprocFile *!*/
 /*pre.code .c1 { color: #888888 } !* Comment.Single *!*/
 /*pre.code .cs { color: #cc0000; font-weight: bold } !* Comment.Special *!*/
 /*pre.code .ge { font-style: italic } !* Generic.Emph *!*/
 /*pre.code .gr { color: #FF0000 } !* Generic.Error *!*/
 /*pre.code .gh { color: #000080; font-weight: bold } !* Generic.Heading *!*/
 /*pre.code .go { color: #888888 } !* Generic.Output *!*/
 /*pre.code .gp { color: #c65d09; font-weight: bold } !* Generic.Prompt *!*/
 /*pre.code .gs { font-weight: bold } !* Generic.Strong *!*/
 /*pre.code .gu { color: #800080; font-weight: bold } !* Generic.Subheading *!*/
 /*pre.code .gt { color: #0044DD } !* Generic.Traceback *!*/
 /*pre.code .kc { color: #008800; font-weight: bold } !* Keyword.Constant *!*/
 /*pre.code .kd { color: #008800; font-weight: bold } !* Keyword.Declaration *!*/
 /*pre.code .kn { color: #008800; font-weight: bold } !* Keyword.Namespace *!*/
 /*pre.code .kp { color: #003388; font-weight: bold } !* Keyword.Pseudo *!*/
 /*pre.code .kr { color: #008800; font-weight: bold } !* Keyword.Reserved *!*/
 /*pre.code .kt { color: #333399; font-weight: bold } !* Keyword.Type *!*/
 /*pre.code .m { color: #6600EE; font-weight: bold } !* Literal.Number *!*/
 /*pre.code .s { background-color: #fff0f0 } !* Literal.String *!*/
 /*pre.code .na { color: #0000CC } !* Name.Attribute *!*/
 /*pre.code .nb { color: #007020 } !* Name.Builtin *!*/
 /*pre.code .nc { color: #BB0066; font-weight: bold } !* Name.Class *!*/
 /*pre.code .no { color: #003366; font-weight: bold } !* Name.Constant *!*/
 /*pre.code .nd { color: #555555; font-weight: bold } !* Name.Decorator *!*/
 /*pre.code .ni { color: #880000; font-weight: bold } !* Name.Entity *!*/
 /*pre.code .ne { color: #FF0000; font-weight: bold } !* Name.Exception *!*/
 /*pre.code .nf { color: #0066BB; font-weight: bold } !* Name.Function *!*/
 /*pre.code .nl { color: #997700; font-weight: bold } !* Name.Label *!*/
 /*pre.code .nn { color: #0e84b5; font-weight: bold } !* Name.Namespace *!*/
 /*pre.code .nt { color: #007700 } !* Name.Tag *!*/
 /*pre.code .nv { color: #996633 } !* Name.Variable *!*/
 /*pre.code .ow { color: #000000; font-weight: bold } !* Operator.Word *!*/
 /*pre.code .w { color: #bbbbbb } !* Text.Whitespace *!*/
 /*pre.code .mb { color: #6600EE; font-weight: bold } !* Literal.Number.Bin *!*/
 /*pre.code .mf { color: #6600EE; font-weight: bold } !* Literal.Number.Float *!*/
 /*pre.code .mh { color: #005588; font-weight: bold } !* Literal.Number.Hex *!*/
 /*pre.code .mi { color: #0000DD; font-weight: bold } !* Literal.Number.Integer *!*/
 /*pre.code .mo { color: #4400EE; font-weight: bold } !* Literal.Number.Oct *!*/
 /*pre.code .sa { background-color: #fff0f0 } !* Literal.String.Affix *!*/
 /*pre.code .sb { background-color: #fff0f0 } !* Literal.String.Backtick *!*/
 /*pre.code .sc { color: #0044DD } !* Literal.String.Char *!*/
 /*pre.code .dl { background-color: #fff0f0 } !* Literal.String.Delimiter *!*/
 /*pre.code .sd { color: #DD4422 } !* Literal.String.Doc *!*/
 /*pre.code .s2 { background-color: #fff0f0 } !* Literal.String.Double *!*/
 /*pre.code .se { color: #666666; font-weight: bold; background-color: #fff0f0 } !* Literal.String.Escape *!*/
 /*pre.code .sh { background-color: #fff0f0 } !* Literal.String.Heredoc *!*/
 /*pre.code .si { background-color: #eeeeee } !* Literal.String.Interpol *!*/
 /*pre.code .sx { color: #DD2200; background-color: #fff0f0 } !* Literal.String.Other *!*/
 /*pre.code .sr { color: #000000; background-color: #fff0ff } !* Literal.String.Regex *!*/
 /*pre.code .s1 { background-color: #fff0f0 } !* Literal.String.Single *!*/
 /*pre.code .ss { color: #AA6600 } !* Literal.String.Symbol *!*/
 /*pre.code .bp { color: #007020 } !* Name.Builtin.Pseudo *!*/
 /*pre.code .fm { color: #0066BB; font-weight: bold } !* Name.Function.Magic *!*/
 /*pre.code .vc { color: #336699 } !* Name.Variable.Class *!*/
 /*pre.code .vg { color: #dd7700; font-weight: bold } !* Name.Variable.Global *!*/
 /*pre.code .vi { color: #3333BB } !* Name.Variable.Instance *!*/
 /*pre.code .vm { color: #996633 } !* Name.Variable.Magic *!*/
 /*pre.code .il { color: #0000DD; font-weight: bold } !* Literal.Number.Integer.Long *!*/
--- a/scripts/css/tables.css
+++ b/scripts/css/tables.css
@ -0,0 +1,4 @@
 /* Column with header cells */
 table.docutils tbody th.stub {
    background: #eeeeee;
 }
--- a/scripts/download-katex-assets.sh
+++ b/scripts/download-katex-assets.sh
@ -0,0 +1,41 @@
 #!/bin/bash
 #
 # Download the KaTeX fonts and CSS, and copy them into `static`.
 set -e
 root=$(dirname "$0")/..
 # Check that the caller supplied a version.
 version=$1
 if [[ -z $1 || $1 = "-h" || $1 = "--help" ]]; then
    >&2 echo "Usage: download-katex-assets.sh VERSION (e.g. v0.16.23)"
    >&2 echo
    >&2 echo "Downloads KaTeX fonts and CSS from the specified release"
    >&2 echo "on GitHub and puts the files into static/."
    exit 1
 fi
 # Create a temporary directory and register a handler to clean it up on exit.
 tmp_dir=$(mktemp -d)
 clean_up () {
    rm -rf "$tmp_dir"
 } 
 trap clean_up EXIT
 # Fetch the release archive.
 archive=$tmp_dir/katex.tar.gz
 url=https://github.com/KaTeX/KaTeX/releases/download/$version/katex.tar.gz
 echo "GET $url"
 curl -L --output "$archive" "$url"
 # Unpack the archive.
 tar -xzvf "$archive" -C "$tmp_dir"
 # Move the CSS file into place.
 install -vm644 "$tmp_dir/katex/katex.min.css" "$root/static/css/katex.min.css"
 # Remove any existing fonts and move the new ones into place.
 rm -rvf "$root"/static/css/fonts/KaTeX*
 while IFS= read -r -d '' file; do
    install -vm644 "$file" "$root/static/css/fonts"
 done < <(find "$tmp_dir/katex/fonts" -maxdepth 1 -name "KaTeX*.woff2" -print0)
--- a/scripts/proposals.js
+++ b/scripts/proposals.js
@ -6,7 +6,7 @@
 * in the specification.
 *
 * In detail, it:
- * - fetches all GitHub issues from matrix-spec-proposals that have the `proposal` label
+ * - fetches all GitHub issues from matrix-doc that have the `proposal` label
 * - groups them by their state in the MSC process
 * - does some light massaging of them so it's easier for the Hugo template to work with them
 * - store them at /data/msc
--- a/static/css/fonts/KaTeX_AMS-Regular.woff2
+++ b/static/css/fonts/KaTeX_AMS-Regular.woff2
--- a/static/css/fonts/KaTeX_Caligraphic-Bold.woff2
+++ b/static/css/fonts/KaTeX_Caligraphic-Bold.woff2
--- a/static/css/fonts/KaTeX_Caligraphic-Regular.woff2
+++ b/static/css/fonts/KaTeX_Caligraphic-Regular.woff2
--- a/static/css/fonts/KaTeX_Fraktur-Bold.woff2
+++ b/static/css/fonts/KaTeX_Fraktur-Bold.woff2
--- a/static/css/fonts/KaTeX_Fraktur-Regular.woff2
+++ b/static/css/fonts/KaTeX_Fraktur-Regular.woff2
--- a/static/css/fonts/KaTeX_Main-Bold.woff2
+++ b/static/css/fonts/KaTeX_Main-Bold.woff2
--- a/static/css/fonts/KaTeX_Main-BoldItalic.woff2
+++ b/static/css/fonts/KaTeX_Main-BoldItalic.woff2
--- a/static/css/fonts/KaTeX_Main-Italic.woff2
+++ b/static/css/fonts/KaTeX_Main-Italic.woff2
--- a/static/css/fonts/KaTeX_Main-Regular.woff2
+++ b/static/css/fonts/KaTeX_Main-Regular.woff2
--- a/Show more
+++ b/Show more
		`@ -1 +0,0 @@`
			`Add identifier pronunciation guidelines. Contributed by @HarHarLinks.`
		`@ -1 +0,0 @@`
			`Add the account management capabilities for the OAuth 2.0 authentication API, as per [MSC4191](https://github.com/matrix-org/matrix-spec-proposals/pull/4191).`
		`@ -1 +0,0 @@`
			`Add OAuth 2.0 aware clients, as per [MSC3824](https://github.com/matrix-org/matrix-spec-proposals/pull/3824).`
		`@ -1 +0,0 @@`
			`Update non-historic mentions of matrix-doc repo to matrix-spec/-proposals. Contributed by @HarHarLinks.`
		`@ -1 +0,0 @@`
			`Remove unintended TeX formatting. Contributed by @HarHarLinks.`
		`@ -1 +0,0 @@`
			Add `m.recent_emoji` account data event to track recently used emoji as per [MSC4356](https://github.com/matrix-org/matrix-spec-proposals/pull/4356).
		`@ -1 +0,0 @@`
			Add `m.forget_forced_upon_leave` capability for servers to transparently auto-forget rooms that the user leaves as per [MSC4267](https://github.com/matrix-org/matrix-spec-proposals/pull/4267).
		`@ -1 +0,0 @@`
			Add support for `m.room.redaction` events at the `PUT /rooms/{roomId}/send/{eventType}/{txnId}` endpoint, as per [MSC4169](https://github.com/matrix-org/matrix-spec-proposals/pull/4169).
		`@ -1 +0,0 @@`
			Clients supporting the `ol` HTML element must also support the `start` attribute, as per [MSC4313](https://github.com/matrix-org/matrix-spec-proposals/pull/4313).
		`@ -1 +0,0 @@`
			`Add invite blocking, as per [MSC4380](https://github.com/matrix-org/matrix-spec-proposals/pull/4380).`