Cove is a protocol before it’s an app. Three specs define what runs on the wire; the reference implementation follows them.
The protocol authority. Defines the canonical data model — keys, attestations, entries, threads — the wire protocol, and every responsibility the hub carries: acceptance pipeline, tamper-evident log, throttle bounds, signed tree heads, inclusion and consistency proofs. Also states honestly what a malicious hub still could do (withhold, potentially equivocate) and what it structurally cannot (forge, silently rewrite history).
What every Cove client — PWA, desktop, future mobile — must do to be a compliant participant. Key custody, entry construction and signing, the §5 verification chain that runs on every incoming entry, receipt emission, push behavior, offline handling. The client trusts the hub for availability and ordering, the directory for identity, and no one for content integrity.
How one keypair travels across every device you use — iCloud, Google, Windows, Linux — without the ecosystems needing to talk to each other. Two-layer encryption, multi-recipient wrapping, hub-stored ciphertext, per-pubkey chain CAS. Preserves every existing non-negotiable: the hub still holds no private keys, still can’t forge, still can’t rewrite. Adds one new residual (rollback attack, mitigation stated).
These docs are Draft 0.1. They evolve with the pilot. When a spec section number changes, the CHANGELOG entry notes it; the git history is the audit trail.