feat(web): overhaul SPA to look like a proper IRC client

Major UI overhaul of the embedded web SPA to match traditional IRC client
look and feel:

Layout changes:
- Input bar now spans full width at bottom of window (below user list)
- Removed inline join dialog from tab bar (use /join command instead)
- Nick prefix shown in input bar (e.g. 'alice>')
- Topic bar shows 'Topic:' label with accent color

IRC command support:
- Added /me command (action messages via meta.action flag)
- Added /mode command for channel/user mode changes
- Added /quit command for clean disconnect
- Added /help command listing all available commands
- /part now accepts optional reason message

User list improvements:
- Parse 353 RPL_NAMREPLY to extract user mode prefixes
- Display @nick for ops, +nick for voiced, plain for regular users
- Sort users by mode rank: ops first, then voiced, then regular
- Ops shown in orange, voiced in green, regular in default color
- Extracted UserList into dedicated component

Message display:
- Messages displayed inline with nick on same line (IRC style)
- Action messages (/me) shown as '* nick does something' in purple
- System messages prefixed with '***'
- Uses IRC vocabulary: 'has parted' instead of 'has left'
- Parse 332 RPL_TOPIC for channel topic on join

UX improvements:
- Command history with up/down arrow keys (100 entries)
- Input always visible including on Server tab
- Dark theme with monospace font (JetBrains Mono/Fira Code)
- Hover highlight on messages
- Custom scrollbar styling
- Tab type-based styling (server tab bold)

closes #50

.gitignore

@@ -36,4 +36,3 @@ data.db
 debug.log
 /neoirc-cli
 web/node_modules/
-web/dist/

README.md

@@ -764,98 +764,21 @@ not pollute the message queue.
 
 **IRC reference:** RFC 1459 §4.6.2, §4.6.3
 
-#### MODE — Query Modes
+#### MODE — Set/Query Modes (Planned)
 
-Query channel or user modes. Returns the current mode string and, for
+Set channel or user modes.
-channels, the creation timestamp.
 
 **C2S:**
 ```json
-{"command": "MODE", "to": "#general"}
+{"command": "MODE", "to": "#general", "params": ["+m"]}
-{"command": "MODE", "to": "alice"}
+{"command": "MODE", "to": "#general", "params": ["+o", "alice"]}
 ```
 
-**S2C (via message queue):**
+**Status:** Not yet implemented. See [Channel Modes](#channel-modes) for the
-
+planned mode set.
-For channels, the server sends RPL_CHANNELMODEIS (324) and
-RPL_CREATIONTIME (329):
-```json
-{"command": "324", "to": "alice", "params": ["#general", "+n"]}
-{"command": "329", "to": "alice", "params": ["#general", "1709251200"]}
-```
-
-For users, the server sends RPL_UMODEIS (221):
-```json
-{"command": "221", "to": "alice", "body": ["+"]}
-```
-
-**Note:** Mode changes (setting/unsetting modes) are not yet implemented.
-Currently only query is supported.
 
 **IRC reference:** RFC 1459 §4.2.3
 
-#### NAMES — Channel Member List
-
-Request the member list for a channel. Returns RPL_NAMREPLY (353) and
-RPL_ENDOFNAMES (366).
-
-**C2S:**
-```json
-{"command": "NAMES", "to": "#general"}
-```
-
-**IRC reference:** RFC 1459 §4.2.5
-
-#### LIST — List Channels
-
-Request a list of all channels with member counts. Returns RPL_LIST (322)
-for each channel followed by RPL_LISTEND (323).
-
-**C2S:**
-```json
-{"command": "LIST"}
-```
-
-**IRC reference:** RFC 1459 §4.2.6
-
-#### WHOIS — User Information
-
-Query information about a user. Returns RPL_WHOISUSER (311),
-RPL_WHOISSERVER (312), RPL_WHOISCHANNELS (319), and RPL_ENDOFWHOIS (318).
-
-**C2S:**
-```json
-{"command": "WHOIS", "to": "alice"}
-```
-
-**IRC reference:** RFC 1459 §4.5.2
-
-#### WHO — Channel User List
-
-Query users in a channel. Returns RPL_WHOREPLY (352) for each user followed
-by RPL_ENDOFWHO (315).
-
-**C2S:**
-```json
-{"command": "WHO", "to": "#general"}
-```
-
-**IRC reference:** RFC 1459 §4.5.1
-
-#### LUSERS — Server Statistics
-
-Request server user/channel statistics. Returns RPL_LUSERCLIENT (251),
-RPL_LUSEROP (252), RPL_LUSERCHANNELS (254), and RPL_LUSERME (255).
-
-**C2S:**
-```json
-{"command": "LUSERS"}
-```
-
-LUSERS replies are also sent automatically during connection registration.
-
-**IRC reference:** RFC 1459 §4.3.2
-
 #### KICK — Kick User (Planned)
 
 Remove a user from a channel.
@@ -905,27 +828,12 @@ the server to the client (never C2S) and use 3-digit string codes in the
 | Code | Name                 | When Sent | Example |
 |------|----------------------|-----------|---------|
 | `001` | RPL_WELCOME         | After session creation | `{"command":"001","to":"alice","body":["Welcome to the network, alice"]}` |
-| `002` | RPL_YOURHOST        | After session creation | `{"command":"002","to":"alice","body":["Your host is neoirc, running version 0.1"]}` |
+| `002` | RPL_YOURHOST        | After session creation | `{"command":"002","to":"alice","body":["Your host is neoirc-server, running version 0.1"]}` |
 | `003` | RPL_CREATED         | After session creation | `{"command":"003","to":"alice","body":["This server was created 2026-02-10"]}` |
-| `004` | RPL_MYINFO          | After session creation | `{"command":"004","to":"alice","params":["neoirc","0.1","","imnst"]}` |
+| `004` | RPL_MYINFO          | After session creation | `{"command":"004","to":"alice","params":["neoirc-server","0.1","","imnst"]}` |
-| `005` | RPL_ISUPPORT        | After session creation | `{"command":"005","to":"alice","params":["CHANTYPES=#","NICKLEN=32","NETWORK=neoirc"],"body":["are supported by this server"]}` |
-| `221` | RPL_UMODEIS         | In response to user MODE query | `{"command":"221","to":"alice","body":["+"]}` |
-| `251` | RPL_LUSERCLIENT     | On connect or LUSERS command | `{"command":"251","to":"alice","body":["There are 5 users and 0 invisible on 1 servers"]}` |
-| `252` | RPL_LUSEROP         | On connect or LUSERS command | `{"command":"252","to":"alice","params":["0"],"body":["operator(s) online"]}` |
-| `254` | RPL_LUSERCHANNELS   | On connect or LUSERS command | `{"command":"254","to":"alice","params":["3"],"body":["channels formed"]}` |
-| `255` | RPL_LUSERME         | On connect or LUSERS command | `{"command":"255","to":"alice","body":["I have 5 clients and 1 servers"]}` |
-| `311` | RPL_WHOISUSER       | In response to WHOIS | `{"command":"311","to":"alice","params":["bob","bob","neoirc","*"],"body":["bob"]}` |
-| `312` | RPL_WHOISSERVER     | In response to WHOIS | `{"command":"312","to":"alice","params":["bob","neoirc"],"body":["neoirc server"]}` |
-| `315` | RPL_ENDOFWHO        | End of WHO response | `{"command":"315","to":"alice","params":["#general"],"body":["End of /WHO list"]}` |
-| `318` | RPL_ENDOFWHOIS      | End of WHOIS response | `{"command":"318","to":"alice","params":["bob"],"body":["End of /WHOIS list"]}` |
-| `319` | RPL_WHOISCHANNELS   | In response to WHOIS | `{"command":"319","to":"alice","params":["bob"],"body":["#general #dev"]}` |
 | `322` | RPL_LIST            | In response to LIST | `{"command":"322","to":"alice","params":["#general","5"],"body":["General discussion"]}` |
 | `323` | RPL_LISTEND         | End of LIST response | `{"command":"323","to":"alice","body":["End of /LIST"]}` |
-| `324` | RPL_CHANNELMODEIS   | In response to channel MODE query | `{"command":"324","to":"alice","params":["#general","+n"]}` |
-| `329` | RPL_CREATIONTIME    | After channel MODE query | `{"command":"329","to":"alice","params":["#general","1709251200"]}` |
-| `331` | RPL_NOTOPIC         | Channel has no topic (on JOIN) | `{"command":"331","to":"alice","params":["#general"],"body":["No topic is set"]}` |
 | `332` | RPL_TOPIC           | On JOIN or TOPIC query | `{"command":"332","to":"alice","params":["#general"],"body":["Welcome!"]}` |
-| `352` | RPL_WHOREPLY        | In response to WHO | `{"command":"352","to":"alice","params":["#general","bob","neoirc","neoirc","bob","H"],"body":["0 bob"]}` |
 | `353` | RPL_NAMREPLY        | On JOIN or NAMES query | `{"command":"353","to":"alice","params":["=","#general"],"body":["@op1 alice bob +voiced1"]}` |
 | `366` | RPL_ENDOFNAMES      | End of NAMES response | `{"command":"366","to":"alice","params":["#general"],"body":["End of /NAMES list"]}` |
 | `372` | RPL_MOTD            | MOTD line | `{"command":"372","to":"alice","body":["Welcome to the server"]}` |
@@ -933,18 +841,14 @@ the server to the client (never C2S) and use 3-digit string codes in the
 | `376` | RPL_ENDOFMOTD       | End of MOTD | `{"command":"376","to":"alice","body":["End of /MOTD command"]}` |
 | `401` | ERR_NOSUCHNICK      | DM to nonexistent nick | `{"command":"401","to":"alice","params":["bob"],"body":["No such nick/channel"]}` |
 | `403` | ERR_NOSUCHCHANNEL   | Action on nonexistent channel | `{"command":"403","to":"alice","params":["#nope"],"body":["No such channel"]}` |
-| `421` | ERR_UNKNOWNCOMMAND  | Unrecognized command | `{"command":"421","to":"alice","params":["FOO"],"body":["Unknown command"]}` |
-| `432` | ERR_ERRONEUSNICKNAME | Invalid nick format | `{"command":"432","to":"alice","params":["bad nick!"],"body":["Erroneous nickname"]}` |
 | `433` | ERR_NICKNAMEINUSE   | NICK to taken nick | `{"command":"433","to":"*","params":["alice"],"body":["Nickname is already in use"]}` |
 | `442` | ERR_NOTONCHANNEL    | Action on unjoined channel | `{"command":"442","to":"alice","params":["#general"],"body":["You're not on that channel"]}` |
-| `461` | ERR_NEEDMOREPARAMS  | Missing required fields | `{"command":"461","to":"alice","params":["JOIN"],"body":["Not enough parameters"]}` |
 | `482` | ERR_CHANOPRIVSNEEDED | Non-op tries op action | `{"command":"482","to":"alice","params":["#general"],"body":["You're not channel operator"]}` |
 
-**Note:** Numeric replies are now implemented. All IRC command responses
+**Note:** Numeric replies are planned for full implementation. The current MVP
-(success and error) are delivered as numeric replies through the message queue.
+returns standard HTTP error responses (4xx/5xx with JSON error bodies) instead
-HTTP error codes are reserved for transport-level issues (auth failures,
+of numeric replies for error conditions. Numeric replies in the message queue
-malformed requests, server errors). The `params` field in the message envelope
+will be added post-MVP.
-carries IRC-style parameters (e.g., channel name, target nick).
 
 ### Channel Modes
 
@@ -987,18 +891,7 @@ the format:
 
 Create a new user session. This is the entry point for all clients.
 
-If the server requires hashcash proof-of-work (see
+**Request:**
-[Hashcash Proof-of-Work](#hashcash-proof-of-work)), the client must include a
-valid stamp in the `X-Hashcash` request header. The required difficulty is
-advertised via `GET /api/v1/server` in the `hashcash_bits` field.
-
-**Request Headers:**
-
-| Header       | Required | Description |
-|--------------|----------|-------------|
-| `X-Hashcash` | Conditional | Hashcash stamp (required when server has `hashcash_bits` > 0) |
-
-**Request Body:**
 ```json
 {"nick": "alice"}
 ```
@@ -1027,15 +920,12 @@ advertised via `GET /api/v1/server` in the `hashcash_bits` field.
 | Status | Error | When |
 |--------|-------|------|
 | 400    | `nick must be 1-32 characters` | Empty or too-long nick |
-| 402    | `hashcash proof-of-work required` | Missing `X-Hashcash` header when hashcash is enabled |
-| 402    | `invalid hashcash stamp: ...` | Stamp fails validation (wrong bits, expired, reused, etc.) |
 | 409    | `nick already taken` | Another active session holds this nick |
 
 **curl example:**
 ```bash
 TOKEN=$(curl -s -X POST http://localhost:8080/api/v1/session \
   -H 'Content-Type: application/json' \
-  -H 'X-Hashcash: 1:20:260310:neoirc::3a2f1' \
   -d '{"nick":"alice"}' | jq -r .token)
 echo $TOKEN
 ```
@@ -1164,78 +1054,27 @@ reference with all required and optional fields.
 
 | Command   | Required Fields     | Optional      | Response Status |
 |-----------|---------------------|---------------|-----------------|
-| `PRIVMSG` | `to`, `body`        | `meta`        | 200 OK          |
+| `PRIVMSG` | `to`, `body`        | `meta`        | 201 Created     |
-| `NOTICE`  | `to`, `body`        | `meta`        | 200 OK          |
+| `NOTICE`  | `to`, `body`        | `meta`        | 201 Created     |
 | `JOIN`    | `to`                |               | 200 OK          |
 | `PART`    | `to`                | `body`        | 200 OK          |
 | `NICK`    | `body`              |               | 200 OK          |
 | `TOPIC`   | `to`, `body`        |               | 200 OK          |
-| `MODE`    | `to`                |               | 200 OK          |
-| `NAMES`   | `to`                |               | 200 OK          |
-| `LIST`    |                     |               | 200 OK          |
-| `WHOIS`   | `to` or `body`      |               | 200 OK          |
-| `WHO`     | `to`                |               | 200 OK          |
-| `LUSERS`  |                     |               | 200 OK          |
 | `QUIT`    |                     | `body`        | 200 OK          |
 | `PING`    |                     |               | 200 OK          |
 
-All IRC commands return HTTP 200 OK. IRC-level success and error responses
+**Errors (all commands):**
-are delivered as **numeric replies** through the message queue (see
-[Numeric Replies](#numeric-replies) below). HTTP error codes (4xx/5xx) are
-reserved for transport-level problems: malformed JSON (400), missing/invalid
-auth tokens (401), and server errors (500).
-
-**HTTP errors (transport-level only):**
 
 | Status | Error | When |
 |--------|-------|------|
-| 400    | `invalid request` | Malformed JSON or empty command |
+| 400    | `invalid request` | Malformed JSON |
+| 400    | `to field required` | Missing `to` for commands that need it |
+| 400    | `body required` | Missing `body` for commands that need it |
+| 400    | `unknown command: X` | Unrecognized command |
 | 401    | `unauthorized` | Missing or invalid auth token |
-| 500    | `internal error` | Server-side failure |
+| 404    | `channel not found` | Target channel doesn't exist |
-
+| 404    | `user not found` | DM target nick doesn't exist |
-**IRC numeric error replies (delivered via message queue):**
+| 409    | `nick already in use` | NICK target is taken |
-
-| Numeric | Name | When |
-|---------|------|------|
-| 401     | ERR_NOSUCHNICK | DM target nick doesn't exist |
-| 403     | ERR_NOSUCHCHANNEL | Target channel doesn't exist or invalid name |
-| 421     | ERR_UNKNOWNCOMMAND | Unrecognized command |
-| 432     | ERR_ERRONEUSNICKNAME | Invalid nickname format |
-| 433     | ERR_NICKNAMEINUSE | NICK target is taken |
-| 442     | ERR_NOTONCHANNEL | Not a member of the target channel |
-| 461     | ERR_NEEDMOREPARAMS | Missing required fields (to, body) |
-
-**IRC numeric success replies (delivered via message queue):**
-
-| Numeric | Name | When |
-|---------|------|------|
-| 001     | RPL_WELCOME | Sent on session creation/login |
-| 002     | RPL_YOURHOST | Sent on session creation/login |
-| 003     | RPL_CREATED | Sent on session creation/login |
-| 004     | RPL_MYINFO | Sent on session creation/login |
-| 005     | RPL_ISUPPORT | Sent on session creation/login |
-| 221     | RPL_UMODEIS | In response to user MODE query |
-| 251     | RPL_LUSERCLIENT | On connect or LUSERS command |
-| 252     | RPL_LUSEROP | On connect or LUSERS command |
-| 254     | RPL_LUSERCHANNELS | On connect or LUSERS command |
-| 255     | RPL_LUSERME | On connect or LUSERS command |
-| 311     | RPL_WHOISUSER | WHOIS user info |
-| 312     | RPL_WHOISSERVER | WHOIS server info |
-| 315     | RPL_ENDOFWHO | End of WHO list |
-| 318     | RPL_ENDOFWHOIS | End of WHOIS list |
-| 319     | RPL_WHOISCHANNELS | WHOIS channels list |
-| 322     | RPL_LIST | Channel in LIST response |
-| 323     | RPL_LISTEND | End of LIST |
-| 324     | RPL_CHANNELMODEIS | Channel mode query response |
-| 329     | RPL_CREATIONTIME | Channel creation timestamp |
-| 331     | RPL_NOTOPIC | Channel has no topic (on JOIN) |
-| 332     | RPL_TOPIC | Channel topic (on JOIN, TOPIC set) |
-| 352     | RPL_WHOREPLY | User in WHO response |
-| 353     | RPL_NAMREPLY | Channel member list (on JOIN, NAMES) |
-| 366     | RPL_ENDOFNAMES | End of NAMES list |
-| 375     | RPL_MOTDSTART | Start of MOTD |
-| 372     | RPL_MOTD | MOTD line |
-| 376     | RPL_ENDOFMOTD | End of MOTD |
 
 ### GET /api/v1/history — Message History
 
@@ -1377,17 +1216,15 @@ Return server metadata. No authentication required.
 {
   "name": "My NeoIRC Server",
   "motd": "Welcome! Be nice.",
-  "users": 42,
+  "users": 42
-  "hashcash_bits": 20
 }
 ```
 
 | Field   | Type    | Description |
-|-----------------|---------|-------------|
+|---------|---------|-------------|
 | `name`  | string  | Server display name |
 | `motd`  | string  | Message of the day |
 | `users` | integer | Number of currently active user sessions |
-| `hashcash_bits` | integer | Required proof-of-work difficulty (leading zero bits). Only present when > 0. See [Hashcash Proof-of-Work](#hashcash-proof-of-work). |
 
 ### GET /.well-known/healthcheck.json — Health Check
 
@@ -1821,7 +1658,6 @@ directory is also loaded automatically via
 | `SENTRY_DSN`       | string  | `""`                                 | Sentry error tracking DSN (optional) |
 | `METRICS_USERNAME` | string  | `""`                                 | Basic auth username for `/metrics` endpoint. If empty, metrics endpoint is disabled. |
 | `METRICS_PASSWORD` | string  | `""`                                 | Basic auth password for `/metrics` endpoint |
-| `NEOIRC_HASHCASH_BITS` | int | `20`                               | Required hashcash proof-of-work difficulty (leading zero bits in SHA-256) for session creation. Set to `0` to disable. |
 | `MAINTENANCE_MODE` | bool    | `false`                              | Maintenance mode flag (reserved) |
 
 ### Example `.env` file
@@ -1833,7 +1669,6 @@ MOTD=Welcome! Be excellent to each other.
 DEBUG=false
 DBURL=file:///var/lib/neoirc/state.db?_journal_mode=WAL
 SESSION_IDLE_TIMEOUT=24h
-NEOIRC_HASHCASH_BITS=20
 ```
 
 ---
@@ -2116,102 +1951,62 @@ Clients should handle these message commands from the queue:
 
 ## Rate Limiting & Abuse Prevention
 
-### Hashcash Proof-of-Work
+Session creation (`POST /api/v1/session`) will require a
-
-Session creation (`POST /api/v1/session`) requires a
 [hashcash](https://en.wikipedia.org/wiki/Hashcash)-style proof-of-work token.
 This is the primary defense against resource exhaustion — no CAPTCHAs, no
 account registration, no IP-based rate limits that punish shared networks.
 
 ### How It Works
 
-1. Client fetches server info: `GET /api/v1/server` returns a `hashcash_bits`
+1. Client requests a challenge: `GET /api/v1/challenge`
-   field (e.g., `20`) indicating the required difficulty.
+   ```json
-2. Client computes a hashcash stamp: find a counter value such that the
+   → {"nonce": "random-hex-string", "difficulty": 20, "expires": "2026-02-10T20:01:00Z"}
-   SHA-256 hash of the stamp string has the required number of leading zero
-   bits.
-3. Client includes the stamp in the `X-Hashcash` request header when creating
-   a session: `POST /api/v1/session`.
-4. Server validates the stamp:
-   - Version is `1`
-   - Claimed bits ≥ required bits
-   - Resource matches the server name
-   - Date is within 48 hours (not expired, not too far in the future)
-   - SHA-256 hash has the required leading zero bits
-   - Stamp has not been used before (replay prevention)
-
-### Stamp Format
-
-Standard hashcash format:
-
    ```
-1:bits:date:resource::counter
+2. Server returns a nonce and a required difficulty (number of leading zero
+   bits in the SHA-256 hash)
+3. Client finds a counter value such that `SHA-256(nonce || ":" || counter)`
+   has the required number of leading zero bits:
    ```
-
+   SHA-256("a1b2c3:0")     = 0xf3a1...  (0 leading zeros — no good)
-| Field      | Description |
+   SHA-256("a1b2c3:1")     = 0x8c72...  (0 leading zeros — no good)
-|------------|-------------|
+   ...
-| `1`        | Version (always `1`) |
+   SHA-256("a1b2c3:94217") = 0x00003a... (20 leading zero bits — success!)
-| `bits`     | Claimed difficulty (must be ≥ server's `hashcash_bits`) |
-| `date`     | Date stamp in `YYMMDD` or `YYMMDDHHMMSS` format (UTC) |
-| `resource` | The server name (from `GET /api/v1/server`; defaults to `neoirc`) |
-| (empty)    | Extension field (unused) |
-| `counter`  | Hex counter value found by the client to satisfy the PoW |
-
-**Example stamp:** `1:20:260310:neoirc::3a2f1b`
-
-The SHA-256 hash of this entire string must have at least 20 leading zero bits.
-
-### Computing a Stamp
-
-```bash
-# Pseudocode
-bits = 20
-resource = "neoirc"
-date = "260310"         # YYMMDD in UTC
-counter = 0
-
-loop:
-    stamp = "1:{bits}:{date}:{resource}::{hex(counter)}"
-    hash = SHA-256(stamp)
-    if leading_zero_bits(hash) >= bits:
-        return stamp
-    counter++
    ```
+4. Client submits the proof with the session request:
+   ```json
+   POST /api/v1/session
+   {"nick": "alice", "proof": {"nonce": "a1b2c3", "counter": 94217}}
+   ```
+5. Server verifies:
+   - Nonce was issued by this server and hasn't expired
+   - Nonce hasn't been used before (prevent replay)
+   - `SHA-256(nonce || ":" || counter)` has the required leading zeros
+   - If valid, create the session normally
 
-At difficulty 20, this requires approximately 2^20 (~1M) hash attempts on
+### Adaptive Difficulty
-average, taking roughly 0.5–2 seconds on modern hardware.
 
-### Client Integration
+The required difficulty scales with server load. Under normal conditions, the
+cost is negligible (a few milliseconds of CPU). As concurrent sessions or
+session creation rate increases, difficulty rises — making bulk session creation
+exponentially more expensive for attackers while remaining cheap for legitimate
+single-user connections.
 
-Both the embedded web SPA and the CLI client automatically handle hashcash:
+| Server Load        | Difficulty (bits) | Approx. Client CPU |
+|--------------------|-------------------|--------------------|
+| Normal (< 100/min) | 16                | ~1ms               |
+| Elevated           | 20                | ~15ms              |
+| High               | 24                | ~250ms             |
+| Under attack       | 28+               | ~4s+               |
 
-1. Fetch `GET /api/v1/server` to read `hashcash_bits`
+Each additional bit of difficulty doubles the expected work. An attacker
-2. If `hashcash_bits > 0`, compute a valid stamp
+creating 1000 sessions at difficulty 28 needs ~4000 CPU-seconds; a legitimate
-3. Include the stamp in the `X-Hashcash` header on `POST /api/v1/session`
+user creating one session needs ~4 seconds once and never again for the
-
+duration of their session.
-The web SPA uses the Web Crypto API (`crypto.subtle.digest`) for SHA-256
-computation with batched parallelism. The CLI client uses Go's `crypto/sha256`.
-
-### Configuration
-
-Set `NEOIRC_HASHCASH_BITS` to control difficulty:
-
-| Value | Effect | Approx. Client CPU |
-|-------|--------|---------------------|
-| `0`   | Disabled (no proof-of-work required) | — |
-| `16`  | Light protection | ~1ms |
-| `20`  | Default — good balance | ~0.5–2s |
-| `24`  | Strong protection | ~10–30s |
-| `28`  | Very strong (may frustrate users) | ~2–10min |
-
-Each additional bit doubles the expected work. An attacker creating 1000
-sessions at difficulty 20 needs ~1000–2000 CPU-seconds; a legitimate user
-creating one session pays once and keeps their session.
 
 ### Why Hashcash and Not Rate Limits?
 
 - **No state to track**: No IP tables, no token buckets, no sliding windows.
-  The server only needs to verify a single hash.
+  The server only needs to verify a hash.
 - **Works through NATs and proxies**: Doesn't punish shared IPs (university
   campuses, corporate networks, Tor exits). Every client computes their own
   proof independently.
@@ -2219,9 +2014,36 @@ creating one session pays once and keeps their session.
   (one SHA-256 hash) regardless of difficulty. Only the client does more work.
 - **Fits the "no accounts" philosophy**: Proof-of-work is the cost of entry.
   No registration, no email, no phone number, no CAPTCHA. Just compute.
+- **Trivial for legitimate clients**: A single-user client pays ~1ms of CPU
+  once. A botnet trying to create thousands of sessions pays exponentially more.
 - **Language-agnostic**: SHA-256 is available in every programming language.
   The proof computation is trivially implementable in any client.
 
+### Challenge Endpoint (Planned)
+
+```
+GET /api/v1/challenge
+```
+
+**Response:** `200 OK`
+```json
+{
+  "nonce": "a1b2c3d4e5f6...",
+  "difficulty": 20,
+  "algorithm": "sha256",
+  "expires": "2026-02-10T20:01:00Z"
+}
+```
+
+| Field        | Type    | Description |
+|--------------|---------|-------------|
+| `nonce`      | string  | Server-generated random hex string (32+ chars) |
+| `difficulty` | integer | Required number of leading zero bits in the hash |
+| `algorithm`  | string  | Hash algorithm (always `sha256` for now) |
+| `expires`    | string  | ISO 8601 expiry time for this challenge |
+
+**Status:** Not yet implemented. Tracked for post-MVP.
+
 ---
 
 ## Roadmap
@@ -2250,23 +2072,15 @@ creating one session pays once and keeps their session.
 
 ### Post-MVP (Planned)
 
-- [x] **Hashcash proof-of-work** for session creation (abuse prevention)
+- [ ] **Hashcash proof-of-work** for session creation (abuse prevention)
 - [ ] **Queue pruning** — delete old queue entries per `QUEUE_MAX_AGE`
 - [ ] **Message rotation** — enforce `MAX_HISTORY` per channel
 - [ ] **Channel modes** — enforce `+i`, `+m`, `+s`, `+t`, `+n`
 - [ ] **User channel modes** — `+o` (operator), `+v` (voice)
-- [x] **MODE command** — query channel and user modes (set not yet implemented)
+- [ ] **MODE command** — set/query channel and user modes
-- [x] **NAMES command** — query channel member list
-- [x] **LIST command** — list all channels with member counts
-- [x] **WHOIS command** — query user information and channel membership
-- [x] **WHO command** — query channel user list
-- [x] **LUSERS command** — query server statistics
-- [x] **Connection registration numerics** — 001-005 sent on session creation
-- [x] **LUSERS numerics** — 251/252/254/255 sent on connect and via /LUSERS
 - [ ] **KICK command** — remove users from channels
-- [x] **Numeric replies** — send IRC numeric codes via the message queue
+- [ ] **Numeric replies** — send IRC numeric codes via the message queue
-  (001-005 welcome, 251-255 LUSERS, 311-319 WHOIS, 322-329 LIST/MODE,
+  (001 welcome, 353 NAMES, 332 TOPIC, etc.)
-  331-332 TOPIC, 352-353 WHO/NAMES, 366, 372-376 MOTD, 401-461 errors)
 - [ ] **Max message size enforcement** — reject oversized messages
 - [ ] **NOTICE command** — distinct from PRIVMSG (no auto-reply flag)
 - [ ] **Multi-client sessions** — add client to existing session
@@ -2286,7 +2100,7 @@ creating one session pays once and keeps their session.
 - [ ] **Push notifications** — optional webhook/push for mobile clients
   when messages arrive during disconnect
 - [ ] **Message search** — full-text search over channel history
-- [x] **User info command** — WHOIS for querying user info and channels
+- [ ] **User info command** — WHOIS-equivalent for querying user metadata
 - [ ] **Connection flood protection** — per-IP connection limits as a
   complement to hashcash
 - [ ] **Invite system** — `INVITE` command for `+i` channels

cmd/neoirc-cli/api/client.go

@@ -13,8 +13,6 @@ import (
 	"strconv"
 	"strings"
 	"time"
-
-	"git.eeqj.de/sneak/neoirc/internal/irc"
 )
 
 const (
@@ -43,34 +41,13 @@ func NewClient(baseURL string) *Client {
 }
 
 // CreateSession creates a new session on the server.
-// If the server requires hashcash proof-of-work, it
-// automatically fetches the difficulty and computes a
-// valid stamp.
 func (client *Client) CreateSession(
 	nick string,
 ) (*SessionResponse, error) {
-	// Fetch server info to check for hashcash requirement.
+	data, err := client.do(
-	info, err := client.GetServerInfo()
-
-	var headers map[string]string
-
-	if err == nil && info.HashcashBits > 0 {
-		resource := info.Name
-		if resource == "" {
-			resource = "neoirc"
-		}
-
-		stamp := MintHashcash(info.HashcashBits, resource)
-		headers = map[string]string{
-			"X-Hashcash": stamp,
-		}
-	}
-
-	data, err := client.doWithHeaders(
 		http.MethodPost,
 		"/api/v1/session",
 		&SessionRequest{Nick: nick},
-		headers,
 	)
 	if err != nil {
 		return nil, err
@@ -191,7 +168,7 @@ func (client *Client) PollMessages(
 func (client *Client) JoinChannel(channel string) error {
 	return client.SendMessage(
 		&Message{ //nolint:exhaustruct // only command+to needed
-			Command: irc.CmdJoin, To: channel,
+			Command: "JOIN", To: channel,
 		},
 	)
 }
@@ -200,7 +177,7 @@ func (client *Client) JoinChannel(channel string) error {
 func (client *Client) PartChannel(channel string) error {
 	return client.SendMessage(
 		&Message{ //nolint:exhaustruct // only command+to needed
-			Command: irc.CmdPart, To: channel,
+			Command: "PART", To: channel,
 		},
 	)
 }
@@ -282,16 +259,6 @@ func (client *Client) GetServerInfo() (
 func (client *Client) do(
 	method, path string,
 	body any,
-) ([]byte, error) {
-	return client.doWithHeaders(
-		method, path, body, nil,
-	)
-}
-
-func (client *Client) doWithHeaders(
-	method, path string,
-	body any,
-	extraHeaders map[string]string,
 ) ([]byte, error) {
 	var bodyReader io.Reader
 
@@ -324,10 +291,6 @@ func (client *Client) doWithHeaders(
 		)
 	}
 
-	for key, val := range extraHeaders {
-		request.Header.Set(key, val)
-	}
-
 	resp, err := client.HTTPClient.Do(request)
 	if err != nil {
 		return nil, fmt.Errorf("http: %w", err)

cmd/neoirc-cli/api/hashcash.go

@@ -1,79 +0,0 @@
-package neoircapi
-
-import (
-	"crypto/rand"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"math/big"
-	"time"
-)
-
-const (
-	// bitsPerByte is the number of bits in a byte.
-	bitsPerByte = 8
-	// fullByteMask is 0xFF, a mask for all bits in a byte.
-	fullByteMask = 0xFF
-	// counterSpace is the range for random counter seeds.
-	counterSpace = 1 << 48
-)
-
-// MintHashcash computes a hashcash stamp with the given
-// difficulty (leading zero bits) and resource string.
-func MintHashcash(bits int, resource string) string {
-	date := time.Now().UTC().Format("060102")
-	prefix := fmt.Sprintf(
-		"1:%d:%s:%s::", bits, date, resource,
-	)
-
-	for {
-		counter := randomCounter()
-		stamp := prefix + counter
-		hash := sha256.Sum256([]byte(stamp))
-
-		if hasLeadingZeroBits(hash[:], bits) {
-			return stamp
-		}
-	}
-}
-
-// hasLeadingZeroBits checks if hash has at least numBits
-// leading zero bits.
-func hasLeadingZeroBits(
-	hash []byte,
-	numBits int,
-) bool {
-	fullBytes := numBits / bitsPerByte
-	remainBits := numBits % bitsPerByte
-
-	for idx := range fullBytes {
-		if hash[idx] != 0 {
-			return false
-		}
-	}
-
-	if remainBits > 0 && fullBytes < len(hash) {
-		mask := byte(
-			fullByteMask << (bitsPerByte - remainBits),
-		)
-
-		if hash[fullBytes]&mask != 0 {
-			return false
-		}
-	}
-
-	return true
-}
-
-// randomCounter generates a random hex counter string.
-func randomCounter() string {
-	counterVal, err := rand.Int(
-		rand.Reader, big.NewInt(counterSpace),
-	)
-	if err != nil {
-		// Fallback to timestamp-based counter on error.
-		return fmt.Sprintf("%x", time.Now().UnixNano())
-	}
-
-	return hex.EncodeToString(counterVal.Bytes())
-}

cmd/neoirc-cli/api/types.go

@@ -66,7 +66,6 @@ type ServerInfo struct {
 	Name    string `json:"name"`
 	MOTD    string `json:"motd"`
 	Version string `json:"version"`
-	HashcashBits int    `json:"hashcash_bits"` //nolint:tagliatelle
 }
 
 // MessagesResponse wraps polling results.

cmd/neoirc-cli/main.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	api "git.eeqj.de/sneak/neoirc/cmd/neoirc-cli/api"
-	"git.eeqj.de/sneak/neoirc/internal/irc"
 )
 
 const (
@@ -87,7 +86,7 @@ func (a *App) handleInput(text string) {
 	}
 
 	err := a.client.SendMessage(&api.Message{ //nolint:exhaustruct
-		Command: irc.CmdPrivmsg,
+		Command: "PRIVMSG",
 		To:      target,
 		Body:    []string{text},
 	})
@@ -139,29 +138,16 @@ func (a *App) dispatchCommand(cmd, args string) {
 		a.cmdQuery(args)
 	case "/topic":
 		a.cmdTopic(args)
+	case "/names":
+		a.cmdNames()
+	case "/list":
+		a.cmdList()
 	case "/window", "/w":
 		a.cmdWindow(args)
 	case "/quit":
 		a.cmdQuit()
 	case "/help":
 		a.cmdHelp()
-	default:
-		a.dispatchInfoCommand(cmd, args)
-	}
-}
-
-func (a *App) dispatchInfoCommand(cmd, args string) {
-	switch cmd {
-	case "/names":
-		a.cmdNames()
-	case "/list":
-		a.cmdList()
-	case "/motd":
-		a.cmdMotd()
-	case "/who":
-		a.cmdWho(args)
-	case "/whois":
-		a.cmdWhois(args)
 	default:
 		a.ui.AddStatus(
 			"[red]Unknown command: " + cmd,
@@ -242,7 +228,7 @@ func (a *App) cmdNick(nick string) {
 	}
 
 	err := a.client.SendMessage(&api.Message{ //nolint:exhaustruct
-		Command: irc.CmdNick,
+		Command: "NICK",
 		Body:    []string{nick},
 	})
 	if err != nil {
@@ -377,7 +363,7 @@ func (a *App) cmdMsg(args string) {
 	}
 
 	err := a.client.SendMessage(&api.Message{ //nolint:exhaustruct
-		Command: irc.CmdPrivmsg,
+		Command: "PRIVMSG",
 		To:      target,
 		Body:    []string{text},
 	})
@@ -435,7 +421,7 @@ func (a *App) cmdTopic(args string) {
 
 	if args == "" {
 		err := a.client.SendMessage(&api.Message{ //nolint:exhaustruct
-			Command: irc.CmdTopic,
+			Command: "TOPIC",
 			To:      target,
 		})
 		if err != nil {
@@ -448,7 +434,7 @@ func (a *App) cmdTopic(args string) {
 	}
 
 	err := a.client.SendMessage(&api.Message{ //nolint:exhaustruct
-		Command: irc.CmdTopic,
+		Command: "TOPIC",
 		To:      target,
 		Body:    []string{args},
 	})
@@ -524,96 +510,6 @@ func (a *App) cmdList() {
 	a.ui.AddStatus("[cyan]*** End of channel list")
 }
 
-func (a *App) cmdMotd() {
-	a.mu.Lock()
-	connected := a.connected
-	a.mu.Unlock()
-
-	if !connected {
-		a.ui.AddStatus("[red]Not connected")
-
-		return
-	}
-
-	err := a.client.SendMessage(
-		&api.Message{Command: irc.CmdMotd}, //nolint:exhaustruct
-	)
-	if err != nil {
-		a.ui.AddStatus(fmt.Sprintf(
-			"[red]MOTD failed: %v", err,
-		))
-	}
-}
-
-func (a *App) cmdWho(args string) {
-	a.mu.Lock()
-	connected := a.connected
-	target := a.target
-	a.mu.Unlock()
-
-	if !connected {
-		a.ui.AddStatus("[red]Not connected")
-
-		return
-	}
-
-	channel := args
-	if channel == "" {
-		channel = target
-	}
-
-	if channel == "" ||
-		!strings.HasPrefix(channel, "#") {
-		a.ui.AddStatus(
-			"[red]Usage: /who #channel",
-		)
-
-		return
-	}
-
-	err := a.client.SendMessage(
-		&api.Message{ //nolint:exhaustruct
-			Command: irc.CmdWho, To: channel,
-		},
-	)
-	if err != nil {
-		a.ui.AddStatus(fmt.Sprintf(
-			"[red]WHO failed: %v", err,
-		))
-	}
-}
-
-func (a *App) cmdWhois(args string) {
-	a.mu.Lock()
-	connected := a.connected
-	a.mu.Unlock()
-
-	if !connected {
-		a.ui.AddStatus("[red]Not connected")
-
-		return
-	}
-
-	if args == "" {
-		a.ui.AddStatus(
-			"[red]Usage: /whois <nick>",
-		)
-
-		return
-	}
-
-	err := a.client.SendMessage(
-		&api.Message{ //nolint:exhaustruct
-			Command: irc.CmdWhois, To: args,
-		},
-	)
-	if err != nil {
-		a.ui.AddStatus(fmt.Sprintf(
-			"[red]WHOIS failed: %v", err,
-		))
-	}
-}
-
 func (a *App) cmdWindow(args string) {
 	if args == "" {
 		a.ui.AddStatus(
@@ -654,7 +550,7 @@ func (a *App) cmdQuit() {
 
 	if a.connected && a.client != nil {
 		_ = a.client.SendMessage(
-			&api.Message{Command: irc.CmdQuit}, //nolint:exhaustruct
+			&api.Message{Command: "QUIT"}, //nolint:exhaustruct
 		)
 	}
 
@@ -678,9 +574,6 @@ func (a *App) cmdHelp() {
 		"  /topic [text]   — View/set topic",
 		"  /names          — List channel members",
 		"  /list           — List channels",
-		"  /who [#channel] — List users in channel",
-		"  /whois <nick>   — Show user info",
-		"  /motd           — Show message of the day",
 		"  /window <n>     — Switch buffer",
 		"  /quit           — Disconnect and exit",
 		"  /help           — This help",
@@ -739,19 +632,19 @@ func (a *App) handleServerMessage(msg *api.Message) {
 	a.mu.Unlock()
 
 	switch msg.Command {
-	case irc.CmdPrivmsg:
+	case "PRIVMSG":
 		a.handlePrivmsgEvent(msg, timestamp, myNick)
-	case irc.CmdJoin:
+	case "JOIN":
 		a.handleJoinEvent(msg, timestamp)
-	case irc.CmdPart:
+	case "PART":
 		a.handlePartEvent(msg, timestamp)
-	case irc.CmdQuit:
+	case "QUIT":
 		a.handleQuitEvent(msg, timestamp)
-	case irc.CmdNick:
+	case "NICK":
 		a.handleNickEvent(msg, timestamp, myNick)
-	case irc.CmdNotice:
+	case "NOTICE":
 		a.handleNoticeEvent(msg, timestamp)
-	case irc.CmdTopic:
+	case "TOPIC":
 		a.handleTopicEvent(msg, timestamp)
 	default:
 		a.handleDefaultEvent(msg, timestamp)

internal/config/config.go

@@ -13,14 +13,6 @@ import (
 	_ "github.com/joho/godotenv/autoload" // loads .env file
 )
 
-const defaultMOTD = ` _ __   ___  ___  (_)_ __ ___
-| '_ \ / _ \/ _ \ | | '__/ __|
-| | | |  __/ (_) || | | | (__
-|_| |_|\___|\___/ |_|_|  \___|
-
-Welcome to NeoIRC — IRC semantics over HTTP.
-Type /help for available commands.`
-
 // Params defines the dependencies for creating a Config.
 type Params struct {
 	fx.In
@@ -44,7 +36,6 @@ type Config struct {
 	ServerName         string
 	FederationKey      string
 	SessionIdleTimeout string
-	HashcashBits       int
 	params             *Params
 	log                *slog.Logger
 }
@@ -71,11 +62,10 @@ func New(
 	viper.SetDefault("METRICS_PASSWORD", "")
 	viper.SetDefault("MAX_HISTORY", "10000")
 	viper.SetDefault("MAX_MESSAGE_SIZE", "4096")
-	viper.SetDefault("MOTD", defaultMOTD)
+	viper.SetDefault("MOTD", "")
 	viper.SetDefault("SERVER_NAME", "")
 	viper.SetDefault("FEDERATION_KEY", "")
 	viper.SetDefault("SESSION_IDLE_TIMEOUT", "24h")
-	viper.SetDefault("NEOIRC_HASHCASH_BITS", "20")
 
 	err := viper.ReadInConfig()
 	if err != nil {
@@ -100,7 +90,6 @@ func New(
 		ServerName:         viper.GetString("SERVER_NAME"),
 		FederationKey:      viper.GetString("FEDERATION_KEY"),
 		SessionIdleTimeout: viper.GetString("SESSION_IDLE_TIMEOUT"),
-		HashcashBits:       viper.GetInt("NEOIRC_HASHCASH_BITS"),
 		log:                log,
 		params:             &params,
 	}

internal/db/queries.go

@@ -7,10 +7,8 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"strconv"
 	"time"
 
-	"git.eeqj.de/sneak/neoirc/internal/irc"
 	"github.com/google/uuid"
 )
 
@@ -35,25 +33,14 @@ func generateToken() (string, error) {
 type IRCMessage struct {
 	ID      string          `json:"id"`
 	Command string          `json:"command"`
-	Code    int             `json:"code,omitempty"`
 	From    string          `json:"from,omitempty"`
 	To      string          `json:"to,omitempty"`
-	Params  json.RawMessage `json:"params,omitempty"`
 	Body    json.RawMessage `json:"body,omitempty"`
 	TS      string          `json:"ts"`
 	Meta    json.RawMessage `json:"meta,omitempty"`
 	DBID    int64           `json:"-"`
 }
 
-// isNumericCode returns true if s is exactly a 3-digit
-// IRC numeric reply code.
-func isNumericCode(s string) bool {
-	return len(s) == 3 &&
-		s[0] >= '0' && s[0] <= '9' &&
-		s[1] >= '0' && s[1] <= '9' &&
-		s[2] >= '0' && s[2] <= '9'
-}
-
 // ChannelInfo is a lightweight channel representation.
 type ChannelInfo struct {
 	ID    int64  `json:"id"`
@@ -504,17 +491,12 @@ func (database *Database) GetSessionChannelIDs(
 func (database *Database) InsertMessage(
 	ctx context.Context,
 	command, from, target string,
-	params json.RawMessage,
 	body json.RawMessage,
 	meta json.RawMessage,
 ) (int64, string, error) {
 	msgUUID := uuid.New().String()
 	now := time.Now().UTC()
 
-	if params == nil {
-		params = json.RawMessage("[]")
-	}
-
 	if body == nil {
 		body = json.RawMessage("[]")
 	}
@@ -526,10 +508,10 @@ func (database *Database) InsertMessage(
 	res, err := database.conn.ExecContext(ctx,
 		`INSERT INTO messages
 		 (uuid, command, msg_from, msg_to,
-		  params, body, meta, created_at)
+		  body, meta, created_at)
-		 VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+		 VALUES (?, ?, ?, ?, ?, ?, ?)`,
 		msgUUID, command, from, target,
-		string(params), string(body), string(meta), now)
+		string(body), string(meta), now)
 	if err != nil {
 		return 0, "", fmt.Errorf(
 			"insert message: %w", err,
@@ -596,7 +578,7 @@ func (database *Database) PollMessages(
 	rows, err := database.conn.QueryContext(ctx,
 		`SELECT cq.id, m.uuid, m.command,
 		   m.msg_from, m.msg_to,
-		   m.params, m.body, m.meta, m.created_at
+		   m.body, m.meta, m.created_at
 		 FROM client_queues cq
 		 INNER JOIN messages m
 		   ON m.id = cq.message_id
@@ -660,7 +642,7 @@ func (database *Database) queryHistory(
 	if beforeID > 0 {
 		rows, err := database.conn.QueryContext(ctx,
 			`SELECT id, uuid, command, msg_from,
-			   msg_to, params, body, meta, created_at
+			   msg_to, body, meta, created_at
 			 FROM messages
 			 WHERE msg_to = ? AND id < ?
 			   AND command = 'PRIVMSG'
@@ -677,7 +659,7 @@ func (database *Database) queryHistory(
 
 	rows, err := database.conn.QueryContext(ctx,
 		`SELECT id, uuid, command, msg_from,
-		   msg_to, params, body, meta, created_at
+		   msg_to, body, meta, created_at
 		 FROM messages
 		 WHERE msg_to = ?
 		   AND command = 'PRIVMSG'
@@ -704,14 +686,14 @@ func scanMessages(
 		var (
 			msg        IRCMessage
 			qID        int64
-			params, body, meta string
+			body, meta string
 			createdAt  time.Time
 		)
 
 		err := rows.Scan(
 			&qID, &msg.ID, &msg.Command,
 			&msg.From, &msg.To,
-			&params, &body, &meta, &createdAt,
+			&body, &meta, &createdAt,
 		)
 		if err != nil {
 			return nil, fallbackQID, fmt.Errorf(
@@ -719,25 +701,12 @@ func scanMessages(
 			)
 		}
 
-		if params != "" && params != "[]" {
-			msg.Params = json.RawMessage(params)
-		}
-
 		msg.Body = json.RawMessage(body)
 		msg.Meta = json.RawMessage(meta)
 		msg.TS = createdAt.Format(time.RFC3339Nano)
 		msg.DBID = qID
 		lastQID = qID
 
-		if isNumericCode(msg.Command) {
-			code, _ := strconv.Atoi(msg.Command)
-			msg.Code = code
-
-			if name := irc.Name(code); name != "" {
-				msg.Command = name
-			}
-		}
-
 		msgs = append(msgs, msg)
 	}
 
@@ -974,125 +943,3 @@ func (database *Database) GetSessionChannels(
 
 	return scanChannels(rows)
 }
-
-// GetChannelCount returns the total number of channels.
-func (database *Database) GetChannelCount(
-	ctx context.Context,
-) (int64, error) {
-	var count int64
-
-	err := database.conn.QueryRowContext(
-		ctx,
-		"SELECT COUNT(*) FROM channels",
-	).Scan(&count)
-	if err != nil {
-		return 0, fmt.Errorf(
-			"get channel count: %w", err,
-		)
-	}
-
-	return count, nil
-}
-
-// ChannelInfoFull contains extended channel information.
-type ChannelInfoFull struct {
-	ID          int64  `json:"id"`
-	Name        string `json:"name"`
-	Topic       string `json:"topic"`
-	MemberCount int64  `json:"memberCount"`
-}
-
-// ListAllChannelsWithCounts returns every channel
-// with its member count.
-func (database *Database) ListAllChannelsWithCounts(
-	ctx context.Context,
-) ([]ChannelInfoFull, error) {
-	rows, err := database.conn.QueryContext(ctx,
-		`SELECT c.id, c.name, c.topic,
-		   COUNT(cm.session_id) AS member_count
-		 FROM channels c
-		 LEFT JOIN channel_members cm
-		   ON cm.channel_id = c.id
-		 GROUP BY c.id
-		 ORDER BY c.name`)
-	if err != nil {
-		return nil, fmt.Errorf(
-			"list channels with counts: %w", err,
-		)
-	}
-
-	defer func() { _ = rows.Close() }()
-
-	var out []ChannelInfoFull
-
-	for rows.Next() {
-		var chanInfo ChannelInfoFull
-
-		err = rows.Scan(
-			&chanInfo.ID, &chanInfo.Name,
-			&chanInfo.Topic, &chanInfo.MemberCount,
-		)
-		if err != nil {
-			return nil, fmt.Errorf(
-				"scan channel full: %w", err,
-			)
-		}
-
-		out = append(out, chanInfo)
-	}
-
-	err = rows.Err()
-	if err != nil {
-		return nil, fmt.Errorf("rows error: %w", err)
-	}
-
-	if out == nil {
-		out = []ChannelInfoFull{}
-	}
-
-	return out, nil
-}
-
-// GetChannelCreatedAt returns the creation time of a
-// channel.
-func (database *Database) GetChannelCreatedAt(
-	ctx context.Context,
-	channelID int64,
-) (time.Time, error) {
-	var createdAt time.Time
-
-	err := database.conn.QueryRowContext(
-		ctx,
-		"SELECT created_at FROM channels WHERE id = ?",
-		channelID,
-	).Scan(&createdAt)
-	if err != nil {
-		return time.Time{}, fmt.Errorf(
-			"get channel created_at: %w", err,
-		)
-	}
-
-	return createdAt, nil
-}
-
-// GetSessionCreatedAt returns the creation time of a
-// session.
-func (database *Database) GetSessionCreatedAt(
-	ctx context.Context,
-	sessionID int64,
-) (time.Time, error) {
-	var createdAt time.Time
-
-	err := database.conn.QueryRowContext(
-		ctx,
-		"SELECT created_at FROM sessions WHERE id = ?",
-		sessionID,
-	).Scan(&createdAt)
-	if err != nil {
-		return time.Time{}, fmt.Errorf(
-			"get session created_at: %w", err,
-		)
-	}
-
-	return createdAt, nil
-}

internal/db/queries_test.go

@@ -383,7 +383,7 @@ func TestInsertMessage(t *testing.T) {
 	body := json.RawMessage(`["hello"]`)
 
 	dbID, msgUUID, err := database.InsertMessage(
-		ctx, "PRIVMSG", "poller", "#test", nil, body, nil,
+		ctx, "PRIVMSG", "poller", "#test", body, nil,
 	)
 	if err != nil {
 		t.Fatal(err)
@@ -417,7 +417,7 @@ func TestPollMessages(t *testing.T) {
 	body := json.RawMessage(`["hello"]`)
 
 	dbID, _, err := database.InsertMessage(
-		ctx, "PRIVMSG", "poller", "#test", nil, body, nil,
+		ctx, "PRIVMSG", "poller", "#test", body, nil,
 	)
 	if err != nil {
 		t.Fatal(err)
@@ -475,7 +475,7 @@ func TestGetHistory(t *testing.T) {
 	for range msgCount {
 		_, _, err := database.InsertMessage(
 			ctx, "PRIVMSG", "user", "#hist",
-			nil, json.RawMessage(`["msg"]`), nil,
+			json.RawMessage(`["msg"]`), nil,
 		)
 		if err != nil {
 			t.Fatal(err)
@@ -627,7 +627,7 @@ func TestEnqueueToClient(t *testing.T) {
 	body := json.RawMessage(`["test"]`)
 
 	dbID, _, err := database.InsertMessage(
-		ctx, "PRIVMSG", "sender", "#ch", nil, body, nil,
+		ctx, "PRIVMSG", "sender", "#ch", body, nil,
 	)
 	if err != nil {
 		t.Fatal(err)

internal/db/schema/001_initial.sql

@@ -50,7 +50,6 @@ CREATE TABLE IF NOT EXISTS messages (
     command TEXT NOT NULL DEFAULT 'PRIVMSG',
     msg_from TEXT NOT NULL DEFAULT '',
     msg_to TEXT NOT NULL DEFAULT '',
-    params TEXT NOT NULL DEFAULT '[]',
     body TEXT NOT NULL DEFAULT '[]',
     meta TEXT NOT NULL DEFAULT '{}',
     created_at DATETIME DEFAULT CURRENT_TIMESTAMP

internal/globals/globals.go

@@ -2,8 +2,6 @@
 package globals
 
 import (
-	"time"
-
 	"go.uber.org/fx"
 )
 
@@ -19,16 +17,14 @@ var (
 type Globals struct {
 	Appname string
 	Version string
-	StartTime time.Time
 }
 
 // New creates a new Globals instance from the global state.
 func New(_ fx.Lifecycle) (*Globals, error) {
-	result := &Globals{
+	n := &Globals{
 		Appname: Appname,
 		Version: Version,
-		StartTime: time.Now(),
 	}
 
-	return result, nil
+	return n, nil
 }

internal/handlers/api_test.go

@@ -12,7 +12,6 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"sync"
 	"testing"
@@ -85,7 +84,6 @@ func newTestServer(
 
 				cfg.DBURL = dbURL
 				cfg.Port = 0
-				cfg.HashcashBits = 0
 
 				return cfg, nil
 			},
@@ -119,7 +117,6 @@ func newTestGlobals() *globals.Globals {
 	return &globals.Globals{
 		Appname: "neoirc-test",
 		Version: "test",
-		StartTime: time.Now(),
 	}
 }
 
@@ -465,22 +462,6 @@ func findMessage(
 	return false
 }
 
-func findNumeric(
-	msgs []map[string]any,
-	numeric string,
-) bool {
-	want, _ := strconv.Atoi(numeric)
-
-	for _, msg := range msgs {
-		code, ok := msg["code"].(float64)
-		if ok && int(code) == want {
-			return true
-		}
-	}
-
-	return false
-}
-
 // --- Tests ---
 
 func TestCreateSessionValid(t *testing.T) {
@@ -492,47 +473,6 @@ func TestCreateSessionValid(t *testing.T) {
 	}
 }
 
-func TestWelcomeNumeric(t *testing.T) {
-	tserver := newTestServer(t)
-	token := tserver.createSession("welcomer")
-
-	msgs, _ := tserver.pollMessages(token, 0)
-
-	if !findNumeric(msgs, "001") {
-		t.Fatalf(
-			"expected RPL_WELCOME (001), got %v",
-			msgs,
-		)
-	}
-}
-
-func TestJoinNumerics(t *testing.T) {
-	tserver := newTestServer(t)
-	token := tserver.createSession("jnumtest")
-
-	_, lastID := tserver.pollMessages(token, 0)
-
-	tserver.sendCommand(token, map[string]any{
-		commandKey: joinCmd, toKey: "#numtest",
-	})
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "353") {
-		t.Fatalf(
-			"expected RPL_NAMREPLY (353), got %v",
-			msgs,
-		)
-	}
-
-	if !findNumeric(msgs, "366") {
-		t.Fatalf(
-			"expected RPL_ENDOFNAMES (366), got %v",
-			msgs,
-		)
-	}
-}
-
 func TestCreateSessionDuplicate(t *testing.T) {
 	tserver := newTestServer(t)
 	tserver.createSession("alice")
@@ -728,23 +668,11 @@ func TestJoinMissingTo(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("joiner3")
 
-	// Drain initial MOTD/welcome numerics.
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(
 		token, map[string]any{commandKey: joinCmd},
 	)
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "461") {
-		t.Fatalf(
-			"expected ERR_NEEDMOREPARAMS (461), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -771,9 +699,9 @@ func TestChannelMessage(t *testing.T) {
 			bodyKey:    []string{"hello world"},
 		},
 	)
-	if status != http.StatusOK {
+	if status != http.StatusCreated {
 		t.Fatalf(
-			"expected 200, got %d: %v", status, result,
+			"expected 201, got %d: %v", status, result,
 		)
 	}
 
@@ -800,22 +728,11 @@ func TestMessageMissingBody(t *testing.T) {
 		commandKey: joinCmd, toKey: "#test",
 	})
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: privmsgCmd, toKey: "#test",
 	})
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "461") {
-		t.Fatalf(
-			"expected ERR_NEEDMOREPARAMS (461), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -823,23 +740,12 @@ func TestMessageMissingTo(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("noto")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: privmsgCmd,
 		bodyKey:    []string{"hello"},
 	})
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "461") {
-		t.Fatalf(
-			"expected ERR_NEEDMOREPARAMS (461), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -853,8 +759,6 @@ func TestNonMemberCannotSend(t *testing.T) {
 		commandKey: joinCmd, toKey: "#private",
 	})
 
-	_, lastID := tserver.pollMessages(aliceToken, 0)
-
 	// Alice tries to send without joining.
 	status, _ := tserver.sendCommand(
 		aliceToken,
@@ -864,17 +768,8 @@ func TestNonMemberCannotSend(t *testing.T) {
 			bodyKey:    []string{"sneaky"},
 		},
 	)
-	if status != http.StatusOK {
+	if status != http.StatusForbidden {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 403, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(aliceToken, lastID)
-
-	if !findNumeric(msgs, "442") {
-		t.Fatalf(
-			"expected ERR_NOTONCHANNEL (442), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -891,9 +786,9 @@ func TestDirectMessage(t *testing.T) {
 			bodyKey:    []string{"hey bob"},
 		},
 	)
-	if status != http.StatusOK {
+	if status != http.StatusCreated {
 		t.Fatalf(
-			"expected 200, got %d: %v", status, result,
+			"expected 201, got %d: %v", status, result,
 		)
 	}
 
@@ -923,24 +818,13 @@ func TestDMToNonexistentUser(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("dmsender")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: privmsgCmd,
 		toKey:      "nobody",
 		bodyKey:    []string{"hello?"},
 	})
-	if status != http.StatusOK {
+	if status != http.StatusNotFound {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 404, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "401") {
-		t.Fatalf(
-			"expected ERR_NOSUCHNICK (401), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -987,23 +871,12 @@ func TestNickCollision(t *testing.T) {
 
 	tserver.createSession("taken_nick")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: "NICK",
 		bodyKey:    []string{"taken_nick"},
 	})
-	if status != http.StatusOK {
+	if status != http.StatusConflict {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 409, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "433") {
-		t.Fatalf(
-			"expected ERR_NICKNAMEINUSE (433), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -1011,23 +884,12 @@ func TestNickInvalid(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("nickval")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: "NICK",
 		bodyKey:    []string{"bad nick!"},
 	})
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "432") {
-		t.Fatalf(
-			"expected ERR_ERRONEUSNICKNAME (432), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -1035,22 +897,11 @@ func TestNickEmptyBody(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("nicknobody")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(
 		token, map[string]any{commandKey: "NICK"},
 	)
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "461") {
-		t.Fatalf(
-			"expected ERR_NEEDMOREPARAMS (461), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -1087,23 +938,12 @@ func TestTopicMissingTo(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("topicnoto")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: "TOPIC",
 		bodyKey:    []string{"topic"},
 	})
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "461") {
-		t.Fatalf(
-			"expected ERR_NEEDMOREPARAMS (461), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -1115,22 +955,11 @@ func TestTopicMissingBody(t *testing.T) {
 		commandKey: joinCmd, toKey: "#topictest",
 	})
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(token, map[string]any{
 		commandKey: "TOPIC", toKey: "#topictest",
 	})
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "461") {
-		t.Fatalf(
-			"expected ERR_NEEDMOREPARAMS (461), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -1198,22 +1027,11 @@ func TestUnknownCommand(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("cmdtest")
 
-	_, lastID := tserver.pollMessages(token, 0)
-
 	status, _ := tserver.sendCommand(
 		token, map[string]any{commandKey: "BOGUS"},
 	)
-	if status != http.StatusOK {
+	if status != http.StatusBadRequest {
-		t.Fatalf("expected 200, got %d", status)
+		t.Fatalf("expected 400, got %d", status)
-	}
-
-	msgs, _ := tserver.pollMessages(token, lastID)
-
-	if !findNumeric(msgs, "421") {
-		t.Fatalf(
-			"expected ERR_UNKNOWNCOMMAND (421), got %v",
-			msgs,
-		)
 	}
 }
 
@@ -1460,18 +1278,12 @@ func TestLongPollTimeout(t *testing.T) {
 	tserver := newTestServer(t)
 	token := tserver.createSession("lp_timeout")
 
-	// Drain initial welcome/MOTD numerics.
-	_, lastID := tserver.pollMessages(token, 0)
-
 	start := time.Now()
 
 	resp, err := doRequestAuth(
 		t,
 		http.MethodGet,
-		tserver.url(fmt.Sprintf(
+		tserver.url(apiMessages+"?timeout=1"),
-			"%s?timeout=1&after=%d",
-			apiMessages, lastID,
-		)),
 		token,
 		nil,
 	)

internal/handlers/auth.go

@@ -80,7 +80,7 @@ func (hdlr *Handlers) handleRegister(
 		return
 	}
 
-	hdlr.deliverMOTD(request, clientID, sessionID, payload.Nick)
+	hdlr.deliverMOTD(request, clientID, sessionID)
 
 	hdlr.respondJSON(writer, request, map[string]any{
 		"id":    sessionID,
@@ -162,7 +162,7 @@ func (hdlr *Handlers) handleLogin(
 		return
 	}
 
-	sessionID, clientID, token, err :=
+	sessionID, _, token, err :=
 		hdlr.params.Database.LoginUser(
 			request.Context(),
 			payload.Nick,
@@ -178,10 +178,6 @@ func (hdlr *Handlers) handleLogin(
 		return
 	}
 
-	hdlr.deliverMOTD(
-		request, clientID, sessionID, payload.Nick,
-	)
-
 	hdlr.respondJSON(writer, request, map[string]any{
 		"id":    sessionID,
 		"nick":  payload.Nick,

internal/handlers/handlers.go

@@ -13,7 +13,6 @@ import (
 	"git.eeqj.de/sneak/neoirc/internal/config"
 	"git.eeqj.de/sneak/neoirc/internal/db"
 	"git.eeqj.de/sneak/neoirc/internal/globals"
-	"git.eeqj.de/sneak/neoirc/internal/hashcash"
 	"git.eeqj.de/sneak/neoirc/internal/healthcheck"
 	"git.eeqj.de/sneak/neoirc/internal/logger"
 	"go.uber.org/fx"
@@ -40,7 +39,6 @@ type Handlers struct {
 	log           *slog.Logger
 	hc            *healthcheck.Healthcheck
 	broker        *broker.Broker
-	hashcashVal   *hashcash.Validator
 	cancelCleanup context.CancelFunc
 }
 
@@ -49,17 +47,11 @@ func New(
 	lifecycle fx.Lifecycle,
 	params Params,
 ) (*Handlers, error) {
-	resource := params.Config.ServerName
-	if resource == "" {
-		resource = "neoirc"
-	}
-
 	hdlr := &Handlers{ //nolint:exhaustruct // cancelCleanup set in startCleanup
 		params: &params,
 		log:    params.Logger.Get(),
 		hc:     params.Healthcheck,
 		broker: broker.New(),
-		hashcashVal: hashcash.NewValidator(resource),
 	}
 
 	lifecycle.Append(fx.Hook{

internal/hashcash/hashcash.go

@@ -1,277 +0,0 @@
-// Package hashcash implements SHA-256-based hashcash
-// proof-of-work validation for abuse prevention.
-//
-// Stamp format: 1:bits:YYMMDD:resource::counter.
-//
-// The SHA-256 hash of the entire stamp string must have
-// at least `bits` leading zero bits.
-package hashcash
-
-import (
-	"crypto/sha256"
-	"errors"
-	"fmt"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-)
-
-const (
-	// stampVersion is the only supported hashcash version.
-	stampVersion = "1"
-	// stampFields is the number of fields in a stamp.
-	stampFields = 6
-	// maxStampAge is how old a stamp can be before
-	// rejection.
-	maxStampAge = 48 * time.Hour
-	// maxFutureSkew allows stamps slightly in the future.
-	maxFutureSkew = 1 * time.Hour
-	// pruneInterval controls how often expired stamps are
-	// removed from the spent set.
-	pruneInterval = 10 * time.Minute
-	// dateFormatShort is the YYMMDD date layout.
-	dateFormatShort = "060102"
-	// dateFormatLong is the YYMMDDHHMMSS date layout.
-	dateFormatLong = "060102150405"
-	// dateShortLen is the length of YYMMDD.
-	dateShortLen = 6
-	// dateLongLen is the length of YYMMDDHHMMSS.
-	dateLongLen = 12
-	// bitsPerByte is the number of bits in a byte.
-	bitsPerByte = 8
-	// fullByteMask is 0xFF, a mask for all bits in a byte.
-	fullByteMask = 0xFF
-)
-
-var (
-	errInvalidFields    = errors.New("invalid stamp field count")
-	errBadVersion       = errors.New("unsupported stamp version")
-	errInsufficientBits = errors.New("insufficient difficulty")
-	errWrongResource    = errors.New("wrong resource")
-	errStampExpired     = errors.New("stamp expired")
-	errStampFuture      = errors.New("stamp date in future")
-	errProofFailed      = errors.New("proof-of-work failed")
-	errStampReused      = errors.New("stamp already used")
-	errBadDateFormat    = errors.New("unrecognized date format")
-)
-
-// Validator checks hashcash stamps for validity and
-// prevents replay attacks via an in-memory spent set.
-type Validator struct {
-	resource string
-	mu       sync.Mutex
-	spent    map[string]time.Time
-}
-
-// NewValidator creates a Validator for the given resource.
-func NewValidator(resource string) *Validator {
-	validator := &Validator{
-		resource: resource,
-		mu:       sync.Mutex{},
-		spent:    make(map[string]time.Time),
-	}
-
-	go validator.pruneLoop()
-
-	return validator
-}
-
-// Validate checks a hashcash stamp. It returns nil if the
-// stamp is valid and has not been seen before.
-func (v *Validator) Validate(
-	stamp string,
-	requiredBits int,
-) error {
-	if requiredBits <= 0 {
-		return nil
-	}
-
-	parts := strings.Split(stamp, ":")
-	if len(parts) != stampFields {
-		return fmt.Errorf(
-			"%w: expected %d, got %d",
-			errInvalidFields, stampFields, len(parts),
-		)
-	}
-
-	version := parts[0]
-	bitsStr := parts[1]
-	dateStr := parts[2]
-	resource := parts[3]
-
-	if err := v.validateHeader(
-		version, bitsStr, resource, requiredBits,
-	); err != nil {
-		return err
-	}
-
-	stampTime, err := parseStampDate(dateStr)
-	if err != nil {
-		return err
-	}
-
-	if err := validateTime(stampTime); err != nil {
-		return err
-	}
-
-	if err := validateProof(
-		stamp, requiredBits,
-	); err != nil {
-		return err
-	}
-
-	return v.checkAndRecordStamp(stamp, stampTime)
-}
-
-func (v *Validator) validateHeader(
-	version, bitsStr, resource string,
-	requiredBits int,
-) error {
-	if version != stampVersion {
-		return fmt.Errorf(
-			"%w: %s", errBadVersion, version,
-		)
-	}
-
-	claimedBits, err := strconv.Atoi(bitsStr)
-	if err != nil || claimedBits < requiredBits {
-		return fmt.Errorf(
-			"%w: need %d bits",
-			errInsufficientBits, requiredBits,
-		)
-	}
-
-	if resource != v.resource {
-		return fmt.Errorf(
-			"%w: got %q, want %q",
-			errWrongResource, resource, v.resource,
-		)
-	}
-
-	return nil
-}
-
-func validateTime(stampTime time.Time) error {
-	now := time.Now()
-
-	if now.Sub(stampTime) > maxStampAge {
-		return errStampExpired
-	}
-
-	if stampTime.Sub(now) > maxFutureSkew {
-		return errStampFuture
-	}
-
-	return nil
-}
-
-func validateProof(stamp string, requiredBits int) error {
-	hash := sha256.Sum256([]byte(stamp))
-	if !hasLeadingZeroBits(hash[:], requiredBits) {
-		return fmt.Errorf(
-			"%w: need %d leading zero bits",
-			errProofFailed, requiredBits,
-		)
-	}
-
-	return nil
-}
-
-func (v *Validator) checkAndRecordStamp(
-	stamp string,
-	stampTime time.Time,
-) error {
-	v.mu.Lock()
-	defer v.mu.Unlock()
-
-	if _, ok := v.spent[stamp]; ok {
-		return errStampReused
-	}
-
-	v.spent[stamp] = stampTime
-
-	return nil
-}
-
-// hasLeadingZeroBits checks if the hash has at least n
-// leading zero bits.
-func hasLeadingZeroBits(hash []byte, numBits int) bool {
-	fullBytes := numBits / bitsPerByte
-	remainBits := numBits % bitsPerByte
-
-	for idx := range fullBytes {
-		if hash[idx] != 0 {
-			return false
-		}
-	}
-
-	if remainBits > 0 && fullBytes < len(hash) {
-		mask := byte(
-			fullByteMask << (bitsPerByte - remainBits),
-		)
-
-		if hash[fullBytes]&mask != 0 {
-			return false
-		}
-	}
-
-	return true
-}
-
-// parseStampDate parses a hashcash date stamp.
-// Supports YYMMDD and YYMMDDHHMMSS formats.
-func parseStampDate(dateStr string) (time.Time, error) {
-	switch len(dateStr) {
-	case dateShortLen:
-		parsed, err := time.Parse(
-			dateFormatShort, dateStr,
-		)
-		if err != nil {
-			return time.Time{}, fmt.Errorf(
-				"parse date: %w", err,
-			)
-		}
-
-		return parsed, nil
-	case dateLongLen:
-		parsed, err := time.Parse(
-			dateFormatLong, dateStr,
-		)
-		if err != nil {
-			return time.Time{}, fmt.Errorf(
-				"parse date: %w", err,
-			)
-		}
-
-		return parsed, nil
-	default:
-		return time.Time{}, fmt.Errorf(
-			"%w: %q", errBadDateFormat, dateStr,
-		)
-	}
-}
-
-// pruneLoop periodically removes expired stamps from the
-// spent set.
-func (v *Validator) pruneLoop() {
-	ticker := time.NewTicker(pruneInterval)
-	defer ticker.Stop()
-
-	for range ticker.C {
-		v.prune()
-	}
-}
-
-func (v *Validator) prune() {
-	cutoff := time.Now().Add(-maxStampAge)
-
-	v.mu.Lock()
-	defer v.mu.Unlock()
-
-	for stamp, stampTime := range v.spent {
-		if stampTime.Before(cutoff) {
-			delete(v.spent, stamp)
-		}
-	}
-}

internal/irc/commands.go

@@ -1,21 +0,0 @@
-package irc
-
-// IRC command names (RFC 1459 / RFC 2812).
-const (
-	CmdJoin    = "JOIN"
-	CmdList    = "LIST"
-	CmdLusers  = "LUSERS"
-	CmdMode    = "MODE"
-	CmdMotd    = "MOTD"
-	CmdNames   = "NAMES"
-	CmdNick    = "NICK"
-	CmdNotice  = "NOTICE"
-	CmdPart    = "PART"
-	CmdPing    = "PING"
-	CmdPong    = "PONG"
-	CmdPrivmsg = "PRIVMSG"
-	CmdQuit    = "QUIT"
-	CmdTopic   = "TOPIC"
-	CmdWho     = "WHO"
-	CmdWhois   = "WHOIS"
-)

internal/irc/numerics.go

@@ -1,150 +0,0 @@
-// Package irc provides constants and utilities for the
-// IRC protocol, including numeric reply codes from
-// RFC 1459 and RFC 2812, and standard command names.
-package irc
-
-// Connection registration replies (001-005).
-const (
-	RplWelcome  = 1
-	RplYourHost = 2
-	RplCreated  = 3
-	RplMyInfo   = 4
-	RplIsupport = 5
-)
-
-// Command responses (200-399).
-const (
-	RplUmodeIs       = 221
-	RplLuserClient   = 251
-	RplLuserOp       = 252
-	RplLuserUnknown  = 253
-	RplLuserChannels = 254
-	RplLuserMe       = 255
-	RplAway          = 301
-	RplUserHost      = 302
-	RplIson          = 303
-	RplUnaway        = 305
-	RplNowAway       = 306
-	RplWhoisUser     = 311
-	RplWhoisServer   = 312
-	RplWhoisOperator = 313
-	RplEndOfWho      = 315
-	RplWhoisIdle     = 317
-	RplEndOfWhois    = 318
-	RplWhoisChannels = 319
-	RplList          = 322
-	RplListEnd       = 323
-	RplChannelModeIs = 324
-	RplCreationTime  = 329
-	RplNoTopic       = 331
-	RplTopic         = 332
-	RplTopicWhoTime  = 333
-	RplInviting      = 341
-	RplWhoReply      = 352
-	RplNamReply      = 353
-	RplEndOfNames    = 366
-	RplBanList       = 367
-	RplEndOfBanList  = 368
-	RplMotd          = 372
-	RplMotdStart     = 375
-	RplEndOfMotd     = 376
-)
-
-// Error replies (400-599).
-const (
-	ErrNoSuchNick        = 401
-	ErrNoSuchServer      = 402
-	ErrNoSuchChannel     = 403
-	ErrCannotSendToChan  = 404
-	ErrTooManyChannels   = 405
-	ErrNoRecipient       = 411
-	ErrNoTextToSend      = 412
-	ErrUnknownCommand    = 421
-	ErrNoNicknameGiven   = 431
-	ErrErroneusNickname  = 432
-	ErrNicknameInUse     = 433
-	ErrUserNotInChannel  = 441
-	ErrNotOnChannel      = 442
-	ErrNotRegistered     = 451
-	ErrNeedMoreParams    = 461
-	ErrAlreadyRegistered = 462
-	ErrChannelIsFull     = 471
-	ErrInviteOnlyChan    = 473
-	ErrBannedFromChan    = 474
-	ErrBadChannelKey     = 475
-	ErrChanOpPrivsNeeded = 482
-)
-
-// names maps numeric codes to their standard IRC names.
-//
-//nolint:gochecknoglobals
-var names = map[int]string{
-	RplWelcome:       "RPL_WELCOME",
-	RplYourHost:      "RPL_YOURHOST",
-	RplCreated:       "RPL_CREATED",
-	RplMyInfo:        "RPL_MYINFO",
-	RplIsupport:      "RPL_ISUPPORT",
-	RplUmodeIs:       "RPL_UMODEIS",
-	RplLuserClient:   "RPL_LUSERCLIENT",
-	RplLuserOp:       "RPL_LUSEROP",
-	RplLuserUnknown:  "RPL_LUSERUNKNOWN",
-	RplLuserChannels: "RPL_LUSERCHANNELS",
-	RplLuserMe:       "RPL_LUSERME",
-	RplAway:          "RPL_AWAY",
-	RplUserHost:      "RPL_USERHOST",
-	RplIson:          "RPL_ISON",
-	RplUnaway:        "RPL_UNAWAY",
-	RplNowAway:       "RPL_NOWAWAY",
-	RplWhoisUser:     "RPL_WHOISUSER",
-	RplWhoisServer:   "RPL_WHOISSERVER",
-	RplWhoisOperator: "RPL_WHOISOPERATOR",
-	RplEndOfWho:      "RPL_ENDOFWHO",
-	RplWhoisIdle:     "RPL_WHOISIDLE",
-	RplEndOfWhois:    "RPL_ENDOFWHOIS",
-	RplWhoisChannels: "RPL_WHOISCHANNELS",
-	RplList:          "RPL_LIST",
-	RplListEnd:       "RPL_LISTEND", //nolint:misspell
-	RplChannelModeIs: "RPL_CHANNELMODEIS",
-	RplCreationTime:  "RPL_CREATIONTIME",
-	RplNoTopic:       "RPL_NOTOPIC",
-	RplTopic:         "RPL_TOPIC",
-	RplTopicWhoTime:  "RPL_TOPICWHOTIME",
-	RplInviting:      "RPL_INVITING",
-	RplWhoReply:      "RPL_WHOREPLY",
-	RplNamReply:      "RPL_NAMREPLY",
-	RplEndOfNames:    "RPL_ENDOFNAMES",
-	RplBanList:       "RPL_BANLIST",
-	RplEndOfBanList:  "RPL_ENDOFBANLIST",
-	RplMotd:          "RPL_MOTD",
-	RplMotdStart:     "RPL_MOTDSTART",
-	RplEndOfMotd:     "RPL_ENDOFMOTD",
-
-	ErrNoSuchNick:        "ERR_NOSUCHNICK",
-	ErrNoSuchServer:      "ERR_NOSUCHSERVER",
-	ErrNoSuchChannel:     "ERR_NOSUCHCHANNEL",
-	ErrCannotSendToChan:  "ERR_CANNOTSENDTOCHAN",
-	ErrTooManyChannels:   "ERR_TOOMANYCHANNELS",
-	ErrNoRecipient:       "ERR_NORECIPIENT",
-	ErrNoTextToSend:      "ERR_NOTEXTTOSEND",
-	ErrUnknownCommand:    "ERR_UNKNOWNCOMMAND",
-	ErrNoNicknameGiven:   "ERR_NONICKNAMEGIVEN",
-	ErrErroneusNickname:  "ERR_ERRONEUSNICKNAME",
-	ErrNicknameInUse:     "ERR_NICKNAMEINUSE",
-	ErrUserNotInChannel:  "ERR_USERNOTINCHANNEL",
-	ErrNotOnChannel:      "ERR_NOTONCHANNEL",
-	ErrNotRegistered:     "ERR_NOTREGISTERED",
-	ErrNeedMoreParams:    "ERR_NEEDMOREPARAMS",
-	ErrAlreadyRegistered: "ERR_ALREADYREGISTERED",
-	ErrChannelIsFull:     "ERR_CHANNELISFULL",
-	ErrInviteOnlyChan:    "ERR_INVITEONLYCHAN",
-	ErrBannedFromChan:    "ERR_BANNEDFROMCHAN",
-	ErrBadChannelKey:     "ERR_BADCHANNELKEY",
-	ErrChanOpPrivsNeeded: "ERR_CHANOPRIVSNEEDED",
-}
-
-// Name returns the standard IRC name for a numeric code
-// (e.g., Name(2) returns "RPL_YOURHOST"). Returns an
-// empty string if the code is unknown.
-func Name(code int) string {
-	return names[code]
-}

web/dist/index.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>NeoIRC</title>
+  <link rel="stylesheet" href="/style.css">
+</head>
+<body>
+  <div id="root"></div>
+  <script type="module" src="/app.js"></script>
+</body>
+</html>

web/dist/style.css

@@ -0,0 +1,431 @@
+* {
+  margin: 0;
+  padding: 0;
+  box-sizing: border-box;
+}
+
+:root {
+  --bg: #0a0e14;
+  --bg-secondary: #0d1117;
+  --bg-input: #161b22;
+  --bg-highlight: #1a2030;
+  --text: #c9d1d9;
+  --text-muted: #6e7681;
+  --accent: #58a6ff;
+  --accent-dim: #1f6feb;
+  --border: #21262d;
+  --nick: #79c0ff;
+  --timestamp: #484f58;
+  --tab-active: #58a6ff;
+  --tab-bg: #0d1117;
+  --tab-hover: #161b22;
+  --topic-bg: #0d1117;
+  --unread-bg: #da3633;
+  --warn: #d29922;
+  --op-color: #f0883e;
+  --voice-color: #3fb950;
+  --action-color: #bc8cff;
+  --system-color: #484f58;
+}
+
+html,
+body,
+#root {
+  height: 100%;
+  font-family: 'JetBrains Mono', 'Fira Code', 'Cascadia Code', 'Courier New',
+    Courier, monospace;
+  font-size: 13px;
+  background: var(--bg);
+  color: var(--text);
+}
+
+/* Login screen */
+.login-screen {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  gap: 16px;
+}
+
+.login-screen h1 {
+  color: var(--accent);
+  font-size: 2em;
+}
+
+.login-screen input {
+  padding: 10px 16px;
+  font-size: 16px;
+  font-family: inherit;
+  background: var(--bg-input);
+  border: 1px solid var(--border);
+  color: var(--text);
+  border-radius: 4px;
+  width: 280px;
+}
+
+.login-screen button {
+  padding: 10px 24px;
+  font-size: 16px;
+  font-family: inherit;
+  background: var(--accent-dim);
+  border: none;
+  color: white;
+  border-radius: 4px;
+  cursor: pointer;
+}
+
+.login-screen button:hover {
+  background: var(--accent);
+}
+
+.login-screen .error {
+  color: var(--unread-bg);
+}
+
+.login-screen .motd {
+  color: var(--text-muted);
+  max-width: 400px;
+  text-align: center;
+  white-space: pre-wrap;
+}
+
+/* Main layout */
+.app {
+  display: flex;
+  flex-direction: column;
+  height: 100%;
+}
+
+/* Tab bar */
+.tab-bar {
+  display: flex;
+  background: var(--bg-secondary);
+  border-bottom: 1px solid var(--border);
+  overflow-x: auto;
+  flex-shrink: 0;
+  align-items: stretch;
+  min-height: 32px;
+}
+
+.tab-bar::-webkit-scrollbar {
+  height: 2px;
+}
+
+.tab-bar::-webkit-scrollbar-thumb {
+  background: var(--border);
+}
+
+.tab {
+  display: flex;
+  align-items: center;
+  padding: 6px 12px;
+  cursor: pointer;
+  border-bottom: 2px solid transparent;
+  white-space: nowrap;
+  color: var(--text-muted);
+  user-select: none;
+  font-size: 12px;
+  gap: 6px;
+  transition:
+    background 0.1s,
+    color 0.1s;
+}
+
+.tab:hover {
+  background: var(--tab-hover);
+  color: var(--text);
+}
+
+.tab.active {
+  color: var(--text);
+  border-bottom-color: var(--tab-active);
+  background: var(--bg-highlight);
+}
+
+.tab.server {
+  font-weight: bold;
+}
+
+.tab .tab-name {
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.tab .close-btn {
+  color: var(--text-muted);
+  font-size: 14px;
+  line-height: 1;
+  flex-shrink: 0;
+}
+
+.tab .close-btn:hover {
+  color: var(--unread-bg);
+}
+
+.tab .unread-badge {
+  display: inline-block;
+  background: var(--unread-bg);
+  color: white;
+  font-size: 10px;
+  font-weight: bold;
+  padding: 0 5px;
+  border-radius: 8px;
+  min-width: 16px;
+  text-align: center;
+  line-height: 16px;
+  flex-shrink: 0;
+}
+
+/* Connection status */
+.connection-status {
+  display: flex;
+  align-items: center;
+  padding: 0 12px;
+  background: var(--warn);
+  color: var(--bg);
+  font-size: 11px;
+  font-weight: bold;
+  white-space: nowrap;
+  flex-shrink: 0;
+}
+
+/* Topic bar */
+.topic-bar {
+  padding: 4px 12px;
+  background: var(--topic-bg);
+  border-bottom: 1px solid var(--border);
+  color: var(--text-muted);
+  font-size: 12px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  flex-shrink: 0;
+}
+
+.topic-bar .topic-label {
+  color: var(--accent);
+  font-weight: bold;
+}
+
+/* Content area */
+.content {
+  display: flex;
+  flex: 1;
+  overflow: hidden;
+}
+
+/* Messages */
+.messages-pane {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  min-width: 0;
+}
+
+.messages {
+  flex: 1;
+  overflow-y: auto;
+  padding: 4px 0;
+}
+
+.messages::-webkit-scrollbar {
+  width: 6px;
+}
+
+.messages::-webkit-scrollbar-thumb {
+  background: var(--border);
+  border-radius: 3px;
+}
+
+.message {
+  padding: 1px 12px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.message:hover {
+  background: var(--bg-highlight);
+}
+
+.message .timestamp {
+  color: var(--timestamp);
+  font-size: 11px;
+  margin-right: 6px;
+}
+
+.message .nick {
+  font-weight: bold;
+  margin-right: 6px;
+}
+
+.message .nick::before {
+  content: '<';
+  color: var(--text-muted);
+}
+
+.message .nick::after {
+  content: '>';
+  color: var(--text-muted);
+}
+
+.message.system {
+  color: var(--system-color);
+  font-style: italic;
+}
+
+.message.system .timestamp {
+  color: var(--timestamp);
+}
+
+.message.system .content::before {
+  content: '*** ';
+}
+
+.message.action {
+  color: var(--action-color);
+}
+
+.message.action .timestamp {
+  color: var(--timestamp);
+}
+
+.message.action .action-nick {
+  font-weight: bold;
+}
+
+/* Input bar — full width at bottom */
+.input-bar {
+  display: flex;
+  align-items: center;
+  border-top: 1px solid var(--border);
+  background: var(--bg-secondary);
+  flex-shrink: 0;
+}
+
+.input-bar .input-nick {
+  padding: 0 8px 0 12px;
+  color: var(--accent);
+  font-weight: bold;
+  white-space: nowrap;
+  flex-shrink: 0;
+  font-size: 13px;
+}
+
+.input-bar .input-nick::after {
+  content: '>';
+  color: var(--text-muted);
+  margin-left: 1px;
+}
+
+.input-bar input {
+  flex: 1;
+  padding: 8px 8px;
+  font-family: inherit;
+  font-size: 13px;
+  background: transparent;
+  border: none;
+  color: var(--text);
+  outline: none;
+}
+
+.input-bar input::placeholder {
+  color: var(--text-muted);
+}
+
+/* User list */
+.user-list {
+  width: 170px;
+  background: var(--bg-secondary);
+  border-left: 1px solid var(--border);
+  display: flex;
+  flex-direction: column;
+  flex-shrink: 0;
+}
+
+.user-list-header {
+  padding: 6px 10px;
+  color: var(--text-muted);
+  font-size: 11px;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  border-bottom: 1px solid var(--border);
+  font-weight: bold;
+  flex-shrink: 0;
+}
+
+.user-list-entries {
+  overflow-y: auto;
+  flex: 1;
+  padding: 4px 0;
+}
+
+.user-list-entries::-webkit-scrollbar {
+  width: 4px;
+}
+
+.user-list-entries::-webkit-scrollbar-thumb {
+  background: var(--border);
+}
+
+.user-list .user {
+  padding: 2px 10px;
+  font-size: 12px;
+  cursor: pointer;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  color: var(--text);
+}
+
+.user-list .user:hover {
+  background: var(--tab-hover);
+}
+
+.user-list .user.op {
+  color: var(--op-color);
+}
+
+.user-list .user.voice {
+  color: var(--voice-color);
+}
+
+/* Server tab messages */
+.server-messages {
+  color: var(--text-muted);
+  padding: 8px 12px;
+  white-space: pre-wrap;
+  overflow-y: auto;
+  flex: 1;
+}
+
+.server-messages .message {
+  padding: 1px 0;
+}
+
+.server-messages .message:hover {
+  background: var(--bg-highlight);
+}
+
+/* Responsive */
+@media (max-width: 600px) {
+  .user-list {
+    display: none;
+  }
+
+  .tab {
+    padding: 5px 8px;
+    font-size: 11px;
+  }
+
+  .input-bar .input-nick {
+    padding-left: 8px;
+    font-size: 12px;
+  }
+
+  .input-bar input {
+    font-size: 12px;
+  }
+}

web/src/style.css

@@ -6,282 +6,218 @@
 
 :root {
   --bg: #0a0e14;
-  --bg-panel: #0d1117;
+  --bg-secondary: #0d1117;
-  --bg-input: #0d1117;
+  --bg-input: #161b22;
-  --bg-tab: #161b22;
+  --bg-highlight: #1a2030;
-  --bg-tab-active: #0d1117;
-  --bg-topic: #0d1117;
   --text: #c9d1d9;
-  --text-dim: #6e7681;
+  --text-muted: #6e7681;
-  --text-bright: #e6edf3;
   --accent: #58a6ff;
   --accent-dim: #1f6feb;
   --border: #21262d;
-  --system: #7d8590;
+  --nick: #79c0ff;
-  --action: #d2a8ff;
-  --warn: #d29922;
-  --error: #f85149;
-  --unread: #f0883e;
-  --nick-brackets: #6e7681;
   --timestamp: #484f58;
-  --input-bg: #161b22;
+  --tab-active: #58a6ff;
-  --prompt: #3fb950;
+  --tab-bg: #0d1117;
-  --tab-indicator: #58a6ff;
+  --tab-hover: #161b22;
-  --user-list-bg: #0d1117;
+  --topic-bg: #0d1117;
-  --user-list-header: #484f58;
+  --unread-bg: #da3633;
+  --warn: #d29922;
+  --op-color: #f0883e;
+  --voice-color: #3fb950;
+  --action-color: #bc8cff;
+  --system-color: #484f58;
 }
 
 html,
 body,
 #root {
   height: 100%;
-  font-family: "JetBrains Mono", "Cascadia Code", "Fira Code", "SF Mono",
+  font-family: 'JetBrains Mono', 'Fira Code', 'Cascadia Code', 'Courier New',
-    "Consolas", "Liberation Mono", "Courier New", monospace;
+    Courier, monospace;
   font-size: 13px;
   background: var(--bg);
   color: var(--text);
-  overflow: hidden;
 }
 
-/* ============================================
+/* Login screen */
-   Login Screen
-   ============================================ */
-
 .login-screen {
   display: flex;
+  flex-direction: column;
   align-items: center;
   justify-content: center;
   height: 100%;
-  background: var(--bg);
+  gap: 16px;
 }
 
-.login-box {
+.login-screen h1 {
-  text-align: center;
-  max-width: 360px;
-  width: 100%;
-  padding: 32px;
-}
-
-.login-box h1 {
   color: var(--accent);
-  font-size: 1.8em;
+  font-size: 2em;
-  margin-bottom: 16px;
-  font-weight: 400;
 }
 
-.login-box .motd {
+.login-screen input {
-  color: var(--accent);
+  padding: 10px 16px;
-  font-size: 11px;
+  font-size: 16px;
-  margin-bottom: 20px;
-  text-align: left;
-  white-space: pre;
   font-family: inherit;
-  line-height: 1.2;
+  background: var(--bg-input);
-  overflow-x: auto;
-}
-
-.login-box form {
-  display: flex;
-  flex-direction: column;
-  gap: 8px;
-  align-items: stretch;
-}
-
-.login-box label {
-  color: var(--text-dim);
-  text-align: left;
-  font-size: 12px;
-}
-
-.login-box input {
-  padding: 8px 12px;
-  font-family: inherit;
-  font-size: 14px;
-  background: var(--input-bg);
   border: 1px solid var(--border);
-  color: var(--text-bright);
+  color: var(--text);
-  border-radius: 3px;
+  border-radius: 4px;
-  outline: none;
+  width: 280px;
 }
 
-.login-box input:focus {
+.login-screen button {
-  border-color: var(--accent-dim);
+  padding: 10px 24px;
-}
+  font-size: 16px;
-
-.login-box button {
-  padding: 8px 16px;
   font-family: inherit;
-  font-size: 14px;
   background: var(--accent-dim);
   border: none;
-  color: var(--text-bright);
+  color: white;
-  border-radius: 3px;
+  border-radius: 4px;
   cursor: pointer;
-  margin-top: 4px;
 }
 
-.login-box button:hover {
+.login-screen button:hover {
   background: var(--accent);
 }
 
-.login-box .error {
+.login-screen .error {
-  color: var(--error);
+  color: var(--unread-bg);
-  font-size: 12px;
-  margin-top: 8px;
 }
 
-/* ============================================
+.login-screen .motd {
-   IRC App Layout
+  color: var(--text-muted);
-   ============================================ */
+  max-width: 400px;
+  text-align: center;
+  white-space: pre-wrap;
+}
 
-.irc-app {
+/* Main layout */
+.app {
   display: flex;
   flex-direction: column;
   height: 100%;
-  overflow: hidden;
 }
 
-/* ============================================
+/* Tab bar */
-   Tab Bar
-   ============================================ */
-
 .tab-bar {
   display: flex;
-  background: var(--bg-tab);
+  background: var(--bg-secondary);
   border-bottom: 1px solid var(--border);
-  flex-shrink: 0;
-  height: 32px;
-  align-items: stretch;
-}
-
-.tabs {
-  display: flex;
   overflow-x: auto;
-  flex: 1;
+  flex-shrink: 0;
-  scrollbar-width: none;
+  align-items: stretch;
+  min-height: 32px;
 }
 
-.tabs::-webkit-scrollbar {
+.tab-bar::-webkit-scrollbar {
-  display: none;
+  height: 2px;
+}
+
+.tab-bar::-webkit-scrollbar-thumb {
+  background: var(--border);
 }
 
 .tab {
   display: flex;
   align-items: center;
-  padding: 0 12px;
+  padding: 6px 12px;
   cursor: pointer;
-  color: var(--text-dim);
+  border-bottom: 2px solid transparent;
   white-space: nowrap;
+  color: var(--text-muted);
   user-select: none;
-  border-right: 1px solid var(--border);
   font-size: 12px;
-  gap: 4px;
+  gap: 6px;
-  position: relative;
+  transition:
+    background 0.1s,
+    color 0.1s;
 }
 
 .tab:hover {
+  background: var(--tab-hover);
   color: var(--text);
-  background: rgba(255, 255, 255, 0.03);
 }
 
 .tab.active {
-  color: var(--text-bright);
+  color: var(--text);
-  background: var(--bg-tab-active);
+  border-bottom-color: var(--tab-active);
-  border-bottom: 2px solid var(--tab-indicator);
+  background: var(--bg-highlight);
-  margin-bottom: -1px;
 }
 
-.tab.has-unread .tab-label {
+.tab.server {
-  color: var(--unread);
   font-weight: bold;
 }
 
-.tab .unread-count {
+.tab .tab-name {
-  color: var(--unread);
+  overflow: hidden;
-  font-size: 11px;
+  text-overflow: ellipsis;
-  font-weight: bold;
 }
 
-.tab-close {
+.tab .close-btn {
-  color: var(--text-dim);
+  color: var(--text-muted);
   font-size: 14px;
   line-height: 1;
-  margin-left: 2px;
+  flex-shrink: 0;
 }
 
-.tab-close:hover {
+.tab .close-btn:hover {
-  color: var(--error);
+  color: var(--unread-bg);
 }
 
-.status-area {
+.tab .unread-badge {
+  display: inline-block;
+  background: var(--unread-bg);
+  color: white;
+  font-size: 10px;
+  font-weight: bold;
+  padding: 0 5px;
+  border-radius: 8px;
+  min-width: 16px;
+  text-align: center;
+  line-height: 16px;
+  flex-shrink: 0;
+}
+
+/* Connection status */
+.connection-status {
   display: flex;
   align-items: center;
-  gap: 10px;
   padding: 0 12px;
-  flex-shrink: 0;
+  background: var(--warn);
-  font-size: 12px;
+  color: var(--bg);
-}
+  font-size: 11px;
-
-.status-nick {
-  color: var(--accent);
   font-weight: bold;
+  white-space: nowrap;
+  flex-shrink: 0;
 }
 
-.status-warn {
+/* Topic bar */
-  color: var(--warn);
-  animation: blink 1.5s ease-in-out infinite;
-}
-
-@keyframes blink {
-  0%,
-  100% {
-    opacity: 1;
-  }
-  50% {
-    opacity: 0.4;
-  }
-}
-
-/* ============================================
-   Topic Bar
-   ============================================ */
-
 .topic-bar {
   padding: 4px 12px;
-  background: var(--bg-topic);
+  background: var(--topic-bg);
   border-bottom: 1px solid var(--border);
+  color: var(--text-muted);
   font-size: 12px;
   white-space: nowrap;
   overflow: hidden;
   text-overflow: ellipsis;
   flex-shrink: 0;
-  line-height: 1.5;
 }
 
-.topic-label {
+.topic-bar .topic-label {
-  color: var(--text-dim);
+  color: var(--accent);
+  font-weight: bold;
 }
 
-.topic-text {
+/* Content area */
-  color: var(--text);
+.content {
-}
-
-/* ============================================
-   Main Content Area
-   ============================================ */
-
-.main-area {
   display: flex;
   flex: 1;
   overflow: hidden;
-  min-height: 0;
 }
 
-/* ============================================
+/* Messages */
-   Messages Panel
+.messages-pane {
-   ============================================ */
-
-.messages-panel {
   flex: 1;
   display: flex;
   flex-direction: column;
@@ -289,178 +225,207 @@ body,
   min-width: 0;
 }
 
-.messages-scroll {
+.messages {
   flex: 1;
   overflow-y: auto;
-  padding: 4px 8px;
+  padding: 4px 0;
-  scrollbar-width: thin;
-  scrollbar-color: var(--border) transparent;
 }
 
-.messages-scroll::-webkit-scrollbar {
+.messages::-webkit-scrollbar {
-  width: 8px;
+  width: 6px;
 }
 
-.messages-scroll::-webkit-scrollbar-track {
+.messages::-webkit-scrollbar-thumb {
-  background: transparent;
-}
-
-.messages-scroll::-webkit-scrollbar-thumb {
   background: var(--border);
-  border-radius: 4px;
+  border-radius: 3px;
 }
 
-/* ============================================
-   Message Lines
-   ============================================ */
-
 .message {
-  padding: 1px 0;
+  padding: 1px 12px;
-  line-height: 1.4;
+  line-height: 1.5;
-  white-space: pre-wrap;
   word-wrap: break-word;
-  font-size: 13px;
+}
+
+.message:hover {
+  background: var(--bg-highlight);
 }
 
 .message .timestamp {
   color: var(--timestamp);
-  font-size: 12px;
+  font-size: 11px;
+  margin-right: 6px;
 }
 
 .message .nick {
   font-weight: bold;
+  margin-right: 6px;
 }
 
-.message .content {
+.message .nick::before {
+  content: '<';
+  color: var(--text-muted);
+}
+
+.message .nick::after {
+  content: '>';
+  color: var(--text-muted);
+}
+
+.message.system {
+  color: var(--system-color);
+  font-style: italic;
+}
+
+.message.system .timestamp {
+  color: var(--timestamp);
+}
+
+.message.system .content::before {
+  content: '*** ';
+}
+
+.message.action {
+  color: var(--action-color);
+}
+
+.message.action .timestamp {
+  color: var(--timestamp);
+}
+
+.message.action .action-nick {
+  font-weight: bold;
+}
+
+/* Input bar — full width at bottom */
+.input-bar {
+  display: flex;
+  align-items: center;
+  border-top: 1px solid var(--border);
+  background: var(--bg-secondary);
+  flex-shrink: 0;
+}
+
+.input-bar .input-nick {
+  padding: 0 8px 0 12px;
+  color: var(--accent);
+  font-weight: bold;
+  white-space: nowrap;
+  flex-shrink: 0;
+  font-size: 13px;
+}
+
+.input-bar .input-nick::after {
+  content: '>';
+  color: var(--text-muted);
+  margin-left: 1px;
+}
+
+.input-bar input {
+  flex: 1;
+  padding: 8px 8px;
+  font-family: inherit;
+  font-size: 13px;
+  background: transparent;
+  border: none;
   color: var(--text);
+  outline: none;
 }
 
-/* System messages (joins, parts, quits, etc.) */
+.input-bar input::placeholder {
-.system-message {
+  color: var(--text-muted);
-  color: var(--system);
 }
 
-.system-message .system-text {
+/* User list */
-  color: var(--system);
-}
-
-/* /me action messages */
-.action-message .action-text {
-  color: var(--action);
-}
-
-/* ============================================
-   User List (Right Panel)
-   ============================================ */
-
 .user-list {
-  width: 160px;
+  width: 170px;
-  background: var(--user-list-bg);
+  background: var(--bg-secondary);
   border-left: 1px solid var(--border);
   display: flex;
   flex-direction: column;
   flex-shrink: 0;
-  overflow: hidden;
 }
 
 .user-list-header {
   padding: 6px 10px;
-  color: var(--user-list-header);
+  color: var(--text-muted);
   font-size: 11px;
   text-transform: uppercase;
   letter-spacing: 0.5px;
   border-bottom: 1px solid var(--border);
+  font-weight: bold;
   flex-shrink: 0;
 }
 
 .user-list-entries {
   overflow-y: auto;
-  padding: 4px 0;
   flex: 1;
-  scrollbar-width: thin;
+  padding: 4px 0;
-  scrollbar-color: var(--border) transparent;
 }
 
-.nick-entry {
+.user-list-entries::-webkit-scrollbar {
+  width: 4px;
+}
+
+.user-list-entries::-webkit-scrollbar-thumb {
+  background: var(--border);
+}
+
+.user-list .user {
   padding: 2px 10px;
   font-size: 12px;
   cursor: pointer;
   white-space: nowrap;
   overflow: hidden;
   text-overflow: ellipsis;
-  line-height: 1.5;
+  color: var(--text);
 }
 
-.nick-entry:hover {
+.user-list .user:hover {
-  background: rgba(255, 255, 255, 0.04);
+  background: var(--tab-hover);
 }
 
-.nick-prefix {
+.user-list .user.op {
-  color: var(--text-dim);
+  color: var(--op-color);
-  display: inline-block;
-  width: 1ch;
-  text-align: right;
-  margin-right: 1px;
 }
 
-.nick-name {
+.user-list .user.voice {
-  font-weight: normal;
+  color: var(--voice-color);
 }
 
-/* ============================================
+/* Server tab messages */
-   Input Line (Bottom)
+.server-messages {
-   ============================================ */
+  color: var(--text-muted);
-
+  padding: 8px 12px;
-.input-line {
+  white-space: pre-wrap;
-  display: flex;
+  overflow-y: auto;
-  align-items: center;
-  background: var(--input-bg);
-  border-top: 1px solid var(--border);
-  flex-shrink: 0;
-  height: 36px;
-  padding: 0 8px;
-  gap: 6px;
-}
-
-.input-prompt {
-  color: var(--prompt);
-  font-size: 13px;
-  flex-shrink: 0;
-  white-space: nowrap;
-}
-
-.input-line input {
   flex: 1;
-  padding: 4px 0;
-  font-family: inherit;
-  font-size: 13px;
-  background: transparent;
-  border: none;
-  color: var(--text-bright);
-  outline: none;
-  caret-color: var(--accent);
 }
 
-.input-line input::placeholder {
+.server-messages .message {
-  color: var(--text-dim);
+  padding: 1px 0;
-  font-style: italic;
 }
 
-/* ============================================
+.server-messages .message:hover {
-   Responsive
+  background: var(--bg-highlight);
-   ============================================ */
+}
 
+/* Responsive */
 @media (max-width: 600px) {
   .user-list {
     display: none;
   }
 
   .tab {
-    padding: 0 8px;
+    padding: 5px 8px;
     font-size: 11px;
   }
 
-  .input-prompt {
+  .input-bar .input-nick {
+    padding-left: 8px;
+    font-size: 12px;
+  }
+
+  .input-bar input {
     font-size: 12px;
   }
 }