@martin I suspect one of the trickiest parts of the "server goes away" scenario will be auth and data permissions. If we stick with the "logic lives in the client" principle the trivial solution is pairwise trust between participating devices with E2EE protecting synced data in the cloud, but y'know, the usability/performance kind of sucks here. I'm curious to see what an appropriate middle ground could look like.

@thomask We’re just kicking off a project to build a general-purpose auth+e2ee layer for local-first apps. Whether it will be good enough to serve as part of a standard protocol waits to be seen, but we’re trying. The aim is to be compatible with both client-server and p2p use.