"Strategy 4 compliance: We never embed file blobs in the NIP‑34 event content. Every push still publishes the full tag set (clone URLs, nostr:// targets, r tags, etc.), and the bridge subscribes to all relays just like any other GRASP/bridge. Anyone can ignore our hosted URLs and pull directly from a nostr:// source or Blossom pack. Why the bridge exposes /api/nostr/repo/files: That’s an extra convenience layer so the web UI (and other clients) can fetch file content faster while the data is still propagating. It’s not a proprietary format—just a REST wrapper around the bare repo the bridge synced from Nostr. Think of it as Strategy 5 (local caching) layered on top of Strategy 4. Trusting state events (kind 30618): We do honor them. When a repo already has a 30618 “state” event, the bridge uses that to verify refs before falling back to the clone tags. If there isn’t one yet, we rely on the clone URLs so users aren’t blocked while waiting for the maintainer to publish the state event."