Grove sharing is peer-to-peer and cryptographic. When you share a file, you create a signed grant that gives the recipient permission to decrypt and access it. No central server involved.
1. You select a file in the Files tab and click ๐ Share (โฏ menu)
2. A modal shows a search box โ type to find friend cells (only friends can receive shares)
3. Select a recipient and click Share
4. Grove creates a ShareGrant for the recipient:
5. Grant is pushed to the recipient's cell via POST /api/receive-grant
6. Manifest and chunks are pushed so the file is immediately accessible
1. Grant arrives at your cell and is verified (Ed25519 signature check)
2. File appears in your Feed tab
3. If chunks are already on your cell โ file is immediately viewable
4. Click ๐ฒ Add to Grove to save the file: decrypts it, saves to GroveHome, re-ingests as your own file, and syncs to your peers
1. Click โฏ โ ๐ซ Unshare on a shared file (or from the Feed's outgoing section)
2. Grant is deleted from their cell via POST /api/revoke-grant
3. They lose access (though if they already clicked Add to Grove, they have their own copy)
When sharing a file from within a folder, you can enable ๐ Auto-share new files added to this folder:
shared_folders in configYou can also open Auto-Share Settings directly from the folder โฏ menu (๐ Auto-Share).
Select multiple files with checkboxes โ batch Share button โ share all to the same recipient.
Show in Portal lets the owner make a specific file or folder accessible through their linked WAN gateway portal โ without copying keys off the cell.
1. Set up Remote Access first (Settings โ Advanced โ Remote Access)
2. In the Files tab, click โฏ on any file or folder โ ๐ Show in Portal
3. The button toggles: when active it reads ๐ โ In Portal โ remove
4. The file is now visible in your portal account's file view at the gateway
Alternatively, drop files into ~/GroveHome/Remote to auto-expose them.
Endpoint: POST /api/portal/show-in-portal
A file's filename and path live encrypted inside its manifest (see ยง7, manifest-metadata privacy), and a portal account can't decrypt them โ so previously portal-shared media showed up as a flat list of "unknown" files.
Now, when you Show-in-Portal (or otherwise share to a portal account), the grant carries the file's display filename and its GroveHome-relative path (rel_path) in plaintext, per recipient. _share_to_portal_user sends them; the gateway stores them via POST /api/share-grant (new rel_path grant column); _get_portal_manifests falls back to these when the manifest's own name/path are encrypted.
The result: the portal rebuilds the real nested folder tree (e.g. Radiohead/OK Computer/โฆ, The Office/Season 1/โฆ), so a shared folder of music or video auto-detects its media role and plays in the portal's Files view โ the same library + player the owner sees on the dashboard.
rel_path is per-recipient โ only the people you actually shared with see those folder/file names. It's not exposed to other peers or replicators (consistent with ยง7). The gateway hosting the portal does hold it, the same as it already holds the display filename./portal/stream/ and is Range-aware, so seek/scrub works over WAN.A folder can be published as a web site at /site/. This is separate from peer-to-peer sharing โ it serves the folder contents as a rendered web page.
From inside a folder in the Files tab, look for the ๐ก serve as site link, or use โฏ โ the folder actions. This opens the Serve as Site modal:
/site/recipes/Grove has a tiered access model for site content:
{
"manifest_hash": "sha256_of_manifest_content",
"filename": "vacation.jpg",
"rel_path": "Photos/Summer/vacation.jpg",
"file_type": "image",
"total_size": 4521984,
"encrypted_file_key": "base64_encrypted_key",
"creator_pubkey": "base64_ed25519_pubkey",
"recipient_pubkey": "base64_ed25519_pubkey",
"signature": "base64_ed25519_signature",
"granted_at": "2026-03-28T15:00:00",
"thumbnail": "base64_jpeg_thumbnail_or_null",
"source_peers": ["pubkey1", "pubkey2"]
}
Toggle between views with ๐ผ๏ธ / ๐ buttons. Preference saved.