Merge branch 'main' into wip/mobile

1 files changed, 14 insertions, 0 deletions

diff --git a/docs/api/initial-setup.md b/docs/api/initial-setup.md
index 306d798..c2bdaec 100644
--- a/docs/api/initial-setup.md
+++ b/docs/api/initial-setup.md
@@ -51,6 +51,16 @@ The request must have the following fields:
 | `name`     | string | The initial login's name. |
 | `password` | string | The initial login's password, in plain text. |
 
+<!-- Reproduced in invitations.md. Edit in both places. -->
+
+The proposed `name` must be valid. The precise definition of valid is still up in the air, but, at minimum:
+
+* It must be non-empty.
+* It must not be "too long." (Currently, 64 characters is too long.)
+* It must begin with a printing character.
+* It must end with a printing character.
+* It must not contain runs of multiple whitespace characters.
+
 ### Success
 
 <!-- This prose is duplicated from authentication.md, with small changes for context. If you edit it here, edit it there, too. -->
@@ -79,6 +89,10 @@ The response will include a `Set-Cookie` header for the `identity` cookie, provi
 
 The cookie will expire if it is not used regularly.
 
+### Name not valid
+
+This endpoint will respond with a status of `400 Bad Request` if the proposed `name` is not valid.
+
 ### Setup previously completed
 
 Once completed, this operation cannot be performed a second time. Subsequent requests to this endpoint will respond with a status of `409 Conflict`.