diff --git a/api/check_examples.py b/api/check_examples.py
index 00e75263..a0cd0658 100755
--- a/api/check_examples.py
+++ b/api/check_examples.py
@@ -29,6 +29,33 @@ except ImportError as e:
     raise
 
 
+def check_parameter(filepath, request, parameter):
+    schema = parameter.get("schema")
+    example = None
+    try:
+        example_json = schema.get('example')
+        if example_json:
+            example = json.loads(example_json)
+    except Exception as e:
+        raise ValueError("Error parsing JSON example request for %r" % (
+            request
+        ), e)
+    fileurl = "file://" + os.path.abspath(filepath)
+    if example and schema:
+        try:
+            print ("Checking request schema for: %r %r" % (
+                filepath, request
+            ))
+            # Setting the 'id' tells jsonschema where the file is so that it
+            # can correctly resolve relative $ref references in the schema
+            schema['id'] = fileurl
+            jsonschema.validate(example, schema)
+        except Exception as e:
+            raise ValueError("Error validating JSON schema for %r %r" % (
+                request, code
+            ), e)
+
+
 def check_response(filepath, request, code, response):
     example = None
     try:
@@ -43,7 +70,9 @@ def check_response(filepath, request, code, response):
     fileurl = "file://" + os.path.abspath(filepath)
     if example and schema:
         try:
-            print ("Checking schema for: %r %r %r" % (filepath, request, code))
+            print ("Checking response schema for: %r %r %r" % (
+                filepath, request, code
+            ))
             # Setting the 'id' tells jsonschema where the file is so that it
             # can correctly resolve relative $ref references in the schema
             schema['id'] = fileurl
@@ -59,8 +88,13 @@ def check_swagger_file(filepath):
         swagger = yaml.load(f)
 
     for path, path_api in swagger.get('paths', {}).items():
+
         for method, request_api in path_api.items():
             request = "%s %s" % (method.upper(), path)
+            for parameter in request_api.get('parameters', ()):
+                if parameter['in'] == 'body':
+                    check_parameter(filepath, request, parameter)
+
             try:
                 responses = request_api['responses']
             except KeyError:
diff --git a/api/client-server/v1/login.yaml b/api/client-server/v1/login.yaml
index 2df695be..3d415c29 100644
--- a/api/client-server/v1/login.yaml
+++ b/api/client-server/v1/login.yaml
@@ -29,7 +29,6 @@ paths:
       parameters:
         - in: body
           name: body
-          required: true
           schema:
             type: object
             example: |-
@@ -63,7 +62,19 @@ paths:
                 description: The fully-qualified Matrix ID that has been registered.
               access_token:
                 type: string
-                description: An access token for the account. This access token can then be used to authorize other requests.
+                description: |-
+                  An access token for the account.
+                  This access token can then be used to authorize other requests.
+                  The access token may expire at some point, and if so, it SHOULD come with a ``refresh_token``.
+                  There is no specific error message to indicate that a request has failed because
+                  an access token has expired; instead, if a client has reason to believe its
+                  access token is valid, and it receives an auth error, they should attempt to
+                  refresh for a new token on failure, and retry the request with the new token.
+              refresh_token:
+                type: string
+                # TODO: Work out how to linkify /tokenrefresh
+                description: |-
+                  (optional) A ``refresh_token`` may be exchanged for a new ``access_token`` using the /tokenrefresh API endpoint.
               home_server:
                 type: string
                 description: The hostname of the Home Server on which the account has been registered.
@@ -77,3 +88,60 @@ paths:
           description: This request was rate-limited.
           schema:
             "$ref": "definitions/error.yaml"
+  "/tokenrefresh":
+    post:
+      summary: Exchanges a refresh token for an access token.
+      description: |-
+        Exchanges a refresh token for a new access token.
+        This is intended to be used if the access token has expired.
+      security:
+        - accessToken: []
+      parameters:
+        - in: body
+          name: body
+          schema:
+            type: object
+            example: |-
+              {
+                "refresh_token": "a1b2c3"
+              }
+            properties:
+              refresh_token:
+                type: string
+                description: The refresh token which was issued by the server.
+            required: ["refresh_token"]
+      responses:
+        200:
+          description: |-
+            The refresh token was accepted, and a new access token has been issued.
+            The passed refresh token is no longer valid and cannot be used.
+            A new refresh token will have been returned unless some policy does
+            not allow the user to continue to renew their session.
+          examples:
+            application/json: |-
+              {
+                "access_token": "bearwithme123",
+                "refresh_token": "exchangewithme987"
+              }
+          schema:
+            type: object
+            properties:
+              access_token:
+                type: string
+                description: |-
+                  An access token for the account.
+                  This access token can then be used to authorize other requests.
+                  The access token may expire at some point, and if so, it SHOULD come with a ``refresh_token``.
+              refresh_token:
+                type: string
+                description: (optional) A ``refresh_token`` may be exchanged for a new ``access_token`` using the TODO Linkify /tokenrefresh API endpoint.
+        403:
+          description: |-
+            The exchange attempt failed. For example, the refresh token may have already been used.
+          examples:
+            application/json: |-
+              {"errcode": "M_FORBIDDEN"}
+        429:
+          description: This request was rate-limited.
+          schema:
+            "$ref": "definitions/error.yaml"
diff --git a/api/client-server/v1/membership.yaml b/api/client-server/v1/membership.yaml
index 04922656..41f2febc 100644
--- a/api/client-server/v1/membership.yaml
+++ b/api/client-server/v1/membership.yaml
@@ -69,7 +69,6 @@ paths:
   "/rooms/{roomId}/invite":
     post:
       summary: Invite a user to participate in a particular room.
-      # It's a crying shame that I don't know how to force line breaks.
       description: |-
         This API invites a user to participate in a particular room.
         They do not start participating in the room until they actually join the
diff --git a/drafts/macaroons_caveats.rst b/drafts/macaroons_caveats.rst
new file mode 100644
index 00000000..93622c3d
--- /dev/null
+++ b/drafts/macaroons_caveats.rst
@@ -0,0 +1,34 @@
+Macaroon Caveats
+================
+
+`Macaroons`_ are issued by Matrix servers as authorization tokens. Macaroons may be restricted by adding caveats to them.
+
+.. _Macaroons: http://theory.stanford.edu/~ataly/Papers/macaroons.pdf
+
+Caveats can only be used for reducing the scope of a token, never for increasing it. Servers are required to reject any macroon with a caveat that they do not understand.
+
+Some caveats are specified in this specification, and must be understood by all servers. The use of non-standard caveats is allowed.
+
+All caveats must take the form:
+
+`key` `operator` `value`
+where `key` is a non-empty string drawn from the character set [A-Za-z0-9_]
+`operator` is a non-empty string which does not contain whitespace
+`value` is a non-empty string
+And these are joined by single space characters.
+
+Specified caveats:
+
++-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
+| Caveat name | Description                                      | Legal Values                                                                                   |
++-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
+| gen         | Generation of the macaroon caveat spec.          | 1                                                                                              |
+| user_id     | ID of the user for which this macaroon is valid. | Pure equality check. Operator must be =.                                                       |
+| type        | The purpose of this macaroon.                    | access - used to authorize any action except token refresh                                     |
+|                                                                   refresh - only used to authorize a token refresh                                              |
+| time        | Time before/after which this macaroon is valid.  | A POSIX timestamp in milliseconds (in UTC).                                                    |
+|                                                                  Operator < means the macaroon is valid before the timestamp, as interpreted by the server.     |
+|                                                                  Operator > means the macaroon is valid after the timestamp, as interpreted by the server.      |
+|                                                                  Operator == means the macaroon is valid at exactly the timestamp, as interpreted by the server.|
+|                                                                  Note that exact equality of time is largely meaningless.                                       |
++-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
diff --git a/scripts/speculator/README b/scripts/speculator/README
index 6ab84f68..0a9f53fd 100644
--- a/scripts/speculator/README
+++ b/scripts/speculator/README
@@ -4,6 +4,7 @@ It serves the following HTTP endpoints:
  - / lists open pull requests
  - /spec/123 which renders the spec as html at pull request 123.
  - /diff/rst/123 which gives a diff of the spec's rst at pull request 123.
+ - /diff/html/123 which gives a diff of the spec's HTML at pull request 123.
 
 To run it, you must install the `go` tool, and run:
  `go run main.go`
diff --git a/scripts/speculator/htmldiff.pl b/scripts/speculator/htmldiff.pl
new file mode 100755
index 00000000..b1689067
--- /dev/null
+++ b/scripts/speculator/htmldiff.pl
@@ -0,0 +1,564 @@
+#!/usr/bin/perl
+#
+# htmldiff - present a diff marked version of two html documents
+#
+# Copyright (c) 1998-2006 MACS, Inc.
+#
+# Copyright (c) 2007 SiSco, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# See http://www.themacs.com for more information.
+#
+# usage: htmldiff [[-c] [-l] [-o] oldversion newversion [output]]
+#
+# -c - disable metahtml comment processing
+# -o - disable outputting of old text
+# -l - use navindex to create sequence of diffs
+# oldversion - the previous version of the document
+# newversion - the newer version of the document
+# output - a filename to place the output in. If omitted, the output goes to
+#          standard output.
+#
+# if invoked with no options or arguments, operates as a CGI script. It then
+# takes the following parameters:
+#
+# oldfile - the URL of the original file
+# newfile - the URL of the new file
+# mhtml - a flag to indicate whether it should be aware of MetaHTML comments.
+#
+# requires GNU diff utility
+# also requires the perl modules Getopt::Std
+#
+# NOTE: The markup created by htmldiff may not validate against the HTML 4.0
+# DTD. This is because the algorithm is realtively simple, and there are
+# places in the markup content model where the span element is not allowed.
+# Htmldiff is NOT aware of these places.
+#
+# $Source: /u/sources/public/2009/htmldiff/htmldiff.pl,v $
+# $Revision: 1.1 $
+#
+# $Log: htmldiff.pl,v $
+# Revision 1.1  2014/01/06 08:04:51  dom
+# added copy of htmldiff perl script since aptest.com repo no longer available
+#
+# Revision 1.5  2008/03/05 13:23:16  ahby
+# Fixed a problem with leading whitespace before markup.
+#
+# Revision 1.4  2007/12/13 13:09:16  ahby
+# Updated copyright and license.
+#
+# Revision 1.3  2007/12/13 12:53:34  ahby
+# Changed use of span to ins and del
+#
+# Revision 1.2  2002/02/13 16:27:23  ahby
+# Changed processing model.
+# Improved handling of old text and changed styles.
+#
+# Revision 1.1  2000/07/12 12:20:04  ahby
+# Updated to remove empty spans - this fixes validation problems under
+# strict.
+#
+# Revision 1.11  1999/12/08 19:46:45  ahby
+# Fixed validation errors introduced by placing markup where it didn't
+# belong.
+#
+# Revision 1.10  1999/10/18 13:42:58  ahby
+# Added -o to the usage message.
+#
+# Revision 1.9  1999/05/04 12:29:11  ahby
+# Added an option to turn off the display of old text.
+#
+# Revision 1.8  1999/04/09 14:37:27  ahby
+# Fixed a perl syntax error.
+#
+# Revision 1.7  1999/04/09 14:35:49  ahby
+# Added reference to MACS homepage.
+#
+# Revision 1.6  1999/04/09 14:35:09  ahby
+# Added comment about validity of generated markup.
+#
+# Revision 1.5  1999/02/22 22:17:54  ahby
+# Changed to use stylesheets.
+# Changed to rely upon span.
+# Changed to work around content model problems.
+#
+# Revision 1.4  1999/02/08 02:32:22  ahby
+# Added a copyright statement.
+#
+# Revision 1.3  1999/02/08 02:30:40  ahby
+# Added header processing.
+#
+# Revision 1.2  1998/12/10 17:31:31  ahby
+# Fixed to escape less-thans in change blocks and to not permit change
+# markup within specific elements (like TITLE).
+#
+# Revision 1.1  1998/11/26 00:09:22  ahby
+# Initial revision
+#
+#
+
+use Getopt::Std;
+
+sub usage {
+   print STDERR "htmldiff [-c] [-o] oldversion newversion [output]\n";
+   exit;
+}
+
+sub url_encode {
+    my $str = shift;
+    $str =~ s/([\x00-\x1f\x7F-\xFF])/
+                 sprintf ('%%%02x', ord ($1))/eg;
+    return $str;
+}
+
+# markit - diff-mark the streams
+#
+# markit(file1, file2)
+#
+# markit relies upon GNUdiff to mark up the text.
+#
+# The markup is encoded using special control sequences:
+#
+#   a block wrapped in control-a is deleted text
+#   a block wrapped in control-b is old text
+#   a block wrapped in control-c is new text
+#
+# The main processing loop attempts to wrap the text blocks in appropriate
+# SPANs based upon the type of text that it is.
+#
+# When the loop encounters a < in the text, it stops the span. Then it outputs
+# the element that is defined, then it restarts the span.
+
+sub markit {
+   my $retval = "";
+   my($file1) = shift;
+   my($file2) = shift;
+#  my $old="<span class=\\\"diff-old-a\\\">deleted text: </span>%c'\012'%c'\001'%c'\012'%<%c'\012'%c'\001'%c'\012'";
+   my $old="%c'\012'%c'\001'%c'\012'%<%c'\012'%c'\001'%c'\012'";
+   my $new="%c'\012'%c'\003'%c'\012'%>%c'\012'%c'\003'%c'\012'";
+   my $unchanged="%=";
+   my $changed="%c'\012'%c'\001'%c'\012'%<%c'\012'%c'\001'%c'\012'%c'\004'%c'\012'%>%c'\012'%c'\004'%c'\012'";
+   if ($opt_o) {
+      $old = "";
+      $changed = "%c'\012'%c'\004'%c'\012'%>%c'\012'%c'\004'%c'\012'";
+   }
+#  my $old="%c'\002'<font color=\\\"purple\\\" size=\\\"-2\\\">deleted text:</font><s>%c'\012'%c'\001'%c'\012'%<%c'\012'%c'\001'%c'\012'</s>%c'\012'%c'\002'";
+#  my $new="%c'\002'<font color=\\\"purple\\\"><u>%c'\012'%c'\002'%>%c'\002'</u></font>%c'\002'%c'\012'";
+#  my $unchanged="%=";
+#  my $changed="%c'\002'<s>%c'\012'%c'\001'%c'\012'%<%c'\012'%c'\001'%c'\012'</s><font color=\\\"purple\\\"><u>%c'\002'%c'\012'%>%c'\012'%c'\002'</u></font>%c'\002'%c'\012'";
+
+   my @span;
+   $span[0]="</span>";
+   $span[1]="<del class=\"diff-old\">";
+   $span[2]="<del class=\"diff-old\">";
+   $span[3]="<ins class=\"diff-new\">";
+   $span[4]="<ins class=\"diff-chg\">";
+
+   my @diffEnd ;
+   $diffEnd[1] = '</del>';
+   $diffEnd[2] = '</del>';
+   $diffEnd[3] = '</ins>';
+   $diffEnd[4] = '</ins>';
+
+   my $diffcounter = 0;
+
+   open(FILE, qq(diff -d --old-group-format="$old" --new-group-format="$new" --changed-group-format="$changed" --unchanged-group-format="$unchanged" $file1 $file2 |)) || die("Diff failed: $!");
+#  system (qq(diff --old-group-format="$old" --new-group-format="$new" --changed-group-format="$changed" --unchanged-group-format="$unchanged" $file1 $file2 > /tmp/output));
+
+   my $state = 0;
+   my $inblock = 0;
+   my $temp = "";
+   my $lineCount = 0;
+
+# strategy:
+#
+# process the output of diff...
+#
+# a link with control A-D means the start/end of the corresponding ordinal
+# state (1-4). Resting state is state 0.
+#
+# While in a state, accumulate the contents for that state. When exiting the
+# state, determine if it is appropriate to emit the contents with markup or
+# not (basically, if the accumulated buffer contains only empty lines or lines
+# with markup, then we don't want to emit the wrappers.  We don't need them.
+#
+# Note that if there is markup in the "old" block, that markup is silently
+# removed.  It isn't really that interesting, and it messes up the output
+# something fierce.
+
+   while (<FILE>) {
+      my $anchor = $opt_l ? qq[<a tabindex="$diffcounter">] : "" ;
+      my $anchorEnd = $opt_l ? q[</a>] : "" ;
+      $lineCount ++;
+      if ($state == 0) {   # if we are resting and we find a marker,
+                     # then we must be entering a block
+         if (m/^([\001-\004])/) {
+            $state = ord($1);
+            $_ = "";
+         }
+#        if (m/^\001/) {
+#           $state = 1;
+#           s/^/$span[1]/;
+#        } elsif (m/^\002/) {
+#           $state = 2;
+#           s/^/$span[2]/;
+#        } elsif (m/^\003/) {
+#           $state = 3;
+#           s/^/$span[3]/;
+#        } elsif (m/^\004/) {
+#           $state = 4;
+#           s/^/$span[4]/;
+#        }
+      } else {
+         # if we are in "old" state, remove markup
+         if (($state == 1) || ($state == 2)) {
+            s/\<.*\>//; # get rid of any old markup
+            s/\</&lt;/g; # escape any remaining STAG or ETAGs
+            s/\>/&gt;/g;
+         }
+         # if we found another marker, we must be exiting the state
+         if (m/^([\001-\004])/) {
+            if ($temp ne "") {
+               $_ = $span[$state] . $anchor . $temp . $anchorEnd . $diffEnd[$state] . "\n";
+               $temp = "";
+            } else {
+               $_ = "" ;
+            }
+            $state = 0;
+         } elsif (m/^\s*\</) { # otherwise, is this line markup?
+            # if it is markup AND we haven't seen anything else yet,
+            # then we will emit the markup
+            if ($temp eq "") {
+               $retval .= $_;
+               $_ = "";
+            } else { # we wrap it with the state switches and hold it
+               s/^/$anchorEnd$diffEnd[$state]/;
+               s/$/$span[$state]$anchor/;
+               $temp .= $_;
+               $_ = "";
+            }
+         } else {
+            if (m/.+/) {
+               $temp .= $_;
+               $_ = "";
+            }
+         }
+      }
+
+      s/\001//g;
+      s/\002//g;
+      s/\003//g;
+      s/\004//g;
+      if ($_ !~ m/^$/) {
+         $retval .= $_;
+      }
+      $diffcounter++;
+   }
+   close FILE;
+   $retval =~ s/$span[1]\n+$diffEnd[1]//g;
+   $retval =~ s/$span[2]\n+$diffEnd[2]//g;
+   $retval =~ s/$span[3]\n+$diffEnd[3]//g;
+   $retval =~ s/$span[4]\n+$diffEnd[4]//g;
+   $retval =~ s/$span[1]\n*$//g;
+   $retval =~ s/$span[2]\n*$//g;
+   $retval =~ s/$span[3]\n*$//g;
+   $retval =~ s/$span[4]\n*$//g;
+   return $retval;
+}
+
+sub splitit {
+   my $filename = shift;
+   my $headertmp = shift;
+   my $inheader=0;
+   my $preformatted=0;
+   my $inelement=0;
+   my $retval = "";
+   my $styles = q(<style type='text/css'>
+.diff-old-a {
+  font-size: smaller;
+  color: red;
+}
+
+.diff-new { background-color: yellow; }
+.diff-chg { background-color: lime; }
+.diff-new:before,
+.diff-new:after
+    { content: "\2191" }
+.diff-chg:before, .diff-chg:after
+    { content: "\2195" }
+.diff-old { text-decoration: line-through; background-color: #FBB; }
+.diff-old:before,
+.diff-old:after
+    { content: "\2193" }
+:focus { border: thin red solid}
+</style>
+);
+   if ($opt_t) {
+      $styles .= q(
+<script type="text/javascript">
+<!--
+function setOldDisplay() {
+   for ( var s = 0; s < document.styleSheets.length; s++ ) {
+      var css = document.styleSheets[s];
+      var mydata ;
+      try { mydata = css.cssRules ;
+      if ( ! mydata ) mydata = css.rules;
+      for ( var r = 0; r < mydata.length; r++ ) {
+         if ( mydata[r].selectorText == '.diff-old' ) {
+            mydata[r].style.display = ( mydata[r].style.display == '' ) ? 'none'
+: '';
+            return;
+         }
+      }
+      } catch(e) {} ;
+   }
+}
+-->
+</script>
+);
+
+   }
+
+   if ($stripheader) {
+      open(HEADER, ">$headertmp");
+   }
+
+   my $incomment = 0;
+   my $inhead = 1;
+   open(FILE, $filename) || die("File $filename cannot be opened: $!");
+   while (<FILE>) {
+      if ($inhead == 1) {
+         if (m/\<\/head/i) {
+            print HEADER $styles;
+         }
+         if (m/\<body/i) {
+            $inhead = 0;
+            print HEADER;
+            if ($opt_t) {
+               print HEADER q(
+<form action=""><input type="button" onclick="setOldDisplay()" value="Show/Hide Old Content" /></form>
+);
+            }
+            close HEADER;
+         } else {
+            print HEADER;
+         }
+      } else {
+         if ($incomment) {
+            if (m;-->;) {
+               $incomment = 0;
+               s/.*-->//;
+            } else {
+               next;
+            }
+         }
+         if (m;<!--;) {
+            while (m;<!--.*-->;) {
+               s/<!--.*?-->//;
+            }
+            if (m;<!--; ) {
+               $incomment = 1;
+               s/<!--.*//;
+            }
+         }
+         if (m/\<pre/i) {
+            $preformatted = 1;
+         }
+         if (m/\<\/pre\>/i) {
+            $preformatted = 0;
+         }
+         if ($preformatted) {
+            $retval .= $_;
+         } elsif ($mhtmlcomments && /^;;;/) {
+            $retval .= $_;
+         } else {
+            my @list = split(' ');
+            foreach $element (@list) {
+               if ($element =~ m/\<H[1-6]/i) {
+#                 $inheader = 1;
+               }
+               if ($inheader == 0) {
+                  $element =~ s/</\n</g;
+                  $element =~ s/^\n//;
+                  $element =~ s/>/>\n/g;
+                  $element =~ s/\n$//;
+                  $element =~ s/>\n([.,:!]+)/>$1/g;
+               }
+               if ($element =~ m/\<\/H[1-6]\>/i) {
+                  $inheader = 0;
+               }
+               $retval .= "$element";
+               $inelement += ($element =~ s/</&lt;/g);
+               $inelement -= ($element =~ s/>/&gt;/g);
+               if ($inelement < 0) {
+                  $inelement = 0;
+               }
+               if (($inelement == 0) && ($inheader == 0)) {
+                  $retval .= "\n";
+               } else {
+                  $retval .= " ";
+               }
+            }
+         undef @list;
+         }
+      }
+   }
+   $retval .= "\n";
+   close FILE;
+   return $retval;
+}
+
+$mhtmlcomments = 1;
+
+sub cli {
+   getopts("clto") || usage();
+
+   if ($opt_c) {$mhtmlcomments = 0;}
+
+   if (@ARGV < 2) { usage(); }
+
+   $file1 = $ARGV[0];
+   $file2 = $ARGV[1];
+   $file3 = $ARGV[2];
+
+   $tmp = splitit($file1, $headertmp1);
+   open (FILE, ">$tmp1");
+   print FILE $tmp;
+   close FILE;
+
+   $tmp = splitit($file2, $headertmp2);
+   open (FILE, ">$tmp2");
+   print FILE $tmp;
+   close FILE;
+
+   $output = "";
+
+   if ($stripheader) {
+      open(FILE, $headertmp2);
+      while (<FILE>) {
+         $output .= $_;
+      }
+      close(FILE);
+   }
+
+   $output .= markit($tmp1, $tmp2);
+
+   if ($file3) {
+      open(FILE, ">$file3");
+      print FILE $output;
+      close FILE;
+   } else {
+      print $output;
+   }
+}
+
+sub cgi {
+#  use LWP::UserAgent;
+#  use CGI;
+
+   my $query = new CGI;
+   my $url1 = $query->param("oldfile");
+   my $url2 = $query->param("newfile");
+   my $mhtml = $query->param("mhtml");
+
+   my $file1 = "/tmp/htdcgi1.$$";
+   my $file2 = "/tmp/htdcgi2.$$";
+
+   my $ua = new LWP::UserAgent;
+   $ua->agent("MACS, Inc. HTMLdiff/0.9 " . $ua->agent);
+
+   # Create a request
+
+   my $req1 = new HTTP::Request GET => $url1;
+
+   my $res1 = $ua->request($req1, $file1);
+   if ($res1->is_error) {
+      print $res1->error_as_HTML();
+      print "<p>The URL $url1 could not be found.  Please check it and try again.</p>";
+      return;
+   }
+
+   my $req2 = new HTTP::Request GET => $url2;
+
+   my $res2 = $ua->request($req2, $file2);
+   if ($res2->is_error) {
+      print $res2->error_as_HTML();
+      print "<p>The URL $url2 could not be found.  Please check it and try again.</p>";
+      return;
+   }
+
+   $split1 = splitit($file1, $headertmp1);
+   open (FILE, ">$tmp1");
+   print FILE $split1;
+   close FILE;
+
+   $split2 = splitit($file2, $headertmp2);
+   open (FILE, ">$tmp2");
+   print FILE $split2;
+   close FILE;
+
+   $output = "";
+
+   if ($stripheader) {
+      open(FILE, $headertmp2);
+      while (<FILE>) {
+         $output .= $_;
+      }
+      close(FILE);
+   }
+
+   $output .= markit($tmp1, $tmp2);
+
+   my $base=$res2->base;
+
+   if ($base !~ /\/$/) {
+      $base =~ s/[^\/]*$//;
+   }
+
+   if ( $output !~ /<base/i ) {
+      $output =~ s/<head>/<head>\n<base href="$base">/i ||
+      $output =~ s/<html>/<html>\n<base href="$base">/i ;
+   }
+
+   print $query->header(-type=>'text/html',-nph=>1);
+   print $output;
+
+   unlink $file1;
+   unlink $file2;
+
+}
+
+$tmp1="/tmp/htdtmp1.$$";
+$headertmp1="/tmp/htdhtmp1.$$";
+$tmp2="/tmp/htdtmp2.$$";
+$headertmp2="/tmp/htdhtmp2.$$";
+$stripheader = 1;
+
+if (@ARGV == 0) {
+   cgi();      # if no arguments, we must be operating as a cgi script
+} else {
+   cli();      # if there are arguments, then we are operating as a CLI
+}
+
+unlink $tmp1;
+unlink $headertmp1;
+unlink $tmp2;
+unlink $headertmp2;
diff --git a/scripts/speculator/main.go b/scripts/speculator/main.go
index 32c015ac..b4fe2aef 100644
--- a/scripts/speculator/main.go
+++ b/scripts/speculator/main.go
@@ -3,6 +3,7 @@
 //  - / lists open pull requests
 //  - /spec/123 which renders the spec as html at pull request 123.
 //  - /diff/rst/123 which gives a diff of the spec's rst at pull request 123.
+//  - /diff/html/123 which gives a diff of the spec's HTML at pull request 123.
 // It is currently woefully inefficient, and there is a lot of low hanging fruit for improvement.
 package main
 
@@ -16,6 +17,7 @@ import (
 	"log"
 	"math/rand"
 	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
 	"path"
@@ -52,6 +54,10 @@ var (
 	allowedMembers map[string]bool
 )
 
+func (u *User) IsTrusted() bool {
+	return allowedMembers[u.Login]
+}
+
 const pullsPrefix = "https://api.github.com/repos/matrix-org/matrix-doc/pulls"
 
 func gitClone(url string) (string, error) {
@@ -74,7 +80,15 @@ func gitCheckout(path, sha string) error {
 	return nil
 }
 
-func lookupPullRequest(prNumber string) (*PullRequest, error) {
+func lookupPullRequest(url url.URL, pathPrefix string) (*PullRequest, error) {
+	if !strings.HasPrefix(url.Path, pathPrefix+"/") {
+		return nil, fmt.Errorf("invalid path passed: %s expect %s/123", url.Path, pathPrefix)
+	}
+	prNumber := url.Path[len(pathPrefix)+1:]
+	if strings.Contains(prNumber, "/") {
+		return nil, fmt.Errorf("invalid path passed: %s expect %s/123", url.Path, pathPrefix)
+	}
+
 	resp, err := http.Get(fmt.Sprintf("%s/%s", pullsPrefix, prNumber))
 	defer resp.Body.Close()
 	if err != nil {
@@ -100,8 +114,8 @@ func generate(dir string) error {
 	return nil
 }
 
-func writeError(w http.ResponseWriter, err error) {
-	w.WriteHeader(500)
+func writeError(w http.ResponseWriter, code int, err error) {
+	w.WriteHeader(code)
 	io.WriteString(w, fmt.Sprintf("%v\n", err))
 }
 
@@ -122,75 +136,66 @@ func generateAt(repo, sha string) (dst string, err error) {
 }
 
 func serveSpec(w http.ResponseWriter, req *http.Request) {
-	parts := strings.Split(req.URL.Path, "/")
-	if len(parts) != 3 {
-		w.WriteHeader(400)
-		io.WriteString(w, fmt.Sprintf("Invalid path passed: %v expect /pull/123", req.URL.Path))
-		return
-	}
-
-	pr, err := lookupPullRequest(parts[2])
+	pr, err := lookupPullRequest(*req.URL, "/spec")
 	if err != nil {
-		writeError(w, err)
+		writeError(w, 400, err)
 		return
 	}
 
 	// We're going to run whatever Python is specified in the pull request, which
 	// may do bad things, so only trust people we trust.
-	if !allowedMembers[pr.User.Login] {
-		w.WriteHeader(403)
-		io.WriteString(w, fmt.Sprintf("%q is not a trusted pull requester", pr.User.Login))
+	if err := checkAuth(pr); err != nil {
+		writeError(w, 403, err)
 		return
 	}
 
 	dst, err := generateAt(pr.Head.Repo.CloneURL, pr.Head.SHA)
 	defer os.RemoveAll(dst)
 	if err != nil {
-		writeError(w, err)
+		writeError(w, 500, err)
 		return
 	}
 
 	b, err := ioutil.ReadFile(path.Join(dst, "scripts/gen/specification.html"))
 	if err != nil {
-		writeError(w, fmt.Errorf("Error reading spec: %v", err))
+		writeError(w, 500, fmt.Errorf("Error reading spec: %v", err))
 		return
 	}
 	w.Write(b)
 }
 
-func serveRstDiff(w http.ResponseWriter, req *http.Request) {
-	parts := strings.Split(req.URL.Path, "/")
-	if len(parts) != 4 {
-		w.WriteHeader(400)
-		io.WriteString(w, fmt.Sprintf("Invalid path passed: %v expect /diff/rst/123", req.URL.Path))
-		return
+func checkAuth(pr *PullRequest) error {
+	if !pr.User.IsTrusted() {
+		return fmt.Errorf("%q is not a trusted pull requester", pr.User.Login)
 	}
+	return nil
+}
 
-	pr, err := lookupPullRequest(parts[3])
+func serveRSTDiff(w http.ResponseWriter, req *http.Request) {
+	pr, err := lookupPullRequest(*req.URL, "/diff/rst")
 	if err != nil {
-		writeError(w, err)
+		writeError(w, 400, err)
 		return
 	}
 
 	// We're going to run whatever Python is specified in the pull request, which
 	// may do bad things, so only trust people we trust.
-	if !allowedMembers[pr.User.Login] {
-		w.WriteHeader(403)
-		io.WriteString(w, fmt.Sprintf("%q is not a trusted pull requester", pr.User.Login))
+	if err := checkAuth(pr); err != nil {
+		writeError(w, 403, err)
 		return
 	}
 
 	base, err := generateAt(pr.Base.Repo.CloneURL, pr.Base.SHA)
 	defer os.RemoveAll(base)
 	if err != nil {
-		writeError(w, err)
+		writeError(w, 500, err)
 		return
 	}
 
 	head, err := generateAt(pr.Head.Repo.CloneURL, pr.Head.SHA)
 	defer os.RemoveAll(head)
 	if err != nil {
-		writeError(w, err)
+		writeError(w, 500, err)
 		return
 	}
 
@@ -198,23 +203,79 @@ func serveRstDiff(w http.ResponseWriter, req *http.Request) {
 	var diff bytes.Buffer
 	diffCmd.Stdout = &diff
 	if err := ignoreExitCodeOne(diffCmd.Run()); err != nil {
-		writeError(w, fmt.Errorf("error running diff: %v", err))
+		writeError(w, 500, fmt.Errorf("error running diff: %v", err))
 		return
 	}
 	w.Write(diff.Bytes())
 }
 
+func serveHTMLDiff(w http.ResponseWriter, req *http.Request) {
+	pr, err := lookupPullRequest(*req.URL, "/diff/html")
+	if err != nil {
+		writeError(w, 400, err)
+		return
+	}
+
+	// We're going to run whatever Python is specified in the pull request, which
+	// may do bad things, so only trust people we trust.
+	if err := checkAuth(pr); err != nil {
+		writeError(w, 403, err)
+		return
+	}
+
+	base, err := generateAt(pr.Base.Repo.CloneURL, pr.Base.SHA)
+	defer os.RemoveAll(base)
+	if err != nil {
+		writeError(w, 500, err)
+		return
+	}
+
+	head, err := generateAt(pr.Head.Repo.CloneURL, pr.Head.SHA)
+	defer os.RemoveAll(head)
+	if err != nil {
+		writeError(w, 500, err)
+		return
+	}
+
+	htmlDiffer, err := findHTMLDiffer()
+	if err != nil {
+		writeError(w, 500, fmt.Errorf("could not find HTML differ"))
+		return
+	}
+
+	cmd := exec.Command(htmlDiffer, path.Join(base, "scripts", "gen", "specification.html"), path.Join(head, "scripts", "gen", "specification.html"))
+	var b bytes.Buffer
+	cmd.Stdout = &b
+	if err := cmd.Run(); err != nil {
+		writeError(w, 500, fmt.Errorf("error running HTML differ: %v", err))
+		return
+	}
+	w.Write(b.Bytes())
+}
+
+func findHTMLDiffer() (string, error) {
+	wd, err := os.Getwd()
+	if err != nil {
+		return "", err
+	}
+	differ := path.Join(wd, "htmldiff.pl")
+	if _, err := os.Stat(differ); err == nil {
+		return differ, nil
+	}
+	return "", fmt.Errorf("unable to find htmldiff.pl")
+}
+
 func listPulls(w http.ResponseWriter, req *http.Request) {
 	resp, err := http.Get(pullsPrefix)
 	if err != nil {
-		writeError(w, err)
+		writeError(w, 500, err)
 		return
 	}
 	defer resp.Body.Close()
 	dec := json.NewDecoder(resp.Body)
 	var pulls []PullRequest
 	if err := dec.Decode(&pulls); err != nil {
-		writeError(w, err)
+		writeError(w, 500, err)
 		return
 	}
 	if len(pulls) == 0 {
@@ -223,8 +284,8 @@ func listPulls(w http.ResponseWriter, req *http.Request) {
 	}
 	s := "<body><ul>"
 	for _, pull := range pulls {
-		s += fmt.Sprintf(`<li>%d: <a href="%s">%s</a>: <a href="%s">%s</a>: <a href="spec/%d">spec</a> <a href="diff/rst/%d">rst diff</a></li>`,
-			pull.Number, pull.User.HTMLURL, pull.User.Login, pull.HTMLURL, pull.Title, pull.Number, pull.Number)
+		s += fmt.Sprintf(`<li>%d: <a href="%s">%s</a>: <a href="%s">%s</a>: <a href="spec/%d">spec</a> <a href="diff/html/%d">spec diff</a> <a href="diff/rst/%d">rst diff</a></li>`,
+			pull.Number, pull.User.HTMLURL, pull.User.Login, pull.HTMLURL, pull.Title, pull.Number, pull.Number, pull.Number)
 	}
 	s += "</ul></body>"
 	io.WriteString(w, s)
@@ -257,7 +318,8 @@ func main() {
 		"NegativeMjark": true,
 	}
 	http.HandleFunc("/spec/", serveSpec)
-	http.HandleFunc("/diff/rst/", serveRstDiff)
+	http.HandleFunc("/diff/rst/", serveRSTDiff)
+	http.HandleFunc("/diff/html/", serveHTMLDiff)
 	http.HandleFunc("/healthz", serveText("ok"))
 	http.HandleFunc("/", listPulls)
 	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
diff --git a/templating/build.py b/templating/build.py
index 6f465607..b91e1da2 100755
--- a/templating/build.py
+++ b/templating/build.py
@@ -38,7 +38,7 @@ Processing
 """
 from batesian import AccessKeyStore
 
-from jinja2 import Environment, FileSystemLoader, StrictUndefined, Template
+from jinja2 import Environment, FileSystemLoader, StrictUndefined, Template, meta
 from argparse import ArgumentParser, FileType
 import importlib
 import json
@@ -122,7 +122,19 @@ def main(input_module, file_stream=None, out_dir=None, verbose=False):
 
     # check the input files and substitute in sections where required
     log("Parsing input template: %s" % file_stream.name)
-    temp = Template(file_stream.read().decode("utf-8"))
+    temp_str = file_stream.read().decode("utf-8")
+    # do sanity checking on the template to make sure they aren't reffing things
+    # which will never be replaced with a section.
+    ast = env.parse(temp_str)
+    template_vars = meta.find_undeclared_variables(ast)
+    unused_vars = [var for var in template_vars if var not in sections]
+    if len(unused_vars) > 0:
+        raise Exception(
+            "You have {{ variables }} which are not found in sections: %s" %
+            (unused_vars,)
+        )
+    # process the template
+    temp = Template(temp_str)
     log("Creating output for: %s" % file_stream.name)
     output = create_from_template(temp, sections)
     with open(