Gun seems great - both useful and usable! However, I'm struggling to understand the difference between a public space put, a user space put and a frozen space put. My attempts at the simplest possible examples are:

Public Space

let gun = Gun() 
gun.put('hello') // public space put anyone can edit? 

User Space

let user = gun.user() 
user.create('Bob','password123',console.log) 
user.auth('Bob' ,'password123',console.log) 
user.get('test').put("Bob's text") 


let user2 = gun.user() 
user2.create('Eve','password456',console.log) 
user2.auth('Eve' ,'password456',console.log) 
user2.get('test').put("Eve's text") 
gun.get('test').once(console.log)

// Should this result in separately indexed entries in the db?
// Is the verification built in or up to the app developer?

Frozen Space

// From the example:

var data = "hello world";
var hash = await SEA.work(data, null, null, {name: "SHA-256"});
gun.get('#').get(hash).put(data);

//Would not this hash key's value be replaceable by another user? Is the onus on the app developer to check result of returned result (and remove peers that send bad info)? 

Assuming that a user could choose any relay server (including ones that randomly tinker with the data), how much of the authenentication (user space) and content id (frozen) is done in the GUN protocol, and how much is down to the app developer(s)?

Can anyone improve on the examples above?

EDIT

From the docs:

This is useful, because it lets you verify that data has not been changed even if it is in a public place. And using SEA with GUN, it prevent peers from changing the data if some name/key combo of '#'+hash is used.

It seems the content addressing, frozen space, is built in.

Public Space

Anyone can edit.

let gun = Gun() 
gun.get('foo').put({hello: 'world'})

Docs: https://gun.eco/docs/Hello-World

User Space (or Key Space)

Only data signed with the user's key can be put. Uses SEA.

The ~ operator is used to access userspace. Gun interprets this something like "only allow data signed by the key following ~ to be put here"

let Bob = await SEA.pair();
await gun.user().auth(Bob) 
gun.get('~'+Bob.pub).get('test').get('TestPropery').put("Hello from Bob",console.log) 

let Eve = await SEA.pair() 
await gun.user().auth(Eve) // comment this out and below line will fail, because authorised user Bob not Eve
gun.get('~'+Eve.pub).get('test').get('TestPropery').put("Hello from Alice",console.log) 

Docs: https://gun.eco/docs/SEA#quickstart

Frozen Space (Hash Space, Content Id Space)

The # operator is used. Gun interprets something like "Only allow data to be put here if its hash matches the appended hash object."

var data = "hello world";
var hash = await SEA.work(data, null, null, {name: "SHA-256"});
gun.get('#').get(hash).put(data);

From docs: https://gun.eco/docs/Content-Addressing

I've also observed that you can have frozen space on top of user space but not vice-versa:

//works (content hash id enforced)
gun.get(pub).get('#').get('bR+eukWF7mYgxibHHRc6tJ+G6PIMEB91O1WVEbAYuWU=').put('NJViiTklbpVb2mmXmRel1cZ0F5lm6ZSTAjYg3RWhqkU.qbu9aOlUXGbrFwqZqeLdw2KiMlpj3QMbezmGRm4u7l0') 

//you can't append data to a # obj like this
gun.get('#').get('bR+eukWF7mYgxibHHRc6tJ+G6PIMEB91O1WVEbAYuWU=').get('NJViiTklbpVb2mmXmRel1cZ0F5lm6ZSTAjYg3RWhqkU.qbu9aOlUXGbrFwqZqeLdw2KiMlpj3QMbezmGRm4u7l0').put({'something':'else'})