diff --git a/.claude/settings.local.json b/.claude/settings.local.json new file mode 100644 index 00000000..d8fe120f --- /dev/null +++ b/.claude/settings.local.json @@ -0,0 +1,166 @@ +{ + "permissions": { + "allow": [ + "Skill(skill-creator)", + "Bash(cat:*)", + "Bash(python3:*)", + "Bash(find:*)", + "Skill(nostr-websocket)", + "Bash(go build:*)", + "Bash(chmod:*)", + "Bash(journalctl:*)", + "Bash(timeout 5 bash -c 'echo [\"\"REQ\"\",\"\"test123\"\",{\"\"kinds\"\":[1],\"\"limit\"\":1}] | websocat ws://localhost:3334':*)", + "Bash(pkill:*)", + "Bash(timeout 5 bash:*)", + "Bash(md5sum:*)", + "Bash(timeout 3 bash -c 'echo [\\\"\"REQ\\\"\",\\\"\"test456\\\"\",{\\\"\"kinds\\\"\":[1],\\\"\"limit\\\"\":10}] | websocat ws://localhost:3334')", + "Bash(printf:*)", + "Bash(websocat:*)", + "Bash(go test:*)", + "Bash(timeout 180 go test:*)", + "WebFetch(domain:github.com)", + "WebFetch(domain:raw.githubusercontent.com)", + "Bash(/tmp/find help)", + "Bash(/tmp/find verify-name example.com)", + "Skill(golang)", + "Bash(/tmp/find verify-name Bitcoin.Nostr)", + "Bash(/tmp/find generate-key)", + "Bash(git ls-tree:*)", + "Bash(CGO_ENABLED=0 go build:*)", + "Bash(CGO_ENABLED=0 go test:*)", + "Bash(app/web/dist/index.html)", + "Bash(export CGO_ENABLED=0)", + "Bash(bash:*)", + "Bash(CGO_ENABLED=0 ORLY_LOG_LEVEL=debug go test:*)", + "Bash(/tmp/test-policy-script.sh)", + "Bash(docker --version:*)", + "Bash(mkdir:*)", + "Bash(./test-docker-policy/test-policy.sh:*)", + "Bash(docker-compose:*)", + "Bash(tee:*)", + "Bash(docker logs:*)", + "Bash(timeout 5 websocat:*)", + "Bash(docker exec:*)", + "Bash(TESTSIG=\"bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\":*)", + "Bash(echo:*)", + "Bash(git rm:*)", + "Bash(git add:*)", + "Bash(./test-policy.sh:*)", + "Bash(docker rm:*)", + "Bash(./scripts/docker-policy/test-policy.sh:*)", + "Bash(./policytest:*)", + "WebSearch", + "WebFetch(domain:blog.scottlogic.com)", + "WebFetch(domain:eli.thegreenplace.net)", + "WebFetch(domain:learn-wasm.dev)", + "Bash(curl:*)", + "Bash(./build.sh)", + "Bash(./pkg/wasm/shell/run.sh:*)", + "Bash(./run.sh echo.wasm)", + "Bash(./test.sh)", + "Bash(ORLY_PPROF=cpu ORLY_LOG_LEVEL=info ORLY_LISTEN=0.0.0.0 ORLY_PORT=3334 ORLY_ADMINS=npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku ORLY_OWNERS=npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku ORLY_ACL_MODE=follows ORLY_SPIDER_MODE=follows timeout 120 go run:*)", + "Bash(go tool pprof:*)", + "Bash(go get:*)", + "Bash(go mod tidy:*)", + "Bash(go list:*)", + "Bash(timeout 180 go build:*)", + "Bash(timeout 240 go build:*)", + "Bash(timeout 300 go build:*)", + "Bash(/tmp/orly:*)", + "Bash(./orly version:*)", + "Bash(git checkout:*)", + "Bash(docker ps:*)", + "Bash(./run-profile.sh:*)", + "Bash(sudo rm:*)", + "Bash(docker compose:*)", + "Bash(./run-benchmark.sh:*)", + "Bash(docker run:*)", + "Bash(docker inspect:*)", + "Bash(./run-benchmark-clean.sh:*)", + "Bash(cd:*)", + "Bash(CGO_ENABLED=0 timeout 180 go build:*)", + "Bash(/home/mleku/src/next.orly.dev/pkg/dgraph/dgraph.go)", + "Bash(ORLY_LOG_LEVEL=debug timeout 60 ./orly:*)", + "Bash(ORLY_LOG_LEVEL=debug timeout 30 ./orly:*)", + "Bash(killall:*)", + "Bash(kill:*)", + "Bash(gh repo list:*)", + "Bash(gh auth:*)", + "Bash(/tmp/backup-github-repos.sh)", + "Bash(./benchmark:*)", + "Bash(env)", + "Bash(./run-badger-benchmark.sh:*)", + "Bash(./update-github-vpn.sh:*)", + "Bash(dmesg:*)", + "Bash(export:*)", + "Bash(timeout 60 /tmp/benchmark-fixed:*)", + "Bash(/tmp/test-auth-event.sh)", + "Bash(CGO_ENABLED=0 timeout 180 go test:*)", + "Bash(/tmp/benchmark-real-events:*)", + "Bash(CGO_ENABLED=0 timeout 240 go build:*)", + "Bash(/tmp/benchmark-final --events 500 --workers 2 --datadir /tmp/test-real-final)", + "Bash(timeout 60 /tmp/benchmark-final:*)", + "Bash(timeout 120 ./benchmark:*)", + "Bash(timeout 60 ./benchmark:*)", + "Bash(timeout 30 ./benchmark:*)", + "Bash(timeout 15 ./benchmark:*)", + "Bash(docker build:*)", + "Bash(xargs:*)", + "Bash(timeout 30 sh:*)", + "Bash(timeout 60 go test:*)", + "Bash(timeout 120 go test:*)", + "Bash(timeout 180 ./scripts/test.sh:*)", + "Bash(CGO_ENABLED=0 timeout 60 go test:*)", + "Bash(CGO_ENABLED=1 go build:*)", + "Bash(lynx:*)", + "Bash(sed:*)", + "Bash(docker stop:*)", + "Bash(grep:*)", + "Bash(timeout 30 go test:*)", + "Bash(tree:*)", + "Bash(timeout 180 ./migrate-imports.sh:*)", + "Bash(./migrate-fast.sh:*)", + "Bash(git restore:*)", + "Bash(go mod download:*)", + "Bash(go clean:*)", + "Bash(GOSUMDB=off CGO_ENABLED=0 timeout 240 go build:*)", + "Bash(CGO_ENABLED=0 GOFLAGS=-mod=mod timeout 240 go build:*)", + "Bash(CGO_ENABLED=0 timeout 120 go test:*)", + "Bash(./cmd/blossomtest/blossomtest:*)", + "Bash(sudo journalctl:*)", + "Bash(systemctl:*)", + "Bash(systemctl show:*)", + "Bash(ssh relay1:*)", + "Bash(done)", + "Bash(go run:*)", + "Bash(go doc:*)", + "Bash(/tmp/orly-test help:*)", + "Bash(go version:*)", + "Bash(ss:*)", + "Bash(CGO_ENABLED=0 go clean:*)", + "Bash(CGO_ENABLED=0 timeout 30 go test:*)", + "Bash(~/.local/bin/tea issue 6 --repo mleku/next.orly.dev --remote https://git.nostrdev.com)", + "Bash(tea issue:*)", + "Bash(tea issues view:*)", + "Bash(tea issue view:*)", + "Bash(tea issues:*)", + "Bash(bun run build:*)", + "Bash(git tag:*)", + "Bash(/tmp/orly-test version:*)", + "Bash(git log:*)", + "Bash(git show:*)", + "Bash(git config:*)", + "Bash(git check-ignore:*)", + "Bash(git commit:*)", + "WebFetch(domain:www.npmjs.com)", + "Bash(git stash:*)", + "WebFetch(domain:arxiv.org)", + "WebFetch(domain:hal.science)", + "WebFetch(domain:pkg.go.dev)", + "WebFetch(domain:paulmillr.com)" + ], + "deny": [], + "ask": [] + }, + "outputStyle": "Explanatory" +} diff --git a/.claude/skills/distributed-systems/SKILL.md b/.claude/skills/distributed-systems/SKILL.md new file mode 100644 index 00000000..c5af8b33 --- /dev/null +++ b/.claude/skills/distributed-systems/SKILL.md @@ -0,0 +1,1115 @@ +--- +name: distributed-systems +description: This skill should be used when designing or implementing distributed systems, understanding consensus protocols (Paxos, Raft, PBFT, Nakamoto, PnyxDB), analyzing CAP theorem trade-offs, implementing logical clocks (Lamport, Vector, ITC), or building fault-tolerant architectures. Provides comprehensive knowledge of consensus algorithms, Byzantine fault tolerance, adversarial oracle protocols, replication strategies, causality tracking, and distributed system design principles. +--- + +# Distributed Systems + +This skill provides deep knowledge of distributed systems design, consensus protocols, fault tolerance, and the fundamental trade-offs in building reliable distributed architectures. + +## When to Use This Skill + +- Designing distributed databases or storage systems +- Implementing consensus protocols (Raft, Paxos, PBFT, Nakamoto, PnyxDB) +- Analyzing system trade-offs using CAP theorem +- Building fault-tolerant or Byzantine fault-tolerant systems +- Understanding replication and consistency models +- Implementing causality tracking with logical clocks +- Building blockchain consensus mechanisms +- Designing decentralized oracle systems +- Understanding adversarial attack vectors in distributed systems + +## CAP Theorem + +### The Fundamental Trade-off + +The CAP theorem, introduced by Eric Brewer in 2000, states that a distributed data store cannot simultaneously provide more than two of: + +1. **Consistency (C)**: Every read receives the most recent write or an error +2. **Availability (A)**: Every request receives a non-error response (without guarantee of most recent data) +3. **Partition Tolerance (P)**: System continues operating despite network partitions + +### Why P is Non-Negotiable + +In any distributed system over a network: +- Network partitions **will** occur (cable cuts, router failures, congestion) +- A system that isn't partition-tolerant isn't truly distributed +- The real choice is between **CP** and **AP** during partitions + +### System Classifications + +#### CP Systems (Consistency + Partition Tolerance) + +**Behavior during partition**: Refuses some requests to maintain consistency. + +**Examples**: +- MongoDB (with majority write concern) +- HBase +- Zookeeper +- etcd + +**Use when**: +- Correctness is paramount (financial systems) +- Stale reads are unacceptable +- Brief unavailability is tolerable + +#### AP Systems (Availability + Partition Tolerance) + +**Behavior during partition**: Continues serving requests, may return stale data. + +**Examples**: +- Cassandra +- DynamoDB +- CouchDB +- Riak + +**Use when**: +- High availability is critical +- Eventual consistency is acceptable +- Shopping carts, social media feeds + +#### CA Systems + +**Theoretical only**: Cannot exist in distributed systems because partitions are inevitable. + +Single-node databases are technically CA but aren't distributed. + +### PACELC Extension + +PACELC extends CAP to address normal operation: + +> If there is a **P**artition, choose between **A**vailability and **C**onsistency. +> **E**lse (normal operation), choose between **L**atency and **C**onsistency. + +| System | P: A or C | E: L or C | +|--------|-----------|-----------| +| DynamoDB | A | L | +| Cassandra | A | L | +| MongoDB | C | C | +| PNUTS | C | L | + +## Consistency Models + +### Strong Consistency + +Every read returns the most recent write. Achieved through: +- Single leader with synchronous replication +- Consensus protocols (Paxos, Raft) + +**Trade-off**: Higher latency, lower availability during failures. + +### Eventual Consistency + +If no new updates, all replicas eventually converge to the same state. + +**Variants**: +- **Causal consistency**: Preserves causally related operations order +- **Read-your-writes**: Clients see their own writes +- **Monotonic reads**: Never see older data after seeing newer +- **Session consistency**: Consistency within a session + +### Linearizability + +Operations appear instantaneous at some point between invocation and response. + +**Provides**: +- Single-object operations appear atomic +- Real-time ordering guarantees +- Foundation for distributed locks, leader election + +### Serializability + +Transactions appear to execute in some serial order. + +**Note**: Linearizability ≠ Serializability +- Linearizability: Single-operation recency guarantee +- Serializability: Multi-operation isolation guarantee + +## Consensus Protocols + +### The Consensus Problem + +Getting distributed nodes to agree on a single value despite failures. + +**Requirements**: +1. **Agreement**: All correct nodes decide on the same value +2. **Validity**: Decided value was proposed by some node +3. **Termination**: All correct nodes eventually decide + +### Paxos + +Developed by Leslie Lamport (1989/1998), foundational consensus algorithm. + +#### Roles + +- **Proposers**: Propose values +- **Acceptors**: Vote on proposals +- **Learners**: Learn decided values + +#### Basic Protocol (Single-Decree) + +**Phase 1a: Prepare** +``` +Proposer → Acceptors: PREPARE(n) + - n is unique proposal number +``` + +**Phase 1b: Promise** +``` +Acceptor → Proposer: PROMISE(n, accepted_proposal) + - If n > highest_seen: promise to ignore lower proposals + - Return previously accepted proposal if any +``` + +**Phase 2a: Accept** +``` +Proposer → Acceptors: ACCEPT(n, v) + - v = value from highest accepted proposal, or proposer's own value +``` + +**Phase 2b: Accepted** +``` +Acceptor → Learners: ACCEPTED(n, v) + - If n >= highest_promised: accept the proposal +``` + +**Decision**: Value is decided when majority of acceptors accept it. + +#### Multi-Paxos + +Optimization for sequences of values: +- Elect stable leader +- Skip Phase 1 for subsequent proposals +- Significantly reduces message complexity + +#### Strengths and Weaknesses + +**Strengths**: +- Proven correct +- Tolerates f failures with 2f+1 nodes +- Foundation for many systems + +**Weaknesses**: +- Complex to implement correctly +- No specified leader election +- Performance requires Multi-Paxos optimizations + +### Raft + +Designed by Diego Ongaro and John Ousterhout (2013) for understandability. + +#### Key Design Principles + +1. **Decomposition**: Separates leader election, log replication, safety +2. **State reduction**: Minimizes states to consider +3. **Strong leader**: All writes through leader + +#### Server States + +- **Leader**: Handles all client requests, replicates log +- **Follower**: Passive, responds to leader and candidates +- **Candidate**: Trying to become leader + +#### Leader Election + +``` +1. Follower times out (no heartbeat from leader) +2. Becomes Candidate, increments term, votes for self +3. Requests votes from other servers +4. Wins with majority votes → becomes Leader +5. Loses (another leader) → becomes Follower +6. Timeout → starts new election +``` + +**Safety**: Only candidates with up-to-date logs can win. + +#### Log Replication + +``` +1. Client sends command to Leader +2. Leader appends to local log +3. Leader sends AppendEntries to Followers +4. On majority acknowledgment: entry is committed +5. Leader applies to state machine, responds to client +6. Followers apply committed entries +``` + +#### Log Matching Property + +If two logs contain entry with same index and term: +- Entries are identical +- All preceding entries are identical + +#### Term + +Logical clock that increases with each election: +- Detects stale leaders +- Resolves conflicts +- Included in all messages + +#### Comparison with Paxos + +| Aspect | Paxos | Raft | +|--------|-------|------| +| Understandability | Complex | Designed for clarity | +| Leader | Optional (Multi-Paxos) | Required | +| Log gaps | Allowed | Not allowed | +| Membership changes | Complex | Joint consensus | +| Implementations | Many variants | Consistent | + +### PBFT (Practical Byzantine Fault Tolerance) + +Developed by Castro and Liskov (1999) for Byzantine faults. + +#### Byzantine Faults + +Nodes can behave arbitrarily: +- Crash +- Send incorrect messages +- Collude maliciously +- Act inconsistently to different nodes + +#### Fault Tolerance + +Tolerates f Byzantine faults with **3f+1** nodes. + +**Why 3f+1?** +- Need 2f+1 honest responses +- f Byzantine nodes might lie +- Need f more to distinguish honest majority + +#### Protocol Phases + +**Normal Operation** (leader is honest): + +``` +1. REQUEST: Client → Primary (leader) +2. PRE-PREPARE: Primary → All replicas + - Primary assigns sequence number +3. PREPARE: Each replica → All replicas + - Validates pre-prepare +4. COMMIT: Each replica → All replicas + - After receiving 2f+1 prepares +5. REPLY: Each replica → Client + - After receiving 2f+1 commits +``` + +**Client waits for f+1 matching replies**. + +#### View Change + +When primary appears faulty: +1. Replicas timeout waiting for primary +2. Broadcast VIEW-CHANGE with prepared certificates +3. New primary collects 2f+1 view-changes +4. Broadcasts NEW-VIEW with proof +5. System resumes with new primary + +#### Message Complexity + +- **Normal case**: O(n²) messages per request +- **View change**: O(n³) messages + +**Scalability challenge**: Quadratic messaging limits cluster size. + +#### Optimizations + +- **Speculative execution**: Execute before commit +- **Batching**: Group multiple requests +- **Signatures**: Use MACs instead of digital signatures +- **Threshold signatures**: Reduce signature overhead + +### Modern BFT Variants + +#### HotStuff (2019) + +- Linear message complexity O(n) +- Used in LibraBFT (Diem), other blockchains +- Three-phase protocol with threshold signatures + +#### Tendermint + +- Blockchain-focused BFT +- Integrated with Cosmos SDK +- Immediate finality + +#### QBFT (Quorum BFT) + +- Enterprise-focused (ConsenSys/JPMorgan) +- Enhanced IBFT for Ethereum-based systems + +### Nakamoto Consensus + +The consensus mechanism powering Bitcoin, introduced by Satoshi Nakamoto (2008). + +#### Core Innovation + +Combines three elements: +1. **Proof-of-Work (PoW)**: Cryptographic puzzle for block creation +2. **Longest Chain Rule**: Fork resolution by accumulated work +3. **Probabilistic Finality**: Security increases with confirmations + +#### How It Works + +``` +1. Transactions broadcast to network +2. Miners collect transactions into blocks +3. Miners race to solve PoW puzzle: + - Find nonce such that Hash(block_header) < target + - Difficulty adjusts to maintain ~10 min block time +4. First miner to solve broadcasts block +5. Other nodes verify and append to longest chain +6. Miner receives block reward + transaction fees +``` + +#### Longest Chain Rule + +When forks occur: +``` +Chain A: [genesis] → [1] → [2] → [3] +Chain B: [genesis] → [1] → [2'] → [3'] → [4'] + +Nodes follow Chain B (more accumulated work) +Chain A blocks become "orphaned" +``` + +**Note**: Actually "most accumulated work" not "most blocks"—a chain with fewer but harder blocks wins. + +#### Security Model + +**Honest Majority Assumption**: Protocol secure if honest mining power > 50%. + +Formal analysis (Ren 2019): +``` +Safe if: g²α > β + +Where: + α = honest mining rate + β = adversarial mining rate + g = growth rate accounting for network delay + Δ = maximum network delay +``` + +**Implications**: +- Larger block interval → more security margin +- Higher network delay → need more honest majority +- 10-minute block time provides safety margin for global network + +#### Probabilistic Finality + +No instant finality—deeper blocks are exponentially harder to reverse: + +| Confirmations | Attack Probability (30% attacker) | +|---------------|-----------------------------------| +| 1 | ~50% | +| 3 | ~12% | +| 6 | ~0.2% | +| 12 | ~0.003% | + +**Convention**: 6 confirmations (~1 hour) considered "final" for Bitcoin. + +#### Attacks + +**51% Attack**: Attacker with majority hashrate can: +- Double-spend transactions +- Prevent confirmations +- NOT: steal funds, change consensus rules, create invalid transactions + +**Selfish Mining**: Strategic block withholding to waste honest miners' work. +- Profitable with < 50% hashrate under certain conditions +- Mitigated by network propagation improvements + +**Long-Range Attacks**: Not applicable to PoW (unlike PoS). + +#### Trade-offs vs Traditional BFT + +| Aspect | Nakamoto | Classical BFT | +|--------|----------|---------------| +| Finality | Probabilistic | Immediate | +| Throughput | Low (~7 TPS) | Higher | +| Participants | Permissionless | Permissioned | +| Energy | High (PoW) | Low | +| Fault tolerance | 50% hashrate | 33% nodes | +| Scalability | Global | Limited nodes | + +### PnyxDB: Leaderless Democratic BFT + +Developed by Bonniot, Neumann, and Taïani (2019) for consortia applications. + +#### Key Innovation: Conditional Endorsements + +Unlike leader-based BFT, PnyxDB uses **leaderless quorums** with conditional endorsements: +- Endorsements track conflicts between transactions +- If transactions commute (no conflicting operations), quorums built independently +- Non-commuting transactions handled via Byzantine Veto Procedure (BVP) + +#### Transaction Lifecycle + +``` +1. Client broadcasts transaction to endorsers +2. Endorsers evaluate against application-defined policies +3. If no conflicts: endorser sends acknowledgment +4. If conflicts detected: conditional endorsement specifying + which transactions must NOT be committed for this to be valid +5. Transaction commits when quorum of valid endorsements collected +6. BVP resolves conflicting transactions +``` + +#### Byzantine Veto Procedure (BVP) + +Ensures termination with conflicting transactions: +- Transactions have deadlines +- Conflicting endorsements trigger resolution loop +- Protocol guarantees exit when deadline passes +- At most f Byzantine nodes tolerated with n endorsers + +#### Application-Level Voting + +Unique feature: nodes can endorse or reject transactions based on **application-defined policies** without compromising consistency. + +Use cases: +- Consortium governance decisions +- Policy-based access control +- Democratic decision making + +#### Performance + +Compared to BFT-SMaRt and Tendermint: +- **11x faster** commit latencies +- **< 5 seconds** in worldwide geo-distributed deployment +- Tested with **180 nodes** + +#### Implementation + +- Written in Go (requires Go 1.11+) +- Uses gossip broadcast for message propagation +- Web-of-trust node authentication +- Scales to hundreds/thousands of nodes + +## Replication Strategies + +### Single-Leader Replication + +``` +Clients → Leader → Followers +``` + +**Pros**: Simple, strong consistency possible +**Cons**: Leader bottleneck, failover complexity + +#### Synchronous vs Asynchronous + +| Type | Durability | Latency | Availability | +|------|------------|---------|--------------| +| Synchronous | Guaranteed | High | Lower | +| Asynchronous | At-risk | Low | Higher | +| Semi-synchronous | Balanced | Medium | Medium | + +### Multi-Leader Replication + +Multiple nodes accept writes, replicate to each other. + +**Use cases**: +- Multi-datacenter deployment +- Clients with offline operation + +**Challenges**: +- Write conflicts +- Conflict resolution complexity + +#### Conflict Resolution + +- **Last-write-wins (LWW)**: Timestamp-based, may lose data +- **Application-specific**: Custom merge logic +- **CRDTs**: Mathematically guaranteed convergence + +### Leaderless Replication + +Any node can accept reads and writes. + +**Examples**: Dynamo, Cassandra, Riak + +#### Quorum Reads/Writes + +``` +n = total replicas +w = write quorum (nodes that must acknowledge write) +r = read quorum (nodes that must respond to read) + +For strong consistency: w + r > n +``` + +**Common configurations**: +- n=3, w=2, r=2: Tolerates 1 failure +- n=5, w=3, r=3: Tolerates 2 failures + +#### Sloppy Quorums and Hinted Handoff + +During partitions: +- Write to available nodes (even if not home replicas) +- "Hints" stored for unavailable nodes +- Hints replayed when nodes recover + +## Failure Modes + +### Crash Failures + +Node stops responding. Simplest failure model. + +**Detection**: Heartbeats, timeouts +**Tolerance**: 2f+1 nodes for f failures (Paxos, Raft) + +### Byzantine Failures + +Arbitrary behavior including malicious. + +**Detection**: Difficult without redundancy +**Tolerance**: 3f+1 nodes for f failures (PBFT) + +### Network Partitions + +Nodes can't communicate with some other nodes. + +**Impact**: Forces CP vs AP choice +**Recovery**: Reconciliation after partition heals + +### Split Brain + +Multiple nodes believe they are leader. + +**Prevention**: +- Fencing (STONITH: Shoot The Other Node In The Head) +- Quorum-based leader election +- Lease-based leadership + +## Design Patterns + +### State Machine Replication + +Replicate deterministic state machine across nodes: +1. All replicas start in same state +2. Apply same commands in same order +3. All reach same final state + +**Requires**: Total order broadcast (consensus) + +### Chain Replication + +``` +Head → Node2 → Node3 → ... → Tail +``` + +- Writes enter at head, propagate down chain +- Reads served by tail (strongly consistent) +- Simple, high throughput + +### Primary-Backup + +Primary handles all operations, synchronously replicates to backups. + +**Failover**: Backup promoted to primary on failure. + +### Quorum Systems + +Intersecting sets ensure consistency: +- Any read quorum intersects any write quorum +- Guarantees reads see latest write + +## Balancing Trade-offs + +### Identifying Critical Requirements + +1. **Correctness requirements** + - Is data loss acceptable? + - Can operations be reordered? + - Are conflicts resolvable? + +2. **Availability requirements** + - What's acceptable downtime? + - Geographic distribution needs? + - Partition recovery strategy? + +3. **Performance requirements** + - Latency targets? + - Throughput needs? + - Consistency cost tolerance? + +### Vulnerability Mitigation by Protocol + +#### Paxos/Raft (Crash Fault Tolerant) + +**Vulnerabilities**: +- Leader failure causes brief unavailability +- Split-brain without proper fencing +- Slow follower impacts commit latency (sync replication) + +**Mitigations**: +- Fast leader election (pre-voting) +- Quorum-based fencing +- Flexible quorum configurations +- Learner nodes for read scaling + +#### PBFT (Byzantine Fault Tolerant) + +**Vulnerabilities**: +- O(n²) messages limit scalability +- View change is expensive +- Requires 3f+1 nodes (more infrastructure) + +**Mitigations**: +- Batching and pipelining +- Optimistic execution (HotStuff) +- Threshold signatures +- Hierarchical consensus for scaling + +### Choosing the Right Protocol + +| Scenario | Recommended | Rationale | +|----------|-------------|-----------| +| Internal infrastructure | Raft | Simple, well-understood | +| High consistency needs | Raft/Paxos | Proven correctness | +| Public/untrusted network | PBFT variant | Byzantine tolerance | +| Blockchain | HotStuff/Tendermint | Linear complexity BFT | +| Eventually consistent | Dynamo-style | High availability | +| Global distribution | Multi-leader + CRDTs | Partition tolerance | + +## Implementation Considerations + +### Timeouts + +- **Heartbeat interval**: 100-300ms typical +- **Election timeout**: 10x heartbeat (avoid split votes) +- **Request timeout**: Application-dependent + +### Persistence + +What must be persisted before acknowledgment: +- **Raft**: Current term, voted-for, log entries +- **PBFT**: View number, prepared/committed certificates + +### Membership Changes + +Dynamic cluster membership: +- **Raft**: Joint consensus (old + new config) +- **Paxos**: α-reconfiguration +- **PBFT**: View change with new configuration + +### Testing + +- **Jepsen**: Distributed systems testing framework +- **Chaos engineering**: Intentional failure injection +- **Formal verification**: TLA+, Coq proofs + +## Adversarial Oracle Protocols + +Oracles bridge on-chain smart contracts with off-chain data, but introduce trust assumptions into trustless systems. + +### The Oracle Problem + +**Definition**: The security, authenticity, and trust conflict between third-party oracles and the trustless execution of smart contracts. + +**Core Challenge**: Blockchains cannot verify correctness of external data. Oracles become: +- Single points of failure +- Targets for manipulation +- Trust assumptions in "trustless" systems + +### Attack Vectors + +#### Price Oracle Manipulation + +**Flash Loan Attacks**: +``` +1. Borrow large amount via flash loan (no collateral) +2. Manipulate price on DEX (large trade) +3. Oracle reads manipulated price +4. Smart contract executes with wrong price +5. Profit from arbitrage/liquidation +6. Repay flash loan in same transaction +``` + +**Notable Example**: Harvest Finance ($30M+ loss, 2020) + +#### Data Source Attacks + +- **Compromised API**: Single data source manipulation +- **Front-running**: Oracle updates exploited before on-chain +- **Liveness attacks**: Preventing oracle updates +- **Bribery**: Incentivizing oracle operators to lie + +#### Economic Attacks + +**Cost of Corruption Analysis**: +``` +If oracle controls value V: + - Attack profit: V + - Attack cost: oracle stake + reputation + - Rational to attack if: profit > cost +``` + +**Implication**: Oracles must have stake > value they secure. + +### Decentralized Oracle Networks (DONs) + +#### Chainlink Model + +**Multi-layer Security**: +``` +1. Multiple independent data sources +2. Multiple independent node operators +3. Aggregation (median, weighted average) +4. Reputation system +5. Cryptoeconomic incentives (staking) +``` + +**Data Aggregation**: +``` +Nodes: [Oracle₁: $100, Oracle₂: $101, Oracle₃: $150, Oracle₄: $100] +Median: $100.50 +Outlier (Oracle₃) has minimal impact +``` + +#### Reputation and Staking + +``` +Node reputation based on: + - Historical accuracy + - Response time + - Uptime + - Stake amount + +Job assignment weighted by reputation +Slashing for misbehavior +``` + +### Oracle Design Patterns + +#### Time-Weighted Average Price (TWAP) + +Resist single-block manipulation: +``` +TWAP = Σ(price_i × duration_i) / total_duration + +Example over 1 hour: + - 30 min at $100: 30 × 100 = 3000 + - 20 min at $101: 20 × 101 = 2020 + - 10 min at $150 (manipulation): 10 × 150 = 1500 + TWAP = 6520 / 60 = $108.67 (vs $150 spot) +``` + +#### Commit-Reveal Schemes + +Prevent front-running oracle updates: +``` +Phase 1 (Commit): + - Oracle commits: hash(price || salt) + - Cannot be read by others + +Phase 2 (Reveal): + - Oracle reveals: price, salt + - Contract verifies hash matches + - All oracles reveal simultaneously +``` + +#### Schelling Points + +Game-theoretic oracle coordination: +``` +1. Multiple oracles submit answers +2. Consensus answer determined +3. Oracles matching consensus rewarded +4. Outliers penalized + +Assumption: Honest answer is "obvious" Schelling point +``` + +### Trusted Execution Environments (TEEs) + +Hardware-based oracle security: +``` +TEE (Intel SGX, ARM TrustZone): + - Isolated execution environment + - Code attestation + - Protected memory + - External data fetching inside enclave +``` + +**Benefits**: +- Verifiable computation +- Protected from host machine +- Cryptographic proofs of execution + +**Limitations**: +- Hardware trust assumption +- Side-channel attacks possible +- Intel SGX vulnerabilities discovered + +### Oracle Types by Data Source + +| Type | Source | Trust Model | Use Case | +|------|--------|-------------|----------| +| Price feeds | Exchanges | Multiple sources | DeFi | +| Randomness | VRF/DRAND | Cryptographic | Gaming, NFTs | +| Event outcomes | Manual report | Reputation | Prediction markets | +| Cross-chain | Other blockchains | Bridge security | Interoperability | +| Computation | Off-chain compute | Verifiable | Complex logic | + +### Defense Mechanisms + +1. **Diversification**: Multiple independent oracles +2. **Economic security**: Stake > protected value +3. **Time delays**: Allow dispute periods +4. **Circuit breakers**: Pause on anomalous data +5. **TWAP**: Resist flash manipulation +6. **Commit-reveal**: Prevent front-running +7. **Reputation**: Long-term incentives + +### Hybrid Approaches + +**Optimistic Oracles**: +``` +1. Oracle posts answer + bond +2. Dispute window (e.g., 2 hours) +3. If disputed: escalate to arbitration +4. If not disputed: answer accepted +5. Incorrect oracle loses bond +``` + +**Examples**: UMA Protocol, Optimistic Oracle + +## Causality and Logical Clocks + +Physical clocks cannot reliably order events in distributed systems due to clock drift and synchronization issues. Logical clocks provide ordering based on causality. + +### The Happened-Before Relation + +Defined by Leslie Lamport (1978): + +Event a **happened-before** event b (a → b) if: +1. a and b are in the same process, and a comes before b +2. a is a send event and b is the corresponding receive +3. There exists c such that a → c and c → b (transitivity) + +If neither a → b nor b → a, events are **concurrent** (a || b). + +### Lamport Clocks + +Simple scalar timestamps providing partial ordering. + +**Rules**: +``` +1. Each process maintains counter C +2. Before each event: C = C + 1 +3. Send message m with timestamp C +4. On receive: C = max(C, message_timestamp) + 1 +``` + +**Properties**: +- If a → b, then C(a) < C(b) +- **Limitation**: C(a) < C(b) does NOT imply a → b +- Cannot detect concurrent events + +**Use cases**: +- Total ordering with tie-breaker (process ID) +- Distributed snapshots +- Simple event ordering + +### Vector Clocks + +Array of counters, one per process. Captures full causality. + +**Structure** (for n processes): +``` +VC[1..n] where VC[i] is process i's logical time +``` + +**Rules** (at process i): +``` +1. Before each event: VC[i] = VC[i] + 1 +2. Send message with full vector VC +3. On receive from j: + for k in 1..n: + VC[k] = max(VC[k], received_VC[k]) + VC[i] = VC[i] + 1 +``` + +**Comparison** (for vectors V1 and V2): +``` +V1 = V2 iff ∀i: V1[i] = V2[i] +V1 ≤ V2 iff ∀i: V1[i] ≤ V2[i] +V1 < V2 iff V1 ≤ V2 and V1 ≠ V2 +V1 || V2 iff NOT(V1 ≤ V2) and NOT(V2 ≤ V1) # concurrent +``` + +**Properties**: +- a → b iff VC(a) < VC(b) +- a || b iff VC(a) || VC(b) +- **Full causality detection** + +**Trade-off**: O(n) space per event, where n = number of processes. + +### Interval Tree Clocks (ITC) + +Developed by Almeida, Baquero, and Fonte (2008) for dynamic systems. + +**Problem with Vector Clocks**: +- Static: size fixed to max number of processes +- ID retirement requires global coordination +- Unsuitable for high-churn systems (P2P) + +**ITC Solution**: +- Binary tree structure for ID space +- Dynamic ID allocation and deallocation +- Localized fork/join operations + +**Core Operations**: + +``` +fork(id): Split ID into two children + - Parent retains left half + - New process gets right half + +join(id1, id2): Merge two IDs + - Combine ID trees + - Localized operation, no global coordination + +event(id, stamp): Increment logical clock +peek(id, stamp): Read without increment +``` + +**ID Space Representation**: +``` + 1 # Full ID space + / \ + 0 1 # After one fork + / \ + 0 1 # After another fork (left child) +``` + +**Stamp (Clock) Representation**: +- Tree structure mirrors ID space +- Each node has base value + optional children +- Efficient representation of sparse vectors + +**Example**: +``` +Initial: id=(1), stamp=0 +Fork: id1=(1,0), stamp1=0 + id2=(0,1), stamp2=0 +Event at id1: stamp1=(0,(1,0)) +Join id1+id2: id=(1), stamp=max of both +``` + +**Advantages over Vector Clocks**: +- Constant-size representation possible +- Dynamic membership without global state +- Efficient ID garbage collection +- Causality preserved across reconfigurations + +**Use cases**: +- Peer-to-peer systems +- Mobile/ad-hoc networks +- Systems with frequent node join/leave + +### Version Vectors + +Specialization of vector clocks for tracking data versions. + +**Difference from Vector Clocks**: +- Vector clocks: track all events +- Version vectors: track data updates only + +**Usage in Dynamo-style systems**: +``` +Client reads with version vector V1 +Client writes with version vector V2 +Server compares: + - If V1 < current: stale read, conflict possible + - If V1 = current: safe update + - If V1 || current: concurrent writes, need resolution +``` + +### Hybrid Logical Clocks (HLC) + +Combines physical and logical time. + +**Structure**: +``` +HLC = (physical_time, logical_counter) +``` + +**Rules**: +``` +1. On local/send event: + pt = physical_clock() + if pt > l: + l = pt + c = 0 + else: + c = c + 1 + return (l, c) + +2. On receive with timestamp (l', c'): + pt = physical_clock() + if pt > l and pt > l': + l = pt + c = 0 + elif l' > l: + l = l' + c = c' + 1 + elif l > l': + c = c + 1 + else: # l = l' + c = max(c, c') + 1 + return (l, c) +``` + +**Properties**: +- Bounded drift from physical time +- Captures causality like Lamport clocks +- Timestamps comparable to wall-clock time +- Used in CockroachDB, Google Spanner + +### Comparison of Logical Clocks + +| Clock Type | Space | Causality | Concurrency | Dynamic | +|------------|-------|-----------|-------------|---------| +| Lamport | O(1) | Partial | No | Yes | +| Vector | O(n) | Full | Yes | No | +| ITC | O(log n)* | Full | Yes | Yes | +| HLC | O(1) | Partial | No | Yes | + +*ITC space varies based on tree structure + +### Practical Applications + +**Conflict Detection** (Vector Clocks): +``` +if V1 < V2: + # v1 is ancestor of v2, no conflict +elif V1 > V2: + # v2 is ancestor of v1, no conflict +else: # V1 || V2 + # Concurrent updates, need conflict resolution +``` + +**Causal Broadcast**: +``` +Deliver message m with VC only when: +1. VC[sender] = local_VC[sender] + 1 (next expected from sender) +2. ∀j ≠ sender: VC[j] ≤ local_VC[j] (all causal deps satisfied) +``` + +**Snapshot Algorithms**: +``` +Consistent cut: set of events S where + if e ∈ S and f → e, then f ∈ S +Vector clocks make this efficiently verifiable +``` + +## References + +For detailed protocol specifications and proofs, see: +- `references/consensus-protocols.md` - Detailed protocol descriptions +- `references/consistency-models.md` - Formal consistency definitions +- `references/failure-scenarios.md` - Failure mode analysis +- `references/logical-clocks.md` - Clock algorithms and implementations diff --git a/.claude/skills/distributed-systems/references/consensus-protocols.md b/.claude/skills/distributed-systems/references/consensus-protocols.md new file mode 100644 index 00000000..a3bfb071 --- /dev/null +++ b/.claude/skills/distributed-systems/references/consensus-protocols.md @@ -0,0 +1,610 @@ +# Consensus Protocols - Detailed Reference + +Complete specifications and implementation details for major consensus protocols. + +## Paxos Complete Specification + +### Proposal Numbers + +Proposal numbers must be: +- **Unique**: No two proposers use the same number +- **Totally ordered**: Any two can be compared + +**Implementation**: `(round_number, proposer_id)` where proposer_id breaks ties. + +### Single-Decree Paxos State + +**Proposer state**: +``` +proposal_number: int +value: any +``` + +**Acceptor state (persistent)**: +``` +highest_promised: int # Highest proposal number promised +accepted_proposal: int # Number of accepted proposal (0 if none) +accepted_value: any # Value of accepted proposal (null if none) +``` + +### Message Format + +**Prepare** (Phase 1a): +``` +{ + type: "PREPARE", + proposal_number: n +} +``` + +**Promise** (Phase 1b): +``` +{ + type: "PROMISE", + proposal_number: n, + accepted_proposal: m, # null if nothing accepted + accepted_value: v # null if nothing accepted +} +``` + +**Accept** (Phase 2a): +``` +{ + type: "ACCEPT", + proposal_number: n, + value: v +} +``` + +**Accepted** (Phase 2b): +``` +{ + type: "ACCEPTED", + proposal_number: n, + value: v +} +``` + +### Proposer Algorithm + +``` +function propose(value): + n = generate_proposal_number() + + # Phase 1: Prepare + promises = [] + for acceptor in acceptors: + send PREPARE(n) to acceptor + + wait until |promises| > |acceptors|/2 or timeout + + if timeout: + return FAILED + + # Choose value + highest = max(promises, key=p.accepted_proposal) + if highest.accepted_value is not null: + value = highest.accepted_value + + # Phase 2: Accept + accepts = [] + for acceptor in acceptors: + send ACCEPT(n, value) to acceptor + + wait until |accepts| > |acceptors|/2 or timeout + + if timeout: + return FAILED + + return SUCCESS(value) +``` + +### Acceptor Algorithm + +``` +on receive PREPARE(n): + if n > highest_promised: + highest_promised = n + persist(highest_promised) + reply PROMISE(n, accepted_proposal, accepted_value) + else: + # Optionally reply NACK(highest_promised) + ignore or reject + +on receive ACCEPT(n, v): + if n >= highest_promised: + highest_promised = n + accepted_proposal = n + accepted_value = v + persist(highest_promised, accepted_proposal, accepted_value) + reply ACCEPTED(n, v) + else: + ignore or reject +``` + +### Multi-Paxos Optimization + +**Stable leader**: +``` +# Leader election (using Paxos or other method) +leader = elect_leader() + +# Leader's Phase 1 for all future instances +leader sends PREPARE(n) for instance range [i, ∞) + +# For each command: +function propose_as_leader(value, instance): + # Skip Phase 1 if already leader + for acceptor in acceptors: + send ACCEPT(n, value, instance) to acceptor + wait for majority ACCEPTED + return SUCCESS +``` + +### Paxos Safety Proof Sketch + +**Invariant**: If a value v is chosen for instance i, no other value can be chosen. + +**Proof**: +1. Value chosen → accepted by majority with proposal n +2. Any higher proposal n' must contact majority +3. Majorities intersect → at least one acceptor has accepted v +4. New proposer adopts v (or higher already-accepted value) +5. By induction, all future proposals use v + +## Raft Complete Specification + +### State + +**All servers (persistent)**: +``` +currentTerm: int # Latest term seen +votedFor: ServerId # Candidate voted for in current term (null if none) +log[]: LogEntry # Log entries +``` + +**All servers (volatile)**: +``` +commitIndex: int # Highest log index known to be committed +lastApplied: int # Highest log index applied to state machine +``` + +**Leader (volatile, reinitialized after election)**: +``` +nextIndex[]: int # For each server, next log index to send +matchIndex[]: int # For each server, highest log index replicated +``` + +**LogEntry**: +``` +{ + term: int, + command: any +} +``` + +### RequestVote RPC + +**Request**: +``` +{ + term: int, # Candidate's term + candidateId: ServerId, # Candidate requesting vote + lastLogIndex: int, # Index of candidate's last log entry + lastLogTerm: int # Term of candidate's last log entry +} +``` + +**Response**: +``` +{ + term: int, # currentTerm, for candidate to update itself + voteGranted: bool # True if candidate received vote +} +``` + +**Receiver implementation**: +``` +on receive RequestVote(term, candidateId, lastLogIndex, lastLogTerm): + if term < currentTerm: + return {term: currentTerm, voteGranted: false} + + if term > currentTerm: + currentTerm = term + votedFor = null + convert to follower + + # Check if candidate's log is at least as up-to-date as ours + ourLastTerm = log[len(log)-1].term if log else 0 + ourLastIndex = len(log) - 1 + + logOK = (lastLogTerm > ourLastTerm) or + (lastLogTerm == ourLastTerm and lastLogIndex >= ourLastIndex) + + if (votedFor is null or votedFor == candidateId) and logOK: + votedFor = candidateId + persist(currentTerm, votedFor) + reset election timer + return {term: currentTerm, voteGranted: true} + + return {term: currentTerm, voteGranted: false} +``` + +### AppendEntries RPC + +**Request**: +``` +{ + term: int, # Leader's term + leaderId: ServerId, # For follower to redirect clients + prevLogIndex: int, # Index of log entry preceding new ones + prevLogTerm: int, # Term of prevLogIndex entry + entries[]: LogEntry, # Log entries to store (empty for heartbeat) + leaderCommit: int # Leader's commitIndex +} +``` + +**Response**: +``` +{ + term: int, # currentTerm, for leader to update itself + success: bool # True if follower had matching prevLog entry +} +``` + +**Receiver implementation**: +``` +on receive AppendEntries(term, leaderId, prevLogIndex, prevLogTerm, entries, leaderCommit): + if term < currentTerm: + return {term: currentTerm, success: false} + + reset election timer + + if term > currentTerm: + currentTerm = term + votedFor = null + + convert to follower + + # Check log consistency + if prevLogIndex >= len(log) or + (prevLogIndex >= 0 and log[prevLogIndex].term != prevLogTerm): + return {term: currentTerm, success: false} + + # Append new entries (handling conflicts) + for i, entry in enumerate(entries): + index = prevLogIndex + 1 + i + if index < len(log): + if log[index].term != entry.term: + # Delete conflicting entry and all following + log = log[:index] + log.append(entry) + else: + log.append(entry) + + persist(currentTerm, votedFor, log) + + # Update commit index + if leaderCommit > commitIndex: + commitIndex = min(leaderCommit, len(log) - 1) + + return {term: currentTerm, success: true} +``` + +### Leader Behavior + +``` +on becoming leader: + for each server: + nextIndex[server] = len(log) + matchIndex[server] = 0 + + start sending heartbeats + +on receiving client command: + append entry to local log + persist log + send AppendEntries to all followers + +on receiving AppendEntries response from server: + if response.success: + matchIndex[server] = prevLogIndex + len(entries) + nextIndex[server] = matchIndex[server] + 1 + + # Update commit index + for N from commitIndex+1 to len(log)-1: + if log[N].term == currentTerm and + |{s : matchIndex[s] >= N}| > |servers|/2: + commitIndex = N + else: + nextIndex[server] = max(1, nextIndex[server] - 1) + retry AppendEntries with lower prevLogIndex + +on commitIndex update: + while lastApplied < commitIndex: + lastApplied++ + apply log[lastApplied].command to state machine +``` + +### Election Timeout + +``` +on election timeout (follower or candidate): + currentTerm++ + convert to candidate + votedFor = self + persist(currentTerm, votedFor) + reset election timer + votes = 1 # Vote for self + + for each server except self: + send RequestVote(currentTerm, self, lastLogIndex, lastLogTerm) + + wait for responses or timeout: + if received votes > |servers|/2: + become leader + if received AppendEntries from valid leader: + become follower + if timeout: + start new election +``` + +## PBFT Complete Specification + +### Message Types + +**REQUEST**: +``` +{ + type: "REQUEST", + operation: o, # Operation to execute + timestamp: t, # Client timestamp (for reply matching) + client: c # Client identifier +} +``` + +**PRE-PREPARE**: +``` +{ + type: "PRE-PREPARE", + view: v, # Current view number + sequence: n, # Sequence number + digest: d, # Hash of request + request: m # The request message +} +signature(primary) +``` + +**PREPARE**: +``` +{ + type: "PREPARE", + view: v, + sequence: n, + digest: d, + replica: i # Sending replica +} +signature(replica_i) +``` + +**COMMIT**: +``` +{ + type: "COMMIT", + view: v, + sequence: n, + digest: d, + replica: i +} +signature(replica_i) +``` + +**REPLY**: +``` +{ + type: "REPLY", + view: v, + timestamp: t, + client: c, + replica: i, + result: r # Execution result +} +signature(replica_i) +``` + +### Replica State + +``` +view: int # Current view +sequence: int # Last assigned sequence number (primary) +log[]: {request, prepares, commits, state} # Log of requests +prepared_certificates: {} # Prepared certificates (2f+1 prepares) +committed_certificates: {} # Committed certificates (2f+1 commits) +h: int # Low water mark +H: int # High water mark (h + L) +``` + +### Normal Operation Protocol + +**Primary (replica p = v mod n)**: +``` +on receive REQUEST(m) from client: + if not primary for current view: + forward to primary + return + + n = assign_sequence_number() + d = hash(m) + + broadcast PRE-PREPARE(v, n, d, m) to all replicas + add to log +``` + +**All replicas**: +``` +on receive PRE-PREPARE(v, n, d, m) from primary: + if v != current_view: + ignore + if already accepted pre-prepare for (v, n) with different digest: + ignore + if not in_view_as_backup(v): + ignore + if not h < n <= H: + ignore # Outside sequence window + + # Valid pre-prepare + add to log + broadcast PREPARE(v, n, d, i) to all replicas + +on receive PREPARE(v, n, d, j) from replica j: + if v != current_view: + ignore + + add to log[n].prepares + + if |log[n].prepares| >= 2f and not already_prepared(v, n, d): + # Prepared certificate complete + mark as prepared + broadcast COMMIT(v, n, d, i) to all replicas + +on receive COMMIT(v, n, d, j) from replica j: + if v != current_view: + ignore + + add to log[n].commits + + if |log[n].commits| >= 2f + 1 and prepared(v, n, d): + # Committed certificate complete + if all entries < n are committed: + execute(m) + send REPLY(v, t, c, i, result) to client +``` + +### View Change Protocol + +**Timeout trigger**: +``` +on request timeout (no progress): + view_change_timeout++ + broadcast VIEW-CHANGE(v+1, n, C, P, i) + + where: + n = last stable checkpoint sequence number + C = checkpoint certificate (2f+1 checkpoint messages) + P = set of prepared certificates for messages after n +``` + +**VIEW-CHANGE**: +``` +{ + type: "VIEW-CHANGE", + view: v, # New view number + sequence: n, # Checkpoint sequence + checkpoints: C, # Checkpoint certificate + prepared: P, # Set of prepared certificates + replica: i +} +signature(replica_i) +``` + +**New primary (p' = v mod n)**: +``` +on receive 2f VIEW-CHANGE for view v: + V = set of valid view-change messages + + # Compute O: set of requests to re-propose + O = {} + for seq in max_checkpoint_seq(V) to max_seq(V): + if exists prepared certificate for seq in V: + O[seq] = request from certificate + else: + O[seq] = null-request # No-op + + broadcast NEW-VIEW(v, V, O) + + # Re-run protocol for requests in O + for seq, request in O: + if request != null: + send PRE-PREPARE(v, seq, hash(request), request) +``` + +**NEW-VIEW**: +``` +{ + type: "NEW-VIEW", + view: v, + view_changes: V, # 2f+1 view-change messages + pre_prepares: O # Set of pre-prepare messages +} +signature(primary) +``` + +### Checkpointing + +Periodic stable checkpoints to garbage collect logs: + +``` +every K requests: + state_hash = hash(state_machine_state) + broadcast CHECKPOINT(n, state_hash, i) + +on receive 2f+1 CHECKPOINT for (n, d): + if all digests match: + create stable checkpoint + h = n # Move low water mark + garbage_collect(entries < n) +``` + +## HotStuff Protocol + +Linear complexity BFT using threshold signatures. + +### Key Innovation + +- **Three-phase**: prepare → pre-commit → commit → decide +- **Pipelining**: Next proposal starts before current finishes +- **Threshold signatures**: O(n) total messages instead of O(n²) + +### Message Flow + +``` +Phase 1 (Prepare): + Leader: broadcast PREPARE(v, node) + Replicas: sign and send partial signature to leader + Leader: aggregate into prepare certificate QC + +Phase 2 (Pre-commit): + Leader: broadcast PRE-COMMIT(v, QC_prepare) + Replicas: sign and send partial signature + Leader: aggregate into pre-commit certificate + +Phase 3 (Commit): + Leader: broadcast COMMIT(v, QC_precommit) + Replicas: sign and send partial signature + Leader: aggregate into commit certificate + +Phase 4 (Decide): + Leader: broadcast DECIDE(v, QC_commit) + Replicas: execute and commit +``` + +### Pipelining + +``` +Block k: [prepare] [pre-commit] [commit] [decide] +Block k+1: [prepare] [pre-commit] [commit] [decide] +Block k+2: [prepare] [pre-commit] [commit] [decide] +``` + +Each phase of block k+1 piggybacks on messages for block k. + +## Protocol Comparison Matrix + +| Feature | Paxos | Raft | PBFT | HotStuff | +|---------|-------|------|------|----------| +| Fault model | Crash | Crash | Byzantine | Byzantine | +| Fault tolerance | f with 2f+1 | f with 2f+1 | f with 3f+1 | f with 3f+1 | +| Message complexity | O(n) | O(n) | O(n²) | O(n) | +| Leader required | No (helps) | Yes | Yes | Yes | +| Phases | 2 | 2 | 3 | 3 | +| View change | Complex | Simple | Complex | Simple | diff --git a/.claude/skills/distributed-systems/references/logical-clocks.md b/.claude/skills/distributed-systems/references/logical-clocks.md new file mode 100644 index 00000000..c8b09faf --- /dev/null +++ b/.claude/skills/distributed-systems/references/logical-clocks.md @@ -0,0 +1,610 @@ +# Logical Clocks - Implementation Reference + +Detailed implementations and algorithms for causality tracking. + +## Lamport Clock Implementation + +### Data Structure + +```go +type LamportClock struct { + counter uint64 + mu sync.Mutex +} + +func NewLamportClock() *LamportClock { + return &LamportClock{counter: 0} +} +``` + +### Operations + +```go +// Tick increments clock for local event +func (c *LamportClock) Tick() uint64 { + c.mu.Lock() + defer c.mu.Unlock() + c.counter++ + return c.counter +} + +// Send returns timestamp for outgoing message +func (c *LamportClock) Send() uint64 { + return c.Tick() +} + +// Receive updates clock based on incoming message timestamp +func (c *LamportClock) Receive(msgTime uint64) uint64 { + c.mu.Lock() + defer c.mu.Unlock() + + if msgTime > c.counter { + c.counter = msgTime + } + c.counter++ + return c.counter +} + +// Time returns current clock value without incrementing +func (c *LamportClock) Time() uint64 { + c.mu.Lock() + defer c.mu.Unlock() + return c.counter +} +``` + +### Usage Example + +```go +// Process A +clockA := NewLamportClock() +e1 := clockA.Tick() // Event 1: time=1 +msgTime := clockA.Send() // Send: time=2 + +// Process B +clockB := NewLamportClock() +e2 := clockB.Tick() // Event 2: time=1 +e3 := clockB.Receive(msgTime) // Receive: time=3 (max(1,2)+1) +``` + +## Vector Clock Implementation + +### Data Structure + +```go +type VectorClock struct { + clocks map[string]uint64 // processID -> logical time + self string // this process's ID + mu sync.RWMutex +} + +func NewVectorClock(processID string, allProcesses []string) *VectorClock { + clocks := make(map[string]uint64) + for _, p := range allProcesses { + clocks[p] = 0 + } + return &VectorClock{ + clocks: clocks, + self: processID, + } +} +``` + +### Operations + +```go +// Tick increments own clock +func (vc *VectorClock) Tick() map[string]uint64 { + vc.mu.Lock() + defer vc.mu.Unlock() + + vc.clocks[vc.self]++ + return vc.copy() +} + +// Send returns copy of vector for message +func (vc *VectorClock) Send() map[string]uint64 { + return vc.Tick() +} + +// Receive merges incoming vector and increments +func (vc *VectorClock) Receive(incoming map[string]uint64) map[string]uint64 { + vc.mu.Lock() + defer vc.mu.Unlock() + + // Merge: take max of each component + for pid, time := range incoming { + if time > vc.clocks[pid] { + vc.clocks[pid] = time + } + } + + // Increment own clock + vc.clocks[vc.self]++ + return vc.copy() +} + +// copy returns a copy of the vector +func (vc *VectorClock) copy() map[string]uint64 { + result := make(map[string]uint64) + for k, v := range vc.clocks { + result[k] = v + } + return result +} +``` + +### Comparison Functions + +```go +// Compare returns ordering relationship between two vectors +type Ordering int + +const ( + Equal Ordering = iota // V1 == V2 + HappenedBefore // V1 < V2 + HappenedAfter // V1 > V2 + Concurrent // V1 || V2 +) + +func Compare(v1, v2 map[string]uint64) Ordering { + less := false + greater := false + + // Get all keys + allKeys := make(map[string]bool) + for k := range v1 { + allKeys[k] = true + } + for k := range v2 { + allKeys[k] = true + } + + for k := range allKeys { + t1 := v1[k] // 0 if not present + t2 := v2[k] + + if t1 < t2 { + less = true + } + if t1 > t2 { + greater = true + } + } + + if !less && !greater { + return Equal + } + if less && !greater { + return HappenedBefore + } + if greater && !less { + return HappenedAfter + } + return Concurrent +} + +// IsConcurrent checks if two events are concurrent +func IsConcurrent(v1, v2 map[string]uint64) bool { + return Compare(v1, v2) == Concurrent +} + +// HappenedBefore checks if v1 -> v2 (v1 causally precedes v2) +func HappenedBefore(v1, v2 map[string]uint64) bool { + return Compare(v1, v2) == HappenedBefore +} +``` + +## Interval Tree Clock Implementation + +### Data Structures + +```go +// ID represents the identity tree +type ID struct { + IsLeaf bool + Value int // 0 or 1 for leaves + Left *ID // nil for leaves + Right *ID +} + +// Stamp represents the event tree +type Stamp struct { + Base int + Left *Stamp // nil for leaf stamps + Right *Stamp +} + +// ITC combines ID and Stamp +type ITC struct { + ID *ID + Stamp *Stamp +} +``` + +### ID Operations + +```go +// NewSeedID creates initial full ID (1) +func NewSeedID() *ID { + return &ID{IsLeaf: true, Value: 1} +} + +// Fork splits an ID into two +func (id *ID) Fork() (*ID, *ID) { + if id.IsLeaf { + if id.Value == 0 { + // Cannot fork zero ID + return &ID{IsLeaf: true, Value: 0}, + &ID{IsLeaf: true, Value: 0} + } + // Split full ID into left and right halves + return &ID{ + IsLeaf: false, + Left: &ID{IsLeaf: true, Value: 1}, + Right: &ID{IsLeaf: true, Value: 0}, + }, + &ID{ + IsLeaf: false, + Left: &ID{IsLeaf: true, Value: 0}, + Right: &ID{IsLeaf: true, Value: 1}, + } + } + + // Fork from non-leaf: give half to each + if id.Left.IsLeaf && id.Left.Value == 0 { + // Left is zero, fork right + newRight1, newRight2 := id.Right.Fork() + return &ID{IsLeaf: false, Left: id.Left, Right: newRight1}, + &ID{IsLeaf: false, Left: &ID{IsLeaf: true, Value: 0}, Right: newRight2} + } + if id.Right.IsLeaf && id.Right.Value == 0 { + // Right is zero, fork left + newLeft1, newLeft2 := id.Left.Fork() + return &ID{IsLeaf: false, Left: newLeft1, Right: id.Right}, + &ID{IsLeaf: false, Left: newLeft2, Right: &ID{IsLeaf: true, Value: 0}} + } + + // Both have IDs, split + return &ID{IsLeaf: false, Left: id.Left, Right: &ID{IsLeaf: true, Value: 0}}, + &ID{IsLeaf: false, Left: &ID{IsLeaf: true, Value: 0}, Right: id.Right} +} + +// Join merges two IDs +func Join(id1, id2 *ID) *ID { + if id1.IsLeaf && id1.Value == 0 { + return id2 + } + if id2.IsLeaf && id2.Value == 0 { + return id1 + } + if id1.IsLeaf && id2.IsLeaf && id1.Value == 1 && id2.Value == 1 { + return &ID{IsLeaf: true, Value: 1} + } + + // Normalize to non-leaf + left1 := id1.Left + right1 := id1.Right + left2 := id2.Left + right2 := id2.Right + + if id1.IsLeaf { + left1 = id1 + right1 = id1 + } + if id2.IsLeaf { + left2 = id2 + right2 = id2 + } + + newLeft := Join(left1, left2) + newRight := Join(right1, right2) + + return normalize(&ID{IsLeaf: false, Left: newLeft, Right: newRight}) +} + +func normalize(id *ID) *ID { + if !id.IsLeaf { + if id.Left.IsLeaf && id.Right.IsLeaf && + id.Left.Value == id.Right.Value { + return &ID{IsLeaf: true, Value: id.Left.Value} + } + } + return id +} +``` + +### Stamp Operations + +```go +// NewStamp creates initial stamp (0) +func NewStamp() *Stamp { + return &Stamp{Base: 0} +} + +// Event increments the stamp for the given ID +func Event(id *ID, stamp *Stamp) *Stamp { + if id.IsLeaf { + if id.Value == 1 { + return &Stamp{Base: stamp.Base + 1} + } + return stamp // Cannot increment with zero ID + } + + // Non-leaf ID: fill where we have ID + if id.Left.IsLeaf && id.Left.Value == 1 { + // Have left ID, increment left + newLeft := Event(&ID{IsLeaf: true, Value: 1}, getLeft(stamp)) + return normalizeStamp(&Stamp{ + Base: stamp.Base, + Left: newLeft, + Right: getRight(stamp), + }) + } + if id.Right.IsLeaf && id.Right.Value == 1 { + newRight := Event(&ID{IsLeaf: true, Value: 1}, getRight(stamp)) + return normalizeStamp(&Stamp{ + Base: stamp.Base, + Left: getLeft(stamp), + Right: newRight, + }) + } + + // Both non-zero, choose lower side + leftMax := maxStamp(getLeft(stamp)) + rightMax := maxStamp(getRight(stamp)) + + if leftMax <= rightMax { + return normalizeStamp(&Stamp{ + Base: stamp.Base, + Left: Event(id.Left, getLeft(stamp)), + Right: getRight(stamp), + }) + } + return normalizeStamp(&Stamp{ + Base: stamp.Base, + Left: getLeft(stamp), + Right: Event(id.Right, getRight(stamp)), + }) +} + +func getLeft(s *Stamp) *Stamp { + if s.Left == nil { + return &Stamp{Base: 0} + } + return s.Left +} + +func getRight(s *Stamp) *Stamp { + if s.Right == nil { + return &Stamp{Base: 0} + } + return s.Right +} + +func maxStamp(s *Stamp) int { + if s.Left == nil && s.Right == nil { + return s.Base + } + left := 0 + right := 0 + if s.Left != nil { + left = maxStamp(s.Left) + } + if s.Right != nil { + right = maxStamp(s.Right) + } + max := left + if right > max { + max = right + } + return s.Base + max +} + +// JoinStamps merges two stamps +func JoinStamps(s1, s2 *Stamp) *Stamp { + // Take max at each level + base := s1.Base + if s2.Base > base { + base = s2.Base + } + + // Adjust for base difference + adj1 := s1.Base + adj2 := s2.Base + + return normalizeStamp(&Stamp{ + Base: base, + Left: joinStampsRecursive(s1.Left, s2.Left, adj1-base, adj2-base), + Right: joinStampsRecursive(s1.Right, s2.Right, adj1-base, adj2-base), + }) +} + +func normalizeStamp(s *Stamp) *Stamp { + if s.Left == nil && s.Right == nil { + return s + } + if s.Left != nil && s.Right != nil { + if s.Left.Base > 0 && s.Right.Base > 0 { + min := s.Left.Base + if s.Right.Base < min { + min = s.Right.Base + } + return &Stamp{ + Base: s.Base + min, + Left: &Stamp{Base: s.Left.Base - min, Left: s.Left.Left, Right: s.Left.Right}, + Right: &Stamp{Base: s.Right.Base - min, Left: s.Right.Left, Right: s.Right.Right}, + } + } + } + return s +} +``` + +## Hybrid Logical Clock Implementation + +```go +type HLC struct { + l int64 // logical component (physical time) + c int64 // counter + mu sync.Mutex +} + +func NewHLC() *HLC { + return &HLC{l: 0, c: 0} +} + +type HLCTimestamp struct { + L int64 + C int64 +} + +func (hlc *HLC) physicalTime() int64 { + return time.Now().UnixNano() +} + +// Now returns current HLC timestamp for local/send event +func (hlc *HLC) Now() HLCTimestamp { + hlc.mu.Lock() + defer hlc.mu.Unlock() + + pt := hlc.physicalTime() + + if pt > hlc.l { + hlc.l = pt + hlc.c = 0 + } else { + hlc.c++ + } + + return HLCTimestamp{L: hlc.l, C: hlc.c} +} + +// Update updates HLC based on received timestamp +func (hlc *HLC) Update(received HLCTimestamp) HLCTimestamp { + hlc.mu.Lock() + defer hlc.mu.Unlock() + + pt := hlc.physicalTime() + + if pt > hlc.l && pt > received.L { + hlc.l = pt + hlc.c = 0 + } else if received.L > hlc.l { + hlc.l = received.L + hlc.c = received.C + 1 + } else if hlc.l > received.L { + hlc.c++ + } else { // hlc.l == received.L + if received.C > hlc.c { + hlc.c = received.C + 1 + } else { + hlc.c++ + } + } + + return HLCTimestamp{L: hlc.l, C: hlc.c} +} + +// Compare compares two HLC timestamps +func (t1 HLCTimestamp) Compare(t2 HLCTimestamp) int { + if t1.L < t2.L { + return -1 + } + if t1.L > t2.L { + return 1 + } + if t1.C < t2.C { + return -1 + } + if t1.C > t2.C { + return 1 + } + return 0 +} +``` + +## Causal Broadcast Implementation + +```go +type CausalBroadcast struct { + vc *VectorClock + pending []PendingMessage + deliver func(Message) + mu sync.Mutex +} + +type PendingMessage struct { + Msg Message + Timestamp map[string]uint64 +} + +func NewCausalBroadcast(processID string, processes []string, deliver func(Message)) *CausalBroadcast { + return &CausalBroadcast{ + vc: NewVectorClock(processID, processes), + pending: make([]PendingMessage, 0), + deliver: deliver, + } +} + +// Broadcast sends a message to all processes +func (cb *CausalBroadcast) Broadcast(msg Message) map[string]uint64 { + cb.mu.Lock() + defer cb.mu.Unlock() + + timestamp := cb.vc.Send() + // Actual network broadcast would happen here + return timestamp +} + +// Receive handles an incoming message +func (cb *CausalBroadcast) Receive(msg Message, sender string, timestamp map[string]uint64) { + cb.mu.Lock() + defer cb.mu.Unlock() + + // Add to pending + cb.pending = append(cb.pending, PendingMessage{Msg: msg, Timestamp: timestamp}) + + // Try to deliver pending messages + cb.tryDeliver() +} + +func (cb *CausalBroadcast) tryDeliver() { + changed := true + for changed { + changed = false + + for i, pending := range cb.pending { + if cb.canDeliver(pending.Timestamp) { + // Deliver message + cb.vc.Receive(pending.Timestamp) + cb.deliver(pending.Msg) + + // Remove from pending + cb.pending = append(cb.pending[:i], cb.pending[i+1:]...) + changed = true + break + } + } + } +} + +func (cb *CausalBroadcast) canDeliver(msgVC map[string]uint64) bool { + currentVC := cb.vc.clocks + + for pid, msgTime := range msgVC { + if pid == cb.vc.self { + // Must be next expected from sender + if msgTime != currentVC[pid]+1 { + return false + } + } else { + // All other dependencies must be satisfied + if msgTime > currentVC[pid] { + return false + } + } + } + return true +} +``` diff --git a/.claude/skills/elliptic-curves/SKILL.md b/.claude/skills/elliptic-curves/SKILL.md new file mode 100644 index 00000000..82bab00f --- /dev/null +++ b/.claude/skills/elliptic-curves/SKILL.md @@ -0,0 +1,369 @@ +--- +name: elliptic-curves +description: This skill should be used when working with elliptic curve cryptography, implementing or debugging secp256k1 operations, understanding modular arithmetic and finite fields, or implementing signature schemes like ECDSA and Schnorr. Provides comprehensive knowledge of group theory foundations, curve mathematics, point multiplication algorithms, and cryptographic optimizations. +--- + +# Elliptic Curve Cryptography + +This skill provides deep knowledge of elliptic curve cryptography (ECC), with particular focus on the secp256k1 curve used in Bitcoin and Nostr, including the mathematical foundations and implementation considerations. + +## When to Use This Skill + +- Implementing or debugging elliptic curve operations +- Working with secp256k1, ECDSA, or Schnorr signatures +- Understanding modular arithmetic and finite field operations +- Optimizing cryptographic code for performance +- Analyzing security properties of curve-based cryptography + +## Mathematical Foundations + +### Groups in Cryptography + +A **group** is a set G with a binary operation (often denoted · or +) satisfying: + +1. **Closure**: For all a, b ∈ G, the result a · b is also in G +2. **Associativity**: (a · b) · c = a · (b · c) +3. **Identity**: There exists e ∈ G such that e · a = a · e = a +4. **Inverse**: For each a ∈ G, there exists a⁻¹ such that a · a⁻¹ = e + +A **cyclic group** is generated by repeatedly applying the operation to a single element (the generator). The **order** of a group is the number of elements. + +**Why groups matter in cryptography**: The discrete logarithm problem—given g and gⁿ, find n—is computationally hard in certain groups, forming the security basis for ECC. + +### Modular Arithmetic + +Modular arithmetic constrains calculations to a finite range [0, p-1] for some modulus p: + +``` +a ≡ b (mod p) means p divides (a - b) + +Operations: +- Addition: (a + b) mod p +- Subtraction: (a - b + p) mod p +- Multiplication: (a × b) mod p +- Inverse: a⁻¹ where (a × a⁻¹) ≡ 1 (mod p) +``` + +**Computing modular inverse**: +- **Fermat's Little Theorem**: If p is prime, a⁻¹ ≡ a^(p-2) (mod p) +- **Extended Euclidean Algorithm**: More efficient for general cases +- **SafeGCD Algorithm**: Constant-time, used in libsecp256k1 + +### Finite Fields (Galois Fields) + +A **finite field** GF(p) or 𝔽ₚ is a field with a finite number of elements where: +- p must be prime (or a prime power for extension fields) +- All arithmetic operations are defined and produce elements within the field +- Every non-zero element has a multiplicative inverse + +For cryptographic curves like secp256k1, the field is 𝔽ₚ where p is a 256-bit prime. + +**Key property**: The non-zero elements of a finite field form a cyclic group under multiplication. + +## Elliptic Curves + +### The Curve Equation + +An elliptic curve over a finite field 𝔽ₚ is defined by the Weierstrass equation: + +``` +y² = x³ + ax + b (mod p) +``` + +The curve must satisfy the non-singularity condition: 4a³ + 27b² ≠ 0 + +### Points on the Curve + +A point P = (x, y) is on the curve if it satisfies the equation. The set of all points, plus a special "point at infinity" O (the identity element), forms an abelian group. + +### Point Operations + +**Point Addition (P + Q where P ≠ Q)**: +``` +λ = (y₂ - y₁) / (x₂ - x₁) (mod p) +x₃ = λ² - x₁ - x₂ (mod p) +y₃ = λ(x₁ - x₃) - y₁ (mod p) +``` + +**Point Doubling (P + P = 2P)**: +``` +λ = (3x₁² + a) / (2y₁) (mod p) +x₃ = λ² - 2x₁ (mod p) +y₃ = λ(x₁ - x₃) - y₁ (mod p) +``` + +**Point at Infinity**: Acts as the identity element; P + O = P for all P. + +**Point Negation**: -P = (x, -y) = (x, p - y) + +## The secp256k1 Curve + +### Parameters + +secp256k1 is defined by SECG (Standards for Efficient Cryptography Group): + +``` +Curve equation: y² = x³ + 7 (a = 0, b = 7) + +Prime modulus p: + 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F + = 2²⁵⁶ - 2³² - 977 + +Group order n: + 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 + +Generator point G: + Gx = 0x79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 + Gy = 0x483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 + +Cofactor h = 1 +``` + +### Why secp256k1? + +1. **Koblitz curve**: a = 0 enables faster computation (no ax term) +2. **Special prime**: p = 2²⁵⁶ - 2³² - 977 allows efficient modular reduction +3. **Deterministic construction**: Not randomly generated, reducing backdoor concerns +4. **~30% faster** than random curves when fully optimized + +### Efficient Modular Reduction + +The special form of p enables fast reduction without general division: + +``` +For p = 2²⁵⁶ - 2³² - 977: +To reduce a 512-bit number c = c_high × 2²⁵⁶ + c_low: + c ≡ c_low + c_high × 2³² + c_high × 977 (mod p) +``` + +## Point Multiplication Algorithms + +Scalar multiplication kP (computing P + P + ... + P, k times) is the core operation. + +### Double-and-Add (Binary Method) + +``` +Input: k (scalar), P (point) +Output: kP + +R = O (point at infinity) +for i from bit_length(k)-1 down to 0: + R = 2R # Point doubling + if bit i of k is 1: + R = R + P # Point addition +return R +``` + +**Complexity**: O(log k) point operations +**Vulnerability**: Timing side-channels (different branches for 0/1 bits) + +### Montgomery Ladder + +Constant-time algorithm that performs the same operations regardless of bit values: + +``` +Input: k (scalar), P (point) +Output: kP + +R0 = O +R1 = P +for i from bit_length(k)-1 down to 0: + if bit i of k is 0: + R1 = R0 + R1 + R0 = 2R0 + else: + R0 = R0 + R1 + R1 = 2R1 +return R0 +``` + +**Advantage**: Resistant to simple power analysis and timing attacks. + +### Window Methods (w-NAF) + +Precompute small multiples of P, then process w bits at a time: + +``` +w-NAF representation reduces additions by ~1/3 compared to binary +Precomputation table: [P, 3P, 5P, 7P, ...] for w=4 +``` + +### Endomorphism Optimization (GLV Method) + +secp256k1 has an efficiently computable endomorphism φ where: +``` +φ(x, y) = (βx, y) where β³ ≡ 1 (mod p) +φ(P) = λP where λ³ ≡ 1 (mod n) +``` + +This allows splitting scalar k into k₁ + k₂λ with smaller k₁, k₂, reducing operations by ~33-50%. + +### Multi-Scalar Multiplication (Strauss-Shamir) + +For computing k₁P₁ + k₂P₂ (common in signature verification): + +``` +Process both scalars simultaneously, combining operations +Reduces work compared to separate multiplications +``` + +## Coordinate Systems + +### Affine Coordinates + +Standard (x, y) representation. Requires modular inversion for each operation. + +### Projective Coordinates + +Represent (X:Y:Z) where x = X/Z, y = Y/Z: +- Avoids inversions during intermediate computations +- Only one inversion at the end to convert back to affine + +### Jacobian Coordinates + +Represent (X:Y:Z) where x = X/Z², y = Y/Z³: +- Fastest for point doubling +- Used extensively in libsecp256k1 + +### López-Dahab Coordinates + +For curves over GF(2ⁿ), optimized for binary field arithmetic. + +## Signature Schemes + +### ECDSA (Elliptic Curve Digital Signature Algorithm) + +**Key Generation**: +``` +Private key: d (random integer in [1, n-1]) +Public key: Q = dG +``` + +**Signing message m**: +``` +1. Hash: e = H(m) truncated to curve order bit length +2. Random: k ∈ [1, n-1] +3. Compute: (x, y) = kG +4. Calculate: r = x mod n (if r = 0, restart with new k) +5. Calculate: s = k⁻¹(e + rd) mod n (if s = 0, restart) +6. Signature: (r, s) +``` + +**Verification of signature (r, s) on message m**: +``` +1. Check: r, s ∈ [1, n-1] +2. Hash: e = H(m) +3. Compute: w = s⁻¹ mod n +4. Compute: u₁ = ew mod n, u₂ = rw mod n +5. Compute: (x, y) = u₁G + u₂Q +6. Valid if: r ≡ x (mod n) +``` + +**Security considerations**: +- k MUST be unique per signature (reuse leaks private key) +- Use RFC 6979 for deterministic k derivation + +### Schnorr Signatures (BIP-340) + +Simpler, more efficient, with provable security. + +**Signing message m**: +``` +1. Random: k ∈ [1, n-1] +2. Compute: R = kG +3. Challenge: e = H(R || Q || m) +4. Response: s = k + ed mod n +5. Signature: (R, s) or (r_x, s) where r_x is x-coordinate of R +``` + +**Verification**: +``` +1. Compute: e = H(R || Q || m) +2. Check: sG = R + eQ +``` + +**Advantages over ECDSA**: +- Linear: enables signature aggregation (MuSig) +- Simpler verification (no modular inverse) +- Batch verification support +- Provably secure in Random Oracle Model + +## Implementation Considerations + +### Constant-Time Operations + +To prevent timing attacks: +- Avoid branches dependent on secret data +- Use constant-time comparison functions +- Mask operations to hide data-dependent timing + +```go +// BAD: Timing leak +if secretBit == 1 { + doOperation() +} + +// GOOD: Constant-time conditional +result = conditionalSelect(secretBit, value1, value0) +``` + +### Memory Safety + +- Zeroize sensitive data after use +- Avoid leaving secrets in registers or cache +- Use secure memory allocation when available + +### Side-Channel Protections + +- **Timing attacks**: Use constant-time algorithms +- **Power analysis**: Montgomery ladder, point blinding +- **Cache attacks**: Avoid table lookups indexed by secrets + +### Random Number Generation + +- Use cryptographically secure RNG for k in ECDSA +- Consider deterministic k (RFC 6979) for reproducibility +- Validate output is in valid range [1, n-1] + +## libsecp256k1 Optimizations + +The Bitcoin Core library includes: + +1. **Field arithmetic**: 5×52-bit limbs for 64-bit platforms +2. **Scalar arithmetic**: 4×64-bit representation +3. **Endomorphism**: GLV decomposition enabled by default +4. **Batch inversion**: Amortizes expensive inversions +5. **SafeGCD**: Constant-time modular inverse +6. **Precomputed tables**: For generator point multiplications + +## Security Properties + +### Discrete Logarithm Problem (DLP) + +Given P and Q = kP, finding k is computationally infeasible. + +**Best known attacks**: +- Generic: Baby-step Giant-step, Pollard's rho: O(√n) operations +- For secp256k1: ~2¹²⁸ operations (128-bit security) + +### Curve Security Criteria + +- Large prime order subgroup +- Cofactor 1 (no small subgroup attacks) +- Resistant to MOV attack (embedding degree) +- Not anomalous (n ≠ p) + +## Common Pitfalls + +1. **k reuse in ECDSA**: Immediately leaks private key +2. **Weak random k**: Partially leaks key over multiple signatures +3. **Invalid curve points**: Validate points are on curve +4. **Small subgroup attacks**: Check point order (cofactor = 1 helps) +5. **Timing leaks**: Non-constant-time scalar multiplication + +## References + +For detailed implementations, see: +- `references/secp256k1-parameters.md` - Full curve parameters +- `references/algorithms.md` - Detailed algorithm pseudocode +- `references/security.md` - Security analysis and attack vectors diff --git a/.claude/skills/elliptic-curves/references/algorithms.md b/.claude/skills/elliptic-curves/references/algorithms.md new file mode 100644 index 00000000..63ec1dd2 --- /dev/null +++ b/.claude/skills/elliptic-curves/references/algorithms.md @@ -0,0 +1,513 @@ +# Elliptic Curve Algorithms + +Detailed pseudocode for core elliptic curve operations. + +## Field Arithmetic + +### Modular Addition + +``` +function mod_add(a, b, p): + result = a + b + if result >= p: + result = result - p + return result +``` + +### Modular Subtraction + +``` +function mod_sub(a, b, p): + if a >= b: + return a - b + else: + return p - b + a +``` + +### Modular Multiplication + +For general case: +``` +function mod_mul(a, b, p): + return (a * b) mod p +``` + +For secp256k1 optimized (Barrett reduction): +``` +function mod_mul_secp256k1(a, b): + # Compute full 512-bit product + product = a * b + + # Split into high and low 256-bit parts + low = product & ((1 << 256) - 1) + high = product >> 256 + + # Reduce: result ≡ low + high * (2³² + 977) (mod p) + result = low + high * (1 << 32) + high * 977 + + # May need additional reduction + while result >= p: + result = result - p + + return result +``` + +### Modular Inverse + +**Extended Euclidean Algorithm**: +``` +function mod_inverse(a, p): + if a == 0: + error "No inverse exists for 0" + + old_r, r = p, a + old_s, s = 0, 1 + + while r != 0: + quotient = old_r / r + old_r, r = r, old_r - quotient * r + old_s, s = s, old_s - quotient * s + + if old_r != 1: + error "No inverse exists" + + if old_s < 0: + old_s = old_s + p + + return old_s +``` + +**Fermat's Little Theorem** (for prime p): +``` +function mod_inverse_fermat(a, p): + return mod_exp(a, p - 2, p) +``` + +### Modular Exponentiation (Square-and-Multiply) + +``` +function mod_exp(base, exp, p): + result = 1 + base = base mod p + + while exp > 0: + if exp & 1: # exp is odd + result = (result * base) mod p + exp = exp >> 1 + base = (base * base) mod p + + return result +``` + +### Modular Square Root (Tonelli-Shanks) + +For secp256k1 where p ≡ 3 (mod 4): +``` +function mod_sqrt(a, p): + # For p ≡ 3 (mod 4), sqrt(a) = a^((p+1)/4) + return mod_exp(a, (p + 1) / 4, p) +``` + +## Point Operations + +### Point Validation + +``` +function is_on_curve(P, a, b, p): + if P is infinity: + return true + + x, y = P + left = (y * y) mod p + right = (x * x * x + a * x + b) mod p + + return left == right +``` + +### Point Addition (Affine Coordinates) + +``` +function point_add(P, Q, a, p): + if P is infinity: + return Q + if Q is infinity: + return P + + x1, y1 = P + x2, y2 = Q + + if x1 == x2: + if y1 == mod_neg(y2, p): # P = -Q + return infinity + else: # P == Q + return point_double(P, a, p) + + # λ = (y2 - y1) / (x2 - x1) + numerator = mod_sub(y2, y1, p) + denominator = mod_sub(x2, x1, p) + λ = mod_mul(numerator, mod_inverse(denominator, p), p) + + # x3 = λ² - x1 - x2 + x3 = mod_sub(mod_sub(mod_mul(λ, λ, p), x1, p), x2, p) + + # y3 = λ(x1 - x3) - y1 + y3 = mod_sub(mod_mul(λ, mod_sub(x1, x3, p), p), y1, p) + + return (x3, y3) +``` + +### Point Doubling (Affine Coordinates) + +``` +function point_double(P, a, p): + if P is infinity: + return infinity + + x, y = P + + if y == 0: + return infinity + + # λ = (3x² + a) / (2y) + numerator = mod_add(mod_mul(3, mod_mul(x, x, p), p), a, p) + denominator = mod_mul(2, y, p) + λ = mod_mul(numerator, mod_inverse(denominator, p), p) + + # x3 = λ² - 2x + x3 = mod_sub(mod_mul(λ, λ, p), mod_mul(2, x, p), p) + + # y3 = λ(x - x3) - y + y3 = mod_sub(mod_mul(λ, mod_sub(x, x3, p), p), y, p) + + return (x3, y3) +``` + +### Point Negation + +``` +function point_negate(P, p): + if P is infinity: + return infinity + + x, y = P + return (x, p - y) +``` + +## Scalar Multiplication + +### Double-and-Add (Left-to-Right) + +``` +function scalar_mult_double_add(k, P, a, p): + if k == 0 or P is infinity: + return infinity + + if k < 0: + k = -k + P = point_negate(P, p) + + R = infinity + bits = binary_representation(k) # MSB first + + for bit in bits: + R = point_double(R, a, p) + if bit == 1: + R = point_add(R, P, a, p) + + return R +``` + +### Montgomery Ladder (Constant-Time) + +``` +function scalar_mult_montgomery(k, P, a, p): + R0 = infinity + R1 = P + + bits = binary_representation(k) # MSB first + + for bit in bits: + if bit == 0: + R1 = point_add(R0, R1, a, p) + R0 = point_double(R0, a, p) + else: + R0 = point_add(R0, R1, a, p) + R1 = point_double(R1, a, p) + + return R0 +``` + +### w-NAF Scalar Multiplication + +``` +function compute_wNAF(k, w): + # Convert scalar to width-w Non-Adjacent Form + naf = [] + + while k > 0: + if k & 1: # k is odd + # Get w-bit window + digit = k mod (1 << w) + if digit >= (1 << (w-1)): + digit = digit - (1 << w) + naf.append(digit) + k = k - digit + else: + naf.append(0) + k = k >> 1 + + return naf + +function scalar_mult_wNAF(k, P, w, a, p): + # Precompute odd multiples: [P, 3P, 5P, ..., (2^(w-1)-1)P] + precomp = [P] + P2 = point_double(P, a, p) + for i in range(1, 1 << (w-1)): + precomp.append(point_add(precomp[-1], P2, a, p)) + + # Convert k to w-NAF + naf = compute_wNAF(k, w) + + # Compute scalar multiplication + R = infinity + for i in range(len(naf) - 1, -1, -1): + R = point_double(R, a, p) + digit = naf[i] + if digit > 0: + R = point_add(R, precomp[(digit - 1) / 2], a, p) + elif digit < 0: + R = point_add(R, point_negate(precomp[(-digit - 1) / 2], p), a, p) + + return R +``` + +### Shamir's Trick (Multi-Scalar) + +For computing k₁P + k₂Q efficiently: + +``` +function multi_scalar_mult(k1, P, k2, Q, a, p): + # Precompute P + Q + PQ = point_add(P, Q, a, p) + + # Get binary representations (same length, padded) + bits1 = binary_representation(k1) + bits2 = binary_representation(k2) + max_len = max(len(bits1), len(bits2)) + bits1 = pad_left(bits1, max_len) + bits2 = pad_left(bits2, max_len) + + R = infinity + + for i in range(max_len): + R = point_double(R, a, p) + + b1, b2 = bits1[i], bits2[i] + + if b1 == 1 and b2 == 1: + R = point_add(R, PQ, a, p) + elif b1 == 1: + R = point_add(R, P, a, p) + elif b2 == 1: + R = point_add(R, Q, a, p) + + return R +``` + +## Jacobian Coordinates + +More efficient for repeated operations. + +### Conversion + +``` +# Affine to Jacobian +function affine_to_jacobian(P): + if P is infinity: + return (1, 1, 0) # Jacobian infinity + x, y = P + return (x, y, 1) + +# Jacobian to Affine +function jacobian_to_affine(P, p): + X, Y, Z = P + if Z == 0: + return infinity + + Z_inv = mod_inverse(Z, p) + Z_inv2 = mod_mul(Z_inv, Z_inv, p) + Z_inv3 = mod_mul(Z_inv2, Z_inv, p) + + x = mod_mul(X, Z_inv2, p) + y = mod_mul(Y, Z_inv3, p) + + return (x, y) +``` + +### Point Doubling (Jacobian) + +For curve y² = x³ + 7 (a = 0): + +``` +function jacobian_double(P, p): + X, Y, Z = P + + if Y == 0: + return (1, 1, 0) # infinity + + # For a = 0: M = 3*X² + S = mod_mul(4, mod_mul(X, mod_mul(Y, Y, p), p), p) + M = mod_mul(3, mod_mul(X, X, p), p) + + X3 = mod_sub(mod_mul(M, M, p), mod_mul(2, S, p), p) + Y3 = mod_sub(mod_mul(M, mod_sub(S, X3, p), p), + mod_mul(8, mod_mul(Y, Y, mod_mul(Y, Y, p), p), p), p) + Z3 = mod_mul(2, mod_mul(Y, Z, p), p) + + return (X3, Y3, Z3) +``` + +### Point Addition (Jacobian + Affine) + +Mixed addition is faster when one point is in affine: + +``` +function jacobian_add_affine(P, Q, p): + # P in Jacobian (X1, Y1, Z1), Q in affine (x2, y2) + X1, Y1, Z1 = P + x2, y2 = Q + + if Z1 == 0: + return affine_to_jacobian(Q) + + Z1Z1 = mod_mul(Z1, Z1, p) + U2 = mod_mul(x2, Z1Z1, p) + S2 = mod_mul(y2, mod_mul(Z1, Z1Z1, p), p) + + H = mod_sub(U2, X1, p) + HH = mod_mul(H, H, p) + I = mod_mul(4, HH, p) + J = mod_mul(H, I, p) + r = mod_mul(2, mod_sub(S2, Y1, p), p) + V = mod_mul(X1, I, p) + + X3 = mod_sub(mod_sub(mod_mul(r, r, p), J, p), mod_mul(2, V, p), p) + Y3 = mod_sub(mod_mul(r, mod_sub(V, X3, p), p), mod_mul(2, mod_mul(Y1, J, p), p), p) + Z3 = mod_mul(mod_sub(mod_mul(mod_add(Z1, H, p), mod_add(Z1, H, p), p), + mod_add(Z1Z1, HH, p), p), 1, p) + + return (X3, Y3, Z3) +``` + +## GLV Endomorphism (secp256k1) + +### Scalar Decomposition + +``` +# Constants for secp256k1 +LAMBDA = 0x5363AD4CC05C30E0A5261C028812645A122E22EA20816678DF02967C1B23BD72 +BETA = 0x7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE + +# Decomposition coefficients +A1 = 0x3086D221A7D46BCDE86C90E49284EB15 +B1 = 0x114CA50F7A8E2F3F657C1108D9D44CFD8 +A2 = 0xE4437ED6010E88286F547FA90ABFE4C3 +B2 = A1 + +function glv_decompose(k, n): + # Compute c1 = round(b2 * k / n) + # Compute c2 = round(-b1 * k / n) + c1 = (B2 * k + n // 2) // n + c2 = (-B1 * k + n // 2) // n + + # k1 = k - c1*A1 - c2*A2 + # k2 = -c1*B1 - c2*B2 + k1 = k - c1 * A1 - c2 * A2 + k2 = -c1 * B1 - c2 * B2 + + return (k1, k2) + +function glv_scalar_mult(k, P, p, n): + k1, k2 = glv_decompose(k, n) + + # Compute endomorphism: φ(P) = (β*x, y) + x, y = P + phi_P = (mod_mul(BETA, x, p), y) + + # Use Shamir's trick: k1*P + k2*φ(P) + return multi_scalar_mult(k1, P, k2, phi_P, 0, p) +``` + +## Batch Inversion + +Amortize expensive inversions over multiple points: + +``` +function batch_invert(values, p): + n = len(values) + if n == 0: + return [] + + # Compute cumulative products + products = [values[0]] + for i in range(1, n): + products.append(mod_mul(products[-1], values[i], p)) + + # Invert the final product + inv = mod_inverse(products[-1], p) + + # Compute individual inverses + inverses = [0] * n + for i in range(n - 1, 0, -1): + inverses[i] = mod_mul(inv, products[i - 1], p) + inv = mod_mul(inv, values[i], p) + inverses[0] = inv + + return inverses +``` + +## Key Generation + +``` +function generate_keypair(G, n, p): + # Generate random private key + d = random_integer(1, n - 1) + + # Compute public key + Q = scalar_mult(d, G) + + return (d, Q) +``` + +## Point Compression/Decompression + +``` +function compress_point(P, p): + if P is infinity: + return bytes([0x00]) + + x, y = P + prefix = 0x02 if (y % 2 == 0) else 0x03 + return bytes([prefix]) + x.to_bytes(32, 'big') + +function decompress_point(compressed, a, b, p): + prefix = compressed[0] + + if prefix == 0x00: + return infinity + + x = int.from_bytes(compressed[1:], 'big') + + # Compute y² = x³ + ax + b + y_squared = mod_add(mod_add(mod_mul(x, mod_mul(x, x, p), p), + mod_mul(a, x, p), p), b, p) + + # Compute y = sqrt(y²) + y = mod_sqrt(y_squared, p) + + # Select correct y based on prefix + if (prefix == 0x02) != (y % 2 == 0): + y = p - y + + return (x, y) +``` \ No newline at end of file diff --git a/.claude/skills/elliptic-curves/references/secp256k1-parameters.md b/.claude/skills/elliptic-curves/references/secp256k1-parameters.md new file mode 100644 index 00000000..a8ed0561 --- /dev/null +++ b/.claude/skills/elliptic-curves/references/secp256k1-parameters.md @@ -0,0 +1,194 @@ +# secp256k1 Complete Parameters + +## Curve Definition + +**Name**: secp256k1 (Standards for Efficient Cryptography, prime field, 256-bit, Koblitz curve #1) + +**Equation**: y² = x³ + 7 (mod p) + +This is the short Weierstrass form with coefficients a = 0, b = 7. + +## Field Parameters + +### Prime Modulus p + +``` +Decimal: +115792089237316195423570985008687907853269984665640564039457584007908834671663 + +Hexadecimal: +0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F + +Binary representation: +2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1 += 2²⁵⁶ - 2³² - 977 +``` + +**Special form benefits**: +- Efficient modular reduction using: c mod p = c_low + c_high × (2³² + 977) +- Near-Mersenne prime enables fast arithmetic + +### Group Order n + +``` +Decimal: +115792089237316195423570985008687907852837564279074904382605163141518161494337 + +Hexadecimal: +0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 +``` + +The number of points on the curve, including the point at infinity. + +### Cofactor h + +``` +h = 1 +``` + +Cofactor 1 means the group order n equals the curve order, simplifying security analysis and eliminating small subgroup attacks. + +## Generator Point G + +### Compressed Form + +``` +02 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 +``` + +The 02 prefix indicates the y-coordinate is even. + +### Uncompressed Form + +``` +04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 + 483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 +``` + +### Individual Coordinates + +**Gx**: +``` +Decimal: +55066263022277343669578718895168534326250603453777594175500187360389116729240 + +Hexadecimal: +0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 +``` + +**Gy**: +``` +Decimal: +32670510020758816978083085130507043184471273380659243275938904335757337482424 + +Hexadecimal: +0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 +``` + +## Endomorphism Parameters + +secp256k1 has an efficiently computable endomorphism φ: (x, y) → (βx, y). + +### β (Beta) + +``` +Hexadecimal: +0x7AE96A2B657C07106E64479EAC3434E99CF0497512F58995C1396C28719501EE + +Property: β³ ≡ 1 (mod p) +``` + +### λ (Lambda) + +``` +Hexadecimal: +0x5363AD4CC05C30E0A5261C028812645A122E22EA20816678DF02967C1B23BD72 + +Property: λ³ ≡ 1 (mod n) +Relationship: φ(P) = λP for all points P +``` + +### GLV Decomposition Constants + +For splitting scalar k into k₁ + k₂λ: + +``` +a₁ = 0x3086D221A7D46BCDE86C90E49284EB15 +b₁ = -0xE4437ED6010E88286F547FA90ABFE4C3 +a₂ = 0x114CA50F7A8E2F3F657C1108D9D44CFD8 +b₂ = a₁ +``` + +## Derived Constants + +### Field Characteristics + +``` +(p + 1) / 4 = 0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFFFFF0C +Used for computing modular square roots via Tonelli-Shanks shortcut +``` + +### Order Characteristics + +``` +(n - 1) / 2 = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0 +Used in low-S normalization for ECDSA signatures +``` + +## Validation Formulas + +### Point on Curve Check + +For point (x, y), verify: +``` +y² ≡ x³ + 7 (mod p) +``` + +### Generator Verification + +Verify G is on curve: +``` +Gy² mod p = 0x9C47D08FFB10D4B8 ... (truncated for display) +Gx³ + 7 mod p = same value +``` + +### Order Verification + +Verify nG = O (point at infinity): +``` +Computing n × G should yield the identity element +``` + +## Bit Lengths + +| Parameter | Bits | Bytes | +|-----------|------|-------| +| p (prime) | 256 | 32 | +| n (order) | 256 | 32 | +| Private key | 256 | 32 | +| Public key (compressed) | 257 | 33 | +| Public key (uncompressed) | 513 | 65 | +| ECDSA signature | 512 | 64 | +| Schnorr signature | 512 | 64 | + +## Security Level + +- **Equivalent symmetric key strength**: 128 bits +- **Best known attack complexity**: ~2¹²⁸ operations (Pollard's rho) +- **Safe until**: Quantum computers with ~1500+ logical qubits + +## ASN.1 OID + +``` +1.3.132.0.10 +iso(1) identified-organization(3) certicom(132) curve(0) secp256k1(10) +``` + +## Comparison with Other Curves + +| Curve | Field Size | Security | Speed | Use Case | +|-------|------------|----------|-------|----------| +| secp256k1 | 256-bit | 128-bit | Fast (Koblitz) | Bitcoin, Nostr | +| secp256r1 (P-256) | 256-bit | 128-bit | Moderate | TLS, general | +| Curve25519 | 255-bit | ~128-bit | Very fast | Modern crypto | +| secp384r1 (P-384) | 384-bit | 192-bit | Slower | High security | diff --git a/.claude/skills/elliptic-curves/references/security.md b/.claude/skills/elliptic-curves/references/security.md new file mode 100644 index 00000000..8c241bfd --- /dev/null +++ b/.claude/skills/elliptic-curves/references/security.md @@ -0,0 +1,291 @@ +# Elliptic Curve Security Analysis + +Security properties, attack vectors, and mitigations for elliptic curve cryptography. + +## The Discrete Logarithm Problem (ECDLP) + +### Definition + +Given points P and Q = kP on an elliptic curve, find the scalar k. + +**Security assumption**: For properly chosen curves, this problem is computationally infeasible. + +### Best Known Attacks + +#### Generic Attacks (Work on Any Group) + +| Attack | Complexity | Notes | +|--------|------------|-------| +| Baby-step Giant-step | O(√n) space and time | Requires √n storage | +| Pollard's rho | O(√n) time, O(1) space | Practical for large groups | +| Pollard's lambda | O(√n) | When k is in known range | +| Pohlig-Hellman | O(√p) where p is largest prime factor | Exploits factorization of n | + +For secp256k1 (n ≈ 2²⁵⁶): +- Generic attack complexity: ~2¹²⁸ operations +- Equivalent to 128-bit symmetric security + +#### Curve-Specific Attacks + +| Attack | Applicable When | Mitigation | +|--------|-----------------|------------| +| MOV/FR reduction | Low embedding degree | Use curves with high embedding degree | +| Anomalous curve attack | n = p | Ensure n ≠ p | +| GHS attack | Extension field curves | Use prime field curves | + +**secp256k1 is immune to all known curve-specific attacks**. + +## Side-Channel Attacks + +### Timing Attacks + +**Vulnerability**: Execution time varies based on secret data. + +**Examples**: +- Conditional branches on secret bits +- Early exit conditions +- Variable-time modular operations + +**Mitigations**: +- Constant-time algorithms (Montgomery ladder) +- Fixed execution paths +- Dummy operations to equalize timing + +### Power Analysis + +**Simple Power Analysis (SPA)**: Single trace reveals operations. +- Double-and-add visible as different power signatures +- Mitigation: Montgomery ladder (uniform operations) + +**Differential Power Analysis (DPA)**: Statistical analysis of many traces. +- Mitigation: Point blinding, scalar blinding + +### Cache Attacks + +**FLUSH+RELOAD Attack**: +``` +1. Attacker flushes cache line containing lookup table +2. Victim performs table lookup based on secret +3. Attacker measures reload time to determine which entry was accessed +``` + +**Mitigations**: +- Avoid secret-dependent table lookups +- Use constant-time table access patterns +- Scatter tables to prevent cache line sharing + +### Electromagnetic (EM) Attacks + +Similar to power analysis but captures electromagnetic emissions. + +**Mitigations**: +- Shielding +- Same algorithmic protections as power analysis + +## Implementation Vulnerabilities + +### k-Reuse in ECDSA + +**The Sony PS3 Hack (2010)**: + +If the same k is used for two signatures (r₁, s₁) and (r₂, s₂) on messages m₁ and m₂: + +``` +s₁ = k⁻¹(e₁ + rd) mod n +s₂ = k⁻¹(e₂ + rd) mod n + +Since k is the same: +s₁ - s₂ = k⁻¹(e₁ - e₂) mod n +k = (e₁ - e₂)(s₁ - s₂)⁻¹ mod n + +Once k is known: +d = (s₁k - e₁)r⁻¹ mod n +``` + +**Mitigation**: Use deterministic k (RFC 6979). + +### Weak Random k + +Even with unique k values, if the RNG is biased: +- Lattice-based attacks can recover private key +- Only ~1% bias in k can be exploitable with enough signatures + +**Mitigations**: +- Use cryptographically secure RNG +- Use deterministic k (RFC 6979) +- Verify k is in valid range [1, n-1] + +### Invalid Curve Attacks + +**Attack**: Attacker provides point not on the curve. +- Point may be on a weaker curve +- Operations may leak information + +**Mitigation**: Always validate points are on curve: +``` +Verify: y² ≡ x³ + ax + b (mod p) +``` + +### Small Subgroup Attacks + +**Attack**: If cofactor h > 1, points of small order exist. +- Attacker sends point of small order +- Response reveals private key mod (small order) + +**Mitigation**: +- Use curves with cofactor 1 (secp256k1 has h = 1) +- Multiply received points by cofactor +- Validate point order + +### Fault Attacks + +**Attack**: Induce computational errors (voltage glitches, radiation). +- Corrupted intermediate values may leak information +- Differential fault analysis can recover keys + +**Mitigations**: +- Redundant computations with comparison +- Verify final results +- Hardware protections + +## Signature Malleability + +### ECDSA Malleability + +Given valid signature (r, s), signature (r, n - s) is also valid for the same message. + +**Impact**: Transaction ID malleability (historical Bitcoin issue) + +**Mitigation**: Enforce low-S normalization: +``` +if s > n/2: + s = n - s +``` + +### Schnorr Non-Malleability + +BIP-340 Schnorr signatures are non-malleable by design: +- Use x-only public keys +- Deterministic nonce derivation + +## Quantum Threats + +### Shor's Algorithm + +**Threat**: Polynomial-time discrete log on quantum computers. +- Requires ~1500-2000 logical qubits for secp256k1 +- Current quantum computers: <100 noisy qubits + +**Timeline**: Estimated 10-20+ years for cryptographically relevant quantum computers. + +### Migration Strategy + +1. **Monitor**: Track quantum computing progress +2. **Prepare**: Develop post-quantum alternatives +3. **Hybrid**: Use classical + post-quantum in transition +4. **Migrate**: Full transition when necessary + +### Post-Quantum Alternatives + +- Lattice-based signatures (CRYSTALS-Dilithium) +- Hash-based signatures (SPHINCS+) +- Code-based cryptography + +## Best Practices + +### Key Generation + +``` +DO: +- Use cryptographically secure RNG +- Validate private key is in [1, n-1] +- Verify public key is on curve +- Verify public key is not point at infinity + +DON'T: +- Use predictable seeds +- Use truncated random values +- Skip validation +``` + +### Signature Generation + +``` +DO: +- Use RFC 6979 for deterministic k +- Validate all inputs +- Use constant-time operations +- Clear sensitive memory after use + +DON'T: +- Reuse k values +- Use weak/biased RNG +- Skip low-S normalization (ECDSA) +``` + +### Signature Verification + +``` +DO: +- Validate r, s are in [1, n-1] +- Validate public key is on curve +- Validate public key is not infinity +- Use batch verification when possible + +DON'T: +- Skip any validation steps +- Accept malformed signatures +``` + +### Public Key Handling + +``` +DO: +- Validate received points are on curve +- Check point is not infinity +- Prefer compressed format for storage + +DON'T: +- Accept unvalidated points +- Skip curve membership check +``` + +## Security Checklist + +### Implementation Review + +- [ ] All scalar multiplications are constant-time +- [ ] No secret-dependent branches +- [ ] No secret-indexed table lookups +- [ ] Memory is zeroized after use +- [ ] Random k uses CSPRNG or RFC 6979 +- [ ] All received points are validated +- [ ] Private keys are in valid range +- [ ] Signatures use low-S normalization + +### Operational Security + +- [ ] Private keys stored securely (HSM, secure enclave) +- [ ] Key derivation uses proper KDF +- [ ] Backups are encrypted +- [ ] Key rotation policy exists +- [ ] Audit logging enabled +- [ ] Incident response plan exists + +## Security Levels Comparison + +| Curve | Bits | Symmetric Equivalent | RSA Equivalent | +|-------|------|---------------------|----------------| +| secp192r1 | 192 | 96 | 1536 | +| secp224r1 | 224 | 112 | 2048 | +| secp256k1 | 256 | 128 | 3072 | +| secp384r1 | 384 | 192 | 7680 | +| secp521r1 | 521 | 256 | 15360 | + +## References + +- NIST SP 800-57: Recommendation for Key Management +- SEC 1: Elliptic Curve Cryptography +- RFC 6979: Deterministic Usage of DSA and ECDSA +- BIP-340: Schnorr Signatures for secp256k1 +- SafeCurves: Choosing Safe Curves for Elliptic-Curve Cryptography diff --git a/.claude/skills/golang/SKILL.md b/.claude/skills/golang/SKILL.md new file mode 100644 index 00000000..d30ca64e --- /dev/null +++ b/.claude/skills/golang/SKILL.md @@ -0,0 +1,268 @@ +--- +name: golang +description: This skill should be used when writing, debugging, reviewing, or discussing Go (Golang) code. Provides comprehensive Go programming expertise including idiomatic patterns, standard library, concurrency, error handling, testing, and best practices based on official go.dev documentation. +--- + +# Go Programming Expert + +## Purpose + +This skill provides expert-level assistance with Go programming language development, covering language fundamentals, idiomatic patterns, concurrency, error handling, standard library usage, testing, and best practices. + +## When to Use + +Activate this skill when: +- Writing Go code +- Debugging Go programs +- Reviewing Go code for best practices +- Answering questions about Go language features +- Implementing Go-specific patterns (goroutines, channels, interfaces) +- Setting up Go projects and modules +- Writing Go tests + +## Core Principles + +When writing Go code, always follow these principles: + +1. **Named Return Variables**: ALWAYS use named return variables and prefer naked returns for cleaner code +2. **Error Handling**: Use `lol.mleku.dev/log` and the `chk/errorf` for error checking and creating new errors +3. **Idiomatic Code**: Write clear, idiomatic Go code following Effective Go guidelines +4. **Simplicity**: Favor simplicity and clarity over cleverness +5. **Composition**: Prefer composition over inheritance +6. **Explicit**: Be explicit rather than implicit + +## Key Go Concepts + +### Functions with Named Returns + +Always use named return values: +```go +func divide(a, b float64) (result float64, err error) { + if b == 0 { + err = errorf.New("division by zero") + return + } + result = a / b + return +} +``` + +### Error Handling + +Use the specified error handling packages: +```go +import "lol.mleku.dev/log" + +// Error checking with chk +if err := doSomething(); chk.E(err) { + return +} + +// Creating errors with errorf +err := errorf.New("something went wrong") +err := errorf.Errorf("failed to process: %v", value) +``` + +### Interfaces and Composition + +Go uses implicit interface implementation: +```go +type Reader interface { + Read(p []byte) (n int, err error) +} + +// Any type with a Read method implements Reader +type File struct { + name string +} + +func (f *File) Read(p []byte) (n int, err error) { + // Implementation + return +} +``` + +### Interface Design - CRITICAL RULES + +**Rule 1: Define interfaces in a dedicated package (e.g., `pkg/interfaces//`)** +- Interfaces provide isolation between packages and enable dependency inversion +- Keeping interfaces in a dedicated package prevents circular dependencies +- Each interface package should be minimal (just the interface, no implementations) + +**Rule 2: NEVER use type assertions with interface literals** +- **NEVER** write `.(interface{ Method() Type })` - this is non-idiomatic and unmaintainable +- Interface literals cannot be documented, tested for satisfaction, or reused + +```go +// BAD - interface literal in type assertion (NEVER DO THIS) +if checker, ok := obj.(interface{ Check() bool }); ok { + checker.Check() +} + +// GOOD - use defined interface from dedicated package +import "myproject/pkg/interfaces/checker" + +if c, ok := obj.(checker.Checker); ok { + c.Check() +} +``` + +**Rule 3: Resolving Circular Dependencies** +- If a circular dependency occurs, move the interface to `pkg/interfaces/` +- The implementing type stays in its original package +- The consuming code imports only the interface package +- Pattern: + ``` + pkg/interfaces/foo/ <- interface definition (no dependencies) + ↑ ↑ + pkg/bar/ pkg/baz/ + (implements) (consumes via interface) + ``` + +**Rule 4: Verify interface satisfaction at compile time** +```go +// Add this line to ensure *MyType implements MyInterface +var _ MyInterface = (*MyType)(nil) +``` + +### Concurrency + +Use goroutines and channels for concurrent programming: +```go +// Launch goroutine +go doWork() + +// Channels +ch := make(chan int, 10) +ch <- 42 +value := <-ch + +// Select statement +select { +case msg := <-ch1: + // Handle +case <-time.After(time.Second): + // Timeout +} + +// Sync primitives +var mu sync.Mutex +mu.Lock() +defer mu.Unlock() +``` + +### Testing + +Use table-driven tests as the default pattern: +```go +func TestAdd(t *testing.T) { + tests := []struct { + name string + a, b int + expected int + }{ + {"positive", 2, 3, 5}, + {"negative", -1, -1, -2}, + {"zero", 0, 5, 5}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := Add(tt.a, tt.b) + if result != tt.expected { + t.Errorf("got %d, want %d", result, tt.expected) + } + }) + } +} +``` + +## Reference Materials + +For detailed information, consult the reference files: + +- **references/effective-go-summary.md** - Key points from Effective Go including formatting, naming, control structures, functions, data allocation, methods, interfaces, concurrency principles, and error handling philosophy + +- **references/common-patterns.md** - Practical Go patterns including: + - Design patterns (Functional Options, Builder, Singleton, Factory, Strategy) + - Concurrency patterns (Worker Pool, Pipeline, Fan-Out/Fan-In, Timeout, Rate Limiting, Circuit Breaker) + - Error handling patterns (Error Wrapping, Sentinel Errors, Custom Error Types) + - Resource management patterns + - Testing patterns + +- **references/quick-reference.md** - Quick syntax cheatsheet with common commands, format verbs, standard library snippets, and best practices checklist + +## Best Practices Summary + +1. **Naming Conventions** + - Use camelCase for variables and functions + - Use PascalCase for exported names + - Keep names short but descriptive + - Interface names often end in -er (Reader, Writer, Handler) + +2. **Error Handling** + - Always check errors + - Use named return values + - Use lol.mleku.dev/log and chk/errorf + +3. **Code Organization** + - One package per directory + - Use internal/ for non-exported packages + - Use cmd/ for applications + - Use pkg/ for reusable libraries + +4. **Concurrency** + - Don't communicate by sharing memory; share memory by communicating + - Always close channels from sender + - Use defer for cleanup + +5. **Documentation** + - Comment all exported names + - Start comments with the name being described + - Use godoc format + +6. **Configuration - CRITICAL** + - **NEVER** use `os.Getenv()` scattered throughout packages + - **ALWAYS** centralize environment variable parsing in a single config package (e.g., `app/config/`) + - Pass configuration via structs, not by reading environment directly + - This ensures discoverability, documentation, and testability of all config options + +7. **Constants - CRITICAL** + - **ALWAYS** define named constants for values used more than a few times + - **ALWAYS** define named constants if multiple packages depend on the same value + - Constants shared across packages belong in a dedicated package (e.g., `pkg/constants/`) + - Magic numbers and strings are forbidden + ```go + // BAD - magic number + if size > 1024 { + + // GOOD - named constant + const MaxBufferSize = 1024 + if size > MaxBufferSize { + ``` + +## Common Commands + +```bash +go run main.go # Run program +go build # Compile +go test # Run tests +go test -v # Verbose tests +go test -cover # Test coverage +go test -race # Race detection +go fmt # Format code +go vet # Lint code +go mod tidy # Clean dependencies +go get package # Add dependency +``` + +## Official Resources + +All guidance is based on official Go documentation: +- Go Website: https://go.dev +- Documentation: https://go.dev/doc/ +- Effective Go: https://go.dev/doc/effective_go +- Language Specification: https://go.dev/ref/spec +- Standard Library: https://pkg.go.dev/std +- Go Tour: https://go.dev/tour/ + diff --git a/.claude/skills/golang/references/common-patterns.md b/.claude/skills/golang/references/common-patterns.md new file mode 100644 index 00000000..1ecb3ca5 --- /dev/null +++ b/.claude/skills/golang/references/common-patterns.md @@ -0,0 +1,649 @@ +# Go Common Patterns and Idioms + +## Design Patterns + +### Functional Options Pattern + +Used for configuring objects with many optional parameters: + +```go +type Server struct { + host string + port int + timeout time.Duration + maxConn int +} + +type Option func(*Server) + +func WithHost(host string) Option { + return func(s *Server) { + s.host = host + } +} + +func WithPort(port int) Option { + return func(s *Server) { + s.port = port + } +} + +func WithTimeout(timeout time.Duration) Option { + return func(s *Server) { + s.timeout = timeout + } +} + +func NewServer(opts ...Option) *Server { + // Set defaults + s := &Server{ + host: "localhost", + port: 8080, + timeout: 30 * time.Second, + maxConn: 100, + } + + // Apply options + for _, opt := range opts { + opt(s) + } + + return s +} + +// Usage +srv := NewServer( + WithHost("example.com"), + WithPort(443), + WithTimeout(60 * time.Second), +) +``` + +### Builder Pattern + +For complex object construction: + +```go +type HTTPRequest struct { + method string + url string + headers map[string]string + body []byte +} + +type RequestBuilder struct { + request *HTTPRequest +} + +func NewRequestBuilder() *RequestBuilder { + return &RequestBuilder{ + request: &HTTPRequest{ + headers: make(map[string]string), + }, + } +} + +func (b *RequestBuilder) Method(method string) *RequestBuilder { + b.request.method = method + return b +} + +func (b *RequestBuilder) URL(url string) *RequestBuilder { + b.request.url = url + return b +} + +func (b *RequestBuilder) Header(key, value string) *RequestBuilder { + b.request.headers[key] = value + return b +} + +func (b *RequestBuilder) Body(body []byte) *RequestBuilder { + b.request.body = body + return b +} + +func (b *RequestBuilder) Build() *HTTPRequest { + return b.request +} + +// Usage +req := NewRequestBuilder(). + Method("POST"). + URL("https://api.example.com"). + Header("Content-Type", "application/json"). + Body([]byte(`{"key":"value"}`)). + Build() +``` + +### Singleton Pattern + +Thread-safe singleton using sync.Once: + +```go +type Database struct { + conn *sql.DB +} + +var ( + instance *Database + once sync.Once +) + +func GetDatabase() *Database { + once.Do(func() { + conn, err := sql.Open("postgres", "connection-string") + if err != nil { + log.Fatal(err) + } + instance = &Database{conn: conn} + }) + return instance +} +``` + +### Factory Pattern + +```go +type Animal interface { + Speak() string +} + +type Dog struct{} +func (d Dog) Speak() string { return "Woof!" } + +type Cat struct{} +func (c Cat) Speak() string { return "Meow!" } + +type AnimalFactory struct{} + +func (f *AnimalFactory) CreateAnimal(animalType string) Animal { + switch animalType { + case "dog": + return &Dog{} + case "cat": + return &Cat{} + default: + return nil + } +} +``` + +### Strategy Pattern + +```go +type PaymentStrategy interface { + Pay(amount float64) error +} + +type CreditCard struct { + number string +} + +func (c *CreditCard) Pay(amount float64) error { + fmt.Printf("Paying %.2f using credit card %s\n", amount, c.number) + return nil +} + +type PayPal struct { + email string +} + +func (p *PayPal) Pay(amount float64) error { + fmt.Printf("Paying %.2f using PayPal account %s\n", amount, p.email) + return nil +} + +type PaymentContext struct { + strategy PaymentStrategy +} + +func (pc *PaymentContext) SetStrategy(strategy PaymentStrategy) { + pc.strategy = strategy +} + +func (pc *PaymentContext) ExecutePayment(amount float64) error { + return pc.strategy.Pay(amount) +} +``` + +## Concurrency Patterns + +### Worker Pool + +```go +func worker(id int, jobs <-chan Job, results chan<- Result) { + for job := range jobs { + result := processJob(job) + results <- result + } +} + +func WorkerPool(numWorkers int, jobs []Job) []Result { + jobsChan := make(chan Job, len(jobs)) + results := make(chan Result, len(jobs)) + + // Start workers + for w := 1; w <= numWorkers; w++ { + go worker(w, jobsChan, results) + } + + // Send jobs + for _, job := range jobs { + jobsChan <- job + } + close(jobsChan) + + // Collect results + var output []Result + for range jobs { + output = append(output, <-results) + } + + return output +} +``` + +### Pipeline Pattern + +```go +func generator(nums ...int) <-chan int { + out := make(chan int) + go func() { + for _, n := range nums { + out <- n + } + close(out) + }() + return out +} + +func square(in <-chan int) <-chan int { + out := make(chan int) + go func() { + for n := range in { + out <- n * n + } + close(out) + }() + return out +} + +func main() { + // Create pipeline + c := generator(2, 3, 4) + out := square(c) + + // Consume output + for result := range out { + fmt.Println(result) + } +} +``` + +### Fan-Out, Fan-In + +```go +func fanOut(in <-chan int, n int) []<-chan int { + channels := make([]<-chan int, n) + for i := 0; i < n; i++ { + channels[i] = worker(in) + } + return channels +} + +func worker(in <-chan int) <-chan int { + out := make(chan int) + go func() { + for n := range in { + out <- expensiveOperation(n) + } + close(out) + }() + return out +} + +func fanIn(channels ...<-chan int) <-chan int { + out := make(chan int) + var wg sync.WaitGroup + + wg.Add(len(channels)) + for _, c := range channels { + go func(ch <-chan int) { + defer wg.Done() + for n := range ch { + out <- n + } + }(c) + } + + go func() { + wg.Wait() + close(out) + }() + + return out +} +``` + +### Timeout Pattern + +```go +func DoWithTimeout(timeout time.Duration) (result string, err error) { + done := make(chan struct{}) + + go func() { + result = expensiveOperation() + close(done) + }() + + select { + case <-done: + return result, nil + case <-time.After(timeout): + return "", fmt.Errorf("operation timed out after %v", timeout) + } +} +``` + +### Graceful Shutdown + +```go +func main() { + server := &http.Server{Addr: ":8080"} + + // Start server in goroutine + go func() { + if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { + log.Fatalf("listen: %s\n", err) + } + }() + + // Wait for interrupt signal + quit := make(chan os.Signal, 1) + signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM) + <-quit + log.Println("Shutting down server...") + + // Graceful shutdown with timeout + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + if err := server.Shutdown(ctx); err != nil { + log.Fatal("Server forced to shutdown:", err) + } + + log.Println("Server exiting") +} +``` + +### Rate Limiting + +```go +func rateLimiter(rate time.Duration) <-chan time.Time { + return time.Tick(rate) +} + +func main() { + limiter := rateLimiter(200 * time.Millisecond) + + for req := range requests { + <-limiter // Wait for rate limiter + go handleRequest(req) + } +} +``` + +### Circuit Breaker + +```go +type CircuitBreaker struct { + maxFailures int + timeout time.Duration + failures int + lastFail time.Time + state string + mu sync.Mutex +} + +func (cb *CircuitBreaker) Call(fn func() error) error { + cb.mu.Lock() + defer cb.mu.Unlock() + + if cb.state == "open" { + if time.Since(cb.lastFail) > cb.timeout { + cb.state = "half-open" + } else { + return fmt.Errorf("circuit breaker is open") + } + } + + err := fn() + if err != nil { + cb.failures++ + cb.lastFail = time.Now() + if cb.failures >= cb.maxFailures { + cb.state = "open" + } + return err + } + + cb.failures = 0 + cb.state = "closed" + return nil +} +``` + +## Error Handling Patterns + +### Error Wrapping + +```go +func processFile(filename string) (err error) { + data, err := readFile(filename) + if err != nil { + return fmt.Errorf("failed to process file %s: %w", filename, err) + } + + if err := validate(data); err != nil { + return fmt.Errorf("validation failed for %s: %w", filename, err) + } + + return nil +} +``` + +### Sentinel Errors + +```go +var ( + ErrNotFound = errors.New("not found") + ErrUnauthorized = errors.New("unauthorized") + ErrInvalidInput = errors.New("invalid input") +) + +func FindUser(id int) (*User, error) { + user, exists := users[id] + if !exists { + return nil, ErrNotFound + } + return user, nil +} + +// Check error +user, err := FindUser(123) +if errors.Is(err, ErrNotFound) { + // Handle not found +} +``` + +### Custom Error Types + +```go +type ValidationError struct { + Field string + Value interface{} + Err error +} + +func (e *ValidationError) Error() string { + return fmt.Sprintf("validation failed for field %s with value %v: %v", + e.Field, e.Value, e.Err) +} + +func (e *ValidationError) Unwrap() error { + return e.Err +} + +// Usage +var validErr *ValidationError +if errors.As(err, &validErr) { + fmt.Printf("Field: %s\n", validErr.Field) +} +``` + +## Resource Management Patterns + +### Defer for Cleanup + +```go +func processFile(filename string) error { + file, err := os.Open(filename) + if err != nil { + return err + } + defer file.Close() + + // Process file + return nil +} +``` + +### Context for Cancellation + +```go +func fetchData(ctx context.Context, url string) ([]byte, error) { + req, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return nil, err + } + + resp, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + return io.ReadAll(resp.Body) +} +``` + +### Sync.Pool for Object Reuse + +```go +var bufferPool = sync.Pool{ + New: func() interface{} { + return new(bytes.Buffer) + }, +} + +func process() { + buf := bufferPool.Get().(*bytes.Buffer) + defer bufferPool.Put(buf) + + buf.Reset() + // Use buffer +} +``` + +## Testing Patterns + +### Table-Driven Tests + +```go +func TestAdd(t *testing.T) { + tests := []struct { + name string + a, b int + expected int + }{ + {"positive numbers", 2, 3, 5}, + {"negative numbers", -1, -1, -2}, + {"mixed signs", -5, 10, 5}, + {"zeros", 0, 0, 0}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := Add(tt.a, tt.b) + if result != tt.expected { + t.Errorf("Add(%d, %d) = %d; want %d", + tt.a, tt.b, result, tt.expected) + } + }) + } +} +``` + +### Mock Interfaces + +```go +type Database interface { + Get(key string) (string, error) + Set(key, value string) error +} + +type MockDB struct { + data map[string]string +} + +func (m *MockDB) Get(key string) (string, error) { + val, ok := m.data[key] + if !ok { + return "", errors.New("not found") + } + return val, nil +} + +func (m *MockDB) Set(key, value string) error { + m.data[key] = value + return nil +} + +func TestUserService(t *testing.T) { + mockDB := &MockDB{data: make(map[string]string)} + service := NewUserService(mockDB) + // Test service +} +``` + +### Test Fixtures + +```go +func setupTestDB(t *testing.T) (*sql.DB, func()) { + db, err := sql.Open("sqlite3", ":memory:") + if err != nil { + t.Fatal(err) + } + + // Setup schema + _, err = db.Exec(schema) + if err != nil { + t.Fatal(err) + } + + cleanup := func() { + db.Close() + } + + return db, cleanup +} + +func TestDatabase(t *testing.T) { + db, cleanup := setupTestDB(t) + defer cleanup() + + // Run tests +} +``` + diff --git a/.claude/skills/golang/references/effective-go-summary.md b/.claude/skills/golang/references/effective-go-summary.md new file mode 100644 index 00000000..b138062b --- /dev/null +++ b/.claude/skills/golang/references/effective-go-summary.md @@ -0,0 +1,423 @@ +# Effective Go - Key Points Summary + +Source: https://go.dev/doc/effective_go + +## Formatting + +- Use `gofmt` to automatically format your code +- Indentation: use tabs +- Line length: no strict limit, but keep reasonable +- Parentheses: Go uses fewer parentheses than C/Java + +## Commentary + +- Every package should have a package comment +- Every exported name should have a doc comment +- Comments should be complete sentences +- Start comments with the name of the element being described + +Example: +```go +// Package regexp implements regular expression search. +package regexp + +// Compile parses a regular expression and returns, if successful, +// a Regexp object that can be used to match against text. +func Compile(str string) (*Regexp, error) { +``` + +## Names + +### Package Names +- Short, concise, evocative +- Lowercase, single-word +- No underscores or mixedCaps +- Avoid stuttering (e.g., `bytes.Buffer` not `bytes.ByteBuffer`) + +### Getters/Setters +- Getter: `Owner()` not `GetOwner()` +- Setter: `SetOwner()` + +### Interface Names +- One-method interfaces use method name + -er suffix +- Examples: `Reader`, `Writer`, `Formatter`, `CloseNotifier` + +### MixedCaps +- Use `MixedCaps` or `mixedCaps` rather than underscores + +## Semicolons + +- Lexer automatically inserts semicolons +- Never put opening brace on its own line + +## Control Structures + +### If +```go +if err := file.Chmod(0664); err != nil { + log.Print(err) + return err +} +``` + +### Redeclaration +```go +f, err := os.Open(name) +// err is declared here + +d, err := f.Stat() +// err is redeclared here (same scope) +``` + +### For +```go +// Like a C for +for init; condition; post { } + +// Like a C while +for condition { } + +// Like a C for(;;) +for { } + +// Range over array/slice/map/channel +for key, value := range oldMap { + newMap[key] = value +} + +// If you only need the key +for key := range m { + // ... +} + +// If you only need the value +for _, value := range array { + // ... +} +``` + +### Switch +- No automatic fall through +- Cases can be expressions +- Can switch on no value (acts like if-else chain) + +```go +switch { +case '0' <= c && c <= '9': + return c - '0' +case 'a' <= c && c <= 'f': + return c - 'a' + 10 +case 'A' <= c && c <= 'F': + return c - 'A' + 10 +} +``` + +### Type Switch +```go +switch t := value.(type) { +case int: + fmt.Printf("int: %d\n", t) +case string: + fmt.Printf("string: %s\n", t) +default: + fmt.Printf("unexpected type %T\n", t) +} +``` + +## Functions + +### Multiple Return Values +```go +func (file *File) Write(b []byte) (n int, err error) { + // ... +} +``` + +### Named Result Parameters +- Named results are initialized to zero values +- Can be used for documentation +- Enable naked returns + +```go +func ReadFull(r Reader, buf []byte) (n int, err error) { + for len(buf) > 0 && err == nil { + var nr int + nr, err = r.Read(buf) + n += nr + buf = buf[nr:] + } + return +} +``` + +### Defer +- Schedules function call to run after surrounding function returns +- LIFO order +- Arguments evaluated when defer executes + +```go +func trace(s string) string { + fmt.Println("entering:", s) + return s +} + +func un(s string) { + fmt.Println("leaving:", s) +} + +func a() { + defer un(trace("a")) + fmt.Println("in a") +} +``` + +## Data + +### Allocation with new +- `new(T)` allocates zeroed storage for new item of type T +- Returns `*T` +- Returns memory address of newly allocated zero value + +```go +p := new(int) // p is *int, points to zeroed int +``` + +### Constructors and Composite Literals +```go +func NewFile(fd int, name string) *File { + if fd < 0 { + return nil + } + return &File{fd: fd, name: name} +} +``` + +### Allocation with make +- `make(T, args)` creates slices, maps, and channels only +- Returns initialized (not zeroed) value of type T (not *T) + +```go +make([]int, 10, 100) // slice: len=10, cap=100 +make(map[string]int) // map +make(chan int, 10) // buffered channel +``` + +### Arrays +- Arrays are values, not pointers +- Passing array to function copies the entire array +- Array size is part of its type + +### Slices +- Hold references to underlying array +- Can grow dynamically with `append` +- Passing slice passes reference + +### Maps +- Hold references to underlying data structure +- Passing map passes reference +- Zero value is `nil` + +### Printing +- `%v` - default format +- `%+v` - struct with field names +- `%#v` - Go syntax representation +- `%T` - type +- `%q` - quoted string + +## Initialization + +### Constants +- Created at compile time +- Can only be numbers, characters, strings, or booleans + +### init Function +- Each source file can have `init()` function +- Called after package-level variables initialized +- Used for setup that can't be expressed as declarations + +```go +func init() { + // initialization code +} +``` + +## Methods + +### Pointers vs. Values +- Value methods can be invoked on pointers and values +- Pointer methods can only be invoked on pointers + +Rule: Value methods can be called on both values and pointers, but pointer methods should only be called on pointers (though Go allows calling on addressable values). + +```go +type ByteSlice []byte + +func (slice ByteSlice) Append(data []byte) []byte { + // ... +} + +func (p *ByteSlice) Append(data []byte) { + slice := *p + // ... + *p = slice +} +``` + +## Interfaces and Other Types + +### Interfaces +- A type implements an interface by implementing its methods +- No explicit declaration of intent + +### Type Assertions +```go +value, ok := str.(string) +``` + +### Type Switches +```go +switch v := value.(type) { +case string: + // v is string +case int: + // v is int +} +``` + +### Generality +- If a type exists only to implement an interface and will never have exported methods beyond that interface, there's no need to export the type itself + +## The Blank Identifier + +### Unused Imports and Variables +```go +import _ "net/http/pprof" // Import for side effects +``` + +### Interface Checks +```go +var _ json.Marshaler = (*RawMessage)(nil) +``` + +## Embedding + +### Composition, not Inheritance +```go +type ReadWriter struct { + *Reader // *bufio.Reader + *Writer // *bufio.Writer +} +``` + +## Concurrency + +### Share by Communicating +- Don't communicate by sharing memory; share memory by communicating +- Use channels to pass ownership + +### Goroutines +- Cheap: small initial stack +- Multiplexed onto OS threads +- Prefix function call with `go` keyword + +### Channels +- Allocate with `make` +- Unbuffered: synchronous +- Buffered: asynchronous up to buffer size + +```go +ci := make(chan int) // unbuffered +cj := make(chan int, 0) // unbuffered +cs := make(chan *os.File, 100) // buffered +``` + +### Channels of Channels +```go +type Request struct { + args []int + f func([]int) int + resultChan chan int +} +``` + +### Parallelization +```go +const numCPU = runtime.NumCPU() +runtime.GOMAXPROCS(numCPU) +``` + +## Errors + +### Error Type +```go +type error interface { + Error() string +} +``` + +### Custom Errors +```go +type PathError struct { + Op string + Path string + Err error +} + +func (e *PathError) Error() string { + return e.Op + " " + e.Path + ": " + e.Err.Error() +} +``` + +### Panic +- Use for unrecoverable errors +- Generally avoid in library code + +### Recover +- Called inside deferred function +- Stops panic sequence +- Returns value passed to panic + +```go +func server(workChan <-chan *Work) { + for work := range workChan { + go safelyDo(work) + } +} + +func safelyDo(work *Work) { + defer func() { + if err := recover(); err != nil { + log.Println("work failed:", err) + } + }() + do(work) +} +``` + +## A Web Server Example + +```go +package main + +import ( + "fmt" + "log" + "net/http" +) + +type Counter struct { + n int +} + +func (ctr *Counter) ServeHTTP(w http.ResponseWriter, req *http.Request) { + ctr.n++ + fmt.Fprintf(w, "counter = %d\n", ctr.n) +} + +func main() { + ctr := new(Counter) + http.Handle("/counter", ctr) + log.Fatal(http.ListenAndServe(":8080", nil)) +} +``` + diff --git a/.claude/skills/golang/references/quick-reference.md b/.claude/skills/golang/references/quick-reference.md new file mode 100644 index 00000000..c2e2a650 --- /dev/null +++ b/.claude/skills/golang/references/quick-reference.md @@ -0,0 +1,528 @@ +# Go Quick Reference Cheat Sheet + +## Basic Syntax + +### Hello World +```go +package main + +import "fmt" + +func main() { + fmt.Println("Hello, World!") +} +``` + +### Variables +```go +var name string = "John" +var age int = 30 +var height = 5.9 // type inference + +// Short declaration (inside functions only) +count := 42 +``` + +### Constants +```go +const Pi = 3.14159 +const ( + Sunday = iota // 0 + Monday // 1 + Tuesday // 2 +) +``` + +## Data Types + +### Basic Types +```go +bool // true, false +string // "hello" +int int8 int16 int32 int64 +uint uint8 uint16 uint32 uint64 +byte // alias for uint8 +rune // alias for int32 (Unicode) +float32 float64 +complex64 complex128 +``` + +### Composite Types +```go +// Array (fixed size) +var arr [5]int + +// Slice (dynamic) +slice := []int{1, 2, 3} +slice = append(slice, 4) + +// Map +m := make(map[string]int) +m["key"] = 42 + +// Struct +type Person struct { + Name string + Age int +} +p := Person{Name: "Alice", Age: 30} + +// Pointer +ptr := &p +``` + +## Functions + +```go +// Basic function +func add(a, b int) int { + return a + b +} + +// Named returns (preferred) +func divide(a, b float64) (result float64, err error) { + if b == 0 { + err = errors.New("division by zero") + return + } + result = a / b + return +} + +// Variadic +func sum(nums ...int) int { + total := 0 + for _, n := range nums { + total += n + } + return total +} + +// Multiple returns +func swap(a, b int) (int, int) { + return b, a +} +``` + +## Control Flow + +### If/Else +```go +if x > 0 { + // positive +} else if x < 0 { + // negative +} else { + // zero +} + +// With initialization +if err := doSomething(); err != nil { + return err +} +``` + +### For Loops +```go +// Traditional for +for i := 0; i < 10; i++ { + fmt.Println(i) +} + +// While-style +for condition { +} + +// Infinite +for { +} + +// Range +for i, v := range slice { + fmt.Printf("%d: %v\n", i, v) +} + +for key, value := range myMap { + fmt.Printf("%s: %v\n", key, value) +} +``` + +### Switch +```go +switch x { +case 1: + fmt.Println("one") +case 2, 3: + fmt.Println("two or three") +default: + fmt.Println("other") +} + +// Type switch +switch v := i.(type) { +case int: + fmt.Printf("int: %d\n", v) +case string: + fmt.Printf("string: %s\n", v) +} +``` + +## Methods & Interfaces + +### Methods +```go +type Rectangle struct { + Width, Height float64 +} + +// Value receiver +func (r Rectangle) Area() float64 { + return r.Width * r.Height +} + +// Pointer receiver +func (r *Rectangle) Scale(factor float64) { + r.Width *= factor + r.Height *= factor +} +``` + +### Interfaces +```go +type Shape interface { + Area() float64 + Perimeter() float64 +} + +// Empty interface (any type) +var x interface{} // or: var x any +``` + +## Concurrency + +### Goroutines +```go +go doSomething() + +go func() { + fmt.Println("In goroutine") +}() +``` + +### Channels +```go +// Create +ch := make(chan int) // unbuffered +ch := make(chan int, 10) // buffered + +// Send & Receive +ch <- 42 // send +value := <-ch // receive + +// Close +close(ch) + +// Check if closed +value, ok := <-ch +``` + +### Select +```go +select { +case msg := <-ch1: + fmt.Println("ch1:", msg) +case msg := <-ch2: + fmt.Println("ch2:", msg) +case <-time.After(1 * time.Second): + fmt.Println("timeout") +default: + fmt.Println("no channel ready") +} +``` + +### Sync Package +```go +// Mutex +var mu sync.Mutex +mu.Lock() +defer mu.Unlock() + +// RWMutex +var mu sync.RWMutex +mu.RLock() +defer mu.RUnlock() + +// WaitGroup +var wg sync.WaitGroup +wg.Add(1) +go func() { + defer wg.Done() + // work +}() +wg.Wait() +``` + +## Error Handling + +```go +// Create errors +err := errors.New("error message") +err := fmt.Errorf("failed: %w", originalErr) + +// Check errors +if err != nil { + return err +} + +// Custom error type +type MyError struct { + Msg string +} + +func (e *MyError) Error() string { + return e.Msg +} + +// Error checking (Go 1.13+) +if errors.Is(err, os.ErrNotExist) { + // handle +} + +var pathErr *os.PathError +if errors.As(err, &pathErr) { + // handle +} +``` + +## Standard Library Snippets + +### fmt - Formatting +```go +fmt.Print("text") +fmt.Println("text with newline") +fmt.Printf("Name: %s, Age: %d\n", name, age) +s := fmt.Sprintf("formatted %v", value) +``` + +### strings +```go +strings.Contains(s, substr) +strings.HasPrefix(s, prefix) +strings.Join([]string{"a", "b"}, ",") +strings.Split(s, ",") +strings.ToLower(s) +strings.TrimSpace(s) +``` + +### strconv +```go +i, _ := strconv.Atoi("42") +s := strconv.Itoa(42) +f, _ := strconv.ParseFloat("3.14", 64) +``` + +### io +```go +io.Copy(dst, src) +data, _ := io.ReadAll(r) +io.WriteString(w, "data") +``` + +### os +```go +file, _ := os.Open("file.txt") +defer file.Close() +os.Getenv("PATH") +os.Exit(1) +``` + +### net/http +```go +// Server +http.HandleFunc("/", handler) +http.ListenAndServe(":8080", nil) + +// Client +resp, _ := http.Get("https://example.com") +defer resp.Body.Close() +``` + +### encoding/json +```go +// Encode +data, _ := json.Marshal(obj) + +// Decode +json.Unmarshal(data, &obj) +``` + +### time +```go +now := time.Now() +time.Sleep(5 * time.Second) +t.Format("2006-01-02 15:04:05") +time.Parse("2006-01-02", "2024-01-01") +``` + +## Testing + +### Basic Test +```go +// mycode_test.go +package mypackage + +import "testing" + +func TestAdd(t *testing.T) { + result := Add(2, 3) + if result != 5 { + t.Errorf("got %d, want 5", result) + } +} +``` + +### Table-Driven Test +```go +func TestAdd(t *testing.T) { + tests := []struct { + name string + a, b int + expected int + }{ + {"positive", 2, 3, 5}, + {"negative", -1, -1, -2}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := Add(tt.a, tt.b) + if result != tt.expected { + t.Errorf("got %d, want %d", result, tt.expected) + } + }) + } +} +``` + +### Benchmark +```go +func BenchmarkAdd(b *testing.B) { + for i := 0; i < b.N; i++ { + Add(2, 3) + } +} +``` + +## Go Commands + +```bash +# Run +go run main.go + +# Build +go build +go build -o myapp + +# Test +go test +go test -v +go test -cover +go test -race + +# Format +go fmt ./... +gofmt -s -w . + +# Lint +go vet ./... + +# Modules +go mod init module-name +go mod tidy +go get package@version +go get -u ./... + +# Install +go install + +# Documentation +go doc package.Function +``` + +## Common Patterns + +### Defer +```go +file, err := os.Open("file.txt") +if err != nil { + return err +} +defer file.Close() +``` + +### Error Wrapping +```go +if err != nil { + return fmt.Errorf("failed to process: %w", err) +} +``` + +### Context +```go +ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) +defer cancel() +``` + +### Options Pattern +```go +type Option func(*Config) + +func WithPort(port int) Option { + return func(c *Config) { + c.port = port + } +} + +func New(opts ...Option) *Server { + cfg := &Config{port: 8080} + for _, opt := range opts { + opt(cfg) + } + return &Server{cfg: cfg} +} +``` + +## Format Verbs + +```go +%v // default format +%+v // struct with field names +%#v // Go-syntax representation +%T // type +%t // bool +%d // decimal integer +%b // binary +%o // octal +%x // hex (lowercase) +%X // hex (uppercase) +%f // float +%e // scientific notation +%s // string +%q // quoted string +%p // pointer address +%w // error wrapping +``` + +## Best Practices + +1. Use `gofmt` to format code +2. Always check errors +3. Use named return values +4. Prefer composition over inheritance +5. Use defer for cleanup +6. Keep functions small and focused +7. Write table-driven tests +8. Document exported names +9. Use interfaces for flexibility +10. Follow Effective Go guidelines + diff --git a/.claude/skills/ndk/INDEX.md b/.claude/skills/ndk/INDEX.md new file mode 100644 index 00000000..41d6d98e --- /dev/null +++ b/.claude/skills/ndk/INDEX.md @@ -0,0 +1,286 @@ +# NDK (Nostr Development Kit) Claude Skill + +> **Comprehensive knowledge base for working with NDK in production applications** + +This Claude skill provides deep expertise in the Nostr Development Kit based on real-world usage patterns from the Plebeian Market application. + +## 📚 Documentation Structure + +``` +.claude/skills/ndk/ +├── README.md # This file - Overview and getting started +├── ndk-skill.md # Complete reference guide (18KB) +├── quick-reference.md # Fast lookup for common tasks (7KB) +├── troubleshooting.md # Common problems and solutions +└── examples/ # Production code examples + ├── README.md + ├── 01-initialization.ts # NDK setup and connection + ├── 02-authentication.ts # NIP-07, NIP-46, private keys + ├── 03-publishing-events.ts # Creating and publishing events + ├── 04-querying-subscribing.ts # Fetching and real-time subs + └── 05-users-profiles.ts # User and profile management +``` + +## 🚀 Quick Start + +### For Quick Lookups +Start with **`quick-reference.md`** for: +- Common code snippets +- Quick syntax reminders +- Frequently used patterns + +### For Deep Learning +Read **`ndk-skill.md`** for: +- Complete API documentation +- Best practices +- Integration patterns +- Performance optimization + +### For Problem Solving +Check **`troubleshooting.md`** for: +- Common error solutions +- Performance tips +- Testing strategies +- Debug techniques + +### For Code Examples +Browse **`examples/`** directory for: +- Real production code +- Full implementations +- React integration patterns +- Error handling examples + +## 📖 Core Topics Covered + +### 1. Initialization & Setup +- Basic NDK initialization +- Multiple instance patterns (main + zap relays) +- Connection management with timeouts +- Relay pool configuration +- Connection status monitoring + +### 2. Authentication +- **NIP-07**: Browser extension signers (Alby, nos2x) +- **NIP-46**: Remote signers (Bunker) +- **Private Keys**: Direct key management +- Auto-login with localStorage +- Multi-account session management + +### 3. Event Publishing +- Basic text notes +- Parameterized replaceable events (products, profiles) +- Order and payment events +- Batch publishing +- Error handling patterns + +### 4. Querying & Subscriptions +- One-time fetches with `fetchEvents()` +- Real-time subscriptions +- Tag filtering patterns +- Time-range queries +- Event monitoring +- React Query integration + +### 5. User & Profile Management +- Fetch profiles (npub, hex, NIP-05) +- Update user profiles +- Follow/unfollow operations +- Batch profile loading +- Profile caching strategies + +### 6. Advanced Patterns +- Store-based NDK management +- Query + subscription combination +- Event parsing utilities +- Memory leak prevention +- Performance optimization + +## 🎯 Use Cases + +### Building a Nostr Client +```typescript +// Initialize +const { ndk, isConnected } = await initializeNDK({ + relays: ['wss://relay.damus.io', 'wss://nos.lol'], + timeoutMs: 10000 +}) + +// Authenticate +const { user } = await loginWithExtension(ndk) + +// Publish +await publishBasicNote(ndk, 'Hello Nostr!') + +// Subscribe +const sub = subscribeToNotes(ndk, user.pubkey, (event) => { + console.log('New note:', event.content) +}) +``` + +### Building a Marketplace +```typescript +// Publish product +await publishProduct(ndk, { + slug: 'bitcoin-shirt', + title: 'Bitcoin T-Shirt', + price: 25, + currency: 'USD', + images: ['https://...'] +}) + +// Create order +await createOrder(ndk, { + orderId: uuidv4(), + sellerPubkey: merchant.pubkey, + productRef: '30402:pubkey:bitcoin-shirt', + quantity: 1, + totalAmount: '25.00' +}) + +// Monitor payment +monitorPaymentReceipt(ndk, orderId, invoiceId, (preimage) => { + console.log('Payment confirmed!') +}) +``` + +### React Integration +```typescript +function Feed() { + const ndk = useNDK() + const { user } = useAuth() + + // Query with real-time updates + const { data: notes } = useNotesWithSubscription( + ndk, + user.pubkey + ) + + return ( +
+ {notes?.map(note => ( + + ))} +
+ ) +} +``` + +## 🔍 Common Patterns Quick Reference + +### Safe NDK Access +```typescript +const ndk = ndkActions.getNDK() +if (!ndk) throw new Error('NDK not initialized') +``` + +### Subscription Cleanup +```typescript +useEffect(() => { + const sub = ndk.subscribe(filter, { closeOnEose: false }) + sub.on('event', handleEvent) + return () => sub.stop() // Critical! +}, [ndk]) +``` + +### Error Handling +```typescript +try { + await event.sign() + await event.publish() +} catch (error) { + console.error('Publishing failed:', error) + throw new Error('Failed to publish. Check connection.') +} +``` + +### Tag Filtering +```typescript +// ✅ Correct (note the # prefix for tag filters) +{ kinds: [16], '#order': [orderId] } + +// ❌ Wrong +{ kinds: [16], 'order': [orderId] } +``` + +## 🛠 Development Tools + +### VS Code Integration +These skill files work with: +- Cursor AI for code completion +- Claude for code assistance +- GitHub Copilot with context + +### Debugging Tips +```typescript +// Check connection +console.log('Connected relays:', + Array.from(ndk.pool?.relays.values() || []) + .filter(r => r.status === 1) + .map(r => r.url) +) + +// Verify signer +console.log('Signer:', ndk.signer) +console.log('Active user:', ndk.activeUser) + +// Event inspection +console.log('Event:', { + id: event.id, + kind: event.kind, + tags: event.tags, + sig: event.sig +}) +``` + +## 📊 Statistics + +- **Total Documentation**: ~50KB +- **Code Examples**: 5 complete modules +- **Patterns Documented**: 50+ +- **Common Issues Covered**: 15+ +- **Based On**: Real production code + +## 🔗 Additional Resources + +### Official NDK Resources +- **GitHub**: https://github.com/nostr-dev-kit/ndk +- **Documentation**: https://ndk.fyi +- **NPM**: `@nostr-dev-kit/ndk` + +### Nostr Protocol +- **NIPs**: https://github.com/nostr-protocol/nips +- **Nostr**: https://nostr.com + +### Related Tools +- **TanStack Query**: React state management +- **TanStack Router**: Type-safe routing +- **Radix UI**: Accessible components + +## 💡 Tips for Using This Skill + +1. **Start Small**: Begin with quick-reference.md for syntax +2. **Go Deep**: Read ndk-skill.md section by section +3. **Copy Examples**: Use examples/ as templates +4. **Debug Issues**: Check troubleshooting.md first +5. **Stay Updated**: Patterns based on production usage + +## 🤝 Contributing + +This skill is maintained based on the Plebeian Market codebase. To improve it: + +1. Document new patterns you discover +2. Add solutions to common problems +3. Update examples with better approaches +4. Keep synchronized with NDK updates + +## 📝 Version Info + +- **Skill Version**: 1.0.0 +- **NDK Version**: Latest (based on production usage) +- **Last Updated**: November 2025 +- **Codebase**: Plebeian Market + +--- + +**Ready to build with NDK?** Start with `quick-reference.md` or dive into `examples/01-initialization.ts`! + diff --git a/.claude/skills/ndk/README.md b/.claude/skills/ndk/README.md new file mode 100644 index 00000000..2a13dc47 --- /dev/null +++ b/.claude/skills/ndk/README.md @@ -0,0 +1,38 @@ +# NDK (Nostr Development Kit) Claude Skill + +This skill provides comprehensive knowledge about working with the Nostr Development Kit (NDK) library. + +## Files + +- **ndk-skill.md** - Complete reference documentation with patterns from production usage +- **quick-reference.md** - Quick lookup guide for common NDK tasks +- **examples/** - Code examples extracted from the Plebeian Market codebase + +## Usage + +When working with NDK-related code, reference these documents to: +- Understand initialization patterns +- Learn authentication flows (NIP-07, NIP-46, private keys) +- Implement event creation and publishing +- Set up subscriptions for real-time updates +- Query events with filters +- Handle users and profiles +- Integrate with TanStack Query + +## Key Topics Covered + +1. NDK Initialization & Configuration +2. Authentication & Signers +3. Event Creation & Publishing +4. Querying Events +5. Real-time Subscriptions +6. User & Profile Management +7. Tag Handling +8. Replaceable Events +9. Relay Management +10. Integration with React/TanStack Query +11. Error Handling & Best Practices +12. Performance Optimization + +All examples are based on real production code from the Plebeian Market application. + diff --git a/.claude/skills/ndk/examples/01-initialization.ts b/.claude/skills/ndk/examples/01-initialization.ts new file mode 100644 index 00000000..bada6d6b --- /dev/null +++ b/.claude/skills/ndk/examples/01-initialization.ts @@ -0,0 +1,162 @@ +/** + * NDK Initialization Patterns + * + * Examples from: src/lib/stores/ndk.ts + */ + +import NDK from '@nostr-dev-kit/ndk' + +// ============================================================ +// BASIC INITIALIZATION +// ============================================================ + +const basicInit = () => { + const ndk = new NDK({ + explicitRelayUrls: ['wss://relay.damus.io', 'wss://relay.nostr.band'] + }) + + return ndk +} + +// ============================================================ +// PRODUCTION PATTERN - WITH MULTIPLE NDK INSTANCES +// ============================================================ + +const productionInit = (relays: string[], zapRelays: string[]) => { + // Main NDK instance for general operations + const ndk = new NDK({ + explicitRelayUrls: relays + }) + + // Separate NDK for zap operations (performance optimization) + const zapNdk = new NDK({ + explicitRelayUrls: zapRelays + }) + + return { ndk, zapNdk } +} + +// ============================================================ +// CONNECTION WITH TIMEOUT +// ============================================================ + +const connectWithTimeout = async ( + ndk: NDK, + timeoutMs: number = 10000 +): Promise => { + // Create connection promise + const connectPromise = ndk.connect() + + // Create timeout promise + const timeoutPromise = new Promise((_, reject) => + setTimeout(() => reject(new Error('Connection timeout')), timeoutMs) + ) + + try { + // Race between connection and timeout + await Promise.race([connectPromise, timeoutPromise]) + console.log('✅ NDK connected successfully') + } catch (error) { + if (error instanceof Error && error.message === 'Connection timeout') { + console.error('❌ Connection timed out after', timeoutMs, 'ms') + } else { + console.error('❌ Connection failed:', error) + } + throw error + } +} + +// ============================================================ +// FULL INITIALIZATION FLOW +// ============================================================ + +interface InitConfig { + relays?: string[] + zapRelays?: string[] + timeoutMs?: number +} + +const defaultRelays = [ + 'wss://relay.damus.io', + 'wss://relay.nostr.band', + 'wss://nos.lol' +] + +const defaultZapRelays = [ + 'wss://relay.damus.io', + 'wss://nostr.wine' +] + +const initializeNDK = async (config: InitConfig = {}) => { + const { + relays = defaultRelays, + zapRelays = defaultZapRelays, + timeoutMs = 10000 + } = config + + // Initialize instances + const ndk = new NDK({ explicitRelayUrls: relays }) + const zapNdk = new NDK({ explicitRelayUrls: zapRelays }) + + // Connect with timeout protection + try { + await connectWithTimeout(ndk, timeoutMs) + await connectWithTimeout(zapNdk, timeoutMs) + + return { ndk, zapNdk, isConnected: true } + } catch (error) { + return { ndk, zapNdk, isConnected: false, error } + } +} + +// ============================================================ +// CHECKING CONNECTION STATUS +// ============================================================ + +const getConnectionStatus = (ndk: NDK) => { + const connectedRelays = Array.from(ndk.pool?.relays.values() || []) + .filter(relay => relay.status === 1) + .map(relay => relay.url) + + const isConnected = connectedRelays.length > 0 + + return { + isConnected, + connectedRelays, + totalRelays: ndk.pool?.relays.size || 0 + } +} + +// ============================================================ +// USAGE EXAMPLE +// ============================================================ + +async function main() { + // Initialize + const { ndk, zapNdk, isConnected } = await initializeNDK({ + relays: defaultRelays, + zapRelays: defaultZapRelays, + timeoutMs: 10000 + }) + + if (!isConnected) { + console.error('Failed to connect to relays') + return + } + + // Check status + const status = getConnectionStatus(ndk) + console.log('Connection status:', status) + + // Ready to use + console.log('NDK ready for operations') +} + +export { + basicInit, + productionInit, + connectWithTimeout, + initializeNDK, + getConnectionStatus +} + diff --git a/.claude/skills/ndk/examples/02-authentication.ts b/.claude/skills/ndk/examples/02-authentication.ts new file mode 100644 index 00000000..2356205a --- /dev/null +++ b/.claude/skills/ndk/examples/02-authentication.ts @@ -0,0 +1,255 @@ +/** + * NDK Authentication Patterns + * + * Examples from: src/lib/stores/auth.ts + */ + +import NDK from '@nostr-dev-kit/ndk' +import { NDKNip07Signer, NDKPrivateKeySigner, NDKNip46Signer } from '@nostr-dev-kit/ndk' + +// ============================================================ +// NIP-07 - BROWSER EXTENSION SIGNER +// ============================================================ + +const loginWithExtension = async (ndk: NDK) => { + try { + // Create NIP-07 signer (browser extension like Alby, nos2x) + const signer = new NDKNip07Signer() + + // Wait for signer to be ready + await signer.blockUntilReady() + + // Set signer on NDK instance + ndk.signer = signer + + // Get authenticated user + const user = await signer.user() + + console.log('✅ Logged in via extension:', user.npub) + return { user, signer } + } catch (error) { + console.error('❌ Extension login failed:', error) + throw new Error('Failed to login with browser extension. Is it installed?') + } +} + +// ============================================================ +// PRIVATE KEY SIGNER +// ============================================================ + +const loginWithPrivateKey = async (ndk: NDK, privateKeyHex: string) => { + try { + // Validate private key format (64 hex characters) + if (!/^[0-9a-f]{64}$/.test(privateKeyHex)) { + throw new Error('Invalid private key format') + } + + // Create private key signer + const signer = new NDKPrivateKeySigner(privateKeyHex) + + // Wait for signer to be ready + await signer.blockUntilReady() + + // Set signer on NDK instance + ndk.signer = signer + + // Get authenticated user + const user = await signer.user() + + console.log('✅ Logged in with private key:', user.npub) + return { user, signer } + } catch (error) { + console.error('❌ Private key login failed:', error) + throw error + } +} + +// ============================================================ +// NIP-46 - REMOTE SIGNER (BUNKER) +// ============================================================ + +const loginWithNip46 = async ( + ndk: NDK, + bunkerUrl: string, + localPrivateKey?: string +) => { + try { + // Create or use existing local signer + const localSigner = localPrivateKey + ? new NDKPrivateKeySigner(localPrivateKey) + : NDKPrivateKeySigner.generate() + + // Create NIP-46 remote signer + const remoteSigner = new NDKNip46Signer(ndk, bunkerUrl, localSigner) + + // Wait for signer to be ready (may require user approval) + await remoteSigner.blockUntilReady() + + // Set signer on NDK instance + ndk.signer = remoteSigner + + // Get authenticated user + const user = await remoteSigner.user() + + console.log('✅ Logged in via NIP-46:', user.npub) + + // Store local signer key for reconnection + return { + user, + signer: remoteSigner, + localSignerKey: localSigner.privateKey + } + } catch (error) { + console.error('❌ NIP-46 login failed:', error) + throw error + } +} + +// ============================================================ +// AUTO-LOGIN FROM LOCAL STORAGE +// ============================================================ + +const STORAGE_KEYS = { + AUTO_LOGIN: 'nostr:auto-login', + LOCAL_SIGNER: 'nostr:local-signer', + BUNKER_URL: 'nostr:bunker-url', + ENCRYPTED_KEY: 'nostr:encrypted-key' +} + +const getAuthFromStorage = async (ndk: NDK) => { + try { + // Check if auto-login is enabled + const autoLogin = localStorage.getItem(STORAGE_KEYS.AUTO_LOGIN) + if (autoLogin !== 'true') { + return null + } + + // Try NIP-46 bunker connection + const privateKey = localStorage.getItem(STORAGE_KEYS.LOCAL_SIGNER) + const bunkerUrl = localStorage.getItem(STORAGE_KEYS.BUNKER_URL) + + if (privateKey && bunkerUrl) { + return await loginWithNip46(ndk, bunkerUrl, privateKey) + } + + // Try encrypted private key + const encryptedKey = localStorage.getItem(STORAGE_KEYS.ENCRYPTED_KEY) + if (encryptedKey) { + // Would need decryption password from user + return { needsPassword: true, encryptedKey } + } + + // Fallback to extension + return await loginWithExtension(ndk) + } catch (error) { + console.error('Auto-login failed:', error) + return null + } +} + +// ============================================================ +// SAVE AUTH TO STORAGE +// ============================================================ + +const saveAuthToStorage = ( + method: 'extension' | 'private-key' | 'nip46', + data?: { + privateKey?: string + bunkerUrl?: string + encryptedKey?: string + } +) => { + // Enable auto-login + localStorage.setItem(STORAGE_KEYS.AUTO_LOGIN, 'true') + + if (method === 'nip46' && data?.privateKey && data?.bunkerUrl) { + localStorage.setItem(STORAGE_KEYS.LOCAL_SIGNER, data.privateKey) + localStorage.setItem(STORAGE_KEYS.BUNKER_URL, data.bunkerUrl) + } else if (method === 'private-key' && data?.encryptedKey) { + localStorage.setItem(STORAGE_KEYS.ENCRYPTED_KEY, data.encryptedKey) + } + // Extension doesn't need storage +} + +// ============================================================ +// LOGOUT +// ============================================================ + +const logout = (ndk: NDK) => { + // Remove signer from NDK + ndk.signer = undefined + + // Clear all auth storage + Object.values(STORAGE_KEYS).forEach(key => { + localStorage.removeItem(key) + }) + + console.log('✅ Logged out successfully') +} + +// ============================================================ +// GET CURRENT USER +// ============================================================ + +const getCurrentUser = async (ndk: NDK) => { + if (!ndk.signer) { + return null + } + + try { + const user = await ndk.signer.user() + return { + pubkey: user.pubkey, + npub: user.npub, + profile: await user.fetchProfile() + } + } catch (error) { + console.error('Failed to get current user:', error) + return null + } +} + +// ============================================================ +// USAGE EXAMPLE +// ============================================================ + +async function authExample(ndk: NDK) { + // Try auto-login first + let auth = await getAuthFromStorage(ndk) + + if (!auth) { + // Manual login options + console.log('Choose login method:') + console.log('1. Browser Extension (NIP-07)') + console.log('2. Private Key') + console.log('3. Remote Signer (NIP-46)') + + // Example: login with extension + auth = await loginWithExtension(ndk) + saveAuthToStorage('extension') + } + + if (auth && 'needsPassword' in auth) { + // Handle encrypted key case + console.log('Password required for encrypted key') + return + } + + // Get current user info + const currentUser = await getCurrentUser(ndk) + console.log('Current user:', currentUser) + + // Logout when done + // logout(ndk) +} + +export { + loginWithExtension, + loginWithPrivateKey, + loginWithNip46, + getAuthFromStorage, + saveAuthToStorage, + logout, + getCurrentUser +} + diff --git a/.claude/skills/ndk/examples/03-publishing-events.ts b/.claude/skills/ndk/examples/03-publishing-events.ts new file mode 100644 index 00000000..bd068e43 --- /dev/null +++ b/.claude/skills/ndk/examples/03-publishing-events.ts @@ -0,0 +1,376 @@ +/** + * NDK Event Publishing Patterns + * + * Examples from: src/publish/orders.tsx, scripts/gen_products.ts + */ + +import NDK, { NDKEvent, NDKTag } from '@nostr-dev-kit/ndk' + +// ============================================================ +// BASIC EVENT PUBLISHING +// ============================================================ + +const publishBasicNote = async (ndk: NDK, content: string) => { + // Create event + const event = new NDKEvent(ndk) + event.kind = 1 // Text note + event.content = content + event.tags = [] + + // Sign and publish + await event.sign() + await event.publish() + + console.log('✅ Published note:', event.id) + return event.id +} + +// ============================================================ +// EVENT WITH TAGS +// ============================================================ + +const publishNoteWithTags = async ( + ndk: NDK, + content: string, + options: { + mentions?: string[] // pubkeys to mention + hashtags?: string[] + replyTo?: string // event ID + } +) => { + const event = new NDKEvent(ndk) + event.kind = 1 + event.content = content + event.tags = [] + + // Add mentions + if (options.mentions) { + options.mentions.forEach(pubkey => { + event.tags.push(['p', pubkey]) + }) + } + + // Add hashtags + if (options.hashtags) { + options.hashtags.forEach(tag => { + event.tags.push(['t', tag]) + }) + } + + // Add reply + if (options.replyTo) { + event.tags.push(['e', options.replyTo, '', 'reply']) + } + + await event.sign() + await event.publish() + + return event.id +} + +// ============================================================ +// PRODUCT LISTING (PARAMETERIZED REPLACEABLE EVENT) +// ============================================================ + +interface ProductData { + slug: string // Unique identifier + title: string + description: string + price: number + currency: string + images: string[] + shippingRefs?: string[] + category?: string +} + +const publishProduct = async (ndk: NDK, product: ProductData) => { + const event = new NDKEvent(ndk) + event.kind = 30402 // Product listing kind + event.content = product.description + + // Build tags + event.tags = [ + ['d', product.slug], // Unique identifier (required for replaceable) + ['title', product.title], + ['price', product.price.toString(), product.currency], + ] + + // Add images + product.images.forEach(image => { + event.tags.push(['image', image]) + }) + + // Add shipping options + if (product.shippingRefs) { + product.shippingRefs.forEach(ref => { + event.tags.push(['shipping', ref]) + }) + } + + // Add category + if (product.category) { + event.tags.push(['t', product.category]) + } + + // Optional: set custom timestamp + event.created_at = Math.floor(Date.now() / 1000) + + await event.sign() + await event.publish() + + console.log('✅ Published product:', product.title) + return event.id +} + +// ============================================================ +// ORDER CREATION EVENT +// ============================================================ + +interface OrderData { + orderId: string + sellerPubkey: string + productRef: string + quantity: number + totalAmount: string + currency: string + shippingRef?: string + shippingAddress?: string + email?: string + phone?: string + notes?: string +} + +const createOrder = async (ndk: NDK, order: OrderData) => { + const event = new NDKEvent(ndk) + event.kind = 16 // Order processing kind + event.content = order.notes || '' + + // Required tags per spec + event.tags = [ + ['p', order.sellerPubkey], + ['subject', `Order ${order.orderId.substring(0, 8)}`], + ['type', 'order-creation'], + ['order', order.orderId], + ['amount', order.totalAmount], + ['item', order.productRef, order.quantity.toString()], + ] + + // Optional tags + if (order.shippingRef) { + event.tags.push(['shipping', order.shippingRef]) + } + + if (order.shippingAddress) { + event.tags.push(['address', order.shippingAddress]) + } + + if (order.email) { + event.tags.push(['email', order.email]) + } + + if (order.phone) { + event.tags.push(['phone', order.phone]) + } + + try { + await event.sign() + await event.publish() + + console.log('✅ Order created:', order.orderId) + return { success: true, eventId: event.id } + } catch (error) { + console.error('❌ Failed to create order:', error) + return { success: false, error } + } +} + +// ============================================================ +// STATUS UPDATE EVENT +// ============================================================ + +const publishStatusUpdate = async ( + ndk: NDK, + orderId: string, + recipientPubkey: string, + status: 'pending' | 'paid' | 'shipped' | 'delivered' | 'cancelled', + notes?: string +) => { + const event = new NDKEvent(ndk) + event.kind = 16 + event.content = notes || `Order status updated to ${status}` + event.tags = [ + ['p', recipientPubkey], + ['subject', 'order-info'], + ['type', 'status-update'], + ['order', orderId], + ['status', status], + ] + + await event.sign() + await event.publish() + + return event.id +} + +// ============================================================ +// BATCH PUBLISHING +// ============================================================ + +const publishMultipleEvents = async ( + ndk: NDK, + events: Array<{ kind: number; content: string; tags: NDKTag[] }> +) => { + const results = [] + + for (const eventData of events) { + try { + const event = new NDKEvent(ndk) + event.kind = eventData.kind + event.content = eventData.content + event.tags = eventData.tags + + await event.sign() + await event.publish() + + results.push({ success: true, eventId: event.id }) + } catch (error) { + results.push({ success: false, error }) + } + } + + return results +} + +// ============================================================ +// PUBLISH WITH CUSTOM SIGNER +// ============================================================ + +import { NDKSigner } from '@nostr-dev-kit/ndk' + +const publishWithCustomSigner = async ( + ndk: NDK, + signer: NDKSigner, + eventData: { kind: number; content: string; tags: NDKTag[] } +) => { + const event = new NDKEvent(ndk) + event.kind = eventData.kind + event.content = eventData.content + event.tags = eventData.tags + + // Sign with specific signer (not ndk.signer) + await event.sign(signer) + await event.publish() + + return event.id +} + +// ============================================================ +// ERROR HANDLING PATTERN +// ============================================================ + +const publishWithErrorHandling = async ( + ndk: NDK, + eventData: { kind: number; content: string; tags: NDKTag[] } +) => { + // Validate NDK + if (!ndk) { + throw new Error('NDK not initialized') + } + + // Validate signer + if (!ndk.signer) { + throw new Error('No active signer. Please login first.') + } + + try { + const event = new NDKEvent(ndk) + event.kind = eventData.kind + event.content = eventData.content + event.tags = eventData.tags + + // Sign + await event.sign() + + // Verify signature + if (!event.sig) { + throw new Error('Event signing failed') + } + + // Publish + await event.publish() + + // Verify event ID + if (!event.id) { + throw new Error('Event ID not generated') + } + + return { + success: true, + eventId: event.id, + pubkey: event.pubkey + } + } catch (error) { + console.error('Publishing failed:', error) + + if (error instanceof Error) { + // Handle specific error types + if (error.message.includes('relay')) { + throw new Error('Failed to publish to relays. Check connection.') + } + if (error.message.includes('sign')) { + throw new Error('Failed to sign event. Check signer.') + } + } + + throw error + } +} + +// ============================================================ +// USAGE EXAMPLE +// ============================================================ + +async function publishingExample(ndk: NDK) { + // Simple note + await publishBasicNote(ndk, 'Hello Nostr!') + + // Note with tags + await publishNoteWithTags(ndk, 'Check out this product!', { + hashtags: ['marketplace', 'nostr'], + mentions: ['pubkey123...'] + }) + + // Product listing + await publishProduct(ndk, { + slug: 'bitcoin-tshirt', + title: 'Bitcoin T-Shirt', + description: 'High quality Bitcoin t-shirt', + price: 25, + currency: 'USD', + images: ['https://example.com/image.jpg'], + category: 'clothing' + }) + + // Order + await createOrder(ndk, { + orderId: 'order-123', + sellerPubkey: 'seller-pubkey', + productRef: '30402:pubkey:bitcoin-tshirt', + quantity: 1, + totalAmount: '25.00', + currency: 'USD', + email: 'customer@example.com' + }) +} + +export { + publishBasicNote, + publishNoteWithTags, + publishProduct, + createOrder, + publishStatusUpdate, + publishMultipleEvents, + publishWithCustomSigner, + publishWithErrorHandling +} + diff --git a/.claude/skills/ndk/examples/04-querying-subscribing.ts b/.claude/skills/ndk/examples/04-querying-subscribing.ts new file mode 100644 index 00000000..ff75e97d --- /dev/null +++ b/.claude/skills/ndk/examples/04-querying-subscribing.ts @@ -0,0 +1,404 @@ +/** + * NDK Query and Subscription Patterns + * + * Examples from: src/queries/orders.tsx, src/queries/payment.tsx + */ + +import NDK, { NDKEvent, NDKFilter, NDKSubscription } from '@nostr-dev-kit/ndk' + +// ============================================================ +// BASIC FETCH (ONE-TIME QUERY) +// ============================================================ + +const fetchNotes = async (ndk: NDK, authorPubkey: string, limit: number = 50) => { + const filter: NDKFilter = { + kinds: [1], // Text notes + authors: [authorPubkey], + limit + } + + // Fetch returns a Set + const events = await ndk.fetchEvents(filter) + + // Convert to array and sort by timestamp + const eventArray = Array.from(events).sort((a, b) => + (b.created_at || 0) - (a.created_at || 0) + ) + + return eventArray +} + +// ============================================================ +// FETCH WITH MULTIPLE FILTERS +// ============================================================ + +const fetchProductsByMultipleAuthors = async ( + ndk: NDK, + pubkeys: string[] +) => { + const filter: NDKFilter = { + kinds: [30402], // Product listings + authors: pubkeys, + limit: 100 + } + + const events = await ndk.fetchEvents(filter) + return Array.from(events) +} + +// ============================================================ +// FETCH WITH TAG FILTERS +// ============================================================ + +const fetchOrderEvents = async (ndk: NDK, orderId: string) => { + const filter: NDKFilter = { + kinds: [16, 17], // Order and payment receipt + '#order': [orderId], // Tag filter (note the # prefix) + } + + const events = await ndk.fetchEvents(filter) + return Array.from(events) +} + +// ============================================================ +// FETCH WITH TIME RANGE +// ============================================================ + +const fetchRecentEvents = async ( + ndk: NDK, + kind: number, + hoursAgo: number = 24 +) => { + const now = Math.floor(Date.now() / 1000) + const since = now - (hoursAgo * 3600) + + const filter: NDKFilter = { + kinds: [kind], + since, + until: now, + limit: 100 + } + + const events = await ndk.fetchEvents(filter) + return Array.from(events) +} + +// ============================================================ +// FETCH BY EVENT ID +// ============================================================ + +const fetchEventById = async (ndk: NDK, eventId: string) => { + const filter: NDKFilter = { + ids: [eventId] + } + + const events = await ndk.fetchEvents(filter) + + if (events.size === 0) { + return null + } + + return Array.from(events)[0] +} + +// ============================================================ +// BASIC SUBSCRIPTION (REAL-TIME) +// ============================================================ + +const subscribeToNotes = ( + ndk: NDK, + authorPubkey: string, + onEvent: (event: NDKEvent) => void +): NDKSubscription => { + const filter: NDKFilter = { + kinds: [1], + authors: [authorPubkey] + } + + const subscription = ndk.subscribe(filter, { + closeOnEose: false // Keep open for real-time updates + }) + + // Event handler + subscription.on('event', (event: NDKEvent) => { + onEvent(event) + }) + + // EOSE (End of Stored Events) handler + subscription.on('eose', () => { + console.log('✅ Received all stored events') + }) + + return subscription +} + +// ============================================================ +// SUBSCRIPTION WITH CLEANUP +// ============================================================ + +const createManagedSubscription = ( + ndk: NDK, + filter: NDKFilter, + handlers: { + onEvent: (event: NDKEvent) => void + onEose?: () => void + onClose?: () => void + } +) => { + const subscription = ndk.subscribe(filter, { closeOnEose: false }) + + subscription.on('event', handlers.onEvent) + + if (handlers.onEose) { + subscription.on('eose', handlers.onEose) + } + + if (handlers.onClose) { + subscription.on('close', handlers.onClose) + } + + // Return cleanup function + return () => { + subscription.stop() + console.log('✅ Subscription stopped') + } +} + +// ============================================================ +// MONITORING SPECIFIC EVENT +// ============================================================ + +const monitorPaymentReceipt = ( + ndk: NDK, + orderId: string, + invoiceId: string, + onPaymentReceived: (preimage: string) => void +): NDKSubscription => { + const sessionStart = Math.floor(Date.now() / 1000) + + const filter: NDKFilter = { + kinds: [17], // Payment receipt + '#order': [orderId], + '#payment-request': [invoiceId], + since: sessionStart - 30 // 30 second buffer for clock skew + } + + const subscription = ndk.subscribe(filter, { closeOnEose: false }) + + subscription.on('event', (event: NDKEvent) => { + // Verify event is recent + if (event.created_at && event.created_at < sessionStart - 30) { + console.log('⏰ Ignoring old receipt') + return + } + + // Verify it's the correct invoice + const paymentRequestTag = event.tags.find(tag => tag[0] === 'payment-request') + if (paymentRequestTag?.[1] !== invoiceId) { + return + } + + // Extract preimage + const paymentTag = event.tags.find(tag => tag[0] === 'payment') + const preimage = paymentTag?.[3] || 'external-payment' + + console.log('✅ Payment received!') + subscription.stop() + onPaymentReceived(preimage) + }) + + return subscription +} + +// ============================================================ +// REACT INTEGRATION PATTERN +// ============================================================ + +import { useEffect, useState } from 'react' + +function useOrderSubscription(ndk: NDK | null, orderId: string) { + const [events, setEvents] = useState([]) + const [eosed, setEosed] = useState(false) + + useEffect(() => { + if (!ndk || !orderId) return + + const filter: NDKFilter = { + kinds: [16, 17], + '#order': [orderId] + } + + const subscription = ndk.subscribe(filter, { closeOnEose: false }) + + subscription.on('event', (event: NDKEvent) => { + setEvents(prev => { + // Avoid duplicates + if (prev.some(e => e.id === event.id)) { + return prev + } + return [...prev, event].sort((a, b) => + (a.created_at || 0) - (b.created_at || 0) + ) + }) + }) + + subscription.on('eose', () => { + setEosed(true) + }) + + // Cleanup on unmount + return () => { + subscription.stop() + } + }, [ndk, orderId]) + + return { events, eosed } +} + +// ============================================================ +// REACT QUERY INTEGRATION +// ============================================================ + +import { useQuery, useQueryClient } from '@tanstack/react-query' + +// Query function +const fetchProducts = async (ndk: NDK, pubkey: string) => { + if (!ndk) throw new Error('NDK not initialized') + + const filter: NDKFilter = { + kinds: [30402], + authors: [pubkey] + } + + const events = await ndk.fetchEvents(filter) + return Array.from(events) +} + +// Hook with subscription for real-time updates +function useProductsWithSubscription(ndk: NDK | null, pubkey: string) { + const queryClient = useQueryClient() + + // Initial query + const query = useQuery({ + queryKey: ['products', pubkey], + queryFn: () => fetchProducts(ndk!, pubkey), + enabled: !!ndk && !!pubkey, + staleTime: 30000 + }) + + // Real-time subscription + useEffect(() => { + if (!ndk || !pubkey) return + + const filter: NDKFilter = { + kinds: [30402], + authors: [pubkey] + } + + const subscription = ndk.subscribe(filter, { closeOnEose: false }) + + subscription.on('event', () => { + // Invalidate query to trigger refetch + queryClient.invalidateQueries({ queryKey: ['products', pubkey] }) + }) + + return () => { + subscription.stop() + } + }, [ndk, pubkey, queryClient]) + + return query +} + +// ============================================================ +// ADVANCED: WAITING FOR SPECIFIC EVENT +// ============================================================ + +const waitForEvent = ( + ndk: NDK, + filter: NDKFilter, + condition: (event: NDKEvent) => boolean, + timeoutMs: number = 30000 +): Promise => { + return new Promise((resolve) => { + const subscription = ndk.subscribe(filter, { closeOnEose: false }) + + // Timeout + const timeout = setTimeout(() => { + subscription.stop() + resolve(null) + }, timeoutMs) + + // Event handler + subscription.on('event', (event: NDKEvent) => { + if (condition(event)) { + clearTimeout(timeout) + subscription.stop() + resolve(event) + } + }) + }) +} + +// Usage example +async function waitForPayment(ndk: NDK, orderId: string, invoiceId: string) { + const paymentEvent = await waitForEvent( + ndk, + { + kinds: [17], + '#order': [orderId], + since: Math.floor(Date.now() / 1000) + }, + (event) => { + const tag = event.tags.find(t => t[0] === 'payment-request') + return tag?.[1] === invoiceId + }, + 60000 // 60 second timeout + ) + + if (paymentEvent) { + console.log('✅ Payment confirmed!') + return paymentEvent + } else { + console.log('⏰ Payment timeout') + return null + } +} + +// ============================================================ +// USAGE EXAMPLES +// ============================================================ + +async function queryExample(ndk: NDK) { + // Fetch notes + const notes = await fetchNotes(ndk, 'pubkey123', 50) + console.log(`Found ${notes.length} notes`) + + // Subscribe to new notes + const cleanup = subscribeToNotes(ndk, 'pubkey123', (event) => { + console.log('New note:', event.content) + }) + + // Clean up after 60 seconds + setTimeout(cleanup, 60000) + + // Monitor payment + monitorPaymentReceipt(ndk, 'order-123', 'invoice-456', (preimage) => { + console.log('Payment received:', preimage) + }) +} + +export { + fetchNotes, + fetchProductsByMultipleAuthors, + fetchOrderEvents, + fetchRecentEvents, + fetchEventById, + subscribeToNotes, + createManagedSubscription, + monitorPaymentReceipt, + useOrderSubscription, + useProductsWithSubscription, + waitForEvent +} + diff --git a/.claude/skills/ndk/examples/05-users-profiles.ts b/.claude/skills/ndk/examples/05-users-profiles.ts new file mode 100644 index 00000000..3a9beb65 --- /dev/null +++ b/.claude/skills/ndk/examples/05-users-profiles.ts @@ -0,0 +1,423 @@ +/** + * NDK User and Profile Handling + * + * Examples from: src/queries/profiles.tsx, src/components/Profile.tsx + */ + +import NDK, { NDKUser, NDKUserProfile } from '@nostr-dev-kit/ndk' +import { nip19 } from 'nostr-tools' + +// ============================================================ +// FETCH PROFILE BY NPUB +// ============================================================ + +const fetchProfileByNpub = async (ndk: NDK, npub: string): Promise => { + try { + // Get user object from npub + const user = ndk.getUser({ npub }) + + // Fetch profile from relays + const profile = await user.fetchProfile() + + return profile + } catch (error) { + console.error('Failed to fetch profile:', error) + return null + } +} + +// ============================================================ +// FETCH PROFILE BY HEX PUBKEY +// ============================================================ + +const fetchProfileByPubkey = async (ndk: NDK, pubkey: string): Promise => { + try { + const user = ndk.getUser({ hexpubkey: pubkey }) + const profile = await user.fetchProfile() + + return profile + } catch (error) { + console.error('Failed to fetch profile:', error) + return null + } +} + +// ============================================================ +// FETCH PROFILE BY NIP-05 +// ============================================================ + +const fetchProfileByNip05 = async (ndk: NDK, nip05: string): Promise => { + try { + // Resolve NIP-05 identifier to user + const user = await ndk.getUserFromNip05(nip05) + + if (!user) { + console.log('User not found for NIP-05:', nip05) + return null + } + + // Fetch profile + const profile = await user.fetchProfile() + + return profile + } catch (error) { + console.error('Failed to fetch profile by NIP-05:', error) + return null + } +} + +// ============================================================ +// FETCH PROFILE BY ANY IDENTIFIER +// ============================================================ + +const fetchProfileByIdentifier = async ( + ndk: NDK, + identifier: string +): Promise<{ profile: NDKUserProfile | null; user: NDKUser | null }> => { + try { + // Check if it's a NIP-05 (contains @) + if (identifier.includes('@')) { + const user = await ndk.getUserFromNip05(identifier) + if (!user) return { profile: null, user: null } + + const profile = await user.fetchProfile() + return { profile, user } + } + + // Check if it's an npub + if (identifier.startsWith('npub')) { + const user = ndk.getUser({ npub: identifier }) + const profile = await user.fetchProfile() + return { profile, user } + } + + // Assume it's a hex pubkey + const user = ndk.getUser({ hexpubkey: identifier }) + const profile = await user.fetchProfile() + return { profile, user } + } catch (error) { + console.error('Failed to fetch profile:', error) + return { profile: null, user: null } + } +} + +// ============================================================ +// GET CURRENT USER +// ============================================================ + +const getCurrentUser = async (ndk: NDK): Promise => { + if (!ndk.signer) { + console.log('No signer set') + return null + } + + try { + const user = await ndk.signer.user() + return user + } catch (error) { + console.error('Failed to get current user:', error) + return null + } +} + +// ============================================================ +// PROFILE DATA STRUCTURE +// ============================================================ + +interface ProfileData { + // Standard fields + name?: string + displayName?: string + display_name?: string + picture?: string + image?: string + banner?: string + about?: string + + // Contact + nip05?: string + lud06?: string // LNURL + lud16?: string // Lightning address + + // Social + website?: string + + // Raw data + [key: string]: any +} + +// ============================================================ +// EXTRACT PROFILE INFO +// ============================================================ + +const extractProfileInfo = (profile: NDKUserProfile | null) => { + if (!profile) { + return { + displayName: 'Anonymous', + avatar: null, + bio: null, + lightningAddress: null, + nip05: null + } + } + + return { + displayName: profile.displayName || profile.display_name || profile.name || 'Anonymous', + avatar: profile.picture || profile.image || null, + banner: profile.banner || null, + bio: profile.about || null, + lightningAddress: profile.lud16 || profile.lud06 || null, + nip05: profile.nip05 || null, + website: profile.website || null + } +} + +// ============================================================ +// UPDATE PROFILE +// ============================================================ + +import { NDKEvent } from '@nostr-dev-kit/ndk' + +const updateProfile = async (ndk: NDK, profileData: Partial) => { + if (!ndk.signer) { + throw new Error('No signer available') + } + + // Get current profile + const currentUser = await ndk.signer.user() + const currentProfile = await currentUser.fetchProfile() + + // Merge with new data + const updatedProfile = { + ...currentProfile, + ...profileData + } + + // Create kind 0 (metadata) event + const event = new NDKEvent(ndk) + event.kind = 0 + event.content = JSON.stringify(updatedProfile) + event.tags = [] + + await event.sign() + await event.publish() + + console.log('✅ Profile updated') + return event.id +} + +// ============================================================ +// BATCH FETCH PROFILES +// ============================================================ + +const fetchMultipleProfiles = async ( + ndk: NDK, + pubkeys: string[] +): Promise> => { + const profiles = new Map() + + // Fetch all profiles in parallel + await Promise.all( + pubkeys.map(async (pubkey) => { + try { + const user = ndk.getUser({ hexpubkey: pubkey }) + const profile = await user.fetchProfile() + profiles.set(pubkey, profile) + } catch (error) { + console.error(`Failed to fetch profile for ${pubkey}:`, error) + profiles.set(pubkey, null) + } + }) + ) + + return profiles +} + +// ============================================================ +// CONVERT BETWEEN FORMATS +// ============================================================ + +const convertPubkeyFormats = (identifier: string) => { + try { + // If it's npub, convert to hex + if (identifier.startsWith('npub')) { + const decoded = nip19.decode(identifier) + if (decoded.type === 'npub') { + return { + hex: decoded.data as string, + npub: identifier + } + } + } + + // If it's hex, convert to npub + if (/^[0-9a-f]{64}$/.test(identifier)) { + return { + hex: identifier, + npub: nip19.npubEncode(identifier) + } + } + + throw new Error('Invalid pubkey format') + } catch (error) { + console.error('Format conversion failed:', error) + return null + } +} + +// ============================================================ +// REACT HOOK FOR PROFILE +// ============================================================ + +import { useQuery } from '@tanstack/react-query' +import { useEffect, useState } from 'react' + +function useProfile(ndk: NDK | null, npub: string | undefined) { + return useQuery({ + queryKey: ['profile', npub], + queryFn: async () => { + if (!ndk || !npub) throw new Error('NDK or npub missing') + return await fetchProfileByNpub(ndk, npub) + }, + enabled: !!ndk && !!npub, + staleTime: 5 * 60 * 1000, // 5 minutes + cacheTime: 30 * 60 * 1000 // 30 minutes + }) +} + +// ============================================================ +// REACT COMPONENT EXAMPLE +// ============================================================ + +interface ProfileDisplayProps { + ndk: NDK + pubkey: string +} + +function ProfileDisplay({ ndk, pubkey }: ProfileDisplayProps) { + const [profile, setProfile] = useState(null) + const [loading, setLoading] = useState(true) + + useEffect(() => { + const loadProfile = async () => { + setLoading(true) + try { + const user = ndk.getUser({ hexpubkey: pubkey }) + const fetchedProfile = await user.fetchProfile() + setProfile(fetchedProfile) + } catch (error) { + console.error('Failed to load profile:', error) + } finally { + setLoading(false) + } + } + + loadProfile() + }, [ndk, pubkey]) + + if (loading) { + return
Loading profile...
+ } + + const info = extractProfileInfo(profile) + + return ( +
+ {info.avatar && {info.displayName}} +

{info.displayName}

+ {info.bio &&

{info.bio}

} + {info.nip05 && ✓ {info.nip05}} + {info.lightningAddress && ⚡ {info.lightningAddress}} +
+ ) +} + +// ============================================================ +// FOLLOW/UNFOLLOW USER +// ============================================================ + +const followUser = async (ndk: NDK, pubkeyToFollow: string) => { + if (!ndk.signer) { + throw new Error('No signer available') + } + + // Fetch current contact list (kind 3) + const currentUser = await ndk.signer.user() + const contactListFilter = { + kinds: [3], + authors: [currentUser.pubkey] + } + + const existingEvents = await ndk.fetchEvents(contactListFilter) + const existingContactList = existingEvents.size > 0 + ? Array.from(existingEvents)[0] + : null + + // Get existing p tags + const existingPTags = existingContactList + ? existingContactList.tags.filter(tag => tag[0] === 'p') + : [] + + // Check if already following + const alreadyFollowing = existingPTags.some(tag => tag[1] === pubkeyToFollow) + if (alreadyFollowing) { + console.log('Already following this user') + return + } + + // Create new contact list with added user + const event = new NDKEvent(ndk) + event.kind = 3 + event.content = existingContactList?.content || '' + event.tags = [ + ...existingPTags, + ['p', pubkeyToFollow] + ] + + await event.sign() + await event.publish() + + console.log('✅ Now following user') +} + +// ============================================================ +// USAGE EXAMPLE +// ============================================================ + +async function profileExample(ndk: NDK) { + // Fetch by different identifiers + const profile1 = await fetchProfileByNpub(ndk, 'npub1...') + const profile2 = await fetchProfileByNip05(ndk, 'user@domain.com') + const profile3 = await fetchProfileByPubkey(ndk, 'hex pubkey...') + + // Extract display info + const info = extractProfileInfo(profile1) + console.log('Display name:', info.displayName) + console.log('Avatar:', info.avatar) + + // Update own profile + await updateProfile(ndk, { + name: 'My Name', + about: 'My bio', + picture: 'https://example.com/avatar.jpg', + lud16: 'me@getalby.com' + }) + + // Follow someone + await followUser(ndk, 'pubkey to follow') +} + +export { + fetchProfileByNpub, + fetchProfileByPubkey, + fetchProfileByNip05, + fetchProfileByIdentifier, + getCurrentUser, + extractProfileInfo, + updateProfile, + fetchMultipleProfiles, + convertPubkeyFormats, + useProfile, + followUser +} + diff --git a/.claude/skills/ndk/examples/README.md b/.claude/skills/ndk/examples/README.md new file mode 100644 index 00000000..25b990a3 --- /dev/null +++ b/.claude/skills/ndk/examples/README.md @@ -0,0 +1,94 @@ +# NDK Examples Index + +Complete code examples extracted from the Plebeian Market production codebase. + +## Available Examples + +### 01-initialization.ts +- Basic NDK initialization +- Multiple NDK instances (main + zap relays) +- Connection with timeout protection +- Connection status checking +- Full initialization flow with error handling + +### 02-authentication.ts +- NIP-07 browser extension login +- Private key signer +- NIP-46 remote signer (Bunker) +- Auto-login from localStorage +- Saving auth credentials +- Logout functionality +- Getting current user + +### 03-publishing-events.ts +- Basic note publishing +- Events with tags (mentions, hashtags, replies) +- Product listings (parameterized replaceable events) +- Order creation events +- Status update events +- Batch publishing +- Custom signer usage +- Comprehensive error handling + +### 04-querying-subscribing.ts +- Basic fetch queries +- Multiple author queries +- Tag filtering +- Time range filtering +- Event ID lookup +- Real-time subscriptions +- Subscription cleanup patterns +- React integration hooks +- React Query integration +- Waiting for specific events +- Payment monitoring + +### 05-users-profiles.ts +- Fetch profile by npub +- Fetch profile by hex pubkey +- Fetch profile by NIP-05 +- Universal identifier lookup +- Get current user +- Extract profile information +- Update user profile +- Batch fetch multiple profiles +- Convert between pubkey formats (hex/npub) +- React hooks for profiles +- Follow/unfollow users + +## Usage + +Each file contains: +- Fully typed TypeScript code +- JSDoc comments explaining the pattern +- Error handling examples +- Integration patterns with React/TanStack Query +- Real-world usage examples + +All examples are based on actual production code from the Plebeian Market application. + +## Running Examples + +```typescript +import { initializeNDK } from './01-initialization' +import { loginWithExtension } from './02-authentication' +import { publishBasicNote } from './03-publishing-events' + +// Initialize NDK +const { ndk, isConnected } = await initializeNDK() + +if (isConnected) { + // Authenticate + const { user } = await loginWithExtension(ndk) + + // Publish + await publishBasicNote(ndk, 'Hello Nostr!') +} +``` + +## Additional Resources + +- See `../ndk-skill.md` for detailed documentation +- See `../quick-reference.md` for quick lookup +- Check the main codebase for more complex patterns + diff --git a/.claude/skills/ndk/ndk-skill.md b/.claude/skills/ndk/ndk-skill.md new file mode 100644 index 00000000..680fb433 --- /dev/null +++ b/.claude/skills/ndk/ndk-skill.md @@ -0,0 +1,701 @@ +# NDK (Nostr Development Kit) - Claude Skill Reference + +## Overview + +NDK is the primary Nostr development kit with outbox-model support, designed for building Nostr applications with TypeScript/JavaScript. This reference is based on analyzing production usage in the Plebeian Market codebase. + +## Core Concepts + +### 1. NDK Initialization + +**Basic Pattern:** +```typescript +import NDK from '@nostr-dev-kit/ndk' + +// Simple initialization +const ndk = new NDK({ + explicitRelayUrls: ['wss://relay.damus.io', 'wss://relay.nostr.band'] +}) + +await ndk.connect() +``` + +**Store-based Pattern (Production):** +```typescript +// From src/lib/stores/ndk.ts +const ndk = new NDK({ + explicitRelayUrls: relays || defaultRelaysUrls, +}) + +// Separate NDK for zaps on specialized relays +const zapNdk = new NDK({ + explicitRelayUrls: ZAP_RELAYS, +}) + +// Connect with timeout protection +const connectPromise = ndk.connect() +const timeoutPromise = new Promise((_, reject) => + setTimeout(() => reject(new Error('Connection timeout')), timeoutMs) +) +await Promise.race([connectPromise, timeoutPromise]) +``` + +### 2. Authentication & Signers + +NDK supports multiple signer types for different authentication methods: + +#### NIP-07 (Browser Extension) +```typescript +import { NDKNip07Signer } from '@nostr-dev-kit/ndk' + +const signer = new NDKNip07Signer() +await signer.blockUntilReady() +ndk.signer = signer + +const user = await signer.user() +``` + +#### Private Key Signer +```typescript +import { NDKPrivateKeySigner } from '@nostr-dev-kit/ndk' + +const signer = new NDKPrivateKeySigner(privateKeyHex) +await signer.blockUntilReady() +ndk.signer = signer + +const user = await signer.user() +``` + +#### NIP-46 (Remote Signer / Bunker) +```typescript +import { NDKNip46Signer } from '@nostr-dev-kit/ndk' + +const localSigner = new NDKPrivateKeySigner(localPrivateKey) +const remoteSigner = new NDKNip46Signer(ndk, bunkerUrl, localSigner) +await remoteSigner.blockUntilReady() +ndk.signer = remoteSigner + +const user = await remoteSigner.user() +``` + +**Key Points:** +- Always call `blockUntilReady()` before using a signer +- Store signer reference in your state management +- Set `ndk.signer` to enable signing operations +- Use `await signer.user()` to get the authenticated user + +### 3. Event Creation & Publishing + +#### Basic Event Pattern +```typescript +import { NDKEvent } from '@nostr-dev-kit/ndk' + +// Create event +const event = new NDKEvent(ndk) +event.kind = 1 // Kind 1 = text note +event.content = "Hello Nostr!" +event.tags = [ + ['t', 'nostr'], + ['p', recipientPubkey] +] + +// Sign and publish +await event.sign() // Uses ndk.signer automatically +await event.publish() + +// Get event ID after signing +console.log(event.id) +``` + +#### Production Pattern with Error Handling +```typescript +// From src/publish/orders.tsx +const event = new NDKEvent(ndk) +event.kind = ORDER_PROCESS_KIND +event.content = orderNotes || '' +event.tags = [ + ['p', sellerPubkey], + ['subject', `Order for ${productName}`], + ['type', 'order-creation'], + ['order', orderId], + ['amount', totalAmount], + ['item', productRef, quantity.toString()], +] + +// Optional tags +if (shippingRef) { + event.tags.push(['shipping', shippingRef]) +} + +try { + await event.sign(signer) // Can pass explicit signer + await event.publish() + return event.id +} catch (error) { + console.error('Failed to publish event:', error) + throw error +} +``` + +**Key Points:** +- Create event with `new NDKEvent(ndk)` +- Set `kind`, `content`, and `tags` properties +- Optional: Set `created_at` timestamp (defaults to now) +- Call `await event.sign()` before publishing +- Call `await event.publish()` to broadcast to relays +- Access `event.id` after signing for the event hash + +### 4. Querying Events with Filters + +#### fetchEvents() - One-time Fetch +```typescript +import { NDKFilter } from '@nostr-dev-kit/ndk' + +// Simple filter +const filter: NDKFilter = { + kinds: [30402], // Product listings + authors: [merchantPubkey], + limit: 50 +} + +const events = await ndk.fetchEvents(filter) +// Returns Set + +// Convert to array and process +const eventArray = Array.from(events) +const sortedEvents = eventArray.sort((a, b) => + (b.created_at || 0) - (a.created_at || 0) +) +``` + +#### Advanced Filters +```typescript +// Multiple kinds +const filter: NDKFilter = { + kinds: [16, 17], // Orders and payment receipts + '#order': [orderId], // Tag filter (# prefix) + since: Math.floor(Date.now() / 1000) - 86400, // Last 24 hours + limit: 100 +} + +// Event ID lookup +const filter: NDKFilter = { + ids: [eventIdHex], +} + +// Tag filtering +const filter: NDKFilter = { + kinds: [1], + '#p': [pubkey], // Events mentioning pubkey + '#t': ['nostr'], // Events with hashtag 'nostr' +} +``` + +### 5. Subscriptions (Real-time) + +#### Basic Subscription +```typescript +// From src/queries/blacklist.tsx +const filter = { + kinds: [10000], + authors: [appPubkey], +} + +const subscription = ndk.subscribe(filter, { + closeOnEose: false, // Keep open for real-time updates +}) + +subscription.on('event', (event: NDKEvent) => { + console.log('New event received:', event) + // Process event +}) + +subscription.on('eose', () => { + console.log('End of stored events') +}) + +// Cleanup +subscription.stop() +``` + +#### Production Pattern with React Query +```typescript +// From src/queries/orders.tsx +useEffect(() => { + if (!orderId || !ndk) return + + const filter = { + kinds: [ORDER_PROCESS_KIND, PAYMENT_RECEIPT_KIND], + '#order': [orderId], + } + + const subscription = ndk.subscribe(filter, { + closeOnEose: false, + }) + + subscription.on('event', (newEvent) => { + // Invalidate React Query cache to trigger refetch + queryClient.invalidateQueries({ + queryKey: orderKeys.details(orderId) + }) + }) + + // Cleanup on unmount + return () => { + subscription.stop() + } +}, [orderId, ndk, queryClient]) +``` + +#### Monitoring Specific Events +```typescript +// From src/queries/payment.tsx - Payment receipt monitoring +const receiptFilter = { + kinds: [17], // Payment receipts + '#order': [orderId], + '#payment-request': [invoiceId], + since: sessionStartTime - 30, // Clock skew buffer +} + +const subscription = ndk.subscribe(receiptFilter, { + closeOnEose: false, +}) + +subscription.on('event', (receiptEvent: NDKEvent) => { + // Verify this is the correct invoice + const paymentRequestTag = receiptEvent.tags.find( + tag => tag[0] === 'payment-request' + ) + + if (paymentRequestTag?.[1] === invoiceId) { + const paymentTag = receiptEvent.tags.find(tag => tag[0] === 'payment') + const preimage = paymentTag?.[3] || 'external-payment' + + // Stop subscription after finding payment + subscription.stop() + handlePaymentReceived(preimage) + } +}) +``` + +**Key Subscription Patterns:** +- Use `closeOnEose: false` for real-time monitoring +- Use `closeOnEose: true` for one-time historical fetch +- Always call `subscription.stop()` in cleanup +- Listen to both `'event'` and `'eose'` events +- Filter events in the handler for specific conditions +- Integrate with React Query for reactive UI updates + +### 6. User & Profile Handling + +#### Fetching User Profiles +```typescript +// From src/queries/profiles.tsx + +// By npub +const user = ndk.getUser({ npub }) +const profile = await user.fetchProfile() +// Returns NDKUserProfile with name, picture, about, etc. + +// By hex pubkey +const user = ndk.getUser({ hexpubkey: pubkey }) +const profile = await user.fetchProfile() + +// By NIP-05 identifier +const user = await ndk.getUserFromNip05('user@domain.com') +if (user) { + const profile = await user.fetchProfile() +} + +// Profile fields +const name = profile?.name || profile?.displayName +const avatar = profile?.picture || profile?.image +const bio = profile?.about +const nip05 = profile?.nip05 +const lud16 = profile?.lud16 // Lightning address +``` + +#### Getting Current User +```typescript +// Active user (authenticated) +const user = ndk.activeUser + +// From signer +const user = await ndk.signer?.user() + +// User properties +const pubkey = user.pubkey // Hex format +const npub = user.npub // NIP-19 encoded +``` + +### 7. NDK Event Object + +#### Essential Properties +```typescript +interface NDKEvent { + id: string // Event hash (after signing) + kind: number // Event kind + content: string // Event content + tags: NDKTag[] // Array of tag arrays + created_at?: number // Unix timestamp + pubkey?: string // Author pubkey (after signing) + sig?: string // Signature (after signing) + + // Methods + sign(signer?: NDKSigner): Promise + publish(): Promise + tagValue(tagName: string): string | undefined +} + +type NDKTag = string[] // e.g., ['p', pubkey, relay, petname] +``` + +#### Tag Helpers +```typescript +// Get first value of a tag +const orderId = event.tagValue('order') +const recipientPubkey = event.tagValue('p') + +// Find specific tag +const paymentTag = event.tags.find(tag => tag[0] === 'payment') +const preimage = paymentTag?.[3] + +// Get all tags of a type +const pTags = event.tags.filter(tag => tag[0] === 'p') +const allPubkeys = pTags.map(tag => tag[1]) + +// Common tag patterns +event.tags.push(['p', pubkey]) // Mention +event.tags.push(['e', eventId]) // Reference event +event.tags.push(['t', 'nostr']) // Hashtag +event.tags.push(['d', identifier]) // Replaceable event ID +event.tags.push(['a', '30402:pubkey:d-tag']) // Addressable event reference +``` + +### 8. Parameterized Replaceable Events (NIP-33) + +Used for products, collections, profiles that need updates: + +```typescript +// Product listing (kind 30402) +const event = new NDKEvent(ndk) +event.kind = 30402 +event.content = JSON.stringify(productDetails) +event.tags = [ + ['d', productSlug], // Unique identifier + ['title', productName], + ['price', price, currency], + ['image', imageUrl], + ['shipping', shippingRef], +] + +await event.sign() +await event.publish() + +// Querying replaceable events +const filter = { + kinds: [30402], + authors: [merchantPubkey], + '#d': [productSlug], // Specific product +} + +const events = await ndk.fetchEvents(filter) +// Returns only the latest version due to replaceable nature +``` + +### 9. Relay Management + +#### Getting Relay Status +```typescript +// From src/lib/stores/ndk.ts +const connectedRelays = Array.from(ndk.pool?.relays.values() || []) + .filter(relay => relay.status === 1) // 1 = connected + .map(relay => relay.url) + +const outboxRelays = Array.from(ndk.outboxPool?.relays.values() || []) +``` + +#### Adding Relays +```typescript +// Add explicit relays +ndk.addExplicitRelay('wss://relay.example.com') + +// Multiple relays +const relays = ['wss://relay1.com', 'wss://relay2.com'] +relays.forEach(url => ndk.addExplicitRelay(url)) +``` + +### 10. Common Patterns & Best Practices + +#### Null Safety +```typescript +// Always check NDK initialization +const ndk = ndkActions.getNDK() +if (!ndk) throw new Error('NDK not initialized') + +// Check signer before operations requiring auth +const signer = ndk.signer +if (!signer) throw new Error('No active signer') + +// Check user authentication +const user = ndk.activeUser +if (!user) throw new Error('Not authenticated') +``` + +#### Error Handling +```typescript +try { + const events = await ndk.fetchEvents(filter) + if (events.size === 0) { + return null // No results found + } + return Array.from(events) +} catch (error) { + console.error('Failed to fetch events:', error) + throw new Error('Could not fetch data from relays') +} +``` + +#### Connection Lifecycle +```typescript +// Initialize once at app startup +const ndk = new NDK({ explicitRelayUrls: relays }) + +// Connect with timeout +await Promise.race([ + ndk.connect(), + new Promise((_, reject) => + setTimeout(() => reject(new Error('Timeout')), 10000) + ) +]) + +// Check connection status +const isConnected = ndk.pool?.connectedRelays().length > 0 + +// Reconnect if needed +if (!isConnected) { + await ndk.connect() +} +``` + +#### Subscription Cleanup +```typescript +// In React components +useEffect(() => { + if (!ndk) return + + const sub = ndk.subscribe(filter, { closeOnEose: false }) + + sub.on('event', handleEvent) + sub.on('eose', handleEose) + + // Critical: cleanup on unmount + return () => { + sub.stop() + } +}, [dependencies]) +``` + +#### Event Validation +```typescript +// Check required fields before processing +if (!event.pubkey) { + console.error('Event missing pubkey') + return +} + +if (!event.created_at) { + console.error('Event missing timestamp') + return +} + +// Verify event age +const now = Math.floor(Date.now() / 1000) +const eventAge = now - (event.created_at || 0) +if (eventAge > 86400) { // Older than 24 hours + console.log('Event is old, skipping') + return +} + +// Validate specific tags exist +const orderId = event.tagValue('order') +if (!orderId) { + console.error('Order event missing order ID') + return +} +``` + +### 11. Common Event Kinds + +```typescript +// NIP-01: Basic Events +const KIND_METADATA = 0 // User profile +const KIND_TEXT_NOTE = 1 // Short text note +const KIND_RECOMMEND_RELAY = 2 // Relay recommendation + +// NIP-04: Encrypted Direct Messages +const KIND_ENCRYPTED_DM = 4 + +// NIP-25: Reactions +const KIND_REACTION = 7 + +// NIP-51: Lists +const KIND_MUTE_LIST = 10000 +const KIND_PIN_LIST = 10001 +const KIND_RELAY_LIST = 10002 + +// NIP-57: Lightning Zaps +const KIND_ZAP_REQUEST = 9734 +const KIND_ZAP_RECEIPT = 9735 + +// Marketplace (Plebeian/Gamma spec) +const ORDER_PROCESS_KIND = 16 // Order processing +const PAYMENT_RECEIPT_KIND = 17 // Payment receipts +const DIRECT_MESSAGE_KIND = 14 // Direct messages +const ORDER_GENERAL_KIND = 27 // General order events +const SHIPPING_KIND = 30405 // Shipping options +const PRODUCT_KIND = 30402 // Product listings +const COLLECTION_KIND = 30401 // Product collections +const REVIEW_KIND = 30407 // Product reviews + +// Application Handlers +const APP_HANDLER_KIND = 31990 // NIP-89 app handlers +``` + +## Integration with TanStack Query + +NDK works excellently with TanStack Query for reactive data fetching: + +### Query Functions +```typescript +// From src/queries/products.tsx +export const fetchProductsByPubkey = async (pubkey: string) => { + const ndk = ndkActions.getNDK() + if (!ndk) throw new Error('NDK not initialized') + + const filter: NDKFilter = { + kinds: [30402], + authors: [pubkey], + } + + const events = await ndk.fetchEvents(filter) + return Array.from(events).map(parseProductEvent) +} + +export const useProductsByPubkey = (pubkey: string) => { + return useQuery({ + queryKey: productKeys.byAuthor(pubkey), + queryFn: () => fetchProductsByPubkey(pubkey), + enabled: !!pubkey, + staleTime: 30000, + }) +} +``` + +### Combining Queries with Subscriptions +```typescript +// Query for initial data +const { data: order, refetch } = useQuery({ + queryKey: orderKeys.details(orderId), + queryFn: () => fetchOrderById(orderId), + enabled: !!orderId, +}) + +// Subscription for real-time updates +useEffect(() => { + if (!orderId || !ndk) return + + const sub = ndk.subscribe( + { kinds: [16, 17], '#order': [orderId] }, + { closeOnEose: false } + ) + + sub.on('event', () => { + // Invalidate query to trigger refetch + queryClient.invalidateQueries({ + queryKey: orderKeys.details(orderId) + }) + }) + + return () => sub.stop() +}, [orderId, ndk, queryClient]) +``` + +## Troubleshooting + +### Events Not Received +- Check relay connections: `ndk.pool?.connectedRelays()` +- Verify filter syntax (especially tag filters with `#` prefix) +- Check event timestamps match filter's `since`/`until` +- Ensure `closeOnEose: false` for real-time subscriptions + +### Signing Errors +- Verify signer is initialized: `await signer.blockUntilReady()` +- Check signer is set: `ndk.signer !== undefined` +- For NIP-07, ensure browser extension is installed and enabled +- For NIP-46, verify bunker URL and local signer are correct + +### Connection Timeouts +- Implement connection timeout pattern shown above +- Try connecting to fewer, more reliable relays initially +- Use fallback relays in production + +### Duplicate Events +- NDK deduplicates by event ID automatically +- For subscriptions, track processed event IDs if needed +- Use replaceable events (kinds 10000-19999, 30000-39999) when appropriate + +## Performance Optimization + +### Batching Queries +```typescript +// Instead of multiple fetchEvents calls +const [products, orders, profiles] = await Promise.all([ + ndk.fetchEvents(productFilter), + ndk.fetchEvents(orderFilter), + ndk.fetchEvents(profileFilter), +]) +``` + +### Limiting Results +```typescript +const filter = { + kinds: [1], + authors: [pubkey], + limit: 50, // Limit results + since: recentTimestamp, // Only recent events +} +``` + +### Caching with React Query +```typescript +export const useProfile = (npub: string) => { + return useQuery({ + queryKey: profileKeys.byNpub(npub), + queryFn: () => fetchProfileByNpub(npub), + staleTime: 5 * 60 * 1000, // 5 minutes + cacheTime: 30 * 60 * 1000, // 30 minutes + enabled: !!npub, + }) +} +``` + +## References + +- **NDK GitHub**: https://github.com/nostr-dev-kit/ndk +- **NDK Documentation**: https://ndk.fyi +- **Nostr NIPs**: https://github.com/nostr-protocol/nips +- **Production Example**: Plebeian Market codebase + +## Key Files in This Codebase + +- `src/lib/stores/ndk.ts` - NDK store and initialization +- `src/lib/stores/auth.ts` - Authentication with NDK signers +- `src/queries/*.tsx` - Query patterns with NDK +- `src/publish/*.tsx` - Event publishing patterns +- `scripts/gen_*.ts` - Event creation examples + +--- + +*This reference is based on NDK version used in production and real-world patterns from the Plebeian Market application.* + diff --git a/.claude/skills/ndk/quick-reference.md b/.claude/skills/ndk/quick-reference.md new file mode 100644 index 00000000..3af6cc27 --- /dev/null +++ b/.claude/skills/ndk/quick-reference.md @@ -0,0 +1,351 @@ +# NDK Quick Reference + +Fast lookup guide for common NDK tasks. + +## Quick Start + +```typescript +import NDK from '@nostr-dev-kit/ndk' + +const ndk = new NDK({ explicitRelayUrls: ['wss://relay.damus.io'] }) +await ndk.connect() +``` + +## Authentication + +### Browser Extension (NIP-07) +```typescript +import { NDKNip07Signer } from '@nostr-dev-kit/ndk' +const signer = new NDKNip07Signer() +await signer.blockUntilReady() +ndk.signer = signer +``` + +### Private Key +```typescript +import { NDKPrivateKeySigner } from '@nostr-dev-kit/ndk' +const signer = new NDKPrivateKeySigner(privateKeyHex) +await signer.blockUntilReady() +ndk.signer = signer +``` + +### Remote Signer (NIP-46) +```typescript +import { NDKNip46Signer, NDKPrivateKeySigner } from '@nostr-dev-kit/ndk' +const localSigner = new NDKPrivateKeySigner() +const remoteSigner = new NDKNip46Signer(ndk, bunkerUrl, localSigner) +await remoteSigner.blockUntilReady() +ndk.signer = remoteSigner +``` + +## Publish Event + +```typescript +import { NDKEvent } from '@nostr-dev-kit/ndk' + +const event = new NDKEvent(ndk) +event.kind = 1 +event.content = "Hello Nostr!" +event.tags = [['t', 'nostr']] + +await event.sign() +await event.publish() +``` + +## Query Events (One-time) + +```typescript +const events = await ndk.fetchEvents({ + kinds: [1], + authors: [pubkey], + limit: 50 +}) + +// Convert Set to Array +const eventArray = Array.from(events) +``` + +## Subscribe (Real-time) + +```typescript +const sub = ndk.subscribe( + { kinds: [1], authors: [pubkey] }, + { closeOnEose: false } +) + +sub.on('event', (event) => { + console.log('New event:', event.content) +}) + +// Cleanup +sub.stop() +``` + +## Get User Profile + +```typescript +// By npub +const user = ndk.getUser({ npub }) +const profile = await user.fetchProfile() + +// By hex pubkey +const user = ndk.getUser({ hexpubkey: pubkey }) +const profile = await user.fetchProfile() + +// By NIP-05 +const user = await ndk.getUserFromNip05('user@domain.com') +const profile = await user?.fetchProfile() +``` + +## Common Filters + +```typescript +// By author +{ kinds: [1], authors: [pubkey] } + +// By tag +{ kinds: [1], '#p': [pubkey] } +{ kinds: [30402], '#d': [productSlug] } + +// By time +{ + kinds: [1], + since: Math.floor(Date.now() / 1000) - 86400, // Last 24h + until: Math.floor(Date.now() / 1000) +} + +// By event ID +{ ids: [eventId] } + +// Multiple conditions +{ + kinds: [16, 17], + '#order': [orderId], + since: timestamp, + limit: 100 +} +``` + +## Tag Helpers + +```typescript +// Get first tag value +const orderId = event.tagValue('order') + +// Find specific tag +const tag = event.tags.find(t => t[0] === 'payment') +const value = tag?.[1] + +// Get all of one type +const pTags = event.tags.filter(t => t[0] === 'p') + +// Common tag formats +['p', pubkey] // Mention +['e', eventId] // Event reference +['t', 'nostr'] // Hashtag +['d', identifier] // Replaceable ID +['a', '30402:pubkey:d-tag'] // Addressable reference +``` + +## Error Handling Pattern + +```typescript +const ndk = ndkActions.getNDK() +if (!ndk) throw new Error('NDK not initialized') + +const signer = ndk.signer +if (!signer) throw new Error('No active signer') + +try { + await event.publish() +} catch (error) { + console.error('Publish failed:', error) + throw error +} +``` + +## React Integration + +```typescript +// Query function +export const fetchProducts = async (pubkey: string) => { + const ndk = ndkActions.getNDK() + if (!ndk) throw new Error('NDK not initialized') + + const events = await ndk.fetchEvents({ + kinds: [30402], + authors: [pubkey] + }) + + return Array.from(events) +} + +// React Query hook +export const useProducts = (pubkey: string) => { + return useQuery({ + queryKey: ['products', pubkey], + queryFn: () => fetchProducts(pubkey), + enabled: !!pubkey, + }) +} + +// Subscription in useEffect +useEffect(() => { + if (!ndk || !orderId) return + + const sub = ndk.subscribe( + { kinds: [16], '#order': [orderId] }, + { closeOnEose: false } + ) + + sub.on('event', () => { + queryClient.invalidateQueries(['order', orderId]) + }) + + return () => sub.stop() +}, [ndk, orderId, queryClient]) +``` + +## Common Event Kinds + +```typescript +0 // Metadata (profile) +1 // Text note +4 // Encrypted DM (NIP-04) +7 // Reaction +9735 // Zap receipt +10000 // Mute list +10002 // Relay list +30402 // Product listing (Marketplace) +31990 // App handler (NIP-89) +``` + +## Relay Management + +```typescript +// Check connection +const connected = ndk.pool?.connectedRelays().length > 0 + +// Get connected relays +const relays = Array.from(ndk.pool?.relays.values() || []) + .filter(r => r.status === 1) + +// Add relay +ndk.addExplicitRelay('wss://relay.example.com') +``` + +## Connection with Timeout + +```typescript +const connectWithTimeout = async (timeoutMs = 10000) => { + const connectPromise = ndk.connect() + const timeoutPromise = new Promise((_, reject) => + setTimeout(() => reject(new Error('Timeout')), timeoutMs) + ) + + await Promise.race([connectPromise, timeoutPromise]) +} +``` + +## Current User + +```typescript +// Active user +const user = ndk.activeUser + +// From signer +const user = await ndk.signer?.user() + +// User info +const pubkey = user.pubkey // hex +const npub = user.npub // NIP-19 +``` + +## Parameterized Replaceable Events + +```typescript +// Create +const event = new NDKEvent(ndk) +event.kind = 30402 +event.content = JSON.stringify(data) +event.tags = [ + ['d', uniqueIdentifier], // Required for replaceable + ['title', 'Product Name'], +] + +await event.sign() +await event.publish() + +// Query (returns latest only) +const events = await ndk.fetchEvents({ + kinds: [30402], + authors: [pubkey], + '#d': [identifier] +}) +``` + +## Validation Checks + +```typescript +// Event age check +const now = Math.floor(Date.now() / 1000) +const age = now - (event.created_at || 0) +if (age > 86400) console.log('Event older than 24h') + +// Required fields +if (!event.pubkey || !event.created_at || !event.sig) { + throw new Error('Invalid event') +} + +// Tag existence +const orderId = event.tagValue('order') +if (!orderId) throw new Error('Missing order tag') +``` + +## Performance Tips + +```typescript +// Batch queries +const [products, orders] = await Promise.all([ + ndk.fetchEvents(productFilter), + ndk.fetchEvents(orderFilter) +]) + +// Limit results +const filter = { + kinds: [1], + limit: 50, + since: recentTimestamp +} + +// Cache with React Query +const { data } = useQuery({ + queryKey: ['profile', npub], + queryFn: () => fetchProfile(npub), + staleTime: 5 * 60 * 1000, // 5 min +}) +``` + +## Debugging + +```typescript +// Check NDK state +console.log('Connected:', ndk.pool?.connectedRelays()) +console.log('Signer:', ndk.signer) +console.log('Active user:', ndk.activeUser) + +// Event inspection +console.log('Event ID:', event.id) +console.log('Tags:', event.tags) +console.log('Content:', event.content) +console.log('Author:', event.pubkey) + +// Subscription events +sub.on('event', e => console.log('Event:', e)) +sub.on('eose', () => console.log('End of stored events')) +``` + +--- + +For detailed explanations and advanced patterns, see `ndk-skill.md`. + diff --git a/.claude/skills/ndk/troubleshooting.md b/.claude/skills/ndk/troubleshooting.md new file mode 100644 index 00000000..ac98fec2 --- /dev/null +++ b/.claude/skills/ndk/troubleshooting.md @@ -0,0 +1,530 @@ +# NDK Common Patterns & Troubleshooting + +Quick reference for common patterns and solutions to frequent NDK issues. + +## Common Patterns + +### Store-Based NDK Management + +```typescript +// Store pattern (recommended for React apps) +import { Store } from '@tanstack/store' + +interface NDKState { + ndk: NDK | null + isConnected: boolean + signer?: NDKSigner +} + +const ndkStore = new Store({ + ndk: null, + isConnected: false +}) + +export const ndkActions = { + initialize: () => { + const ndk = new NDK({ explicitRelayUrls: relays }) + ndkStore.setState({ ndk }) + return ndk + }, + + getNDK: () => ndkStore.state.ndk, + + setSigner: (signer: NDKSigner) => { + const ndk = ndkStore.state.ndk + if (ndk) { + ndk.signer = signer + ndkStore.setState({ signer }) + } + } +} +``` + +### Query + Subscription Pattern + +```typescript +// Initial data load + real-time updates +function useOrdersWithRealtime(orderId: string) { + const queryClient = useQueryClient() + const ndk = ndkActions.getNDK() + + // Fetch initial data + const query = useQuery({ + queryKey: ['orders', orderId], + queryFn: () => fetchOrders(orderId), + }) + + // Subscribe to updates + useEffect(() => { + if (!ndk || !orderId) return + + const sub = ndk.subscribe( + { kinds: [16], '#order': [orderId] }, + { closeOnEose: false } + ) + + sub.on('event', () => { + queryClient.invalidateQueries(['orders', orderId]) + }) + + return () => sub.stop() + }, [ndk, orderId]) + + return query +} +``` + +### Event Parsing Pattern + +```typescript +// Parse event tags into structured data +function parseProductEvent(event: NDKEvent) { + const getTag = (name: string) => + event.tags.find(t => t[0] === name)?.[1] + + const getAllTags = (name: string) => + event.tags.filter(t => t[0] === name).map(t => t[1]) + + return { + id: event.id, + slug: getTag('d'), + title: getTag('title'), + price: parseFloat(getTag('price') || '0'), + currency: event.tags.find(t => t[0] === 'price')?.[2] || 'USD', + images: getAllTags('image'), + shipping: getAllTags('shipping'), + description: event.content, + createdAt: event.created_at, + author: event.pubkey + } +} +``` + +### Relay Pool Pattern + +```typescript +// Separate NDK instances for different purposes +const mainNdk = new NDK({ + explicitRelayUrls: ['wss://relay.damus.io', 'wss://nos.lol'] +}) + +const zapNdk = new NDK({ + explicitRelayUrls: ['wss://relay.damus.io'] // Zap-optimized relays +}) + +const blossomNdk = new NDK({ + explicitRelayUrls: ['wss://blossom.server.com'] // Media server +}) + +await Promise.all([ + mainNdk.connect(), + zapNdk.connect(), + blossomNdk.connect() +]) +``` + +## Troubleshooting + +### Problem: Events Not Received + +**Symptoms:** Subscription doesn't receive events, fetchEvents returns empty Set + +**Solutions:** + +1. Check relay connection: +```typescript +const status = ndk.pool?.connectedRelays() +console.log('Connected relays:', status?.length) +if (status?.length === 0) { + await ndk.connect() +} +``` + +2. Verify filter syntax (especially tags): +```typescript +// ❌ Wrong +{ kinds: [16], 'order': [orderId] } + +// ✅ Correct (note the # prefix for tags) +{ kinds: [16], '#order': [orderId] } +``` + +3. Check timestamps: +```typescript +// Events might be too old/new +const now = Math.floor(Date.now() / 1000) +const filter = { + kinds: [1], + since: now - 86400, // Last 24 hours + until: now +} +``` + +4. Ensure closeOnEose is correct: +```typescript +// For real-time updates +ndk.subscribe(filter, { closeOnEose: false }) + +// For one-time historical fetch +ndk.subscribe(filter, { closeOnEose: true }) +``` + +### Problem: "NDK not initialized" + +**Symptoms:** `ndk` is null/undefined + +**Solutions:** + +1. Initialize before use: +```typescript +// In app entry point +const ndk = new NDK({ explicitRelayUrls: relays }) +await ndk.connect() +``` + +2. Add null checks: +```typescript +const ndk = ndkActions.getNDK() +if (!ndk) throw new Error('NDK not initialized') +``` + +3. Use initialization guard: +```typescript +const ensureNDK = () => { + let ndk = ndkActions.getNDK() + if (!ndk) { + ndk = ndkActions.initialize() + } + return ndk +} +``` + +### Problem: "No active signer" / Cannot Sign Events + +**Symptoms:** Event signing fails, publishing throws error + +**Solutions:** + +1. Check signer is set: +```typescript +if (!ndk.signer) { + throw new Error('Please login first') +} +``` + +2. Ensure blockUntilReady called: +```typescript +const signer = new NDKNip07Signer() +await signer.blockUntilReady() // ← Critical! +ndk.signer = signer +``` + +3. Handle NIP-07 unavailable: +```typescript +try { + const signer = new NDKNip07Signer() + await signer.blockUntilReady() + ndk.signer = signer +} catch (error) { + console.error('Browser extension not available') + // Fallback to other auth method +} +``` + +### Problem: Duplicate Events in Subscriptions + +**Symptoms:** Same event received multiple times + +**Solutions:** + +1. Track processed event IDs: +```typescript +const processedIds = new Set() + +sub.on('event', (event) => { + if (processedIds.has(event.id)) return + processedIds.add(event.id) + handleEvent(event) +}) +``` + +2. Use Map for event storage: +```typescript +const [events, setEvents] = useState>(new Map()) + +sub.on('event', (event) => { + setEvents(prev => new Map(prev).set(event.id, event)) +}) +``` + +### Problem: Connection Timeout + +**Symptoms:** connect() hangs, never resolves + +**Solutions:** + +1. Use timeout wrapper: +```typescript +const connectWithTimeout = async (ndk: NDK, ms = 10000) => { + await Promise.race([ + ndk.connect(), + new Promise((_, reject) => + setTimeout(() => reject(new Error('Timeout')), ms) + ) + ]) +} +``` + +2. Try fewer relays: +```typescript +// Start with reliable relays only +const reliableRelays = ['wss://relay.damus.io'] +const ndk = new NDK({ explicitRelayUrls: reliableRelays }) +``` + +3. Add connection retry: +```typescript +const connectWithRetry = async (ndk: NDK, maxRetries = 3) => { + for (let i = 0; i < maxRetries; i++) { + try { + await connectWithTimeout(ndk, 10000) + return + } catch (error) { + console.log(`Retry ${i + 1}/${maxRetries}`) + if (i === maxRetries - 1) throw error + } + } +} +``` + +### Problem: Subscription Memory Leak + +**Symptoms:** App gets slower, memory usage increases + +**Solutions:** + +1. Always stop subscriptions: +```typescript +useEffect(() => { + const sub = ndk.subscribe(filter, { closeOnEose: false }) + + // ← CRITICAL: cleanup + return () => { + sub.stop() + } +}, [dependencies]) +``` + +2. Track active subscriptions: +```typescript +const activeSubscriptions = new Set() + +const createSub = (filter: NDKFilter) => { + const sub = ndk.subscribe(filter, { closeOnEose: false }) + activeSubscriptions.add(sub) + return sub +} + +const stopAllSubs = () => { + activeSubscriptions.forEach(sub => sub.stop()) + activeSubscriptions.clear() +} +``` + +### Problem: Profile Not Found + +**Symptoms:** fetchProfile() returns null/undefined + +**Solutions:** + +1. Check different relays: +```typescript +// Add more relay URLs +const ndk = new NDK({ + explicitRelayUrls: [ + 'wss://relay.damus.io', + 'wss://relay.nostr.band', + 'wss://nos.lol' + ] +}) +``` + +2. Verify pubkey format: +```typescript +// Ensure correct format +if (pubkey.startsWith('npub')) { + const user = ndk.getUser({ npub: pubkey }) +} else if (/^[0-9a-f]{64}$/.test(pubkey)) { + const user = ndk.getUser({ hexpubkey: pubkey }) +} +``` + +3. Handle missing profiles gracefully: +```typescript +const profile = await user.fetchProfile() +const displayName = profile?.name || profile?.displayName || 'Anonymous' +const avatar = profile?.picture || '/default-avatar.png' +``` + +### Problem: Events Published But Not Visible + +**Symptoms:** publish() succeeds but event not found in queries + +**Solutions:** + +1. Verify event was signed: +```typescript +await event.sign() +console.log('Event ID:', event.id) // Should be set +console.log('Signature:', event.sig) // Should exist +``` + +2. Check relay acceptance: +```typescript +const relays = await event.publish() +console.log('Published to relays:', relays) +``` + +3. Query immediately after publish: +```typescript +await event.publish() + +// Wait a moment for relay propagation +await new Promise(resolve => setTimeout(resolve, 1000)) + +const found = await ndk.fetchEvents({ ids: [event.id] }) +console.log('Event found:', found.size > 0) +``` + +### Problem: NIP-46 Connection Fails + +**Symptoms:** Remote signer connection times out or fails + +**Solutions:** + +1. Verify bunker URL format: +```typescript +// Correct format: bunker://?relay=wss://... +const isValidBunkerUrl = (url: string) => { + return url.startsWith('bunker://') && url.includes('?relay=') +} +``` + +2. Ensure local signer is ready: +```typescript +const localSigner = new NDKPrivateKeySigner(privateKey) +await localSigner.blockUntilReady() + +const remoteSigner = new NDKNip46Signer(ndk, bunkerUrl, localSigner) +await remoteSigner.blockUntilReady() +``` + +3. Store credentials for reconnection: +```typescript +// Save for future sessions +localStorage.setItem('local-signer-key', localSigner.privateKey) +localStorage.setItem('bunker-url', bunkerUrl) +``` + +## Performance Tips + +### Optimize Queries + +```typescript +// ❌ Slow: Multiple sequential queries +const products = await ndk.fetchEvents({ kinds: [30402], authors: [pk1] }) +const orders = await ndk.fetchEvents({ kinds: [16], authors: [pk1] }) +const profiles = await ndk.fetchEvents({ kinds: [0], authors: [pk1] }) + +// ✅ Fast: Parallel queries +const [products, orders, profiles] = await Promise.all([ + ndk.fetchEvents({ kinds: [30402], authors: [pk1] }), + ndk.fetchEvents({ kinds: [16], authors: [pk1] }), + ndk.fetchEvents({ kinds: [0], authors: [pk1] }) +]) +``` + +### Cache Profile Lookups + +```typescript +const profileCache = new Map() + +const getCachedProfile = async (ndk: NDK, pubkey: string) => { + if (profileCache.has(pubkey)) { + return profileCache.get(pubkey)! + } + + const user = ndk.getUser({ hexpubkey: pubkey }) + const profile = await user.fetchProfile() + if (profile) { + profileCache.set(pubkey, profile) + } + + return profile +} +``` + +### Limit Result Sets + +```typescript +// Always use limit to prevent over-fetching +const filter: NDKFilter = { + kinds: [1], + authors: [pubkey], + limit: 50 // ← Important! +} +``` + +### Debounce Subscription Updates + +```typescript +import { debounce } from 'lodash' + +const debouncedUpdate = debounce((event: NDKEvent) => { + handleEvent(event) +}, 300) + +sub.on('event', debouncedUpdate) +``` + +## Testing Tips + +### Mock NDK in Tests + +```typescript +const mockNDK = { + fetchEvents: vi.fn().mockResolvedValue(new Set()), + subscribe: vi.fn().mockReturnValue({ + on: vi.fn(), + stop: vi.fn() + }), + signer: { + user: vi.fn().mockResolvedValue({ pubkey: 'test-pubkey' }) + } +} as unknown as NDK +``` + +### Test Event Creation + +```typescript +const createTestEvent = (overrides?: Partial): NDKEvent => { + return { + id: 'test-id', + kind: 1, + content: 'test content', + tags: [], + created_at: Math.floor(Date.now() / 1000), + pubkey: 'test-pubkey', + sig: 'test-sig', + ...overrides + } as NDKEvent +} +``` + +--- + +For more detailed information, see: +- `ndk-skill.md` - Complete reference +- `quick-reference.md` - Quick lookup +- `examples/` - Code examples + diff --git a/.claude/skills/nostr-websocket/SKILL.md b/.claude/skills/nostr-websocket/SKILL.md new file mode 100644 index 00000000..8d58f057 --- /dev/null +++ b/.claude/skills/nostr-websocket/SKILL.md @@ -0,0 +1,978 @@ +--- +name: nostr-websocket +description: This skill should be used when implementing, debugging, or discussing WebSocket connections for Nostr relays. Provides comprehensive knowledge of RFC 6455 WebSocket protocol, production-ready implementation patterns in Go (khatru), C++ (strfry), and Rust (nostr-rs-relay), including connection lifecycle, message framing, subscription management, and performance optimization techniques specific to Nostr relay operations. +--- + +# Nostr WebSocket Programming + +## Overview + +Implement robust, high-performance WebSocket connections for Nostr relays following RFC 6455 specifications and battle-tested production patterns. This skill provides comprehensive guidance on WebSocket protocol fundamentals, connection management, message handling, and language-specific implementation strategies using proven codebases. + +## Core WebSocket Protocol (RFC 6455) + +### Connection Upgrade Handshake + +The WebSocket connection begins with an HTTP upgrade request: + +**Client Request Headers:** +- `Upgrade: websocket` - Required +- `Connection: Upgrade` - Required +- `Sec-WebSocket-Key` - 16-byte random value, base64-encoded +- `Sec-WebSocket-Version: 13` - Required +- `Origin` - Required for browser clients (security) + +**Server Response (HTTP 101):** +- `HTTP/1.1 101 Switching Protocols` +- `Upgrade: websocket` +- `Connection: Upgrade` +- `Sec-WebSocket-Accept` - SHA-1(client_key + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"), base64-encoded + +**Security validation:** Always verify the `Sec-WebSocket-Accept` value matches expected computation. Reject connections with missing or incorrect values. + +### Frame Structure + +WebSocket frames use binary encoding with variable-length fields: + +**Header (minimum 2 bytes):** +- **FIN bit** (1 bit) - Final fragment indicator +- **RSV1-3** (3 bits) - Reserved for extensions (must be 0) +- **Opcode** (4 bits) - Frame type identifier +- **MASK bit** (1 bit) - Payload masking indicator +- **Payload length** (7, 7+16, or 7+64 bits) - Variable encoding + +**Payload length encoding:** +- 0-125: Direct 7-bit value +- 126: Next 16 bits contain length +- 127: Next 64 bits contain length + +### Frame Opcodes + +**Data Frames:** +- `0x0` - Continuation frame +- `0x1` - Text frame (UTF-8) +- `0x2` - Binary frame + +**Control Frames:** +- `0x8` - Connection close +- `0x9` - Ping +- `0xA` - Pong + +**Control frame constraints:** +- Maximum 125-byte payload +- Cannot be fragmented +- Must be processed immediately + +### Masking Requirements + +**Critical security requirement:** +- Client-to-server frames MUST be masked +- Server-to-client frames MUST NOT be masked +- Masking uses XOR with 4-byte random key +- Prevents cache poisoning and intermediary attacks + +**Masking algorithm:** +``` +transformed[i] = original[i] XOR masking_key[i MOD 4] +``` + +### Ping/Pong Keep-Alive + +**Purpose:** Detect broken connections and maintain NAT traversal + +**Pattern:** +1. Either endpoint sends Ping (0x9) with optional payload +2. Recipient responds with Pong (0xA) containing identical payload +3. Implement timeouts to detect unresponsive connections + +**Nostr relay recommendations:** +- Send pings every 30-60 seconds +- Timeout after 60-120 seconds without pong response +- Close connections exceeding timeout threshold + +### Close Handshake + +**Initiation:** Either peer sends Close frame (0x8) + +**Close frame structure:** +- Optional 2-byte status code +- Optional UTF-8 reason string + +**Common status codes:** +- `1000` - Normal closure +- `1001` - Going away (server shutdown/navigation) +- `1002` - Protocol error +- `1003` - Unsupported data type +- `1006` - Abnormal closure (no close frame) +- `1011` - Server error + +**Proper shutdown sequence:** +1. Initiator sends Close frame +2. Recipient responds with Close frame +3. Both close TCP connection + +## Nostr Relay WebSocket Architecture + +### Message Flow Overview + +``` +Client Relay + | | + |--- HTTP Upgrade ------->| + |<-- 101 Switching -------| + | | + |--- ["EVENT", {...}] --->| (Validate, store, broadcast) + |<-- ["OK", id, ...] -----| + | | + |--- ["REQ", id, {...}]-->| (Query + subscribe) + |<-- ["EVENT", id, {...}]-| (Stored events) + |<-- ["EOSE", id] --------| (End of stored) + |<-- ["EVENT", id, {...}]-| (Real-time events) + | | + |--- ["CLOSE", id] ------>| (Unsubscribe) + | | + |--- Close Frame -------->| + |<-- Close Frame ---------| +``` + +### Critical Concurrency Considerations + +**Write concurrency:** WebSocket libraries panic/error on concurrent writes. Always protect writes with: +- Mutex locks (Go, C++) +- Single-writer goroutine/thread pattern +- Message queue with dedicated sender + +**Read concurrency:** Concurrent reads generally allowed but not useful - implement single reader loop per connection. + +**Subscription management:** Concurrent access to subscription maps requires synchronization or lock-free data structures. + +## Language-Specific Implementation Patterns + +### Go Implementation (khatru-style) + +**Recommended library:** `github.com/fasthttp/websocket` + +**Connection structure:** +```go +type WebSocket struct { + conn *websocket.Conn + mutex sync.Mutex // Protects writes + + Request *http.Request // Original HTTP request + Context context.Context // Cancellation context + cancel context.CancelFunc + + // NIP-42 authentication + Challenge string + AuthedPublicKey string + + // Concurrent session management + negentropySessions *xsync.MapOf[string, *NegentropySession] +} + +// Thread-safe write +func (ws *WebSocket) WriteJSON(v any) error { + ws.mutex.Lock() + defer ws.mutex.Unlock() + return ws.conn.WriteJSON(v) +} +``` + +**Lifecycle pattern (dual goroutines):** +```go +// Read goroutine +go func() { + defer cleanup() + + ws.conn.SetReadLimit(maxMessageSize) + ws.conn.SetReadDeadline(time.Now().Add(pongWait)) + ws.conn.SetPongHandler(func(string) error { + ws.conn.SetReadDeadline(time.Now().Add(pongWait)) + return nil + }) + + for { + typ, msg, err := ws.conn.ReadMessage() + if err != nil { + return // Connection closed + } + + if typ == websocket.PingMessage { + ws.WriteMessage(websocket.PongMessage, nil) + continue + } + + // Parse and handle message in separate goroutine + go handleMessage(msg) + } +}() + +// Write/ping goroutine +go func() { + defer cleanup() + ticker := time.NewTicker(pingPeriod) + defer ticker.Stop() + + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + if err := ws.WriteMessage(websocket.PingMessage, nil); err != nil { + return + } + } + } +}() +``` + +**Key patterns:** +- **Mutex-protected writes** - Prevent concurrent write panics +- **Context-based lifecycle** - Clean cancellation hierarchy +- **Swap-delete for subscriptions** - O(1) removal from listener arrays +- **Zero-copy string conversion** - `unsafe.String()` for message parsing +- **Goroutine-per-message** - Sequential parsing, concurrent handling +- **Hook-based extensibility** - Plugin architecture without core modifications + +**Configuration constants:** +```go +WriteWait: 10 * time.Second // Write timeout +PongWait: 60 * time.Second // Pong timeout +PingPeriod: 30 * time.Second // Ping interval (< PongWait) +MaxMessageSize: 512000 // 512 KB limit +``` + +**Subscription management:** +```go +type listenerSpec struct { + id string + cancel context.CancelCauseFunc + index int + subrelay *Relay +} + +// Efficient removal with swap-delete +func (rl *Relay) removeListenerId(ws *WebSocket, id string) { + rl.clientsMutex.Lock() + defer rl.clientsMutex.Unlock() + + if specs, ok := rl.clients[ws]; ok { + for i := len(specs) - 1; i >= 0; i-- { + if specs[i].id == id { + specs[i].cancel(ErrSubscriptionClosedByClient) + specs[i] = specs[len(specs)-1] + specs = specs[:len(specs)-1] + rl.clients[ws] = specs + break + } + } + } +} +``` + +For detailed khatru implementation examples, see [references/khatru_implementation.md](references/khatru_implementation.md). + +### C++ Implementation (strfry-style) + +**Recommended library:** Custom fork of `uWebSockets` with epoll + +**Architecture highlights:** +- Single-threaded I/O using epoll for connection multiplexing +- Thread pool architecture: 6 specialized pools (WebSocket, Ingester, Writer, ReqWorker, ReqMonitor, Negentropy) +- "Shared nothing" message-passing design eliminates lock contention +- Deterministic thread assignment: `connId % numThreads` + +**Connection structure:** +```cpp +struct ConnectionState { + uint64_t connId; + std::string remoteAddr; + flat_str subId; // Subscription ID + std::shared_ptr sub; + PerMessageDeflate pmd; // Compression state + uint64_t latestEventSent = 0; + + // Message parsing state + secp256k1_context *secpCtx; + std::string parseBuffer; +}; +``` + +**Message handling pattern:** +```cpp +// WebSocket message callback +ws->onMessage([=](std::string_view msg, uWS::OpCode opCode) { + // Reuse buffer to avoid allocations + state->parseBuffer.assign(msg.data(), msg.size()); + + try { + auto json = nlohmann::json::parse(state->parseBuffer); + auto cmdStr = json[0].get(); + + if (cmdStr == "EVENT") { + // Send to Ingester thread pool + auto packed = MsgIngester::Message(connId, std::move(json)); + tpIngester->dispatchToThread(connId, std::move(packed)); + } + else if (cmdStr == "REQ") { + // Send to ReqWorker thread pool + auto packed = MsgReq::Message(connId, std::move(json)); + tpReqWorker->dispatchToThread(connId, std::move(packed)); + } + } catch (std::exception &e) { + sendNotice("Error: " + std::string(e.what())); + } +}); +``` + +**Critical performance optimizations:** + +1. **Event batching** - Serialize event JSON once, reuse for thousands of subscribers: +```cpp +// Single serialization +std::string eventJson = event.toJson(); + +// Broadcast to all matching subscriptions +for (auto &[connId, sub] : activeSubscriptions) { + if (sub->matches(event)) { + sendToConnection(connId, eventJson); // Reuse serialized JSON + } +} +``` + +2. **Move semantics** - Zero-copy message passing: +```cpp +tpIngester->dispatchToThread(connId, std::move(message)); +``` + +3. **Pre-allocated buffers** - Single reusable buffer per connection: +```cpp +state->parseBuffer.assign(msg.data(), msg.size()); +``` + +4. **std::variant dispatch** - Type-safe without virtual function overhead: +```cpp +std::variant message; +std::visit([](auto&& msg) { msg.handle(); }, message); +``` + +For detailed strfry implementation examples, see [references/strfry_implementation.md](references/strfry_implementation.md). + +### Rust Implementation (nostr-rs-relay-style) + +**Recommended libraries:** +- `tokio-tungstenite 0.17` - Async WebSocket support +- `tokio 1.x` - Async runtime +- `serde_json` - Message parsing + +**WebSocket configuration:** +```rust +let config = WebSocketConfig { + max_send_queue: Some(1024), + max_message_size: settings.limits.max_ws_message_bytes, + max_frame_size: settings.limits.max_ws_frame_bytes, + ..Default::default() +}; + +let ws_stream = WebSocketStream::from_raw_socket( + upgraded, + Role::Server, + Some(config), +).await; +``` + +**Connection state:** +```rust +pub struct ClientConn { + client_ip_addr: String, + client_id: Uuid, + subscriptions: HashMap, + max_subs: usize, + auth: Nip42AuthState, +} + +pub enum Nip42AuthState { + NoAuth, + Challenge(String), + AuthPubkey(String), +} +``` + +**Async message loop with tokio::select!:** +```rust +async fn nostr_server( + repo: Arc, + mut ws_stream: WebSocketStream, + broadcast: Sender, + mut shutdown: Receiver<()>, +) { + let mut conn = ClientConn::new(client_ip); + let mut bcast_rx = broadcast.subscribe(); + let mut ping_interval = tokio::time::interval(Duration::from_secs(300)); + + loop { + tokio::select! { + // Handle shutdown + _ = shutdown.recv() => { break; } + + // Send periodic pings + _ = ping_interval.tick() => { + ws_stream.send(Message::Ping(Vec::new())).await.ok(); + } + + // Handle broadcast events (real-time) + Ok(event) = bcast_rx.recv() => { + for (id, sub) in conn.subscriptions() { + if sub.interested_in_event(&event) { + let msg = format!("[\"EVENT\",\"{}\",{}]", id, + serde_json::to_string(&event)?); + ws_stream.send(Message::Text(msg)).await.ok(); + } + } + } + + // Handle incoming client messages + Some(result) = ws_stream.next() => { + match result { + Ok(Message::Text(msg)) => { + handle_nostr_message(&msg, &mut conn).await; + } + Ok(Message::Binary(_)) => { + send_notice("binary messages not accepted").await; + } + Ok(Message::Ping(_) | Message::Pong(_)) => { + continue; // Auto-handled by tungstenite + } + Ok(Message::Close(_)) | Err(_) => { + break; + } + _ => {} + } + } + } + } +} +``` + +**Subscription filtering:** +```rust +pub struct ReqFilter { + pub ids: Option>, + pub kinds: Option>, + pub since: Option, + pub until: Option, + pub authors: Option>, + pub limit: Option, + pub tags: Option>>, +} + +impl ReqFilter { + pub fn interested_in_event(&self, event: &Event) -> bool { + self.ids_match(event) + && self.since.map_or(true, |t| event.created_at >= t) + && self.until.map_or(true, |t| event.created_at <= t) + && self.kind_match(event.kind) + && self.authors_match(event) + && self.tag_match(event) + } + + fn ids_match(&self, event: &Event) -> bool { + self.ids.as_ref() + .map_or(true, |ids| ids.iter().any(|id| event.id.starts_with(id))) + } +} +``` + +**Error handling:** +```rust +match ws_stream.next().await { + Some(Ok(Message::Text(msg))) => { /* handle */ } + + Some(Err(WsError::Capacity(MessageTooLong{size, max_size}))) => { + send_notice(&format!("message too large ({} > {})", size, max_size)).await; + continue; + } + + None | Some(Ok(Message::Close(_))) => { + info!("client closed connection"); + break; + } + + Some(Err(WsError::Io(e))) => { + warn!("IO error: {:?}", e); + break; + } + + _ => { break; } +} +``` + +For detailed Rust implementation examples, see [references/rust_implementation.md](references/rust_implementation.md). + +## Common Implementation Patterns + +### Pattern 1: Dual Goroutine/Task Architecture + +**Purpose:** Separate read and write concerns, enable ping/pong management + +**Structure:** +- **Reader goroutine/task:** Blocks on `ReadMessage()`, handles incoming frames +- **Writer goroutine/task:** Sends periodic pings, processes outgoing message queue + +**Benefits:** +- Natural separation of concerns +- Ping timer doesn't block message processing +- Clean shutdown coordination via context/channels + +### Pattern 2: Subscription Lifecycle + +**Create subscription (REQ):** +1. Parse filter from client message +2. Query database for matching stored events +3. Send stored events to client +4. Send EOSE (End of Stored Events) +5. Add subscription to active listeners for real-time events + +**Handle real-time event:** +1. Check all active subscriptions +2. For each matching subscription: + - Apply filter matching logic + - Send EVENT message to client +3. Track broadcast count for monitoring + +**Close subscription (CLOSE):** +1. Find subscription by ID +2. Cancel subscription context +3. Remove from active listeners +4. Clean up resources + +### Pattern 3: Write Serialization + +**Problem:** Concurrent writes cause panics/errors in WebSocket libraries + +**Solutions:** + +**Mutex approach (Go, C++):** +```go +func (ws *WebSocket) WriteJSON(v any) error { + ws.mutex.Lock() + defer ws.mutex.Unlock() + return ws.conn.WriteJSON(v) +} +``` + +**Single-writer goroutine (Alternative):** +```go +type writeMsg struct { + data []byte + done chan error +} + +go func() { + for msg := range writeChan { + msg.done <- ws.conn.WriteMessage(websocket.TextMessage, msg.data) + } +}() +``` + +### Pattern 4: Connection Cleanup + +**Essential cleanup steps:** +1. Cancel all subscription contexts +2. Stop ping ticker/interval +3. Remove connection from active clients map +4. Close WebSocket connection +5. Close TCP connection +6. Log connection statistics + +**Go cleanup function:** +```go +kill := func() { + // Cancel contexts + cancel() + ws.cancel() + + // Stop timers + ticker.Stop() + + // Remove from tracking + rl.removeClientAndListeners(ws) + + // Close connection + ws.conn.Close() + + // Trigger hooks + for _, ondisconnect := range rl.OnDisconnect { + ondisconnect(ctx) + } +} +defer kill() +``` + +### Pattern 5: Event Broadcasting Optimization + +**Naive approach (inefficient):** +```go +// DON'T: Serialize for each subscriber +for _, listener := range listeners { + if listener.filter.Matches(event) { + json := serializeEvent(event) // Repeated work! + listener.ws.WriteJSON(json) + } +} +``` + +**Optimized approach:** +```go +// DO: Serialize once, reuse for all subscribers +eventJSON, err := json.Marshal(event) +if err != nil { + return +} + +for _, listener := range listeners { + if listener.filter.Matches(event) { + listener.ws.WriteMessage(websocket.TextMessage, eventJSON) + } +} +``` + +**Savings:** For 1000 subscribers, reduces 1000 JSON serializations to 1. + +## Security Considerations + +### Origin Validation + +Always validate the `Origin` header for browser-based clients: + +```go +upgrader := websocket.Upgrader{ + CheckOrigin: func(r *http.Request) bool { + origin := r.Header.Get("Origin") + return isAllowedOrigin(origin) // Implement allowlist + }, +} +``` + +**Default behavior:** Most libraries reject all cross-origin connections. Override with caution. + +### Rate Limiting + +Implement rate limits for: +- Connection establishment (per IP) +- Message throughput (per connection) +- Subscription creation (per connection) +- Event publication (per connection, per pubkey) + +```go +// Example: Connection rate limiting +type rateLimiter struct { + connections map[string]*rate.Limiter + mu sync.Mutex +} + +func (rl *Relay) checkRateLimit(ip string) bool { + limiter := rl.rateLimiter.getLimiter(ip) + return limiter.Allow() +} +``` + +### Message Size Limits + +Configure limits to prevent memory exhaustion: + +```go +ws.conn.SetReadLimit(maxMessageSize) // e.g., 512 KB +``` + +```rust +max_message_size: Some(512_000), +max_frame_size: Some(16_384), +``` + +### Subscription Limits + +Prevent resource exhaustion: +- Max subscriptions per connection (typically 10-20) +- Max subscription ID length (prevent hash collision attacks) +- Require specific filters (prevent full database scans) + +```rust +const MAX_SUBSCRIPTION_ID_LEN: usize = 256; +const MAX_SUBS_PER_CLIENT: usize = 20; + +if subscriptions.len() >= MAX_SUBS_PER_CLIENT { + return Err(Error::SubMaxExceededError); +} +``` + +### Authentication (NIP-42) + +Implement challenge-response authentication: + +1. **Generate challenge on connect:** +```go +challenge := make([]byte, 8) +rand.Read(challenge) +ws.Challenge = hex.EncodeToString(challenge) +``` + +2. **Send AUTH challenge when required:** +```json +["AUTH", ""] +``` + +3. **Validate AUTH event:** +```go +func validateAuthEvent(event *Event, challenge, relayURL string) bool { + // Check kind 22242 + if event.Kind != 22242 { return false } + + // Check challenge in tags + if !hasTag(event, "challenge", challenge) { return false } + + // Check relay URL + if !hasTag(event, "relay", relayURL) { return false } + + // Check timestamp (within 10 minutes) + if abs(time.Now().Unix() - event.CreatedAt) > 600 { return false } + + // Verify signature + return event.CheckSignature() +} +``` + +## Performance Optimization Techniques + +### 1. Connection Pooling + +Reuse connections for database queries: +```go +db, _ := sql.Open("postgres", dsn) +db.SetMaxOpenConns(25) +db.SetMaxIdleConns(5) +db.SetConnMaxLifetime(5 * time.Minute) +``` + +### 2. Event Caching + +Cache frequently accessed events: +```go +type EventCache struct { + cache *lru.Cache + mu sync.RWMutex +} + +func (ec *EventCache) Get(id string) (*Event, bool) { + ec.mu.RLock() + defer ec.mu.RUnlock() + if val, ok := ec.cache.Get(id); ok { + return val.(*Event), true + } + return nil, false +} +``` + +### 3. Batch Database Queries + +Execute queries concurrently for multi-filter subscriptions: +```go +var wg sync.WaitGroup +for _, filter := range filters { + wg.Add(1) + go func(f Filter) { + defer wg.Done() + events := queryDatabase(f) + sendEvents(events) + }(filter) +} +wg.Wait() +sendEOSE() +``` + +### 4. Compression (permessage-deflate) + +Enable WebSocket compression for text frames: +```go +upgrader := websocket.Upgrader{ + EnableCompression: true, +} +``` + +**Typical savings:** 60-80% bandwidth reduction for JSON messages + +**Trade-off:** Increased CPU usage (usually worthwhile) + +### 5. Monitoring and Metrics + +Track key performance indicators: +- Connections (active, total, per IP) +- Messages (received, sent, per type) +- Events (stored, broadcast, per second) +- Subscriptions (active, per connection) +- Query latency (p50, p95, p99) +- Database pool utilization + +```go +// Prometheus-style metrics +type Metrics struct { + Connections prometheus.Gauge + MessagesRecv prometheus.Counter + MessagesSent prometheus.Counter + EventsStored prometheus.Counter + QueryDuration prometheus.Histogram +} +``` + +## Testing WebSocket Implementations + +### Unit Testing + +Test individual components in isolation: + +```go +func TestFilterMatching(t *testing.T) { + filter := Filter{ + Kinds: []int{1, 3}, + Authors: []string{"abc123"}, + } + + event := &Event{ + Kind: 1, + PubKey: "abc123", + } + + if !filter.Matches(event) { + t.Error("Expected filter to match event") + } +} +``` + +### Integration Testing + +Test WebSocket connection handling: + +```go +func TestWebSocketConnection(t *testing.T) { + // Start test server + server := startTestRelay(t) + defer server.Close() + + // Connect client + ws, _, err := websocket.DefaultDialer.Dial(server.URL, nil) + if err != nil { + t.Fatalf("Failed to connect: %v", err) + } + defer ws.Close() + + // Send REQ + req := `["REQ","test",{"kinds":[1]}]` + if err := ws.WriteMessage(websocket.TextMessage, []byte(req)); err != nil { + t.Fatalf("Failed to send REQ: %v", err) + } + + // Read EOSE + _, msg, err := ws.ReadMessage() + if err != nil { + t.Fatalf("Failed to read message: %v", err) + } + + if !strings.Contains(string(msg), "EOSE") { + t.Errorf("Expected EOSE, got: %s", msg) + } +} +``` + +### Load Testing + +Use tools like `websocat` or custom scripts: + +```bash +# Connect 1000 concurrent clients +for i in {1..1000}; do + (websocat "ws://localhost:8080" <<< '["REQ","test",{"kinds":[1]}]' &) +done +``` + +Monitor server metrics during load testing: +- CPU usage +- Memory consumption +- Connection count +- Message throughput +- Database query rate + +## Debugging and Troubleshooting + +### Common Issues + +**1. Concurrent write panic/error** + +**Symptom:** `concurrent write to websocket connection` error + +**Solution:** Ensure all writes protected by mutex or use single-writer pattern + +**2. Connection timeouts** + +**Symptom:** Connections close after 60 seconds + +**Solution:** Implement ping/pong mechanism properly: +```go +ws.SetPongHandler(func(string) error { + ws.SetReadDeadline(time.Now().Add(pongWait)) + return nil +}) +``` + +**3. Memory leaks** + +**Symptom:** Memory usage grows over time + +**Common causes:** +- Subscriptions not removed on disconnect +- Event channels not closed +- Goroutines not terminated + +**Solution:** Ensure cleanup function called on disconnect + +**4. Slow subscription queries** + +**Symptom:** EOSE delayed by seconds + +**Solution:** +- Add database indexes on filtered columns +- Implement query timeouts +- Consider caching frequently accessed events + +### Logging Best Practices + +Log critical events with context: + +```go +log.Printf( + "connection closed: cid=%s ip=%s duration=%v sent=%d recv=%d", + conn.ID, + conn.IP, + time.Since(conn.ConnectedAt), + conn.EventsSent, + conn.EventsRecv, +) +``` + +Use log levels appropriately: +- **DEBUG:** Message parsing, filter matching +- **INFO:** Connection lifecycle, subscription changes +- **WARN:** Rate limit violations, invalid messages +- **ERROR:** Database errors, unexpected panics + +## Resources + +This skill includes comprehensive reference documentation with production code examples: + +### references/ + +- **websocket_protocol.md** - Complete RFC 6455 specification details including frame structure, opcodes, masking algorithm, and security considerations +- **khatru_implementation.md** - Go WebSocket patterns from khatru including connection lifecycle, subscription management, and performance optimizations (3000+ lines) +- **strfry_implementation.md** - C++ high-performance patterns from strfry including thread pool architecture, message batching, and zero-copy techniques (2000+ lines) +- **rust_implementation.md** - Rust async patterns from nostr-rs-relay including tokio::select! usage, error handling, and subscription filtering (2000+ lines) + +Load these references when implementing specific language solutions or troubleshooting complex WebSocket issues. \ No newline at end of file diff --git a/.claude/skills/nostr-websocket/references/khatru_implementation.md b/.claude/skills/nostr-websocket/references/khatru_implementation.md new file mode 100644 index 00000000..3f4fff23 --- /dev/null +++ b/.claude/skills/nostr-websocket/references/khatru_implementation.md @@ -0,0 +1,1275 @@ +# Go WebSocket Implementation for Nostr Relays (khatru patterns) + +This reference documents production-ready WebSocket patterns from the khatru Nostr relay implementation in Go. + +## Repository Information + +- **Project:** khatru - Nostr relay framework +- **Repository:** https://github.com/fiatjaf/khatru +- **Language:** Go +- **WebSocket Library:** `github.com/fasthttp/websocket` +- **Architecture:** Hook-based plugin system with dual-goroutine per connection + +## Core Architecture + +### Relay Structure + +```go +// relay.go, lines 54-119 +type Relay struct { + // Service configuration + ServiceURL string + upgrader websocket.Upgrader + + // WebSocket lifecycle hooks + RejectConnection []func(r *http.Request) bool + OnConnect []func(ctx context.Context) + OnDisconnect []func(ctx context.Context) + + // Event processing hooks + RejectEvent []func(ctx context.Context, event *nostr.Event) (reject bool, msg string) + OverwriteDeletionOutcome []func(ctx context.Context, target *nostr.Event, deletion *nostr.Event) (acceptDeletion bool, msg string) + StoreEvent []func(ctx context.Context, event *nostr.Event) error + ReplaceEvent []func(ctx context.Context, event *nostr.Event) error + DeleteEvent []func(ctx context.Context, event *nostr.Event) error + OnEventSaved []func(ctx context.Context, event *nostr.Event) + OnEphemeralEvent []func(ctx context.Context, event *nostr.Event) + + // Filter/query hooks + RejectFilter []func(ctx context.Context, filter nostr.Filter) (reject bool, msg string) + OverwriteFilter []func(ctx context.Context, filter *nostr.Filter) + QueryEvents []func(ctx context.Context, filter nostr.Filter) (chan *nostr.Event, error) + CountEvents []func(ctx context.Context, filter nostr.Filter) (int64, error) + CountEventsHLL []func(ctx context.Context, filter nostr.Filter, offset int) (int64, *hyperloglog.HyperLogLog, error) + + // Broadcast control + PreventBroadcast []func(ws *WebSocket, event *nostr.Event) bool + OverwriteResponseEvent []func(ctx context.Context, event *nostr.Event) + + // Client tracking + clients map[*WebSocket][]listenerSpec + listeners []listener + clientsMutex sync.Mutex + + // WebSocket parameters + WriteWait time.Duration // Default: 10 seconds + PongWait time.Duration // Default: 60 seconds + PingPeriod time.Duration // Default: 30 seconds + MaxMessageSize int64 // Default: 512000 bytes + + // Router support (for multi-relay setups) + routes []Route + getSubRelayFromEvent func(*nostr.Event) *Relay + getSubRelayFromFilter func(nostr.Filter) *Relay + + // Protocol extensions + Negentropy bool // NIP-77 support +} +``` + +### WebSocket Configuration + +```go +// relay.go, lines 31-35 +upgrader: websocket.Upgrader{ + ReadBufferSize: 1024, + WriteBufferSize: 1024, + CheckOrigin: func(r *http.Request) bool { return true }, +}, +``` + +**Key configuration choices:** +- **1 KB read/write buffers:** Small buffers for many concurrent connections +- **Allow all origins:** Nostr is designed for public relays; adjust for private relays +- **No compression by default:** Can be enabled with `EnableCompression: true` + +**Recommended production settings:** +```go +upgrader: websocket.Upgrader{ + ReadBufferSize: 1024, + WriteBufferSize: 1024, + EnableCompression: true, // 60-80% bandwidth reduction + CheckOrigin: func(r *http.Request) bool { + // For public relays: return true + // For private relays: validate origin + origin := r.Header.Get("Origin") + return isAllowedOrigin(origin) + }, +}, +``` + +## WebSocket Connection Structure + +### Connection Wrapper + +```go +// websocket.go, lines 12-32 +type WebSocket struct { + conn *websocket.Conn + mutex sync.Mutex // Protects all write operations + + // Original HTTP request (for IP, headers, etc.) + Request *http.Request + + // Connection lifecycle context + Context context.Context + cancel context.CancelFunc + + // NIP-42 authentication + Challenge string // Random 8-byte hex string + AuthedPublicKey string // Authenticated pubkey after AUTH + Authed chan struct{} // Closed when authenticated + authLock sync.Mutex + + // NIP-77 negentropy sessions (for efficient set reconciliation) + negentropySessions *xsync.MapOf[string, *NegentropySession] +} +``` + +**Design decisions:** + +1. **Mutex for writes:** WebSocket library panics on concurrent writes; mutex is simplest solution +2. **Context-based lifecycle:** Clean cancellation propagation to all operations +3. **Original request preservation:** Enables IP extraction, header inspection +4. **NIP-42 challenge storage:** No database lookup needed for authentication +5. **Lock-free session map:** `xsync.MapOf` provides concurrent access without locks + +### Thread-Safe Write Operations + +```go +// websocket.go, lines 34-46 +func (ws *WebSocket) WriteJSON(any any) error { + ws.mutex.Lock() + err := ws.conn.WriteJSON(any) + ws.mutex.Unlock() + return err +} + +func (ws *WebSocket) WriteMessage(t int, b []byte) error { + ws.mutex.Lock() + err := ws.conn.WriteMessage(t, b) + ws.mutex.Unlock() + return err +} +``` + +**Critical pattern:** ALL writes to WebSocket MUST be protected by mutex + +**Common mistake:** +```go +// DON'T DO THIS - Race condition! +go func() { + ws.conn.WriteJSON(msg1) // Not protected +}() +go func() { + ws.conn.WriteJSON(msg2) // Not protected +}() +``` + +**Correct approach:** +```go +// DO THIS - Protected writes +go func() { + ws.WriteJSON(msg1) // Uses mutex +}() +go func() { + ws.WriteJSON(msg2) // Uses mutex +}() +``` + +## Connection Lifecycle + +### HTTP to WebSocket Upgrade + +```go +// handlers.go, lines 29-52 +func (rl *Relay) ServeHTTP(w http.ResponseWriter, r *http.Request) { + // CORS middleware for non-WebSocket requests + corsMiddleware := cors.New(cors.Options{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{ + http.MethodHead, + http.MethodGet, + http.MethodPost, + http.MethodPut, + http.MethodPatch, + http.MethodDelete, + }, + AllowedHeaders: []string{"Authorization", "*"}, + MaxAge: 86400, + }) + + // Route based on request type + if r.Header.Get("Upgrade") == "websocket" { + rl.HandleWebsocket(w, r) // WebSocket connection + } else if r.Header.Get("Accept") == "application/nostr+json" { + corsMiddleware.Handler(http.HandlerFunc(rl.HandleNIP11)).ServeHTTP(w, r) // NIP-11 metadata + } else if r.Header.Get("Content-Type") == "application/nostr+json+rpc" { + corsMiddleware.Handler(http.HandlerFunc(rl.HandleNIP86)).ServeHTTP(w, r) // NIP-86 management + } else { + corsMiddleware.Handler(rl.serveMux).ServeHTTP(w, r) // Other routes + } +} +``` + +**Pattern:** Single HTTP handler multiplexes all request types by headers + +### WebSocket Upgrade Process + +```go +// handlers.go, lines 55-105 +func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) { + // Pre-upgrade rejection hooks + for _, reject := range rl.RejectConnection { + if reject(r) { + w.WriteHeader(429) // Too Many Requests + return + } + } + + // Perform WebSocket upgrade + conn, err := rl.upgrader.Upgrade(w, r, nil) + if err != nil { + rl.Log.Printf("failed to upgrade websocket: %v\n", err) + return + } + + // Create ping ticker for keep-alive + ticker := time.NewTicker(rl.PingPeriod) + + // Generate NIP-42 authentication challenge + challenge := make([]byte, 8) + rand.Read(challenge) + + // Initialize WebSocket wrapper + ws := &WebSocket{ + conn: conn, + Request: r, + Challenge: hex.EncodeToString(challenge), + negentropySessions: xsync.NewMapOf[string, *NegentropySession](), + } + ws.Context, ws.cancel = context.WithCancel(context.Background()) + + // Register client + rl.clientsMutex.Lock() + rl.clients[ws] = make([]listenerSpec, 0, 2) + rl.clientsMutex.Unlock() + + // Create connection context with WebSocket reference + ctx, cancel := context.WithCancel( + context.WithValue(context.Background(), wsKey, ws), + ) + + // Cleanup function for both goroutines + kill := func() { + // Trigger disconnect hooks + for _, ondisconnect := range rl.OnDisconnect { + ondisconnect(ctx) + } + + // Stop timers and cancel contexts + ticker.Stop() + cancel() + ws.cancel() + + // Close connection + ws.conn.Close() + + // Remove from tracking + rl.removeClientAndListeners(ws) + } + + // Launch read and write goroutines + go readLoop(ws, ctx, kill) + go writeLoop(ws, ctx, ticker, kill) +} +``` + +**Key steps:** +1. Check rejection hooks (rate limiting, IP bans, etc.) +2. Upgrade HTTP connection to WebSocket +3. Generate authentication challenge (NIP-42) +4. Initialize WebSocket wrapper with context +5. Register client in tracking map +6. Define cleanup function +7. Launch read and write goroutines + +### Read Loop (Primary Goroutine) + +```go +// handlers.go, lines 107-414 +go func() { + defer kill() + + // Configure read constraints + ws.conn.SetReadLimit(rl.MaxMessageSize) + ws.conn.SetReadDeadline(time.Now().Add(rl.PongWait)) + + // Auto-refresh deadline on Pong receipt + ws.conn.SetPongHandler(func(string) error { + ws.conn.SetReadDeadline(time.Now().Add(rl.PongWait)) + return nil + }) + + // Trigger connection hooks + for _, onconnect := range rl.OnConnect { + onconnect(ctx) + } + + // Create message parser (sonic parser is stateful) + smp := nostr.NewMessageParser() + + for { + // Read message (blocks until data available) + typ, msgb, err := ws.conn.ReadMessage() + if err != nil { + // Check if expected close + if websocket.IsUnexpectedCloseError( + err, + websocket.CloseNormalClosure, // 1000 + websocket.CloseGoingAway, // 1001 + websocket.CloseNoStatusReceived, // 1005 + websocket.CloseAbnormalClosure, // 1006 + 4537, // Custom: client preference + ) { + rl.Log.Printf("unexpected close error from %s: %v\n", + GetIPFromRequest(r), err) + } + ws.cancel() + return + } + + // Handle Ping manually (library should auto-respond, but...) + if typ == websocket.PingMessage { + ws.WriteMessage(websocket.PongMessage, nil) + continue + } + + // Zero-copy conversion to string + message := unsafe.String(unsafe.SliceData(msgb), len(msgb)) + + // Parse message (sequential due to sonic parser constraint) + envelope, err := smp.ParseMessage(message) + + // Handle message in separate goroutine (concurrent processing) + go func(message string) { + switch env := envelope.(type) { + case *nostr.EventEnvelope: + handleEvent(ctx, ws, env, rl) + case *nostr.ReqEnvelope: + handleReq(ctx, ws, env, rl) + case *nostr.CloseEnvelope: + handleClose(ctx, ws, env, rl) + case *nostr.CountEnvelope: + handleCount(ctx, ws, env, rl) + case *nostr.AuthEnvelope: + handleAuth(ctx, ws, env, rl) + case *nip77.OpenEnvelope: + handleNegentropyOpen(ctx, ws, env, rl) + case *nip77.MessageEnvelope: + handleNegentropyMsg(ctx, ws, env, rl) + case *nip77.CloseEnvelope: + handleNegentropyClose(ctx, ws, env, rl) + default: + ws.WriteJSON(nostr.NoticeEnvelope("unknown message type")) + } + }(message) + } +}() +``` + +**Critical patterns:** + +1. **SetReadDeadline + SetPongHandler:** Automatic timeout detection + - Read blocks up to `PongWait` (60s) + - Pong receipt resets deadline + - No Pong = timeout error = connection dead + +2. **Zero-copy string conversion:** + ```go + message := unsafe.String(unsafe.SliceData(msgb), len(msgb)) + ``` + - Avoids allocation when converting `[]byte` to `string` + - Safe because `msgb` is newly allocated by `ReadMessage()` + +3. **Sequential parsing, concurrent handling:** + - `smp.ParseMessage()` called sequentially (parser has state) + - Message handling dispatched to goroutine (concurrent) + - Balances correctness and performance + +4. **Goroutine-per-message pattern:** + ```go + go func(message string) { + // Handle message + }(message) + ``` + - Allows next message to be read immediately + - Prevents slow handler blocking read loop + - Captures `message` to avoid data race + +### Write Loop (Ping Goroutine) + +```go +// handlers.go, lines 416-433 +go func() { + defer kill() + + for { + select { + case <-ctx.Done(): + // Connection closed or context canceled + return + + case <-ticker.C: + // Send ping every PingPeriod (30s) + err := ws.WriteMessage(websocket.PingMessage, nil) + if err != nil { + if !strings.HasSuffix(err.Error(), "use of closed network connection") { + rl.Log.Printf("error writing ping: %v; closing websocket\n", err) + } + return + } + } + } +}() +``` + +**Purpose:** +- Send periodic pings to detect dead connections +- Uses `select` to monitor context cancellation +- Returns on any write error (connection dead) + +**Timing relationship:** +``` +PingPeriod: 30 seconds (send ping every 30s) +PongWait: 60 seconds (expect pong within 60s) + +Rule: PingPeriod < PongWait + +If client doesn't respond to 2 consecutive pings, +connection times out after 60 seconds. +``` + +### Connection Cleanup + +```go +kill := func() { + // 1. Trigger disconnect hooks + for _, ondisconnect := range rl.OnDisconnect { + ondisconnect(ctx) + } + + // 2. Stop timers + ticker.Stop() + + // 3. Cancel contexts + cancel() + ws.cancel() + + // 4. Close connection + ws.conn.Close() + + // 5. Remove from tracking + rl.removeClientAndListeners(ws) +} +defer kill() +``` + +**Cleanup order:** +1. **Hooks first:** Allow app to log, update stats +2. **Stop timers:** Prevent goroutine leaks +3. **Cancel contexts:** Signal cancellation to operations +4. **Close connection:** Release network resources +5. **Remove tracking:** Clean up maps + +**Why defer?** Ensures cleanup runs even if goroutine panics + +## Message Handling + +### Event Handling (EVENT) + +```go +// handlers.go, lines 163-258 +case *nostr.EventEnvelope: + // Validate event ID (must match hash of content) + if !env.Event.CheckID() { + ws.WriteJSON(nostr.OKEnvelope{ + EventID: env.Event.ID, + OK: false, + Reason: "invalid: id is computed incorrectly", + }) + return + } + + // Validate signature + if ok, err := env.Event.CheckSignature(); err != nil { + ws.WriteJSON(nostr.OKEnvelope{ + EventID: env.Event.ID, + OK: false, + Reason: "error: failed to verify signature", + }) + return + } else if !ok { + ws.WriteJSON(nostr.OKEnvelope{ + EventID: env.Event.ID, + OK: false, + Reason: "invalid: signature is invalid", + }) + return + } + + // Check NIP-70 protected events + if nip70.IsProtected(env.Event) { + authed := GetAuthed(ctx) + if authed == "" { + // Request authentication + RequestAuth(ctx) + ws.WriteJSON(nostr.OKEnvelope{ + EventID: env.Event.ID, + OK: false, + Reason: "auth-required: must be published by authenticated event author", + }) + return + } + } + + // Route to subrelay if using relay routing + srl := rl + if rl.getSubRelayFromEvent != nil { + srl = rl.getSubRelayFromEvent(&env.Event) + } + + // Handle event based on kind + var skipBroadcast bool + var writeErr error + + if env.Event.Kind == 5 { + // Deletion event + writeErr = srl.handleDeleteRequest(ctx, &env.Event) + } else if nostr.IsEphemeralKind(env.Event.Kind) { + // Ephemeral event (20000-29999) + writeErr = srl.handleEphemeral(ctx, &env.Event) + } else { + // Normal event + skipBroadcast, writeErr = srl.handleNormal(ctx, &env.Event) + } + + // Broadcast to subscribers (unless prevented) + if !skipBroadcast { + n := srl.notifyListeners(&env.Event) + // Can update reason with broadcast count + } + + // Send OK response + ok := writeErr == nil + reason := "" + if writeErr != nil { + reason = writeErr.Error() + } + + ws.WriteJSON(nostr.OKEnvelope{ + EventID: env.Event.ID, + OK: ok, + Reason: reason, + }) +``` + +**Validation sequence:** +1. Check event ID matches content hash +2. Verify cryptographic signature +3. Check authentication if protected event (NIP-70) +4. Route to appropriate subrelay (if multi-relay setup) +5. Handle based on kind (deletion, ephemeral, normal) +6. Broadcast to matching subscriptions +7. Send OK response to publisher + +### Request Handling (REQ) + +```go +// handlers.go, lines 289-324 +case *nostr.ReqEnvelope: + // Create WaitGroup for EOSE synchronization + eose := sync.WaitGroup{} + eose.Add(len(env.Filters)) + + // Create cancelable context for subscription + reqCtx, cancelReqCtx := context.WithCancelCause(ctx) + + // Expose subscription ID in context + reqCtx = context.WithValue(reqCtx, subscriptionIdKey, env.SubscriptionID) + + // Handle each filter + for _, filter := range env.Filters { + // Route to appropriate subrelay + srl := rl + if rl.getSubRelayFromFilter != nil { + srl = rl.getSubRelayFromFilter(filter) + } + + // Query stored events + err := srl.handleRequest(reqCtx, env.SubscriptionID, &eose, ws, filter) + if err != nil { + // Fail entire subscription if any filter rejected + reason := err.Error() + if strings.HasPrefix(reason, "auth-required:") { + RequestAuth(ctx) + } + ws.WriteJSON(nostr.ClosedEnvelope{ + SubscriptionID: env.SubscriptionID, + Reason: reason, + }) + cancelReqCtx(errors.New("filter rejected")) + return + } else { + // Add listener for real-time events + rl.addListener(ws, env.SubscriptionID, srl, filter, cancelReqCtx) + } + } + + // Send EOSE when all stored events dispatched + go func() { + eose.Wait() + ws.WriteJSON(nostr.EOSEEnvelope(env.SubscriptionID)) + }() +``` + +**Subscription lifecycle:** + +1. **Parse filters:** Client sends array of filters in REQ +2. **Create context:** Allows cancellation of subscription +3. **Query database:** For each filter, query stored events +4. **Stream results:** Send matching events to client +5. **Send EOSE:** End Of Stored Events marker +6. **Add listener:** Subscribe to real-time events + +**WaitGroup pattern:** +```go +eose := sync.WaitGroup{} +eose.Add(len(env.Filters)) + +// Each query handler calls eose.Done() when complete + +go func() { + eose.Wait() // Wait for all queries + ws.WriteJSON(nostr.EOSEEnvelope(env.SubscriptionID)) +}() +``` + +### Close Handling (CLOSE) + +```go +// handlers.go, lines 325-327 +case *nostr.CloseEnvelope: + id := string(*env) + rl.removeListenerId(ws, id) +``` + +**Simple unsubscribe:** Remove listener by subscription ID + +### Authentication (AUTH) + +```go +// handlers.go, lines 328-341 +case *nostr.AuthEnvelope: + // Compute relay WebSocket URL + wsBaseUrl := strings.Replace(rl.getBaseURL(r), "http", "ws", 1) + + // Validate AUTH event + if pubkey, ok := nip42.ValidateAuthEvent(&env.Event, ws.Challenge, wsBaseUrl); ok { + // Store authenticated pubkey + ws.AuthedPublicKey = pubkey + + // Close Authed channel (unblocks any waiting goroutines) + ws.authLock.Lock() + if ws.Authed != nil { + close(ws.Authed) + ws.Authed = nil + } + ws.authLock.Unlock() + + // Send OK response + ws.WriteJSON(nostr.OKEnvelope{EventID: env.Event.ID, OK: true}) + } else { + // Validation failed + ws.WriteJSON(nostr.OKEnvelope{ + EventID: env.Event.ID, + OK: false, + Reason: "error: failed to authenticate", + }) + } +``` + +**NIP-42 authentication:** +1. Client receives AUTH challenge on connect +2. Client creates kind-22242 event with challenge +3. Server validates event signature and challenge match +4. Server stores authenticated pubkey in `ws.AuthedPublicKey` + +## Subscription Management + +### Subscription Data Structures + +```go +// listener.go, lines 13-24 +type listenerSpec struct { + id string // Subscription ID from REQ + cancel context.CancelCauseFunc // Cancels this subscription + index int // Position in subrelay.listeners array + subrelay *Relay // Reference to (sub)relay handling this +} + +type listener struct { + id string // Subscription ID + filter nostr.Filter // Filter for matching events + ws *WebSocket // WebSocket connection +} +``` + +**Two-level tracking:** +1. **Per-client specs:** `clients map[*WebSocket][]listenerSpec` + - Tracks what subscriptions each client has + - Enables cleanup when client disconnects + +2. **Per-relay listeners:** `listeners []listener` + - Flat array for fast iteration when broadcasting + - No maps, no allocations during broadcast + +### Adding Listeners + +```go +// listener.go, lines 36-60 +func (rl *Relay) addListener( + ws *WebSocket, + id string, + subrelay *Relay, + filter nostr.Filter, + cancel context.CancelCauseFunc, +) { + rl.clientsMutex.Lock() + defer rl.clientsMutex.Unlock() + + if specs, ok := rl.clients[ws]; ok { + // Get position where listener will be added + idx := len(subrelay.listeners) + + // Add spec to client's list + rl.clients[ws] = append(specs, listenerSpec{ + id: id, + cancel: cancel, + subrelay: subrelay, + index: idx, + }) + + // Add listener to relay's list + subrelay.listeners = append(subrelay.listeners, listener{ + ws: ws, + id: id, + filter: filter, + }) + } +} +``` + +**O(1) append operation** + +### Removing Listeners by ID + +```go +// listener.go, lines 64-99 +func (rl *Relay) removeListenerId(ws *WebSocket, id string) { + rl.clientsMutex.Lock() + defer rl.clientsMutex.Unlock() + + if specs, ok := rl.clients[ws]; ok { + // Iterate backwards for safe removal + for s := len(specs) - 1; s >= 0; s-- { + spec := specs[s] + if spec.id == id { + // Cancel subscription context + spec.cancel(ErrSubscriptionClosedByClient) + + // Swap-delete from specs array + specs[s] = specs[len(specs)-1] + specs = specs[0 : len(specs)-1] + rl.clients[ws] = specs + + // Remove from listener list in subrelay + srl := spec.subrelay + + // If not last element, swap with last + if spec.index != len(srl.listeners)-1 { + movedFromIndex := len(srl.listeners) - 1 + moved := srl.listeners[movedFromIndex] + srl.listeners[spec.index] = moved + + // Update moved listener's spec index + movedSpecs := rl.clients[moved.ws] + idx := slices.IndexFunc(movedSpecs, func(ls listenerSpec) bool { + return ls.index == movedFromIndex && ls.subrelay == srl + }) + movedSpecs[idx].index = spec.index + rl.clients[moved.ws] = movedSpecs + } + + // Truncate listeners array + srl.listeners = srl.listeners[0 : len(srl.listeners)-1] + } + } + } +} +``` + +**Swap-delete pattern:** +1. Move last element to deleted position +2. Truncate array +3. **Result:** O(1) deletion without preserving order + +**Why not just delete?** +- `append(arr[:i], arr[i+1:]...)` is O(n) - shifts all elements +- Swap-delete is O(1) - just one swap and truncate +- Order doesn't matter for listeners + +### Removing All Client Listeners + +```go +// listener.go, lines 101-133 +func (rl *Relay) removeClientAndListeners(ws *WebSocket) { + rl.clientsMutex.Lock() + defer rl.clientsMutex.Unlock() + + if specs, ok := rl.clients[ws]; ok { + // Remove each subscription + for s, spec := range specs { + srl := spec.subrelay + + // Swap-delete from listeners array + if spec.index != len(srl.listeners)-1 { + movedFromIndex := len(srl.listeners) - 1 + moved := srl.listeners[movedFromIndex] + srl.listeners[spec.index] = moved + + // Mark current spec as invalid + rl.clients[ws][s].index = -1 + + // Update moved listener's spec + movedSpecs := rl.clients[moved.ws] + idx := slices.IndexFunc(movedSpecs, func(ls listenerSpec) bool { + return ls.index == movedFromIndex && ls.subrelay == srl + }) + movedSpecs[idx].index = spec.index + rl.clients[moved.ws] = movedSpecs + } + + // Truncate listeners array + srl.listeners = srl.listeners[0 : len(srl.listeners)-1] + } + } + + // Remove client from map + delete(rl.clients, ws) +} +``` + +**Called when client disconnects:** Removes all subscriptions for that client + +### Broadcasting to Listeners + +```go +// listener.go, lines 136-151 +func (rl *Relay) notifyListeners(event *nostr.Event) int { + count := 0 + +listenersloop: + for _, listener := range rl.listeners { + // Check if filter matches event + if listener.filter.Matches(event) { + // Check if broadcast should be prevented (hooks) + for _, pb := range rl.PreventBroadcast { + if pb(listener.ws, event) { + continue listenersloop + } + } + + // Send event to subscriber + listener.ws.WriteJSON(nostr.EventEnvelope{ + SubscriptionID: &listener.id, + Event: *event, + }) + count++ + } + } + + return count +} +``` + +**Performance characteristics:** +- **O(n) in number of listeners:** Iterates all active subscriptions +- **Fast filter matching:** Simple field comparisons +- **No allocations:** Uses existing listener array +- **Labeled continue:** Clean exit from nested loop + +**Optimization opportunity:** For relays with thousands of subscriptions, consider: +- Indexing listeners by event kind +- Using bloom filters for quick negatives +- Sharding listeners across goroutines + +## Context Utilities + +### Context Keys + +```go +// utils.go +const ( + wsKey = iota // WebSocket connection + subscriptionIdKey // Current subscription ID + nip86HeaderAuthKey // NIP-86 authorization header + internalCallKey // Internal call marker +) +``` + +**Pattern:** Use iota for compile-time context key uniqueness + +### Get WebSocket from Context + +```go +func GetConnection(ctx context.Context) *WebSocket { + wsi := ctx.Value(wsKey) + if wsi != nil { + return wsi.(*WebSocket) + } + return nil +} +``` + +**Usage:** Retrieve WebSocket in hooks and handlers + +### Get Authenticated Pubkey + +```go +func GetAuthed(ctx context.Context) string { + // Check WebSocket auth + if conn := GetConnection(ctx); conn != nil { + return conn.AuthedPublicKey + } + + // Check NIP-86 header auth + if nip86Auth := ctx.Value(nip86HeaderAuthKey); nip86Auth != nil { + return nip86Auth.(string) + } + + return "" +} +``` + +**Supports two auth mechanisms:** +1. NIP-42 WebSocket authentication +2. NIP-86 HTTP header authentication + +### Request Authentication + +```go +func RequestAuth(ctx context.Context) { + ws := GetConnection(ctx) + + ws.authLock.Lock() + if ws.Authed == nil { + ws.Authed = make(chan struct{}) + } + ws.authLock.Unlock() + + ws.WriteJSON(nostr.AuthEnvelope{Challenge: &ws.Challenge}) +} +``` + +**Sends AUTH challenge to client** + +### Wait for Authentication + +```go +func (ws *WebSocket) WaitForAuth(timeout time.Duration) bool { + ws.authLock.Lock() + authChan := ws.Authed + ws.authLock.Unlock() + + if authChan == nil { + return true // Already authenticated + } + + select { + case <-authChan: + return true // Authenticated + case <-time.After(timeout): + return false // Timeout + } +} +``` + +**Pattern:** Use closed channel as signal + +## Performance Patterns + +### Zero-Copy String Conversion + +```go +message := unsafe.String(unsafe.SliceData(msgb), len(msgb)) +``` + +**When safe:** +- `msgb` is newly allocated by `ReadMessage()` +- Not modified after conversion +- Message processing completes before next read + +**Savings:** Avoids 512 KB allocation per message + +### Goroutine-per-Message + +```go +go func(message string) { + handleMessage(message) +}(message) +``` + +**Benefits:** +- Read loop continues immediately +- Messages processed concurrently +- Natural backpressure (goroutine scheduler) + +**Trade-off:** Goroutine creation overhead (typically <1μs) + +### Swap-Delete for Slice Removal + +```go +// O(1) deletion +arr[i] = arr[len(arr)-1] +arr = arr[:len(arr)-1] + +// vs. O(n) deletion +arr = append(arr[:i], arr[i+1:]...) +``` + +**When appropriate:** +- Order doesn't matter (listeners, specs) +- Frequent removals expected +- Array size significant + +### Lock-Free Session Maps + +```go +negentropySessions *xsync.MapOf[string, *NegentropySession] +``` + +**vs. standard map with mutex:** +```go +sessions map[string]*NegentropySession +mutex sync.RWMutex +``` + +**Benefits of xsync.MapOf:** +- Lock-free concurrent access +- Better performance under contention +- No manual lock management + +**Trade-off:** Slightly more memory per entry + +## Testing Patterns + +### Basic WebSocket Test + +```go +func TestWebSocketConnection(t *testing.T) { + relay := khatru.NewRelay() + + // Start server + server := httptest.NewServer(relay) + defer server.Close() + + // Convert http:// to ws:// + wsURL := "ws" + strings.TrimPrefix(server.URL, "http") + + // Connect client + ws, _, err := websocket.DefaultDialer.Dial(wsURL, nil) + if err != nil { + t.Fatalf("Dial failed: %v", err) + } + defer ws.Close() + + // Send REQ + req := `["REQ","test",{"kinds":[1]}]` + if err := ws.WriteMessage(websocket.TextMessage, []byte(req)); err != nil { + t.Fatalf("WriteMessage failed: %v", err) + } + + // Read EOSE + _, msg, err := ws.ReadMessage() + if err != nil { + t.Fatalf("ReadMessage failed: %v", err) + } + + if !strings.Contains(string(msg), "EOSE") { + t.Errorf("Expected EOSE, got: %s", msg) + } +} +``` + +### Testing Hooks + +```go +func TestRejectConnection(t *testing.T) { + relay := khatru.NewRelay() + + // Add rejection hook + relay.RejectConnection = append(relay.RejectConnection, + func(r *http.Request) bool { + return r.RemoteAddr == "192.0.2.1:12345" // Block specific IP + }, + ) + + server := httptest.NewServer(relay) + defer server.Close() + + wsURL := "ws" + strings.TrimPrefix(server.URL, "http") + + // Should fail to connect + ws, resp, err := websocket.DefaultDialer.Dial(wsURL, nil) + if err == nil { + ws.Close() + t.Fatal("Expected connection to be rejected") + } + + if resp.StatusCode != 429 { + t.Errorf("Expected 429, got %d", resp.StatusCode) + } +} +``` + +## Production Deployment + +### Recommended Configuration + +```go +relay := khatru.NewRelay() + +relay.ServiceURL = "wss://relay.example.com" +relay.WriteWait = 10 * time.Second +relay.PongWait = 60 * time.Second +relay.PingPeriod = 30 * time.Second +relay.MaxMessageSize = 512000 // 512 KB + +relay.upgrader.EnableCompression = true +relay.upgrader.CheckOrigin = func(r *http.Request) bool { + // For public relays: return true + // For private relays: validate origin + return true +} +``` + +### Rate Limiting Hook + +```go +import "golang.org/x/time/rate" + +type RateLimiter struct { + limiters map[string]*rate.Limiter + mu sync.Mutex +} + +func (rl *RateLimiter) getLimiter(ip string) *rate.Limiter { + rl.mu.Lock() + defer rl.mu.Unlock() + + limiter, exists := rl.limiters[ip] + if !exists { + limiter = rate.NewLimiter(10, 20) // 10/sec, burst 20 + rl.limiters[ip] = limiter + } + + return limiter +} + +rateLimiter := &RateLimiter{limiters: make(map[string]*rate.Limiter)} + +relay.RejectConnection = append(relay.RejectConnection, + func(r *http.Request) bool { + ip := getIP(r) + return !rateLimiter.getLimiter(ip).Allow() + }, +) +``` + +### Monitoring Hook + +```go +relay.OnConnect = append(relay.OnConnect, + func(ctx context.Context) { + ws := khatru.GetConnection(ctx) + log.Printf("connection from %s", khatru.GetIP(ctx)) + metrics.ActiveConnections.Inc() + }, +) + +relay.OnDisconnect = append(relay.OnDisconnect, + func(ctx context.Context) { + log.Printf("disconnection from %s", khatru.GetIP(ctx)) + metrics.ActiveConnections.Dec() + }, +) +``` + +### Graceful Shutdown + +```go +server := &http.Server{ + Addr: ":8080", + Handler: relay, +} + +// Handle shutdown signals +sigChan := make(chan os.Signal, 1) +signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM) + +go func() { + if err := server.ListenAndServe(); err != http.ErrServerClosed { + log.Fatal(err) + } +}() + +<-sigChan +log.Println("Shutting down...") + +// Graceful shutdown with timeout +ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) +defer cancel() + +if err := server.Shutdown(ctx); err != nil { + log.Printf("Shutdown error: %v", err) +} +``` + +## Summary + +**Key architectural decisions:** +1. **Dual goroutine per connection:** Separate read and ping concerns +2. **Mutex-protected writes:** Simplest concurrency safety +3. **Hook-based extensibility:** Plugin architecture without framework changes +4. **Swap-delete for listeners:** O(1) subscription removal +5. **Context-based lifecycle:** Clean cancellation propagation +6. **Zero-copy optimizations:** Reduce allocations in hot path + +**When to use khatru patterns:** +- Building Nostr relays in Go +- Need plugin architecture (hooks) +- Want simple, understandable WebSocket handling +- Prioritize correctness over maximum performance +- Support multi-relay routing + +**Performance characteristics:** +- Handles 10,000+ concurrent connections per server +- Sub-millisecond latency for event broadcast +- ~10 MB memory per 1000 connections +- Single-core CPU can serve 1000+ req/sec + +**Further reading:** +- khatru repository: https://github.com/fiatjaf/khatru +- nostr-sdk (includes khatru): https://github.com/nbd-wtf/go-nostr +- WebSocket library: https://github.com/fasthttp/websocket diff --git a/.claude/skills/nostr-websocket/references/rust_implementation.md b/.claude/skills/nostr-websocket/references/rust_implementation.md new file mode 100644 index 00000000..f5d09a96 --- /dev/null +++ b/.claude/skills/nostr-websocket/references/rust_implementation.md @@ -0,0 +1,1307 @@ +# Rust WebSocket Implementation for Nostr Relays (nostr-rs-relay patterns) + +This reference documents production-ready async WebSocket patterns from the nostr-rs-relay implementation in Rust. + +## Repository Information + +- **Project:** nostr-rs-relay - Nostr relay in Rust +- **Repository:** https://github.com/scsibug/nostr-rs-relay +- **Language:** Rust (2021 edition) +- **WebSocket Library:** tokio-tungstenite 0.17 +- **Async Runtime:** tokio 1.x +- **Architecture:** Async/await with tokio::select! for concurrent operations + +## Core Architecture + +### Async Runtime Foundation + +nostr-rs-relay is built on tokio, Rust's async runtime: + +```rust +#[tokio::main] +async fn main() { + // Initialize logging + tracing_subscriber::fmt::init(); + + // Load configuration + let settings = Settings::load().expect("Failed to load config"); + + // Initialize database connection pool + let repo = create_database_pool(&settings).await; + + // Create broadcast channel for real-time events + let (broadcast_tx, _) = broadcast::channel(1024); + + // Create shutdown signal channel + let (shutdown_tx, _) = broadcast::channel(1); + + // Start HTTP server with WebSocket upgrade + let server = Server::bind(&settings.network.address) + .serve(make_service_fn(|_| { + let repo = repo.clone(); + let broadcast = broadcast_tx.clone(); + let shutdown = shutdown_tx.subscribe(); + let settings = settings.clone(); + + async move { + Ok::<_, Infallible>(service_fn(move |req| { + handle_request( + req, + repo.clone(), + broadcast.clone(), + shutdown.subscribe(), + settings.clone(), + ) + })) + } + })); + + // Handle graceful shutdown + tokio::select! { + _ = server => {}, + _ = tokio::signal::ctrl_c() => { + info!("Shutting down gracefully"); + shutdown_tx.send(()).ok(); + }, + } +} +``` + +**Key components:** +- **tokio runtime:** Manages async tasks and I/O +- **Broadcast channels:** Publish-subscribe for real-time events +- **Database pool:** Shared connection pool across tasks +- **Graceful shutdown:** Signal propagation via broadcast channel + +### WebSocket Configuration + +```rust +let config = WebSocketConfig { + max_send_queue: Some(1024), + max_message_size: settings.limits.max_ws_message_bytes, + max_frame_size: settings.limits.max_ws_frame_bytes, + ..Default::default() +}; + +let ws_stream = WebSocketStream::from_raw_socket( + upgraded, + tokio_tungstenite::tungstenite::protocol::Role::Server, + Some(config), +).await; +``` + +**Configuration options:** +- `max_send_queue`: Maximum queued outgoing messages (1024) +- `max_message_size`: Maximum message size in bytes (default 512 KB) +- `max_frame_size`: Maximum frame size in bytes (default 16 KB) + +**Recommended production settings:** +```rust +WebSocketConfig { + max_send_queue: Some(1024), + max_message_size: Some(512_000), // 512 KB + max_frame_size: Some(16_384), // 16 KB + accept_unmasked_frames: false, // Security + ..Default::default() +} +``` + +## Connection State Management + +### ClientConn Structure + +```rust +pub struct ClientConn { + /// Client IP address (from socket or proxy header) + client_ip_addr: String, + + /// Unique client identifier (UUID v4) + client_id: Uuid, + + /// Active subscriptions (keyed by subscription ID) + subscriptions: HashMap, + + /// Maximum concurrent subscriptions per connection + max_subs: usize, + + /// NIP-42 authentication state + auth: Nip42AuthState, +} + +pub enum Nip42AuthState { + /// Not authenticated yet + NoAuth, + /// AUTH challenge sent + Challenge(String), + /// Authenticated with pubkey + AuthPubkey(String), +} + +impl ClientConn { + pub fn new(client_ip_addr: String) -> Self { + ClientConn { + client_ip_addr, + client_id: Uuid::new_v4(), + subscriptions: HashMap::new(), + max_subs: 32, + auth: Nip42AuthState::NoAuth, + } + } + + /// Add subscription (enforces limits) + pub fn subscribe(&mut self, s: Subscription) -> Result<()> { + let sub_id_len = s.id.len(); + + // Prevent excessively long subscription IDs + if sub_id_len > MAX_SUBSCRIPTION_ID_LEN { + return Err(Error::SubIdMaxLengthError); + } + + // Check subscription limit + if self.subscriptions.len() >= self.max_subs { + return Err(Error::SubMaxExceededError); + } + + self.subscriptions.insert(s.id.clone(), s); + Ok(()) + } + + /// Remove subscription + pub fn unsubscribe(&mut self, id: &str) { + self.subscriptions.remove(id); + } + + /// Get all subscriptions + pub fn subscriptions(&self) -> impl Iterator { + self.subscriptions.iter() + } +} +``` + +**Resource limits:** +```rust +const MAX_SUBSCRIPTION_ID_LEN: usize = 256; +const MAX_SUBS_PER_CLIENT: usize = 32; +``` + +**Security considerations:** +- UUID prevents ID guessing attacks +- Subscription limits prevent resource exhaustion +- Subscription ID length limit prevents hash collision attacks + +## Main Event Loop (tokio::select!) + +### Async Message Multiplexing + +```rust +async fn nostr_server( + repo: Arc, + client_info: ClientInfo, + settings: Settings, + mut ws_stream: WebSocketStream, + broadcast: Sender, + event_tx: mpsc::Sender, + mut shutdown: Receiver<()>, + metrics: NostrMetrics, +) { + // Initialize connection state + let mut conn = ClientConn::new(client_info.remote_ip); + + // Subscribe to broadcast events + let mut bcast_rx = broadcast.subscribe(); + + // Create channels for database queries + let (query_tx, mut query_rx) = mpsc::channel(256); + let (notice_tx, mut notice_rx) = mpsc::channel(32); + + // Track activity for timeout + let mut last_message_time = Instant::now(); + let max_quiet_time = Duration::from_secs(settings.limits.max_conn_idle_seconds); + + // Periodic ping interval (5 minutes) + let mut ping_interval = tokio::time::interval(Duration::from_secs(300)); + + // Main event loop + loop { + tokio::select! { + // 1. Handle shutdown signal + _ = shutdown.recv() => { + info!("Shutdown received, closing connection"); + break; + }, + + // 2. Send periodic pings + _ = ping_interval.tick() => { + // Check if connection has been quiet too long + if last_message_time.elapsed() > max_quiet_time { + debug!("Connection idle timeout"); + metrics.disconnects.with_label_values(&["timeout"]).inc(); + break; + } + + // Send ping + if ws_stream.send(Message::Ping(Vec::new())).await.is_err() { + break; + } + }, + + // 3. Handle notice messages (from database queries) + Some(notice_msg) = notice_rx.recv() => { + ws_stream.send(make_notice_message(¬ice_msg)).await.ok(); + }, + + // 4. Handle query results (from database) + Some(query_result) = query_rx.recv() => { + match query_result { + QueryResult::Event(sub_id, event) => { + // Send event to client + let event_str = serde_json::to_string(&event)?; + let msg = format!("[\"EVENT\",\"{}\",{}]", sub_id, event_str); + ws_stream.send(Message::Text(msg)).await.ok(); + metrics.sent_events.with_label_values(&["stored"]).inc(); + }, + QueryResult::EOSE(sub_id) => { + // Send EOSE marker + let msg = format!("[\"EOSE\",\"{}\"]", sub_id); + ws_stream.send(Message::Text(msg)).await.ok(); + }, + } + }, + + // 5. Handle broadcast events (real-time) + Ok(global_event) = bcast_rx.recv() => { + // Check all subscriptions + for (sub_id, subscription) in conn.subscriptions() { + if subscription.interested_in_event(&global_event) { + // Serialize and send + let event_str = serde_json::to_string(&global_event)?; + let msg = format!("[\"EVENT\",\"{}\",{}]", sub_id, event_str); + ws_stream.send(Message::Text(msg)).await.ok(); + metrics.sent_events.with_label_values(&["realtime"]).inc(); + } + } + }, + + // 6. Handle incoming WebSocket messages + ws_next = ws_stream.next() => { + last_message_time = Instant::now(); + + let nostr_msg = match ws_next { + // Text message (expected) + Some(Ok(Message::Text(m))) => { + convert_to_msg(&m, settings.limits.max_event_bytes) + }, + + // Binary message (not accepted) + Some(Ok(Message::Binary(_))) => { + ws_stream.send(make_notice_message( + &Notice::message("binary messages not accepted".into()) + )).await.ok(); + continue; + }, + + // Ping/Pong (handled automatically by tungstenite) + Some(Ok(Message::Ping(_) | Message::Pong(_))) => { + continue; + }, + + // Capacity error (message too large) + Some(Err(WsError::Capacity(MessageTooLong{size, max_size}))) => { + ws_stream.send(make_notice_message( + &Notice::message(format!("message too large ({} > {})", size, max_size)) + )).await.ok(); + continue; + }, + + // Connection closed (graceful or error) + None | + Some(Ok(Message::Close(_))) | + Some(Err(WsError::AlreadyClosed | WsError::ConnectionClosed)) => { + debug!("WebSocket closed from client"); + metrics.disconnects.with_label_values(&["normal"]).inc(); + break; + }, + + // I/O error (network failure) + Some(Err(WsError::Io(e))) => { + warn!("I/O error on WebSocket: {:?}", e); + metrics.disconnects.with_label_values(&["error"]).inc(); + break; + }, + + // Unknown error + x => { + info!("Unknown WebSocket error: {:?}", x); + metrics.disconnects.with_label_values(&["error"]).inc(); + break; + } + }; + + // Process Nostr message + if let Ok(msg) = nostr_msg { + handle_nostr_message( + msg, + &mut conn, + &repo, + &event_tx, + &query_tx, + ¬ice_tx, + &settings, + &metrics, + ).await; + } + }, + } + } + + // Cleanup on disconnect + for (_, stop_tx) in running_queries { + stop_tx.send(()).ok(); + } + + info!( + "Connection closed: cid={}, ip={}, sent={} events, recv={} events, duration={:?}", + conn.client_id, + conn.client_ip_addr, + client_sent_event_count, + client_received_event_count, + connection_start.elapsed() + ); +} +``` + +**tokio::select! pattern:** +- **Concurrent awaiting:** All branches polled concurrently +- **Fair scheduling:** No branch starves others +- **Clean shutdown:** Any branch can break loop + +**Key branches:** +1. **Shutdown:** Graceful termination signal +2. **Ping timer:** Keep-alive mechanism +3. **Notice messages:** Error/info from database +4. **Query results:** Stored events from database +5. **Broadcast events:** Real-time events from other clients +6. **WebSocket messages:** Incoming client messages + +## Message Handling + +### Nostr Message Types + +```rust +#[derive(Deserialize, Serialize, Clone, Debug)] +#[serde(untagged)] +pub enum NostrMessage { + /// EVENT and AUTH messages + EventMsg(EventCmd), + /// REQ message + SubMsg(Subscription), + /// CLOSE message + CloseMsg(CloseCmd), +} + +#[derive(Deserialize, Serialize, Clone, Debug)] +#[serde(untagged)] +pub enum EventCmd { + /// EVENT command + Event(Event), + /// AUTH command (NIP-42) + Auth(Event), +} + +/// Convert JSON string to NostrMessage +fn convert_to_msg(msg: &str, max_bytes: Option) -> Result { + // Check size limit before parsing + if let Some(max_size) = max_bytes { + if msg.len() > max_size && max_size > 0 { + return Err(Error::EventMaxLengthError(msg.len())); + } + } + + // Parse JSON + serde_json::from_str(msg).map_err(|e| { + trace!("JSON parse error: {:?}", e); + Error::ProtoParseError + }) +} +``` + +**Untagged enum:** serde_json tries each variant until one matches + +### EVENT Message Handling + +```rust +async fn handle_event( + event: Event, + conn: &ClientConn, + event_tx: &mpsc::Sender, + settings: &Settings, + metrics: &NostrMetrics, +) -> Notice { + // Update metrics + metrics.cmd_event.inc(); + + // Validate event ID + if !event.validate_id() { + return Notice::invalid(&event.id, "event id does not match content"); + } + + // Verify signature + if let Err(e) = event.verify_signature() { + return Notice::invalid(&event.id, &format!("signature verification failed: {}", e)); + } + + // Check timestamp (reject far future events) + let now = SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs(); + + if event.created_at > now + settings.limits.max_future_seconds { + return Notice::invalid(&event.id, "event timestamp too far in future"); + } + + // Check expiration (NIP-40) + if let Some(expiration) = event.get_expiration() { + if expiration < now { + return Notice::invalid(&event.id, "event has expired"); + } + } + + // Check authentication requirements + if event.is_protected() { + match &conn.auth { + Nip42AuthState::AuthPubkey(pubkey) => { + if pubkey != &event.pubkey { + return Notice::auth_required(&event.id, "protected event must be published by authenticated author"); + } + }, + _ => { + return Notice::auth_required(&event.id, "auth-required: protected event"); + } + } + } + + // Send to event processing pipeline + let submitted = SubmittedEvent { + event, + source_ip: conn.client_ip_addr.clone(), + client_id: conn.client_id, + }; + + if event_tx.send(submitted).await.is_err() { + return Notice::error("internal server error"); + } + + // Wait for database response (with timeout) + // Returns OK message when stored + Notice::saved(&event.id) +} +``` + +**Validation sequence:** +1. Event ID matches content hash +2. Signature cryptographically valid +3. Timestamp not too far in future +4. Event not expired (NIP-40) +5. Authentication valid if protected (NIP-70) + +### REQ Message Handling + +```rust +async fn handle_req( + subscription: Subscription, + conn: &mut ClientConn, + repo: &Arc, + query_tx: &mpsc::Sender, + notice_tx: &mpsc::Sender, + settings: &Settings, + metrics: &NostrMetrics, +) { + metrics.cmd_req.inc(); + + // Add subscription to connection + if let Err(e) = conn.subscribe(subscription.clone()) { + let reason = match e { + Error::SubMaxExceededError => "subscription limit exceeded", + Error::SubIdMaxLengthError => "subscription ID too long", + _ => "subscription rejected", + }; + + // Send CLOSED message + let msg = format!("[\"CLOSED\",\"{}\",\"{}\"]", subscription.id, reason); + notice_tx.send(Notice::message(msg)).await.ok(); + return; + } + + // Spawn query task for each filter + for filter in subscription.filters { + // Validate filter (prevent overly broad queries) + if filter.is_scraper_query() { + let msg = format!("[\"CLOSED\",\"{}\",\"filter too broad\"]", subscription.id); + notice_tx.send(Notice::message(msg)).await.ok(); + conn.unsubscribe(&subscription.id); + return; + } + + // Clone channels for query task + let sub_id = subscription.id.clone(); + let query_tx = query_tx.clone(); + let repo = repo.clone(); + + // Spawn async query task + tokio::spawn(async move { + // Query database + let events = repo.query_events(&filter).await; + + // Send results + for event in events { + query_tx.send(QueryResult::Event(sub_id.clone(), event)).await.ok(); + } + + // Send EOSE + query_tx.send(QueryResult::EOSE(sub_id)).await.ok(); + }); + } +} +``` + +**Async pattern:** Each filter query runs in separate task + +**Scraper detection:** +```rust +impl Subscription { + /// Check if subscription is too broad (potential scraper) + pub fn is_scraper(&self) -> bool { + for filter in &self.filters { + let mut specificity = 0; + + // Award points for specific filters + if filter.ids.is_some() { specificity += 2; } + if filter.authors.is_some() { specificity += 1; } + if filter.kinds.is_some() { specificity += 1; } + if filter.tags.is_some() { specificity += 1; } + + // Require at least 2 points + if specificity < 2 { + return true; + } + } + false + } +} +``` + +### CLOSE Message Handling + +```rust +async fn handle_close( + close: CloseCmd, + conn: &mut ClientConn, + metrics: &NostrMetrics, +) { + metrics.cmd_close.inc(); + conn.unsubscribe(&close.id); + debug!("Subscription closed: {}", close.id); +} +``` + +**Simple unsubscribe:** Remove subscription from connection state + +## Filter Matching + +### Filter Structure + +```rust +#[derive(Deserialize, Serialize, Clone, Debug)] +pub struct ReqFilter { + /// Event IDs (prefix match) + #[serde(skip_serializing_if = "Option::is_none")] + pub ids: Option>, + + /// Event kinds + #[serde(skip_serializing_if = "Option::is_none")] + pub kinds: Option>, + + /// Event created after this timestamp + #[serde(skip_serializing_if = "Option::is_none")] + pub since: Option, + + /// Event created before this timestamp + #[serde(skip_serializing_if = "Option::is_none")] + pub until: Option, + + /// Author pubkeys (prefix match) + #[serde(skip_serializing_if = "Option::is_none")] + pub authors: Option>, + + /// Maximum number of events to return + #[serde(skip_serializing_if = "Option::is_none")] + pub limit: Option, + + /// Generic tag filters (e.g., #e, #p) + #[serde(flatten)] + pub tags: Option>>, + + /// Force no match (internal use) + #[serde(skip)] + pub force_no_match: bool, +} +``` + +### Event Matching Logic + +```rust +impl ReqFilter { + /// Check if event matches all filter criteria + pub fn interested_in_event(&self, event: &Event) -> bool { + // Short-circuit on force_no_match + if self.force_no_match { + return false; + } + + // All criteria must match + self.ids_match(event) + && self.since_match(event) + && self.until_match(event) + && self.kind_match(event) + && self.authors_match(event) + && self.tag_match(event) + } + + /// Check if event ID matches (prefix match) + fn ids_match(&self, event: &Event) -> bool { + self.ids.as_ref().map_or(true, |ids| { + ids.iter().any(|id| event.id.starts_with(id)) + }) + } + + /// Check if timestamp in range + fn since_match(&self, event: &Event) -> bool { + self.since.map_or(true, |since| event.created_at >= since) + } + + fn until_match(&self, event: &Event) -> bool { + self.until.map_or(true, |until| event.created_at <= until) + } + + /// Check if kind matches + fn kind_match(&self, event: &Event) -> bool { + self.kinds.as_ref().map_or(true, |kinds| { + kinds.contains(&event.kind) + }) + } + + /// Check if author matches (prefix match) + fn authors_match(&self, event: &Event) -> bool { + self.authors.as_ref().map_or(true, |authors| { + authors.iter().any(|author| event.pubkey.starts_with(author)) + }) + } + + /// Check if tags match + fn tag_match(&self, event: &Event) -> bool { + self.tags.as_ref().map_or(true, |tag_filters| { + // All tag filters must match + tag_filters.iter().all(|(tag_name, tag_values)| { + // Event must have at least one matching value for this tag + event.generic_tag_val_intersect(*tag_name, tag_values) + }) + }) + } +} +``` + +**Performance characteristics:** +- **Early return:** `force_no_match` short-circuits immediately +- **Prefix matching:** Allows hex prefix searches (e.g., "abc" matches "abc123...") +- **Set intersection:** Uses `HashSet` for efficient tag value matching + +## Database Abstraction + +### NostrRepo Trait + +```rust +#[async_trait] +pub trait NostrRepo: Send + Sync { + /// Query events matching filter + async fn query_events(&self, filter: &ReqFilter) -> Vec; + + /// Store event + async fn store_event(&self, event: &Event) -> Result<()>; + + /// Check if event exists + async fn event_exists(&self, id: &str) -> bool; + + /// Delete events (kind 5) + async fn delete_events(&self, deletion: &Event) -> Result; + + /// Get relay info (NIP-11) + async fn get_relay_info(&self) -> RelayInfo; +} +``` + +**Implementations:** +- **PostgreSQL:** Production deployments +- **SQLite:** Development and small relays +- **In-memory:** Testing + +### PostgreSQL Implementation Example + +```rust +#[async_trait] +impl NostrRepo for PostgresRepo { + async fn query_events(&self, filter: &ReqFilter) -> Vec { + let mut query = String::from("SELECT event_json FROM events WHERE "); + let mut conditions = Vec::new(); + let mut param_num = 1; + + // Build WHERE clause + if let Some(ids) = &filter.ids { + let id_conditions: Vec = ids.iter() + .map(|_| { let p = param_num; param_num += 1; format!("id LIKE ${} || '%'", p) }) + .collect(); + conditions.push(format!("({})", id_conditions.join(" OR "))); + } + + if let Some(authors) = &filter.authors { + let author_conditions: Vec = authors.iter() + .map(|_| { let p = param_num; param_num += 1; format!("pubkey LIKE ${} || '%'", p) }) + .collect(); + conditions.push(format!("({})", author_conditions.join(" OR "))); + } + + if let Some(kinds) = &filter.kinds { + let kind_list = kinds.iter() + .map(|k| k.to_string()) + .collect::>() + .join(", "); + conditions.push(format!("kind IN ({})", kind_list)); + } + + if let Some(since) = filter.since { + conditions.push(format!("created_at >= {}", since)); + } + + if let Some(until) = filter.until { + conditions.push(format!("created_at <= {}", until)); + } + + // Add tag filters (requires JOIN with tags table) + if let Some(tags) = &filter.tags { + for (tag_name, _) in tags { + let p = param_num; + param_num += 1; + conditions.push(format!( + "EXISTS (SELECT 1 FROM tags WHERE tags.event_id = events.id \ + AND tags.name = ${} AND tags.value = ANY(${})", + p, p + 1 + )); + } + } + + query.push_str(&conditions.join(" AND ")); + query.push_str(" ORDER BY created_at DESC"); + + if let Some(limit) = filter.limit { + query.push_str(&format!(" LIMIT {}", limit)); + } + + // Execute query with connection pool + let rows = self.pool.query(&query, ¶ms).await?; + + // Parse results + rows.into_iter() + .filter_map(|row| { + let json: String = row.get(0); + serde_json::from_str(&json).ok() + }) + .collect() + } + + async fn store_event(&self, event: &Event) -> Result<()> { + let event_json = serde_json::to_string(event)?; + + // Insert event + self.pool.execute( + "INSERT INTO events (id, pubkey, created_at, kind, event_json) \ + VALUES ($1, $2, $3, $4, $5) \ + ON CONFLICT (id) DO NOTHING", + &[&event.id, &event.pubkey, &(event.created_at as i64), &(event.kind as i64), &event_json] + ).await?; + + // Insert tags + for tag in &event.tags { + if tag.len() >= 2 { + let tag_name = &tag[0]; + let tag_value = &tag[1]; + + self.pool.execute( + "INSERT INTO tags (event_id, name, value) VALUES ($1, $2, $3)", + &[&event.id, tag_name, tag_value] + ).await.ok(); + } + } + + Ok(()) + } +} +``` + +**Database schema:** +```sql +CREATE TABLE events ( + id TEXT PRIMARY KEY, + pubkey TEXT NOT NULL, + created_at BIGINT NOT NULL, + kind INTEGER NOT NULL, + event_json TEXT NOT NULL +); + +CREATE INDEX idx_pubkey ON events(pubkey); +CREATE INDEX idx_created_at ON events(created_at); +CREATE INDEX idx_kind ON events(kind); + +CREATE TABLE tags ( + event_id TEXT NOT NULL REFERENCES events(id) ON DELETE CASCADE, + name TEXT NOT NULL, + value TEXT NOT NULL +); + +CREATE INDEX idx_tags_event ON tags(event_id); +CREATE INDEX idx_tags_name_value ON tags(name, value); +``` + +## Error Handling + +### Error Types + +```rust +#[derive(Error, Debug)] +pub enum Error { + #[error("Protocol parse error")] + ProtoParseError, + + #[error("Event invalid signature")] + EventInvalidSignature, + + #[error("Event invalid ID")] + EventInvalidId, + + #[error("Event too large: {0} bytes")] + EventMaxLengthError(usize), + + #[error("Subscription ID max length exceeded")] + SubIdMaxLengthError, + + #[error("Subscription limit exceeded")] + SubMaxExceededError, + + #[error("WebSocket error: {0}")] + WebsocketError(#[from] WsError), + + #[error("Database error: {0}")] + DatabaseError(String), + + #[error("Connection closed")] + ConnClosed, +} +``` + +**Using thiserror:** Automatic `impl Error` and `Display` + +### Error Handling in Event Loop + +```rust +match ws_stream.next().await { + Some(Ok(Message::Text(msg))) => { + // Handle text message + }, + + Some(Err(WsError::Capacity(MessageTooLong{size, max_size}))) => { + // Message too large - send notice, continue + let notice = format!("message too large ({} > {})", size, max_size); + ws_stream.send(make_notice_message(&Notice::message(notice))).await.ok(); + continue; + }, + + Some(Err(WsError::Io(e))) => { + // I/O error - log and close connection + warn!("I/O error on WebSocket: {:?}", e); + metrics.disconnects.with_label_values(&["error"]).inc(); + break; + }, + + None | Some(Ok(Message::Close(_))) => { + // Normal closure + debug!("Connection closed gracefully"); + metrics.disconnects.with_label_values(&["normal"]).inc(); + break; + }, + + _ => { + // Unknown error - close connection + info!("Unknown WebSocket error"); + metrics.disconnects.with_label_values(&["error"]).inc(); + break; + } +} +``` + +**Error strategy:** +- **Recoverable errors:** Send notice, continue loop +- **Fatal errors:** Log and break loop +- **Classify disconnects:** Metrics by disconnect reason + +## Metrics and Monitoring + +### Prometheus Metrics + +```rust +#[derive(Clone)] +pub struct NostrMetrics { + /// Query response time histogram + pub query_sub: Histogram, + + /// Individual database query time + pub query_db: Histogram, + + /// Active database connections + pub db_connections: IntGauge, + + /// Event write response time + pub write_events: Histogram, + + /// Events sent to clients (by source: stored/realtime) + pub sent_events: IntCounterVec, + + /// Total connections + pub connections: IntCounter, + + /// Client disconnects (by reason: normal/error/timeout) + pub disconnects: IntCounterVec, + + /// Queries aborted (by reason) + pub query_aborts: IntCounterVec, + + /// Commands received (by type: REQ/EVENT/CLOSE/AUTH) + pub cmd_req: IntCounter, + pub cmd_event: IntCounter, + pub cmd_close: IntCounter, + pub cmd_auth: IntCounter, +} + +impl NostrMetrics { + pub fn new() -> Self { + NostrMetrics { + query_sub: register_histogram!( + "nostr_query_seconds", + "Subscription query response time" + ).unwrap(), + + db_connections: register_int_gauge!( + "nostr_db_connections", + "Active database connections" + ).unwrap(), + + sent_events: register_int_counter_vec!( + "nostr_sent_events_total", + "Events sent to clients", + &["source"] + ).unwrap(), + + disconnects: register_int_counter_vec!( + "nostr_disconnects_total", + "Client disconnections", + &["reason"] + ).unwrap(), + + // ... more metrics + } + } +} +``` + +**Tracking in code:** +```rust +// Command received +metrics.cmd_req.inc(); + +// Query timing +let timer = metrics.query_sub.start_timer(); +let events = repo.query_events(&filter).await; +timer.observe_duration(); + +// Event sent +metrics.sent_events.with_label_values(&["realtime"]).inc(); + +// Disconnect +metrics.disconnects.with_label_values(&["timeout"]).inc(); +``` + +**Prometheus endpoint:** +```rust +async fn metrics_handler() -> impl Reply { + use prometheus::Encoder; + let encoder = prometheus::TextEncoder::new(); + let metric_families = prometheus::gather(); + let mut buffer = Vec::new(); + encoder.encode(&metric_families, &mut buffer).unwrap(); + warp::reply::with_header(buffer, "Content-Type", encoder.format_type()) +} +``` + +## Configuration + +### Settings Structure + +```rust +#[derive(Deserialize, Clone)] +pub struct Settings { + pub network: NetworkSettings, + pub database: DatabaseSettings, + pub limits: LimitsSettings, + pub relay_info: RelayInfo, +} + +#[derive(Deserialize, Clone)] +pub struct NetworkSettings { + pub address: SocketAddr, + pub remote_ip_header: Option, +} + +#[derive(Deserialize, Clone)] +pub struct LimitsSettings { + pub max_ws_message_bytes: Option, + pub max_ws_frame_bytes: Option, + pub max_event_bytes: Option, + pub max_conn_idle_seconds: u64, + pub max_future_seconds: u64, +} + +impl Settings { + pub fn load() -> Result { + let config = config::Config::builder() + .add_source(config::File::with_name("config")) + .add_source(config::Environment::with_prefix("NOSTR")) + .build()?; + + config.try_deserialize() + } +} +``` + +**config.toml example:** +```toml +[network] +address = "0.0.0.0:8080" +remote_ip_header = "X-Forwarded-For" + +[database] +connection = "postgresql://user:pass@localhost/nostr" +pool_size = 20 + +[limits] +max_ws_message_bytes = 512000 +max_ws_frame_bytes = 16384 +max_event_bytes = 65536 +max_conn_idle_seconds = 1200 +max_future_seconds = 900 + +[relay_info] +name = "My Nostr Relay" +description = "A public Nostr relay" +pubkey = "..." +contact = "admin@example.com" +``` + +## Testing + +### Integration Test Example + +```rust +#[tokio::test] +async fn test_websocket_subscription() { + // Setup test relay + let repo = Arc::new(MockRepo::new()); + let (broadcast_tx, _) = broadcast::channel(16); + let (_shutdown_tx, shutdown_rx) = broadcast::channel(1); + let settings = test_settings(); + let metrics = NostrMetrics::new(); + + // Start server + let server = tokio::spawn(async move { + // ... start server + }); + + // Connect client + let (mut ws_stream, _) = connect_async("ws://127.0.0.1:8080").await.unwrap(); + + // Send REQ + let req = r#"["REQ","test",{"kinds":[1]}]"#; + ws_stream.send(Message::Text(req.into())).await.unwrap(); + + // Read EOSE + let msg = ws_stream.next().await.unwrap().unwrap(); + assert!(matches!(msg, Message::Text(text) if text.contains("EOSE"))); + + // Send EVENT + let event = create_test_event(); + let event_json = serde_json::to_string(&event).unwrap(); + let cmd = format!(r#"["EVENT",{}]"#, event_json); + ws_stream.send(Message::Text(cmd)).await.unwrap(); + + // Read OK + let msg = ws_stream.next().await.unwrap().unwrap(); + assert!(matches!(msg, Message::Text(text) if text.contains("OK"))); + + // Cleanup + ws_stream.close(None).await.unwrap(); +} +``` + +## Production Deployment + +### Systemd Service + +```ini +[Unit] +Description=Nostr Relay +After=network.target postgresql.service + +[Service] +Type=simple +User=nostr +WorkingDirectory=/opt/nostr-relay +ExecStart=/opt/nostr-relay/nostr-rs-relay +Restart=on-failure +RestartSec=5 + +# Security +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=/var/lib/nostr-relay + +[Install] +WantedBy=multi-user.target +``` + +### Nginx Reverse Proxy + +```nginx +upstream nostr_relay { + server 127.0.0.1:8080; +} + +server { + listen 443 ssl http2; + server_name relay.example.com; + + ssl_certificate /etc/letsencrypt/live/relay.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/relay.example.com/privkey.pem; + + location / { + proxy_pass http://nostr_relay; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket timeouts + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + } +} +``` + +### Docker Deployment + +```dockerfile +FROM rust:1.70 as builder + +WORKDIR /app +COPY . . +RUN cargo build --release + +FROM debian:bookworm-slim + +RUN apt-get update && apt-get install -y \ + ca-certificates \ + libssl3 \ + libpq5 \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=builder /app/target/release/nostr-rs-relay /usr/local/bin/ + +EXPOSE 8080 + +CMD ["nostr-rs-relay"] +``` + +**docker-compose.yml:** +```yaml +version: '3.8' + +services: + relay: + image: nostr-rs-relay:latest + ports: + - "8080:8080" + environment: + - NOSTR__DATABASE__CONNECTION=postgresql://nostr:password@db/nostr + - RUST_LOG=info + depends_on: + - db + restart: unless-stopped + + db: + image: postgres:15 + environment: + - POSTGRES_USER=nostr + - POSTGRES_PASSWORD=password + - POSTGRES_DB=nostr + volumes: + - postgres_data:/var/lib/postgresql/data + restart: unless-stopped + +volumes: + postgres_data: +``` + +## Summary + +**Key patterns:** +1. **tokio::select!:** Concurrent event handling with cancellation +2. **Async/await:** Clean async code without callbacks +3. **Type safety:** Strong typing prevents entire classes of bugs +4. **Error handling:** Comprehensive error types with thiserror +5. **Database abstraction:** Trait-based repository pattern +6. **Metrics:** Built-in Prometheus instrumentation + +**Performance characteristics:** +- **10,000+ connections** per server +- **Sub-millisecond** p50 latency +- **Memory safe:** No undefined behavior, no memory leaks +- **Concurrent queries:** Tokio runtime schedules efficiently + +**When to use Rust patterns:** +- Need memory safety without GC pauses +- Want high-level abstractions with zero cost +- Building mission-critical relay infrastructure +- Team has Rust experience +- Performance critical (CPU or memory constrained) + +**Trade-offs:** +- **Learning curve:** Rust's borrow checker takes time +- **Compile times:** Slower than interpreted languages +- **Async complexity:** Async Rust has sharp edges + +**Further reading:** +- nostr-rs-relay: https://github.com/scsibug/nostr-rs-relay +- tokio documentation: https://tokio.rs +- tungstenite: https://github.com/snapview/tungstenite-rs +- Rust async book: https://rust-lang.github.io/async-book/ diff --git a/.claude/skills/nostr-websocket/references/strfry_implementation.md b/.claude/skills/nostr-websocket/references/strfry_implementation.md new file mode 100644 index 00000000..b094eb24 --- /dev/null +++ b/.claude/skills/nostr-websocket/references/strfry_implementation.md @@ -0,0 +1,921 @@ +# C++ WebSocket Implementation for Nostr Relays (strfry patterns) + +This reference documents high-performance WebSocket patterns from the strfry Nostr relay implementation in C++. + +## Repository Information + +- **Project:** strfry - High-performance Nostr relay +- **Repository:** https://github.com/hoytech/strfry +- **Language:** C++ (C++20) +- **WebSocket Library:** Custom fork of uWebSockets with epoll +- **Architecture:** Single-threaded I/O with specialized thread pools + +## Core Architecture + +### Thread Pool Design + +strfry uses 6 specialized thread pools for different operations: + +``` +┌─────────────────────────────────────────────────────────────┐ +│ Main Thread (I/O) │ +│ - epoll event loop │ +│ - WebSocket message reception │ +│ - Connection management │ +└─────────────────────────────────────────────────────────────┘ + │ + ┌───────────────────┼───────────────────┐ + │ │ │ + ┌────▼────┐ ┌───▼────┐ ┌───▼────┐ + │Ingester │ │ReqWorker│ │Negentropy│ + │ (3) │ │ (3) │ │ (2) │ + └─────────┘ └─────────┘ └─────────┘ + │ │ │ + ┌────▼────┐ ┌───▼────┐ + │ Writer │ │ReqMonitor│ + │ (1) │ │ (3) │ + └─────────┘ └─────────┘ +``` + +**Thread Pool Responsibilities:** + +1. **WebSocket (1 thread):** Main I/O loop, epoll event handling +2. **Ingester (3 threads):** Event validation, signature verification, deduplication +3. **Writer (1 thread):** Database writes, event storage +4. **ReqWorker (3 threads):** Process REQ subscriptions, query database +5. **ReqMonitor (3 threads):** Monitor active subscriptions, send real-time events +6. **Negentropy (2 threads):** NIP-77 set reconciliation + +**Deterministic thread assignment:** +```cpp +int threadId = connId % numThreads; +``` + +**Benefits:** +- **No lock contention:** Shared-nothing architecture +- **Predictable performance:** Same connection always same thread +- **CPU cache efficiency:** Thread-local data stays hot + +### Connection State + +```cpp +struct ConnectionState { + uint64_t connId; // Unique connection identifier + std::string remoteAddr; // Client IP address + + // Subscription state + flat_str subId; // Current subscription ID + std::shared_ptr sub; // Subscription filter + uint64_t latestEventSent = 0; // Latest event ID sent + + // Compression state (per-message deflate) + PerMessageDeflate pmd; + + // Parsing state (reused buffer) + std::string parseBuffer; + + // Signature verification context (reused) + secp256k1_context *secpCtx; +}; +``` + +**Key design decisions:** + +1. **Reusable parseBuffer:** Single allocation per connection +2. **Persistent secp256k1_context:** Expensive to create, reused for all signatures +3. **Connection ID:** Enables deterministic thread assignment +4. **Flat string (flat_str):** Value-semantic string-like type for zero-copy + +## WebSocket Message Reception + +### Main Event Loop (epoll) + +```cpp +// Pseudocode representation of strfry's I/O loop +uWS::App app; + +app.ws("/*", { + .compression = uWS::SHARED_COMPRESSOR, + .maxPayloadLength = 16 * 1024 * 1024, + .idleTimeout = 120, + .maxBackpressure = 1 * 1024 * 1024, + + .upgrade = nullptr, + + .open = [](auto *ws) { + auto *state = ws->getUserData(); + state->connId = nextConnId++; + state->remoteAddr = getRemoteAddress(ws); + state->secpCtx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); + + LI << "New connection: " << state->connId << " from " << state->remoteAddr; + }, + + .message = [](auto *ws, std::string_view message, uWS::OpCode opCode) { + auto *state = ws->getUserData(); + + // Reuse parseBuffer to avoid allocation + state->parseBuffer.assign(message.data(), message.size()); + + try { + // Parse JSON (nlohmann::json) + auto json = nlohmann::json::parse(state->parseBuffer); + + // Extract command type + auto cmdStr = json[0].get(); + + if (cmdStr == "EVENT") { + handleEventMessage(ws, std::move(json)); + } + else if (cmdStr == "REQ") { + handleReqMessage(ws, std::move(json)); + } + else if (cmdStr == "CLOSE") { + handleCloseMessage(ws, std::move(json)); + } + else if (cmdStr == "NEG-OPEN") { + handleNegentropyOpen(ws, std::move(json)); + } + else { + sendNotice(ws, "unknown command: " + cmdStr); + } + } + catch (std::exception &e) { + sendNotice(ws, "Error: " + std::string(e.what())); + } + }, + + .close = [](auto *ws, int code, std::string_view message) { + auto *state = ws->getUserData(); + + LI << "Connection closed: " << state->connId + << " code=" << code + << " msg=" << std::string(message); + + // Cleanup + secp256k1_context_destroy(state->secpCtx); + cleanupSubscription(state->connId); + }, +}); + +app.listen(8080, [](auto *token) { + if (token) { + LI << "Listening on port 8080"; + } +}); + +app.run(); +``` + +**Key patterns:** + +1. **epoll-based I/O:** Single thread handles thousands of connections +2. **Buffer reuse:** `state->parseBuffer` avoids allocation per message +3. **Move semantics:** `std::move(json)` transfers ownership to handler +4. **Exception handling:** Catches parsing errors, sends NOTICE + +### Message Dispatch to Thread Pools + +```cpp +void handleEventMessage(auto *ws, nlohmann::json &&json) { + auto *state = ws->getUserData(); + + // Pack message with connection ID + auto msg = MsgIngester{ + .connId = state->connId, + .payload = std::move(json), + }; + + // Dispatch to Ingester thread pool (deterministic assignment) + tpIngester->dispatchToThread(state->connId, std::move(msg)); +} + +void handleReqMessage(auto *ws, nlohmann::json &&json) { + auto *state = ws->getUserData(); + + // Pack message + auto msg = MsgReq{ + .connId = state->connId, + .payload = std::move(json), + }; + + // Dispatch to ReqWorker thread pool + tpReqWorker->dispatchToThread(state->connId, std::move(msg)); +} +``` + +**Message passing pattern:** + +```cpp +// ThreadPool::dispatchToThread +void dispatchToThread(uint64_t connId, Message &&msg) { + size_t threadId = connId % threads.size(); + threads[threadId]->queue.push(std::move(msg)); +} +``` + +**Benefits:** +- **Zero-copy:** `std::move` transfers ownership without copying +- **Deterministic:** Same connection always processed by same thread +- **Lock-free:** Each thread has own queue + +## Event Ingestion Pipeline + +### Ingester Thread Pool + +```cpp +void IngesterThread::run() { + while (running) { + Message msg; + if (!queue.pop(msg, 100ms)) continue; + + // Extract event from JSON + auto event = parseEvent(msg.payload); + + // Validate event ID + if (!validateEventId(event)) { + sendOK(msg.connId, event.id, false, "invalid: id mismatch"); + continue; + } + + // Verify signature (using thread-local secp256k1 context) + if (!verifySignature(event, secpCtx)) { + sendOK(msg.connId, event.id, false, "invalid: signature verification failed"); + continue; + } + + // Check for duplicate (bloom filter + database) + if (isDuplicate(event.id)) { + sendOK(msg.connId, event.id, true, "duplicate: already have this event"); + continue; + } + + // Send to Writer thread + auto writerMsg = MsgWriter{ + .connId = msg.connId, + .event = std::move(event), + }; + tpWriter->dispatch(std::move(writerMsg)); + } +} +``` + +**Validation sequence:** +1. Parse JSON into Event struct +2. Validate event ID matches content hash +3. Verify secp256k1 signature +4. Check duplicate (bloom filter for speed) +5. Forward to Writer thread for storage + +### Writer Thread + +```cpp +void WriterThread::run() { + // Single thread for all database writes + while (running) { + Message msg; + if (!queue.pop(msg, 100ms)) continue; + + // Write to database + bool success = db.insertEvent(msg.event); + + // Send OK to client + sendOK(msg.connId, msg.event.id, success, + success ? "" : "error: failed to store"); + + if (success) { + // Broadcast to subscribers + broadcastEvent(msg.event); + } + } +} +``` + +**Single-writer pattern:** +- Only one thread writes to database +- Eliminates write conflicts +- Simplified transaction management + +### Event Broadcasting + +```cpp +void broadcastEvent(const Event &event) { + // Serialize event JSON once + std::string eventJson = serializeEvent(event); + + // Iterate all active subscriptions + for (auto &[connId, sub] : activeSubscriptions) { + // Check if filter matches + if (!sub->filter.matches(event)) continue; + + // Check if event newer than last sent + if (event.id <= sub->latestEventSent) continue; + + // Send to connection + auto msg = MsgWebSocket{ + .connId = connId, + .payload = eventJson, // Reuse serialized JSON + }; + + tpWebSocket->dispatch(std::move(msg)); + + // Update latest sent + sub->latestEventSent = event.id; + } +} +``` + +**Critical optimization:** Serialize event JSON once, send to N subscribers + +**Performance impact:** For 1000 subscribers, reduces: +- JSON serialization: 1000× → 1× +- Memory allocations: 1000× → 1× +- CPU time: ~100ms → ~1ms + +## Subscription Management + +### REQ Processing + +```cpp +void ReqWorkerThread::run() { + while (running) { + MsgReq msg; + if (!queue.pop(msg, 100ms)) continue; + + // Parse REQ message: ["REQ", subId, filter1, filter2, ...] + std::string subId = msg.payload[1]; + + // Create subscription object + auto sub = std::make_shared(); + sub->subId = subId; + + // Parse filters + for (size_t i = 2; i < msg.payload.size(); i++) { + Filter filter = parseFilter(msg.payload[i]); + sub->filters.push_back(filter); + } + + // Store subscription + activeSubscriptions[msg.connId] = sub; + + // Query stored events + std::vector events = db.queryEvents(sub->filters); + + // Send matching events + for (const auto &event : events) { + sendEvent(msg.connId, subId, event); + } + + // Send EOSE + sendEOSE(msg.connId, subId); + + // Notify ReqMonitor to watch for real-time events + auto monitorMsg = MsgReqMonitor{ + .connId = msg.connId, + .subId = subId, + }; + tpReqMonitor->dispatchToThread(msg.connId, std::move(monitorMsg)); + } +} +``` + +**Query optimization:** + +```cpp +std::vector Database::queryEvents(const std::vector &filters) { + // Combine filters with OR logic + std::string sql = "SELECT * FROM events WHERE "; + + for (size_t i = 0; i < filters.size(); i++) { + if (i > 0) sql += " OR "; + sql += buildFilterSQL(filters[i]); + } + + sql += " ORDER BY created_at DESC LIMIT 1000"; + + return executeQuery(sql); +} +``` + +**Filter SQL generation:** + +```cpp +std::string buildFilterSQL(const Filter &filter) { + std::vector conditions; + + // Event IDs + if (!filter.ids.empty()) { + conditions.push_back("id IN (" + joinQuoted(filter.ids) + ")"); + } + + // Authors + if (!filter.authors.empty()) { + conditions.push_back("pubkey IN (" + joinQuoted(filter.authors) + ")"); + } + + // Kinds + if (!filter.kinds.empty()) { + conditions.push_back("kind IN (" + join(filter.kinds) + ")"); + } + + // Time range + if (filter.since) { + conditions.push_back("created_at >= " + std::to_string(*filter.since)); + } + if (filter.until) { + conditions.push_back("created_at <= " + std::to_string(*filter.until)); + } + + // Tags (requires JOIN with tags table) + if (!filter.tags.empty()) { + for (const auto &[tagName, tagValues] : filter.tags) { + conditions.push_back( + "EXISTS (SELECT 1 FROM tags WHERE tags.event_id = events.id " + "AND tags.name = '" + tagName + "' " + "AND tags.value IN (" + joinQuoted(tagValues) + "))" + ); + } + } + + return "(" + join(conditions, " AND ") + ")"; +} +``` + +### ReqMonitor for Real-Time Events + +```cpp +void ReqMonitorThread::run() { + // Subscribe to event broadcast channel + auto eventSubscription = subscribeToEvents(); + + while (running) { + Event event; + if (!eventSubscription.receive(event, 100ms)) continue; + + // Check all subscriptions assigned to this thread + for (auto &[connId, sub] : mySubscriptions) { + // Only process subscriptions for this thread + if (connId % numThreads != threadId) continue; + + // Check if filter matches + bool matches = false; + for (const auto &filter : sub->filters) { + if (filter.matches(event)) { + matches = true; + break; + } + } + + if (matches) { + sendEvent(connId, sub->subId, event); + } + } + } +} +``` + +**Pattern:** Monitor thread watches event stream, sends to matching subscriptions + +### CLOSE Handling + +```cpp +void handleCloseMessage(auto *ws, nlohmann::json &&json) { + auto *state = ws->getUserData(); + + // Parse CLOSE message: ["CLOSE", subId] + std::string subId = json[1]; + + // Remove subscription + activeSubscriptions.erase(state->connId); + + LI << "Subscription closed: connId=" << state->connId + << " subId=" << subId; +} +``` + +## Performance Optimizations + +### 1. Event Batching + +**Problem:** Serializing same event 1000× for 1000 subscribers is wasteful + +**Solution:** Serialize once, send to all + +```cpp +// BAD: Serialize for each subscriber +for (auto &sub : subscriptions) { + std::string json = serializeEvent(event); // Repeated! + send(sub.connId, json); +} + +// GOOD: Serialize once +std::string json = serializeEvent(event); +for (auto &sub : subscriptions) { + send(sub.connId, json); // Reuse! +} +``` + +**Measurement:** For 1000 subscribers, reduces broadcast time from 100ms to 1ms + +### 2. Move Semantics + +**Problem:** Copying large JSON objects is expensive + +**Solution:** Transfer ownership with `std::move` + +```cpp +// BAD: Copies JSON object +void dispatch(Message msg) { + queue.push(msg); // Copy +} + +// GOOD: Moves JSON object +void dispatch(Message &&msg) { + queue.push(std::move(msg)); // Move +} +``` + +**Benefit:** Zero-copy message passing between threads + +### 3. Pre-allocated Buffers + +**Problem:** Allocating buffer for each message + +**Solution:** Reuse buffer per connection + +```cpp +struct ConnectionState { + std::string parseBuffer; // Reused for all messages +}; + +void handleMessage(std::string_view msg) { + state->parseBuffer.assign(msg.data(), msg.size()); + auto json = nlohmann::json::parse(state->parseBuffer); + // ... +} +``` + +**Benefit:** Eliminates 10,000+ allocations/second per connection + +### 4. std::variant for Message Types + +**Problem:** Virtual function calls for polymorphic messages + +**Solution:** `std::variant` with `std::visit` + +```cpp +// BAD: Virtual function (pointer indirection, vtable lookup) +struct Message { + virtual void handle() = 0; +}; + +// GOOD: std::variant (no indirection, inlined) +using Message = std::variant< + MsgIngester, + MsgReq, + MsgWriter, + MsgWebSocket +>; + +void handle(Message &&msg) { + std::visit([](auto &&m) { m.handle(); }, msg); +} +``` + +**Benefit:** Compiler inlines visit, eliminates virtual call overhead + +### 5. Bloom Filter for Duplicate Detection + +**Problem:** Database query for every event to check duplicate + +**Solution:** In-memory bloom filter for fast negative + +```cpp +class DuplicateDetector { + BloomFilter bloom; // Fast probabilistic check + + bool isDuplicate(const std::string &eventId) { + // Fast negative (definitely not seen) + if (!bloom.contains(eventId)) { + bloom.insert(eventId); + return false; + } + + // Possible positive (maybe seen, check database) + if (db.eventExists(eventId)) { + return true; + } + + // False positive + bloom.insert(eventId); + return false; + } +}; +``` + +**Benefit:** 99% of duplicate checks avoid database query + +### 6. Batch Queue Operations + +**Problem:** Lock contention on message queue + +**Solution:** Batch multiple pushes with single lock + +```cpp +class MessageQueue { + std::mutex mutex; + std::deque queue; + + void pushBatch(std::vector &messages) { + std::lock_guard lock(mutex); + for (auto &msg : messages) { + queue.push_back(std::move(msg)); + } + } +}; +``` + +**Benefit:** Reduces lock acquisitions by 10-100× + +### 7. ZSTD Dictionary Compression + +**Problem:** WebSocket compression slower than desired + +**Solution:** Train ZSTD dictionary on typical Nostr messages + +```cpp +// Train dictionary on corpus of Nostr events +std::string corpus = collectTypicalEvents(); +ZSTD_CDict *dict = ZSTD_createCDict( + corpus.data(), corpus.size(), + compressionLevel +); + +// Use dictionary for compression +size_t compressedSize = ZSTD_compress_usingCDict( + cctx, dst, dstSize, + src, srcSize, dict +); +``` + +**Benefit:** 10-20% better compression ratio, 2× faster decompression + +### 8. String Views + +**Problem:** Unnecessary string copies when parsing + +**Solution:** Use `std::string_view` for zero-copy + +```cpp +// BAD: Copies substring +std::string extractCommand(const std::string &msg) { + return msg.substr(0, 5); // Copy +} + +// GOOD: View into original string +std::string_view extractCommand(std::string_view msg) { + return msg.substr(0, 5); // No copy +} +``` + +**Benefit:** Eliminates allocations during parsing + +## Compression (permessage-deflate) + +### WebSocket Compression Configuration + +```cpp +struct PerMessageDeflate { + z_stream deflate_stream; + z_stream inflate_stream; + + // Sliding window for compression history + static constexpr int WINDOW_BITS = 15; + static constexpr int MEM_LEVEL = 8; + + void init() { + // Initialize deflate (compression) + deflate_stream.zalloc = Z_NULL; + deflate_stream.zfree = Z_NULL; + deflate_stream.opaque = Z_NULL; + deflateInit2(&deflate_stream, + Z_DEFAULT_COMPRESSION, + Z_DEFLATED, + -WINDOW_BITS, // Negative = no zlib header + MEM_LEVEL, + Z_DEFAULT_STRATEGY); + + // Initialize inflate (decompression) + inflate_stream.zalloc = Z_NULL; + inflate_stream.zfree = Z_NULL; + inflate_stream.opaque = Z_NULL; + inflateInit2(&inflate_stream, -WINDOW_BITS); + } + + std::string compress(std::string_view data) { + // Compress with sliding window + deflate_stream.next_in = (Bytef*)data.data(); + deflate_stream.avail_in = data.size(); + + std::string compressed; + compressed.resize(deflateBound(&deflate_stream, data.size())); + + deflate_stream.next_out = (Bytef*)compressed.data(); + deflate_stream.avail_out = compressed.size(); + + deflate(&deflate_stream, Z_SYNC_FLUSH); + + compressed.resize(compressed.size() - deflate_stream.avail_out); + return compressed; + } +}; +``` + +**Typical compression ratios:** +- JSON events: 60-80% reduction +- Subscription filters: 40-60% reduction +- Binary events: 10-30% reduction + +## Database Schema (LMDB) + +strfry uses LMDB (Lightning Memory-Mapped Database) for event storage: + +```cpp +// Key-value stores +struct EventDB { + // Primary event storage (key: event ID, value: event data) + lmdb::dbi eventsDB; + + // Index by pubkey (key: pubkey + created_at, value: event ID) + lmdb::dbi pubkeyDB; + + // Index by kind (key: kind + created_at, value: event ID) + lmdb::dbi kindDB; + + // Index by tags (key: tag_name + tag_value + created_at, value: event ID) + lmdb::dbi tagsDB; + + // Deletion index (key: event ID, value: deletion event ID) + lmdb::dbi deletionsDB; +}; +``` + +**Why LMDB?** +- Memory-mapped I/O (kernel manages caching) +- Copy-on-write (MVCC without locks) +- Ordered keys (enables range queries) +- Crash-proof (no corruption on power loss) + +## Monitoring and Metrics + +### Connection Statistics + +```cpp +struct RelayStats { + std::atomic totalConnections{0}; + std::atomic activeConnections{0}; + std::atomic eventsReceived{0}; + std::atomic eventsSent{0}; + std::atomic bytesReceived{0}; + std::atomic bytesSent{0}; + + void recordConnection() { + totalConnections.fetch_add(1, std::memory_order_relaxed); + activeConnections.fetch_add(1, std::memory_order_relaxed); + } + + void recordDisconnection() { + activeConnections.fetch_sub(1, std::memory_order_relaxed); + } + + void recordEventReceived(size_t bytes) { + eventsReceived.fetch_add(1, std::memory_order_relaxed); + bytesReceived.fetch_add(bytes, std::memory_order_relaxed); + } +}; +``` + +**Atomic operations:** Lock-free updates from multiple threads + +### Performance Metrics + +```cpp +struct PerformanceMetrics { + // Latency histograms + Histogram eventIngestionLatency; + Histogram subscriptionQueryLatency; + Histogram eventBroadcastLatency; + + // Thread pool queue depths + std::atomic ingesterQueueDepth{0}; + std::atomic writerQueueDepth{0}; + std::atomic reqWorkerQueueDepth{0}; + + void recordIngestion(std::chrono::microseconds duration) { + eventIngestionLatency.record(duration.count()); + } +}; +``` + +## Configuration + +### relay.conf Example + +```ini +[relay] +bind = 0.0.0.0 +port = 8080 +maxConnections = 10000 +maxMessageSize = 16777216 # 16 MB + +[ingester] +threads = 3 +queueSize = 10000 + +[writer] +threads = 1 +queueSize = 1000 +batchSize = 100 + +[reqWorker] +threads = 3 +queueSize = 10000 + +[db] +path = /var/lib/strfry/events.lmdb +maxSizeGB = 100 +``` + +## Deployment Considerations + +### System Limits + +```bash +# Increase file descriptor limit +ulimit -n 65536 + +# Increase maximum socket connections +sysctl -w net.core.somaxconn=4096 + +# TCP tuning +sysctl -w net.ipv4.tcp_fin_timeout=15 +sysctl -w net.ipv4.tcp_tw_reuse=1 +``` + +### Memory Requirements + +**Per connection:** +- ConnectionState: ~1 KB +- WebSocket buffers: ~32 KB (16 KB send + 16 KB receive) +- Compression state: ~400 KB (200 KB deflate + 200 KB inflate) + +**Total:** ~433 KB per connection + +**For 10,000 connections:** ~4.3 GB + +### CPU Requirements + +**Single-core can handle:** +- 1000 concurrent connections +- 10,000 events/sec ingestion +- 100,000 events/sec broadcast (cached) + +**Recommended:** +- 8+ cores for 10,000 connections +- 16+ cores for 50,000 connections + +## Summary + +**Key architectural patterns:** +1. **Single-threaded I/O:** epoll handles all connections in one thread +2. **Specialized thread pools:** Different operations use dedicated threads +3. **Deterministic assignment:** Connection ID determines thread assignment +4. **Move semantics:** Zero-copy message passing +5. **Event batching:** Serialize once, send to many +6. **Pre-allocated buffers:** Reuse memory per connection +7. **Bloom filters:** Fast duplicate detection +8. **LMDB:** Memory-mapped database for zero-copy reads + +**Performance characteristics:** +- **50,000+ concurrent connections** per server +- **100,000+ events/sec** throughput +- **Sub-millisecond** latency for broadcasts +- **10 GB+ event database** with fast queries + +**When to use strfry patterns:** +- Need maximum performance (trading complexity) +- Have C++ expertise on team +- Running large public relay (thousands of users) +- Want minimal memory footprint +- Need to scale to 50K+ connections + +**Trade-offs:** +- **Complexity:** More complex than Go/Rust implementations +- **Portability:** Linux-specific (epoll, LMDB) +- **Development speed:** Slower iteration than higher-level languages + +**Further reading:** +- strfry repository: https://github.com/hoytech/strfry +- uWebSockets: https://github.com/uNetworking/uWebSockets +- LMDB: http://www.lmdb.tech/doc/ +- epoll: https://man7.org/linux/man-pages/man7/epoll.7.html diff --git a/.claude/skills/nostr-websocket/references/websocket_protocol.md b/.claude/skills/nostr-websocket/references/websocket_protocol.md new file mode 100644 index 00000000..dec88aa7 --- /dev/null +++ b/.claude/skills/nostr-websocket/references/websocket_protocol.md @@ -0,0 +1,881 @@ +# WebSocket Protocol (RFC 6455) - Complete Reference + +## Connection Establishment + +### HTTP Upgrade Handshake + +The WebSocket protocol begins as an HTTP request that upgrades to WebSocket: + +**Client Request:** +```http +GET /chat HTTP/1.1 +Host: server.example.com +Upgrade: websocket +Connection: Upgrade +Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== +Origin: http://example.com +Sec-WebSocket-Protocol: chat, superchat +Sec-WebSocket-Version: 13 +``` + +**Server Response:** +```http +HTTP/1.1 101 Switching Protocols +Upgrade: websocket +Connection: Upgrade +Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= +Sec-WebSocket-Protocol: chat +``` + +### Handshake Details + +**Sec-WebSocket-Key Generation (Client):** +1. Generate 16 random bytes +2. Base64-encode the result +3. Send in `Sec-WebSocket-Key` header + +**Sec-WebSocket-Accept Computation (Server):** +1. Concatenate client key with GUID: `258EAFA5-E914-47DA-95CA-C5AB0DC85B11` +2. Compute SHA-1 hash of concatenated string +3. Base64-encode the hash +4. Send in `Sec-WebSocket-Accept` header + +**Example computation:** +``` +Client Key: dGhlIHNhbXBsZSBub25jZQ== +Concatenated: dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11 +SHA-1 Hash: b37a4f2cc0cb4e7e8cf769a5f3f8f2e8e4c9f7a3 +Base64: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= +``` + +**Validation (Client):** +- Verify HTTP status is 101 +- Verify `Sec-WebSocket-Accept` matches expected value +- If validation fails, do not establish connection + +### Origin Header + +The `Origin` header provides protection against cross-site WebSocket hijacking: + +**Server-side validation:** +```go +func checkOrigin(r *http.Request) bool { + origin := r.Header.Get("Origin") + allowedOrigins := []string{ + "https://example.com", + "https://app.example.com", + } + for _, allowed := range allowedOrigins { + if origin == allowed { + return true + } + } + return false +} +``` + +**Security consideration:** Browser-based clients MUST send Origin header. Non-browser clients MAY omit it. Servers SHOULD validate Origin for browser clients to prevent CSRF attacks. + +## Frame Format + +### Base Framing Protocol + +WebSocket frames use a binary format with variable-length fields: + +``` + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-------+-+-------------+-------------------------------+ + |F|R|R|R| opcode|M| Payload len | Extended payload length | + |I|S|S|S| (4) |A| (7) | (16/64) | + |N|V|V|V| |S| | (if payload len==126/127) | + | |1|2|3| |K| | | + +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + + | Extended payload length continued, if payload len == 127 | + + - - - - - - - - - - - - - - - +-------------------------------+ + | |Masking-key, if MASK set to 1 | + +-------------------------------+-------------------------------+ + | Masking-key (continued) | Payload Data | + +-------------------------------- - - - - - - - - - - - - - - - + + : Payload Data continued ... : + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + | Payload Data continued ... | + +---------------------------------------------------------------+ +``` + +### Frame Header Fields + +**FIN (1 bit):** +- `1` = Final fragment in message +- `0` = More fragments follow +- Used for message fragmentation + +**RSV1, RSV2, RSV3 (1 bit each):** +- Reserved for extensions +- MUST be 0 unless extension negotiated +- Server MUST fail connection if non-zero with no extension + +**Opcode (4 bits):** +- Defines interpretation of payload data +- See "Frame Opcodes" section below + +**MASK (1 bit):** +- `1` = Payload is masked (required for client-to-server) +- `0` = Payload is not masked (required for server-to-client) +- Client MUST mask all frames sent to server +- Server MUST NOT mask frames sent to client + +**Payload Length (7 bits, 7+16 bits, or 7+64 bits):** +- If 0-125: Actual payload length +- If 126: Next 2 bytes are 16-bit unsigned payload length +- If 127: Next 8 bytes are 64-bit unsigned payload length + +**Masking-key (0 or 4 bytes):** +- Present if MASK bit is set +- 32-bit value used to mask payload +- MUST be unpredictable (strong entropy source) + +### Frame Opcodes + +**Data Frame Opcodes:** +- `0x0` - Continuation Frame + - Used for fragmented messages + - Must follow initial data frame (text/binary) + - Carries same data type as initial frame + +- `0x1` - Text Frame + - Payload is UTF-8 encoded text + - MUST be valid UTF-8 + - Endpoint MUST fail connection if invalid UTF-8 + +- `0x2` - Binary Frame + - Payload is arbitrary binary data + - Application interprets data + +- `0x3-0x7` - Reserved for future non-control frames + +**Control Frame Opcodes:** +- `0x8` - Connection Close + - Initiates or acknowledges connection closure + - MAY contain status code and reason + - See "Close Handshake" section + +- `0x9` - Ping + - Heartbeat mechanism + - MAY contain application data + - Recipient MUST respond with Pong + +- `0xA` - Pong + - Response to Ping + - MUST contain identical payload as Ping + - MAY be sent unsolicited (unidirectional heartbeat) + +- `0xB-0xF` - Reserved for future control frames + +### Control Frame Constraints + +**Control frames are subject to strict rules:** + +1. **Maximum payload:** 125 bytes + - Allows control frames to fit in single IP packet + - Reduces fragmentation + +2. **No fragmentation:** Control frames MUST NOT be fragmented + - FIN bit MUST be 1 + - Ensures immediate processing + +3. **Interleaving:** Control frames MAY be injected in middle of fragmented message + - Enables ping/pong during long transfers + - Close frames can interrupt any operation + +4. **All control frames MUST be handled immediately** + +### Masking + +**Purpose of masking:** +- Prevents cache poisoning attacks +- Protects against misinterpretation by intermediaries +- Makes WebSocket traffic unpredictable to proxies + +**Masking algorithm:** +``` +j = i MOD 4 +transformed-octet-i = original-octet-i XOR masking-key-octet-j +``` + +**Implementation:** +```go +func maskBytes(data []byte, mask [4]byte) { + for i := range data { + data[i] ^= mask[i%4] + } +} +``` + +**Example:** +``` +Original: [0x48, 0x65, 0x6C, 0x6C, 0x6F] // "Hello" +Masking Key: [0x37, 0xFA, 0x21, 0x3D] +Masked: [0x7F, 0x9F, 0x4D, 0x51, 0x58] + +Calculation: +0x48 XOR 0x37 = 0x7F +0x65 XOR 0xFA = 0x9F +0x6C XOR 0x21 = 0x4D +0x6C XOR 0x3D = 0x51 +0x6F XOR 0x37 = 0x58 (wraps around to mask[0]) +``` + +**Security requirement:** Masking key MUST be derived from strong source of entropy. Predictable masking keys defeat the security purpose. + +## Message Fragmentation + +### Why Fragment? + +- Send message without knowing total size upfront +- Multiplex logical channels (interleave messages) +- Keep control frames responsive during large transfers + +### Fragmentation Rules + +**Sender rules:** +1. First fragment has opcode (text/binary) +2. Subsequent fragments have opcode 0x0 (continuation) +3. Last fragment has FIN bit set to 1 +4. Control frames MAY be interleaved + +**Receiver rules:** +1. Reassemble fragments in order +2. Final message type determined by first fragment opcode +3. Validate UTF-8 across all text fragments +4. Process control frames immediately (don't wait for FIN) + +### Fragmentation Example + +**Sending "Hello World" in 3 fragments:** + +``` +Frame 1 (Text, More Fragments): + FIN=0, Opcode=0x1, Payload="Hello" + +Frame 2 (Continuation, More Fragments): + FIN=0, Opcode=0x0, Payload=" Wor" + +Frame 3 (Continuation, Final): + FIN=1, Opcode=0x0, Payload="ld" +``` + +**With interleaved Ping:** + +``` +Frame 1: FIN=0, Opcode=0x1, Payload="Hello" +Frame 2: FIN=1, Opcode=0x9, Payload="" <- Ping (complete) +Frame 3: FIN=0, Opcode=0x0, Payload=" Wor" +Frame 4: FIN=1, Opcode=0x0, Payload="ld" +``` + +### Implementation Pattern + +```go +type fragmentState struct { + messageType int + fragments [][]byte +} + +func (ws *WebSocket) handleFrame(fin bool, opcode int, payload []byte) { + switch opcode { + case 0x1, 0x2: // Text or Binary (first fragment) + if fin { + ws.handleCompleteMessage(opcode, payload) + } else { + ws.fragmentState = &fragmentState{ + messageType: opcode, + fragments: [][]byte{payload}, + } + } + + case 0x0: // Continuation + if ws.fragmentState == nil { + ws.fail("Unexpected continuation frame") + return + } + ws.fragmentState.fragments = append(ws.fragmentState.fragments, payload) + if fin { + complete := bytes.Join(ws.fragmentState.fragments, nil) + ws.handleCompleteMessage(ws.fragmentState.messageType, complete) + ws.fragmentState = nil + } + + case 0x8, 0x9, 0xA: // Control frames + ws.handleControlFrame(opcode, payload) + } +} +``` + +## Ping and Pong Frames + +### Purpose + +1. **Keep-alive:** Detect broken connections +2. **Latency measurement:** Time round-trip +3. **NAT traversal:** Maintain mapping in stateful firewalls + +### Protocol Rules + +**Ping (0x9):** +- MAY be sent by either endpoint at any time +- MAY contain application data (≤125 bytes) +- Application data arbitrary (often empty or timestamp) + +**Pong (0xA):** +- MUST be sent in response to Ping +- MUST contain identical payload as Ping +- MUST be sent "as soon as practical" +- MAY be sent unsolicited (one-way heartbeat) + +**No Response:** +- If Pong not received within timeout, connection assumed dead +- Application should close connection + +### Implementation Patterns + +**Pattern 1: Automatic Pong (most WebSocket libraries)** +```go +// Library handles pong automatically +ws.SetPingHandler(func(appData string) error { + // Custom handler if needed + return nil // Library sends pong automatically +}) +``` + +**Pattern 2: Manual Pong** +```go +func (ws *WebSocket) handlePing(payload []byte) { + pongFrame := Frame{ + FIN: true, + Opcode: 0xA, + Payload: payload, // Echo same payload + } + ws.writeFrame(pongFrame) +} +``` + +**Pattern 3: Periodic Client Ping** +```go +func (ws *WebSocket) pingLoop() { + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + + for { + select { + case <-ticker.C: + if err := ws.writePing([]byte{}); err != nil { + return // Connection dead + } + case <-ws.done: + return + } + } +} +``` + +**Pattern 4: Timeout Detection** +```go +const pongWait = 60 * time.Second + +ws.SetReadDeadline(time.Now().Add(pongWait)) +ws.SetPongHandler(func(string) error { + ws.SetReadDeadline(time.Now().Add(pongWait)) + return nil +}) + +// If no frame received in pongWait, ReadMessage returns timeout error +``` + +### Nostr Relay Recommendations + +**Server-side:** +- Send ping every 30-60 seconds +- Close connection if no pong within 60-120 seconds +- Log timeout closures for monitoring + +**Client-side:** +- Respond to pings automatically (use library handler) +- Consider sending unsolicited pongs every 30 seconds (some proxies) +- Reconnect if no frames received for 120 seconds + +## Close Handshake + +### Close Frame Structure + +**Close frame (Opcode 0x8) payload:** +``` + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Status Code (16) | Reason (variable length)... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +``` + +**Status Code (2 bytes, optional):** +- 16-bit unsigned integer +- Network byte order (big-endian) +- See "Status Codes" section below + +**Reason (variable length, optional):** +- UTF-8 encoded text +- MUST be valid UTF-8 +- Typically human-readable explanation + +### Close Handshake Sequence + +**Initiator (either endpoint):** +1. Send Close frame with optional status/reason +2. Stop sending data frames +3. Continue processing received frames until Close frame received +4. Close underlying TCP connection + +**Recipient:** +1. Receive Close frame +2. Send Close frame in response (if not already sent) +3. Close underlying TCP connection + +### Status Codes + +**Normal Closure Codes:** +- `1000` - Normal Closure + - Successful operation complete + - Default if no code specified + +- `1001` - Going Away + - Endpoint going away (server shutdown, browser navigation) + - Client navigating to new page + +**Error Closure Codes:** +- `1002` - Protocol Error + - Endpoint terminating due to protocol error + - Invalid frame format, unexpected opcode, etc. + +- `1003` - Unsupported Data + - Endpoint cannot accept data type + - Server received binary when expecting text + +- `1007` - Invalid Frame Payload Data + - Inconsistent data (e.g., non-UTF-8 in text frame) + +- `1008` - Policy Violation + - Message violates endpoint policy + - Generic code when specific code doesn't fit + +- `1009` - Message Too Big + - Message too large to process + +- `1010` - Mandatory Extension + - Client expected server to negotiate extension + - Server didn't respond with extension + +- `1011` - Internal Server Error + - Server encountered unexpected condition + - Prevents fulfilling request + +**Reserved Codes:** +- `1004` - Reserved +- `1005` - No Status Rcvd (internal use only, never sent) +- `1006` - Abnormal Closure (internal use only, never sent) +- `1015` - TLS Handshake (internal use only, never sent) + +**Custom Application Codes:** +- `3000-3999` - Library/framework use +- `4000-4999` - Application use (e.g., Nostr-specific) + +### Implementation Patterns + +**Graceful close (initiator):** +```go +func (ws *WebSocket) Close() error { + // Send close frame + closeFrame := Frame{ + FIN: true, + Opcode: 0x8, + Payload: encodeCloseStatus(1000, "goodbye"), + } + ws.writeFrame(closeFrame) + + // Wait for close frame response (with timeout) + ws.SetReadDeadline(time.Now().Add(5 * time.Second)) + for { + frame, err := ws.readFrame() + if err != nil || frame.Opcode == 0x8 { + break + } + // Process other frames + } + + // Close TCP connection + return ws.conn.Close() +} +``` + +**Handling received close:** +```go +func (ws *WebSocket) handleCloseFrame(payload []byte) { + status, reason := decodeClosePayload(payload) + log.Printf("Close received: %d %s", status, reason) + + // Send close response + closeFrame := Frame{ + FIN: true, + Opcode: 0x8, + Payload: payload, // Echo same status/reason + } + ws.writeFrame(closeFrame) + + // Close connection + ws.conn.Close() +} +``` + +**Nostr relay close examples:** +```go +// Client subscription limit exceeded +ws.SendClose(4000, "subscription limit exceeded") + +// Invalid message format +ws.SendClose(1002, "protocol error: invalid JSON") + +// Relay shutting down +ws.SendClose(1001, "relay shutting down") + +// Client rate limit exceeded +ws.SendClose(4001, "rate limit exceeded") +``` + +## Security Considerations + +### Origin-Based Security Model + +**Threat:** Malicious web page opens WebSocket to victim server using user's credentials + +**Mitigation:** +1. Server checks `Origin` header +2. Reject connections from untrusted origins +3. Implement same-origin or allowlist policy + +**Example:** +```go +func validateOrigin(r *http.Request) bool { + origin := r.Header.Get("Origin") + + // Allow same-origin + if origin == "https://"+r.Host { + return true + } + + // Allowlist trusted origins + trusted := []string{ + "https://app.example.com", + "https://mobile.example.com", + } + for _, t := range trusted { + if origin == t { + return true + } + } + + return false +} +``` + +### Masking Attacks + +**Why masking is required:** +- Without masking, attacker can craft WebSocket frames that look like HTTP requests +- Proxies might misinterpret frame data as HTTP +- Could lead to cache poisoning or request smuggling + +**Example attack (without masking):** +``` +WebSocket payload: "GET /admin HTTP/1.1\r\nHost: victim.com\r\n\r\n" +Proxy might interpret as separate HTTP request +``` + +**Defense:** Client MUST mask all frames. Server MUST reject unmasked frames from client. + +### Connection Limits + +**Prevent resource exhaustion:** + +```go +type ConnectionLimiter struct { + connections map[string]int + maxPerIP int + mu sync.Mutex +} + +func (cl *ConnectionLimiter) Allow(ip string) bool { + cl.mu.Lock() + defer cl.mu.Unlock() + + if cl.connections[ip] >= cl.maxPerIP { + return false + } + cl.connections[ip]++ + return true +} + +func (cl *ConnectionLimiter) Release(ip string) { + cl.mu.Lock() + defer cl.mu.Unlock() + cl.connections[ip]-- +} +``` + +### TLS (WSS) + +**Use WSS (WebSocket Secure) for:** +- Authentication credentials +- Private user data +- Financial transactions +- Any sensitive information + +**WSS connection flow:** +1. Establish TLS connection +2. Perform TLS handshake +3. Verify server certificate +4. Perform WebSocket handshake over TLS + +**URL schemes:** +- `ws://` - Unencrypted WebSocket (default port 80) +- `wss://` - Encrypted WebSocket over TLS (default port 443) + +### Message Size Limits + +**Prevent memory exhaustion:** + +```go +const maxMessageSize = 512 * 1024 // 512 KB + +ws.SetReadLimit(maxMessageSize) + +// Or during frame reading: +if payloadLength > maxMessageSize { + ws.SendClose(1009, "message too large") + ws.Close() +} +``` + +### Rate Limiting + +**Prevent abuse:** + +```go +type RateLimiter struct { + limiter *rate.Limiter +} + +func (rl *RateLimiter) Allow() bool { + return rl.limiter.Allow() +} + +// Per-connection limiter +limiter := rate.NewLimiter(10, 20) // 10 msgs/sec, burst 20 + +if !limiter.Allow() { + ws.SendClose(4001, "rate limit exceeded") +} +``` + +## Error Handling + +### Connection Errors + +**Types of errors:** +1. **Network errors:** TCP connection failure, timeout +2. **Protocol errors:** Invalid frame format, wrong opcode +3. **Application errors:** Invalid message content + +**Handling strategy:** +```go +for { + frame, err := ws.ReadFrame() + if err != nil { + // Check error type + if netErr, ok := err.(net.Error); ok && netErr.Timeout() { + // Timeout - connection likely dead + log.Println("Connection timeout") + ws.Close() + return + } + + if err == io.EOF || err == io.ErrUnexpectedEOF { + // Connection closed + log.Println("Connection closed") + return + } + + if protocolErr, ok := err.(*ProtocolError); ok { + // Protocol violation + log.Printf("Protocol error: %v", protocolErr) + ws.SendClose(1002, protocolErr.Error()) + ws.Close() + return + } + + // Unknown error + log.Printf("Unknown error: %v", err) + ws.Close() + return + } + + // Process frame +} +``` + +### UTF-8 Validation + +**Text frames MUST contain valid UTF-8:** + +```go +func validateUTF8(data []byte) bool { + return utf8.Valid(data) +} + +func handleTextFrame(payload []byte) error { + if !validateUTF8(payload) { + return fmt.Errorf("invalid UTF-8 in text frame") + } + // Process valid text + return nil +} +``` + +**For fragmented messages:** Validate UTF-8 across all fragments when reassembled. + +## Implementation Checklist + +### Client Implementation + +- [ ] Generate random Sec-WebSocket-Key +- [ ] Compute and validate Sec-WebSocket-Accept +- [ ] MUST mask all frames sent to server +- [ ] Handle unmasked frames from server +- [ ] Respond to Ping with Pong +- [ ] Implement close handshake (both initiating and responding) +- [ ] Validate UTF-8 in text frames +- [ ] Handle fragmented messages +- [ ] Set reasonable timeouts +- [ ] Implement reconnection logic + +### Server Implementation + +- [ ] Validate Sec-WebSocket-Key format +- [ ] Compute correct Sec-WebSocket-Accept +- [ ] Validate Origin header +- [ ] MUST NOT mask frames sent to client +- [ ] Reject masked frames from server (protocol error) +- [ ] Respond to Ping with Pong +- [ ] Implement close handshake (both initiating and responding) +- [ ] Validate UTF-8 in text frames +- [ ] Handle fragmented messages +- [ ] Implement connection limits (per IP, total) +- [ ] Implement message size limits +- [ ] Implement rate limiting +- [ ] Log connection statistics +- [ ] Graceful shutdown (close all connections) + +### Both Client and Server + +- [ ] Handle concurrent read/write safely +- [ ] Process control frames immediately (even during fragmentation) +- [ ] Implement proper timeout mechanisms +- [ ] Log errors with appropriate detail +- [ ] Handle unexpected close gracefully +- [ ] Validate frame structure +- [ ] Check RSV bits (must be 0 unless extension) +- [ ] Support standard close status codes +- [ ] Implement proper error handling for all operations + +## Common Implementation Mistakes + +### 1. Concurrent Writes + +**Mistake:** Writing to WebSocket from multiple goroutines without synchronization + +**Fix:** Use mutex or single-writer goroutine +```go +type WebSocket struct { + conn *websocket.Conn + mutex sync.Mutex +} + +func (ws *WebSocket) WriteMessage(data []byte) error { + ws.mutex.Lock() + defer ws.mutex.Unlock() + return ws.conn.WriteMessage(websocket.TextMessage, data) +} +``` + +### 2. Not Handling Pong + +**Mistake:** Sending Ping but not updating read deadline on Pong + +**Fix:** +```go +ws.SetPongHandler(func(string) error { + ws.SetReadDeadline(time.Now().Add(pongWait)) + return nil +}) +``` + +### 3. Forgetting Close Handshake + +**Mistake:** Just calling `conn.Close()` without sending Close frame + +**Fix:** Send Close frame first, wait for response, then close TCP + +### 4. Not Validating UTF-8 + +**Mistake:** Accepting any bytes in text frames + +**Fix:** Validate UTF-8 and fail connection on invalid text + +### 5. No Message Size Limit + +**Mistake:** Allowing unlimited message sizes + +**Fix:** Set `SetReadLimit()` to reasonable value (e.g., 512 KB) + +### 6. Blocking on Write + +**Mistake:** Blocking indefinitely on slow clients + +**Fix:** Set write deadline before each write +```go +ws.SetWriteDeadline(time.Now().Add(10 * time.Second)) +``` + +### 7. Memory Leaks + +**Mistake:** Not cleaning up resources on disconnect + +**Fix:** Use defer for cleanup, ensure all goroutines terminate + +### 8. Race Conditions in Close + +**Mistake:** Multiple goroutines trying to close connection + +**Fix:** Use `sync.Once` for close operation +```go +type WebSocket struct { + conn *websocket.Conn + closeOnce sync.Once +} + +func (ws *WebSocket) Close() error { + var err error + ws.closeOnce.Do(func() { + err = ws.conn.Close() + }) + return err +} +``` diff --git a/.claude/skills/nostr/README.md b/.claude/skills/nostr/README.md new file mode 100644 index 00000000..6806b778 --- /dev/null +++ b/.claude/skills/nostr/README.md @@ -0,0 +1,162 @@ +# Nostr Protocol Skill + +A comprehensive Claude skill for working with the Nostr protocol and implementing Nostr clients and relays. + +## Overview + +This skill provides expert-level knowledge of the Nostr protocol, including: +- Complete NIP (Nostr Implementation Possibilities) reference +- Event structure and cryptographic operations +- Client-relay WebSocket communication +- Event kinds and their behaviors +- Best practices and common pitfalls + +## Contents + +### SKILL.md +The main skill file containing: +- Core protocol concepts +- Event structure and signing +- WebSocket communication patterns +- Cryptographic operations +- Common implementation patterns +- Quick reference guides + +### Reference Files + +#### references/nips-overview.md +Comprehensive documentation of all standard NIPs including: +- Core protocol NIPs (NIP-01, NIP-02, etc.) +- Social features (reactions, reposts, channels) +- Identity and discovery (NIP-05, NIP-65) +- Security and privacy (NIP-44, NIP-42) +- Lightning integration (NIP-47, NIP-57) +- Advanced features + +#### references/event-kinds.md +Complete reference for all Nostr event kinds: +- Core events (0-999) +- Regular events (1000-9999) +- Replaceable events (10000-19999) +- Ephemeral events (20000-29999) +- Parameterized replaceable events (30000-39999) +- Event lifecycle behaviors +- Common patterns and examples + +#### references/common-mistakes.md +Detailed guide on implementation pitfalls: +- Event creation and signing errors +- WebSocket communication issues +- Filter query problems +- Threading mistakes +- Relay management errors +- Security vulnerabilities +- UX considerations +- Testing strategies + +## When to Use + +Use this skill when: +- Implementing Nostr clients or relays +- Working with Nostr events and messages +- Handling cryptographic signatures and keys +- Implementing any NIP +- Building social features on Nostr +- Debugging Nostr applications +- Discussing Nostr protocol architecture + +## Key Features + +### Complete NIP Coverage +All standard NIPs documented with: +- Purpose and status +- Implementation details +- Code examples +- Usage patterns +- Interoperability notes + +### Cryptographic Operations +Detailed guidance on: +- Event signing with Schnorr signatures +- Event ID calculation +- Signature verification +- Key management (BIP-39, NIP-06) +- Encryption (NIP-04, NIP-44) + +### WebSocket Protocol +Complete reference for: +- Message types (EVENT, REQ, CLOSE, OK, EOSE, etc.) +- Filter queries and optimization +- Subscription management +- Connection handling +- Error handling + +### Event Lifecycle +Understanding of: +- Regular events (immutable) +- Replaceable events (latest only) +- Ephemeral events (real-time only) +- Parameterized replaceable events (by identifier) + +### Best Practices +Comprehensive guidance on: +- Multi-relay architecture +- NIP-65 relay lists +- Event caching +- Optimistic UI +- Security considerations +- Performance optimization + +## Quick Start Examples + +### Publishing a Note +```javascript +const event = { + pubkey: userPublicKey, + created_at: Math.floor(Date.now() / 1000), + kind: 1, + tags: [], + content: "Hello Nostr!" +} +event.id = calculateId(event) +event.sig = signEvent(event, privateKey) +ws.send(JSON.stringify(["EVENT", event])) +``` + +### Subscribing to Events +```javascript +const filter = { + kinds: [1], + authors: [followedPubkey], + limit: 50 +} +ws.send(JSON.stringify(["REQ", "sub-id", filter])) +``` + +### Replying to a Note +```javascript +const reply = { + kind: 1, + tags: [ + ["e", originalEventId, "", "root"], + ["p", originalAuthorPubkey] + ], + content: "Great post!" +} +``` + +## Official Resources + +- **NIPs Repository**: https://github.com/nostr-protocol/nips +- **Nostr Website**: https://nostr.com +- **Nostr Documentation**: https://nostr.how +- **NIP Status**: https://nostr-nips.com + +## Skill Maintenance + +This skill is based on the official Nostr NIPs repository. As new NIPs are proposed and implemented, this skill should be updated to reflect the latest standards and best practices. + +## License + +Based on public Nostr protocol specifications (MIT License). + diff --git a/.claude/skills/nostr/SKILL.md b/.claude/skills/nostr/SKILL.md new file mode 100644 index 00000000..64990970 --- /dev/null +++ b/.claude/skills/nostr/SKILL.md @@ -0,0 +1,449 @@ +--- +name: nostr +description: This skill should be used when working with the Nostr protocol, implementing Nostr clients or relays, handling Nostr events, or discussing Nostr Implementation Possibilities (NIPs). Provides comprehensive knowledge of Nostr's decentralized protocol, event structure, cryptographic operations, and all standard NIPs. +--- + +# Nostr Protocol Expert + +## Purpose + +This skill provides expert-level assistance with the Nostr protocol, a simple, open protocol for global, decentralized, and censorship-resistant social networks. The protocol is built on relays and cryptographic keys, enabling direct peer-to-peer communication without central servers. + +## When to Use + +Activate this skill when: +- Implementing Nostr clients or relays +- Working with Nostr events and messages +- Handling cryptographic signatures and keys (schnorr signatures on secp256k1) +- Implementing any Nostr Implementation Possibility (NIP) +- Building social networking features on Nostr +- Querying or filtering Nostr events +- Discussing Nostr protocol architecture +- Implementing WebSocket communication with relays + +## Core Concepts + +### The Protocol Foundation + +Nostr operates on two main components: +1. **Clients** - Applications users run to read/write data +2. **Relays** - Servers that store and forward messages + +Key principles: +- Everyone runs a client +- Anyone can run a relay +- Users identified by public keys +- Messages signed with private keys +- No central authority or trusted servers + +### Events Structure + +All data in Nostr is represented as events. An event is a JSON object with this structure: + +```json +{ + "id": "<32-bytes lowercase hex-encoded sha256 of the serialized event data>", + "pubkey": "<32-bytes lowercase hex-encoded public key of the event creator>", + "created_at": "", + "kind": "", + "tags": [ + ["", "", "", "..."] + ], + "content": "", + "sig": "<64-bytes lowercase hex of the schnorr signature of the sha256 hash of the serialized event data>" +} +``` + +### Event Kinds + +Standard event kinds (from various NIPs): +- `0` - Metadata (user profile) +- `1` - Text note (short post) +- `2` - Recommend relay +- `3` - Contacts (following list) +- `4` - Encrypted direct messages +- `5` - Event deletion +- `6` - Repost +- `7` - Reaction (like, emoji reaction) +- `40` - Channel creation +- `41` - Channel metadata +- `42` - Channel message +- `43` - Channel hide message +- `44` - Channel mute user +- `1000-9999` - Regular events +- `10000-19999` - Replaceable events +- `20000-29999` - Ephemeral events +- `30000-39999` - Parameterized replaceable events + +### Tags + +Common tag types: +- `["e", "", "", ""]` - Reference to an event +- `["p", "", ""]` - Reference to a user +- `["a", "::", ""]` - Reference to a replaceable event +- `["d", ""]` - Identifier for parameterized replaceable events +- `["r", ""]` - Reference/link to a web resource +- `["t", ""]` - Hashtag +- `["g", ""]` - Geolocation +- `["nonce", "", ""]` - Proof of work +- `["subject", ""]` - Subject/title +- `["client", ""]` - Client application used + +## Key NIPs Reference + +For detailed specifications, refer to **references/nips-overview.md**. + +### Core Protocol NIPs + +#### NIP-01: Basic Protocol Flow +The foundation of Nostr. Defines: +- Event structure and validation +- Event ID calculation (SHA256 of serialized event) +- Signature verification (schnorr signatures) +- Client-relay communication via WebSocket +- Message types: EVENT, REQ, CLOSE, EOSE, OK, NOTICE + +#### NIP-02: Contact List and Petnames +Event kind `3` for following lists: +- Each `p` tag represents a followed user +- Optional relay URL and petname in tag +- Replaceable event (latest overwrites) + +#### NIP-04: Encrypted Direct Messages +Event kind `4` for private messages: +- Content encrypted with shared secret (ECDH) +- `p` tag for recipient pubkey +- Deprecated in favor of NIP-44 + +#### NIP-05: Mapping Nostr Keys to DNS +Internet identifier format: `name@domain.com` +- `.well-known/nostr.json` endpoint +- Maps names to pubkeys +- Optional relay list + +#### NIP-09: Event Deletion +Event kind `5` to request deletion: +- Contains `e` tags for events to delete +- Relays should delete referenced events +- Only works for own events + +#### NIP-10: Text Note References (Threads) +Conventions for `e` and `p` tags in replies: +- Root event reference +- Reply event reference +- Mentions +- Marker types: "root", "reply", "mention" + +#### NIP-11: Relay Information Document +HTTP endpoint for relay metadata: +- GET request to relay URL +- Returns JSON with relay information +- Supported NIPs, software, limitations + +### Social Features NIPs + +#### NIP-25: Reactions +Event kind `7` for reactions: +- Content usually "+" (like) or emoji +- `e` tag for reacted event +- `p` tag for event author + +#### NIP-42: Authentication +Client authentication to relays: +- AUTH message from relay +- Client responds with event kind `22242` +- Proves key ownership + +#### NIP-50: Search +Query filter extension for full-text search: +- `search` field in REQ filters +- Implementation-defined behavior + +### Advanced NIPs + +#### NIP-19: bech32-encoded Entities +Human-readable identifiers: +- `npub`: public key +- `nsec`: private key (sensitive!) +- `note`: note/event ID +- `nprofile`: profile with relay hints +- `nevent`: event with relay hints +- `naddr`: replaceable event coordinate + +#### NIP-44: Encrypted Payloads +Improved encryption for direct messages: +- Versioned encryption scheme +- Better security than NIP-04 +- ChaCha20-Poly1305 AEAD + +#### NIP-65: Relay List Metadata +Event kind `10002` for relay lists: +- Read/write relay preferences +- Optimizes relay discovery +- Replaceable event + +## Client-Relay Communication + +### WebSocket Messages + +#### From Client to Relay + +**EVENT** - Publish an event: +```json +["EVENT", ] +``` + +**REQ** - Request events (subscription): +```json +["REQ", , , , ...] +``` + +**CLOSE** - Stop a subscription: +```json +["CLOSE", ] +``` + +**AUTH** - Respond to auth challenge: +```json +["AUTH", ] +``` + +#### From Relay to Client + +**EVENT** - Send event to client: +```json +["EVENT", , ] +``` + +**OK** - Acceptance/rejection notice: +```json +["OK", , , ] +``` + +**EOSE** - End of stored events: +```json +["EOSE", ] +``` + +**CLOSED** - Subscription closed: +```json +["CLOSED", , ] +``` + +**NOTICE** - Human-readable message: +```json +["NOTICE", ] +``` + +**AUTH** - Authentication challenge: +```json +["AUTH", ] +``` + +### Filter Objects + +Filters select events in REQ messages: + +```json +{ + "ids": ["", ...], + "authors": ["", ...], + "kinds": [, ...], + "#e": ["", ...], + "#p": ["", ...], + "#a": ["", ...], + "#t": ["", ...], + "since": , + "until": , + "limit": +} +``` + +Filtering rules: +- Arrays are ORed together +- Different fields are ANDed +- Tag filters: `#` matches tag values +- Prefix matching allowed for `ids` and `authors` + +## Cryptographic Operations + +### Key Management + +- **Private Key**: 32-byte random value, keep secure +- **Public Key**: Derived via secp256k1 +- **Encoding**: Hex (lowercase) or bech32 + +### Event Signing (schnorr) + +Steps to create a signed event: +1. Set all fields except `id` and `sig` +2. Serialize event data to JSON (specific order) +3. Calculate SHA256 hash → `id` +4. Sign `id` with schnorr signature → `sig` + +Serialization format for ID calculation: +```json +[ + 0, + , + , + , + , + +] +``` + +### Event Verification + +Steps to verify an event: +1. Verify ID matches SHA256 of serialized data +2. Verify signature is valid schnorr signature +3. Check created_at is reasonable (not far future) +4. Validate event structure and required fields + +## Implementation Best Practices + +### For Clients + +1. **Connect to Multiple Relays**: Don't rely on single relay +2. **Cache Events**: Reduce redundant relay queries +3. **Verify Signatures**: Always verify event signatures +4. **Handle Replaceable Events**: Keep only latest version +5. **Respect User Privacy**: Careful with sensitive data +6. **Implement NIP-65**: Use user's preferred relays +7. **Proper Error Handling**: Handle relay disconnections +8. **Pagination**: Use `limit`, `since`, `until` for queries + +### For Relays + +1. **Validate Events**: Check signatures, IDs, structure +2. **Rate Limiting**: Prevent spam and abuse +3. **Storage Management**: Ephemeral events, retention policies +4. **Implement NIP-11**: Provide relay information +5. **WebSocket Optimization**: Handle many connections +6. **Filter Optimization**: Efficient event querying +7. **Consider NIP-42**: Authentication for write access +8. **Performance**: Index by pubkey, kind, tags, timestamp + +### Security Considerations + +1. **Never Expose Private Keys**: Handle nsec carefully +2. **Validate All Input**: Prevent injection attacks +3. **Use NIP-44**: For encrypted messages (not NIP-04) +4. **Check Event Timestamps**: Reject far-future events +5. **Implement Proof of Work**: NIP-13 for spam prevention +6. **Sanitize Content**: XSS prevention in displayed content +7. **Relay Trust**: Don't trust single relay for critical data + +## Common Patterns + +### Publishing a Note + +```javascript +const event = { + pubkey: userPublicKey, + created_at: Math.floor(Date.now() / 1000), + kind: 1, + tags: [], + content: "Hello Nostr!", +} +// Calculate ID and sign +event.id = calculateId(event) +event.sig = signEvent(event, privateKey) +// Publish to relay +ws.send(JSON.stringify(["EVENT", event])) +``` + +### Subscribing to Notes + +```javascript +const filter = { + kinds: [1], + authors: [followedPubkey1, followedPubkey2], + limit: 50 +} +ws.send(JSON.stringify(["REQ", "my-sub", filter])) +``` + +### Replying to a Note + +```javascript +const reply = { + kind: 1, + tags: [ + ["e", originalEventId, relayUrl, "root"], + ["p", originalAuthorPubkey] + ], + content: "Great post!", + // ... other fields +} +``` + +### Reacting to a Note + +```javascript +const reaction = { + kind: 7, + tags: [ + ["e", eventId], + ["p", eventAuthorPubkey] + ], + content: "+", // or emoji + // ... other fields +} +``` + +## Development Resources + +### Essential NIPs for Beginners + +Start with these NIPs in order: +1. **NIP-01** - Basic protocol (MUST read) +2. **NIP-19** - Bech32 identifiers +3. **NIP-02** - Following lists +4. **NIP-10** - Threaded conversations +5. **NIP-25** - Reactions +6. **NIP-65** - Relay lists + +### Testing and Development + +- **Relay Implementations**: nostream, strfry, relay.py +- **Test Relays**: wss://relay.damus.io, wss://nos.lol +- **Libraries**: nostr-tools (JS), rust-nostr (Rust), python-nostr (Python) +- **Development Tools**: NostrDebug, Nostr Army Knife, nostril +- **Reference Clients**: Damus (iOS), Amethyst (Android), Snort (Web) + +### Key Repositories + +- **NIPs Repository**: https://github.com/nostr-protocol/nips +- **Awesome Nostr**: https://github.com/aljazceru/awesome-nostr +- **Nostr Resources**: https://nostr.how + +## Reference Files + +For comprehensive NIP details, see: +- **references/nips-overview.md** - Detailed descriptions of all standard NIPs +- **references/event-kinds.md** - Complete event kinds reference +- **references/common-mistakes.md** - Pitfalls and how to avoid them + +## Quick Checklist + +When implementing Nostr: +- [ ] Events have all required fields (id, pubkey, created_at, kind, tags, content, sig) +- [ ] Event IDs calculated correctly (SHA256 of serialization) +- [ ] Signatures verified (schnorr on secp256k1) +- [ ] WebSocket messages properly formatted +- [ ] Filter queries optimized with appropriate limits +- [ ] Handling replaceable events correctly +- [ ] Connected to multiple relays for redundancy +- [ ] Following relevant NIPs for features implemented +- [ ] Private keys never exposed or transmitted +- [ ] Event timestamps validated + +## Official Resources + +- **NIPs Repository**: https://github.com/nostr-protocol/nips +- **Nostr Website**: https://nostr.com +- **Nostr Documentation**: https://nostr.how +- **NIP Status**: https://nostr-nips.com + diff --git a/.claude/skills/nostr/references/common-mistakes.md b/.claude/skills/nostr/references/common-mistakes.md new file mode 100644 index 00000000..569a1442 --- /dev/null +++ b/.claude/skills/nostr/references/common-mistakes.md @@ -0,0 +1,657 @@ +# Common Nostr Implementation Mistakes and How to Avoid Them + +This document highlights frequent errors made when implementing Nostr clients and relays, along with solutions. + +## Event Creation and Signing + +### Mistake 1: Incorrect Event ID Calculation + +**Problem**: Wrong serialization order or missing fields when calculating SHA256. + +**Correct Serialization**: +```json +[ + 0, // Must be integer 0 + , // Lowercase hex string + , // Unix timestamp integer + , // Integer + , // Array of arrays + // String +] +``` + +**Common errors**: +- Using string "0" instead of integer 0 +- Including `id` or `sig` fields in serialization +- Wrong field order +- Not using compact JSON (no spaces) +- Using uppercase hex + +**Fix**: Serialize exactly as shown, compact JSON, SHA256 the UTF-8 bytes. + +### Mistake 2: Wrong Signature Algorithm + +**Problem**: Using ECDSA instead of Schnorr signatures. + +**Correct**: +- Use Schnorr signatures (BIP-340) +- Curve: secp256k1 +- Sign the 32-byte event ID + +**Libraries**: +- JavaScript: noble-secp256k1 +- Rust: secp256k1 +- Go: btcsuite/btcd/btcec/v2/schnorr +- Python: secp256k1-py + +### Mistake 3: Invalid created_at Timestamps + +**Problem**: Events with far-future timestamps or very old timestamps. + +**Best practices**: +- Use current Unix time: `Math.floor(Date.now() / 1000)` +- Relays often reject if `created_at > now + 15 minutes` +- Don't backdate events to manipulate ordering + +**Fix**: Always use current time when creating events. + +### Mistake 4: Malformed Tags + +**Problem**: Tags that aren't arrays or have wrong structure. + +**Correct format**: +```json +{ + "tags": [ + ["e", "event-id", "relay-url", "marker"], + ["p", "pubkey", "relay-url"], + ["t", "hashtag"] + ] +} +``` + +**Common errors**: +- Using objects instead of arrays: `{"e": "..."}` ❌ +- Missing inner arrays: `["e", "event-id"]` when nested in tags is wrong +- Wrong nesting depth +- Non-string values (except for specific NIPs) + +### Mistake 5: Not Handling Replaceable Events + +**Problem**: Showing multiple versions of replaceable events. + +**Event types**: +- **Replaceable (10000-19999)**: Same author + kind → replace +- **Parameterized Replaceable (30000-39999)**: Same author + kind + d-tag → replace + +**Fix**: +```javascript +// For replaceable events +const key = `${event.pubkey}:${event.kind}` +if (latestEvents[key]?.created_at < event.created_at) { + latestEvents[key] = event +} + +// For parameterized replaceable events +const dTag = event.tags.find(t => t[0] === 'd')?.[1] || '' +const key = `${event.pubkey}:${event.kind}:${dTag}` +if (latestEvents[key]?.created_at < event.created_at) { + latestEvents[key] = event +} +``` + +## WebSocket Communication + +### Mistake 6: Not Handling EOSE + +**Problem**: Loading indicators never finish or show wrong state. + +**Solution**: +```javascript +const receivedEvents = new Set() +let eoseReceived = false + +ws.onmessage = (msg) => { + const [type, ...rest] = JSON.parse(msg.data) + + if (type === 'EVENT') { + const [subId, event] = rest + receivedEvents.add(event.id) + displayEvent(event) + } + + if (type === 'EOSE') { + eoseReceived = true + hideLoadingSpinner() + } +} +``` + +### Mistake 7: Not Closing Subscriptions + +**Problem**: Memory leaks and wasted bandwidth from unclosed subscriptions. + +**Fix**: Always send CLOSE when done: +```javascript +ws.send(JSON.stringify(['CLOSE', subId])) +``` + +**Best practices**: +- Close when component unmounts +- Close before opening new subscription with same ID +- Use unique subscription IDs +- Track active subscriptions + +### Mistake 8: Ignoring OK Messages + +**Problem**: Not knowing if events were accepted or rejected. + +**Solution**: +```javascript +ws.onmessage = (msg) => { + const [type, eventId, accepted, message] = JSON.parse(msg.data) + + if (type === 'OK') { + if (!accepted) { + console.error(`Event ${eventId} rejected: ${message}`) + handleRejection(eventId, message) + } + } +} +``` + +**Common rejection reasons**: +- `pow:` - Insufficient proof of work +- `blocked:` - Pubkey or content blocked +- `rate-limited:` - Too many requests +- `invalid:` - Failed validation + +### Mistake 9: Sending Events Before WebSocket Ready + +**Problem**: Events lost because WebSocket not connected. + +**Fix**: +```javascript +const sendWhenReady = (ws, message) => { + if (ws.readyState === WebSocket.OPEN) { + ws.send(message) + } else { + ws.addEventListener('open', () => ws.send(message), { once: true }) + } +} +``` + +### Mistake 10: Not Handling WebSocket Disconnections + +**Problem**: App breaks when relay goes offline. + +**Solution**: Implement reconnection with exponential backoff: +```javascript +let reconnectDelay = 1000 +const maxDelay = 30000 + +const connect = () => { + const ws = new WebSocket(relayUrl) + + ws.onclose = () => { + setTimeout(() => { + reconnectDelay = Math.min(reconnectDelay * 2, maxDelay) + connect() + }, reconnectDelay) + } + + ws.onopen = () => { + reconnectDelay = 1000 // Reset on successful connection + resubscribe() // Re-establish subscriptions + } +} +``` + +## Filter Queries + +### Mistake 11: Overly Broad Filters + +**Problem**: Requesting too many events, overwhelming relay and client. + +**Bad**: +```json +{ + "kinds": [1], + "limit": 10000 +} +``` + +**Good**: +```json +{ + "kinds": [1], + "authors": [""], + "limit": 50, + "since": 1234567890 +} +``` + +**Best practices**: +- Always set reasonable `limit` (50-500) +- Filter by `authors` when possible +- Use `since`/`until` for time ranges +- Be specific with `kinds` +- Multiple smaller queries > one huge query + +### Mistake 12: Not Using Prefix Matching + +**Problem**: Full hex strings in filters unnecessarily. + +**Optimization**: +```json +{ + "ids": ["abc12345"], // 8 chars enough for uniqueness + "authors": ["def67890"] +} +``` + +Relays support prefix matching for `ids` and `authors`. + +### Mistake 13: Duplicate Filter Fields + +**Problem**: Redundant filter conditions. + +**Bad**: +```json +{ + "authors": ["pubkey1", "pubkey1"], + "kinds": [1, 1] +} +``` + +**Good**: +```json +{ + "authors": ["pubkey1"], + "kinds": [1] +} +``` + +Deduplicate filter arrays. + +## Threading and References + +### Mistake 14: Incorrect Thread Structure + +**Problem**: Missing root/reply markers or wrong tag order. + +**Correct reply structure** (NIP-10): +```json +{ + "kind": 1, + "tags": [ + ["e", "", "", "root"], + ["e", "", "", "reply"], + ["p", ""], + ["p", ""] + ] +} +``` + +**Key points**: +- Root event should have "root" marker +- Direct parent should have "reply" marker +- Include `p` tags for all mentioned users +- Relay hints are optional but helpful + +### Mistake 15: Missing p Tags in Replies + +**Problem**: Authors not notified of replies. + +**Fix**: Always add `p` tag for: +- Original author +- Authors mentioned in content +- Authors in the thread chain + +```json +{ + "tags": [ + ["e", "event-id", "", "reply"], + ["p", "original-author"], + ["p", "mentioned-user1"], + ["p", "mentioned-user2"] + ] +} +``` + +### Mistake 16: Not Using Markers + +**Problem**: Ambiguous thread structure. + +**Solution**: Always use markers in `e` tags: +- `root` - Root of thread +- `reply` - Direct parent +- `mention` - Referenced but not replied to + +Without markers, clients must guess thread structure. + +## Relay Management + +### Mistake 17: Relying on Single Relay + +**Problem**: Single point of failure, censorship vulnerability. + +**Solution**: Connect to multiple relays (5-15 common): +```javascript +const relays = [ + 'wss://relay1.com', + 'wss://relay2.com', + 'wss://relay3.com' +] + +const connections = relays.map(url => connect(url)) +``` + +**Best practices**: +- Publish to 3-5 write relays +- Read from 5-10 read relays +- Use NIP-65 for user's preferred relays +- Fall back to NIP-05 relays +- Implement relay rotation on failure + +### Mistake 18: Not Implementing NIP-65 + +**Problem**: Querying wrong relays, missing user's events. + +**Correct flow**: +1. Fetch user's kind `10002` event (relay list) +2. Connect to their read relays to fetch their content +3. Connect to their write relays to send them messages + +```javascript +async function getUserRelays(pubkey) { + // Fetch kind 10002 + const relayList = await fetchEvent({ + kinds: [10002], + authors: [pubkey] + }) + + const readRelays = [] + const writeRelays = [] + + relayList.tags.forEach(([tag, url, mode]) => { + if (tag === 'r') { + if (!mode || mode === 'read') readRelays.push(url) + if (!mode || mode === 'write') writeRelays.push(url) + } + }) + + return { readRelays, writeRelays } +} +``` + +### Mistake 19: Not Respecting Relay Limitations + +**Problem**: Violating relay policies, getting rate limited or banned. + +**Solution**: Fetch and respect NIP-11 relay info: +```javascript +const getRelayInfo = async (relayUrl) => { + const url = relayUrl.replace('wss://', 'https://').replace('ws://', 'http://') + const response = await fetch(url, { + headers: { 'Accept': 'application/nostr+json' } + }) + return response.json() +} + +// Respect limitations +const info = await getRelayInfo(relayUrl) +const maxLimit = info.limitation?.max_limit || 500 +const maxFilters = info.limitation?.max_filters || 10 +``` + +## Security + +### Mistake 20: Exposing Private Keys + +**Problem**: Including nsec in client code, logs, or network requests. + +**Never**: +- Store nsec in localStorage without encryption +- Log private keys +- Send nsec over network +- Display nsec to user unless explicitly requested +- Hard-code private keys + +**Best practices**: +- Use NIP-07 (browser extension) when possible +- Encrypt keys at rest +- Use NIP-46 (remote signing) for web apps +- Warn users when showing nsec + +### Mistake 21: Not Verifying Signatures + +**Problem**: Accepting invalid events, vulnerability to attacks. + +**Always verify**: +```javascript +const verifyEvent = (event) => { + // 1. Verify ID + const calculatedId = sha256(serializeEvent(event)) + if (calculatedId !== event.id) return false + + // 2. Verify signature + const signatureValid = schnorr.verify( + event.sig, + event.id, + event.pubkey + ) + if (!signatureValid) return false + + // 3. Check timestamp + const now = Math.floor(Date.now() / 1000) + if (event.created_at > now + 900) return false // 15 min future + + return true +} +``` + +**Verify before**: +- Displaying to user +- Storing in database +- Using event data for logic + +### Mistake 22: Using NIP-04 Encryption + +**Problem**: Weak encryption, vulnerable to attacks. + +**Solution**: Use NIP-44 instead: +- Modern authenticated encryption +- ChaCha20-Poly1305 AEAD +- Proper key derivation +- Version byte for upgradability + +**Migration**: Update to NIP-44 for all new encrypted messages. + +### Mistake 23: Not Sanitizing Content + +**Problem**: XSS vulnerabilities in displayed content. + +**Solution**: Sanitize before rendering: +```javascript +import DOMPurify from 'dompurify' + +const safeContent = DOMPurify.sanitize(event.content, { + ALLOWED_TAGS: ['b', 'i', 'u', 'a', 'code', 'pre'], + ALLOWED_ATTR: ['href', 'target', 'rel'] +}) +``` + +**Especially critical for**: +- Markdown rendering +- Link parsing +- Image URLs +- User-provided HTML + +## User Experience + +### Mistake 24: Not Caching Events + +**Problem**: Re-fetching same events repeatedly, poor performance. + +**Solution**: Implement event cache: +```javascript +const eventCache = new Map() + +const cacheEvent = (event) => { + eventCache.set(event.id, event) +} + +const getCachedEvent = (eventId) => { + return eventCache.get(eventId) +} +``` + +**Cache strategies**: +- LRU eviction for memory management +- IndexedDB for persistence +- Invalidate replaceable events on update +- Cache metadata (kind 0) aggressively + +### Mistake 25: Not Implementing Optimistic UI + +**Problem**: Slow feeling app, waiting for relay confirmation. + +**Solution**: Show user's events immediately: +```javascript +const publishEvent = async (event) => { + // Immediately show to user + displayEvent(event, { pending: true }) + + // Publish to relays + const results = await Promise.all( + relays.map(relay => relay.publish(event)) + ) + + // Update status based on results + const success = results.some(r => r.accepted) + displayEvent(event, { pending: false, success }) +} +``` + +### Mistake 26: Poor Loading States + +**Problem**: User doesn't know if app is working. + +**Solution**: Clear loading indicators: +- Show spinner until EOSE +- Display "Loading..." placeholder +- Show how many relays responded +- Indicate connection status per relay + +### Mistake 27: Not Handling Large Threads + +**Problem**: Loading entire thread at once, performance issues. + +**Solution**: Implement pagination: +```javascript +const loadThread = async (eventId, cursor = null) => { + const filter = { + "#e": [eventId], + kinds: [1], + limit: 20, + until: cursor + } + + const replies = await fetchEvents(filter) + return { replies, nextCursor: replies[replies.length - 1]?.created_at } +} +``` + +## Testing + +### Mistake 28: Not Testing with Multiple Relays + +**Problem**: App works with one relay but fails with others. + +**Solution**: Test with: +- Fast relays +- Slow relays +- Unreliable relays +- Paid relays (auth required) +- Relays with different NIP support + +### Mistake 29: Not Testing Edge Cases + +**Critical tests**: +- Empty filter results +- WebSocket disconnections +- Malformed events +- Very long content +- Invalid signatures +- Relay errors +- Rate limiting +- Concurrent operations + +### Mistake 30: Not Monitoring Performance + +**Metrics to track**: +- Event verification time +- WebSocket latency per relay +- Events per second processed +- Memory usage (event cache) +- Subscription count +- Failed publishes + +## Best Practices Checklist + +**Event Creation**: +- [ ] Correct serialization for ID +- [ ] Schnorr signatures +- [ ] Current timestamp +- [ ] Valid tag structure +- [ ] Handle replaceable events + +**WebSocket**: +- [ ] Handle EOSE +- [ ] Close subscriptions +- [ ] Process OK messages +- [ ] Check WebSocket state +- [ ] Reconnection logic + +**Filters**: +- [ ] Set reasonable limits +- [ ] Specific queries +- [ ] Deduplicate arrays +- [ ] Use prefix matching + +**Threading**: +- [ ] Use root/reply markers +- [ ] Include all p tags +- [ ] Proper thread structure + +**Relays**: +- [ ] Multiple relays +- [ ] Implement NIP-65 +- [ ] Respect limitations +- [ ] Handle failures + +**Security**: +- [ ] Never expose nsec +- [ ] Verify all signatures +- [ ] Use NIP-44 encryption +- [ ] Sanitize content + +**UX**: +- [ ] Cache events +- [ ] Optimistic UI +- [ ] Loading states +- [ ] Pagination + +**Testing**: +- [ ] Multiple relays +- [ ] Edge cases +- [ ] Monitor performance + +## Resources + +- **nostr-tools**: JavaScript library with best practices +- **rust-nostr**: Rust implementation with strong typing +- **NIPs Repository**: Official specifications +- **Nostr Dev**: Community resources and help + diff --git a/.claude/skills/nostr/references/event-kinds.md b/.claude/skills/nostr/references/event-kinds.md new file mode 100644 index 00000000..8b587dab --- /dev/null +++ b/.claude/skills/nostr/references/event-kinds.md @@ -0,0 +1,361 @@ +# Nostr Event Kinds - Complete Reference + +This document provides a comprehensive list of all standard and commonly-used Nostr event kinds. + +## Standard Event Kinds + +### Core Events (0-999) + +#### Metadata and Profile +- **0**: `Metadata` - User profile information (name, about, picture, etc.) + - Replaceable + - Content: JSON with profile fields + +#### Text Content +- **1**: `Text Note` - Short-form post (like a tweet) + - Regular event (not replaceable) + - Most common event type + +#### Relay Recommendations +- **2**: `Recommend Relay` - Deprecated, use NIP-65 instead + +#### Contact Lists +- **3**: `Contacts` - Following list with optional relay hints + - Replaceable + - Tags: `p` tags for each followed user + +#### Encrypted Messages +- **4**: `Encrypted Direct Message` - Private message (NIP-04, deprecated) + - Regular event + - Use NIP-44 instead for better security + +#### Content Management +- **5**: `Event Deletion` - Request to delete events + - Tags: `e` tags for events to delete + - Only works for own events + +#### Sharing +- **6**: `Repost` - Share another event + - Tags: `e` for reposted event, `p` for original author + - May include original event in content + +#### Reactions +- **7**: `Reaction` - Like, emoji reaction to event + - Content: "+" or emoji + - Tags: `e` for reacted event, `p` for author + +### Channel Events (40-49) + +- **40**: `Channel Creation` - Create a public chat channel +- **41**: `Channel Metadata` - Set channel name, about, picture +- **42**: `Channel Message` - Post message in channel +- **43**: `Channel Hide Message` - Hide a message in channel +- **44**: `Channel Mute User` - Mute a user in channel + +### Regular Events (1000-9999) + +Regular events are never deleted or replaced. All versions are kept. + +- **1000**: `Example regular event` +- **1063**: `File Metadata` (NIP-94) - Metadata for shared files + - Tags: url, MIME type, hash, size, dimensions + +### Replaceable Events (10000-19999) + +Only the latest event of each kind is kept per pubkey. + +- **10000**: `Mute List` - List of muted users/content +- **10001**: `Pin List` - Pinned events +- **10002**: `Relay List Metadata` (NIP-65) - User's preferred relays + - Critical for routing + - Tags: `r` with relay URLs and read/write markers + +### Ephemeral Events (20000-29999) + +Not stored by relays, only forwarded once. + +- **20000**: `Example ephemeral event` +- **21000**: `Typing Indicator` - User is typing +- **22242**: `Client Authentication` (NIP-42) - Auth response to relay + +### Parameterized Replaceable Events (30000-39999) + +Replaced based on `d` tag value. + +#### Lists (30000-30009) +- **30000**: `Categorized People List` - Custom people lists + - `d` tag: list identifier + - `p` tags: people in list + +- **30001**: `Categorized Bookmark List` - Bookmark collections + - `d` tag: list identifier + - `e` or `a` tags: bookmarked items + +- **30008**: `Badge Definition` (NIP-58) - Define a badge/achievement + - `d` tag: badge ID + - Tags: name, description, image + +- **30009**: `Profile Badges` (NIP-58) - Badges displayed on profile + - `d` tag: badge ID + - `e` or `a` tags: badge awards + +#### Long-form Content (30023) +- **30023**: `Long-form Article` (NIP-23) - Blog post, article + - `d` tag: article identifier (slug) + - Tags: title, summary, published_at, image + - Content: Markdown + +#### Application Data (30078) +- **30078**: `Application-specific Data` (NIP-78) + - `d` tag: app-name:data-key + - Content: app-specific data (may be encrypted) + +#### Other Parameterized Replaceables +- **31989**: `Application Handler Information` (NIP-89) + - Declares app can handle certain event kinds + +- **31990**: `Handler Recommendation` (NIP-89) + - User's preferred apps for event kinds + +## Special Event Kinds + +### Authentication & Signing +- **22242**: `Client Authentication` - Prove key ownership to relay +- **24133**: `Nostr Connect` - Remote signer protocol (NIP-46) + +### Lightning & Payments +- **9734**: `Zap Request` (NIP-57) - Request Lightning payment + - Not published to regular relays + - Sent to LNURL provider + +- **9735**: `Zap Receipt` (NIP-57) - Proof of Lightning payment + - Published by LNURL provider + - Proves zap was paid + +- **23194**: `Wallet Request` (NIP-47) - Request wallet operation +- **23195**: `Wallet Response` (NIP-47) - Response to wallet request + +### Content & Annotations +- **1984**: `Reporting` (NIP-56) - Report content/users + - Tags: reason (spam, illegal, etc.) + +- **9802**: `Highlights` (NIP-84) - Highlight text + - Content: highlighted text + - Tags: context, source event + +### Badges & Reputation +- **8**: `Badge Award` (NIP-58) - Award a badge to someone + - Tags: `a` for badge definition, `p` for recipient + +### Generic Events +- **16**: `Generic Repost` (NIP-18) - Repost any event kind + - More flexible than kind 6 + +- **27235**: `HTTP Auth` (NIP-98) - Authenticate HTTP requests + - Tags: URL, method + +## Event Kind Ranges Summary + +| Range | Type | Behavior | Examples | +|-------|------|----------|----------| +| 0-999 | Core | Varies | Metadata, notes, reactions | +| 1000-9999 | Regular | Immutable, all kept | File metadata | +| 10000-19999 | Replaceable | Only latest kept | Mute list, relay list | +| 20000-29999 | Ephemeral | Not stored | Typing, presence | +| 30000-39999 | Parameterized Replaceable | Replaced by `d` tag | Articles, lists, badges | + +## Event Lifecycle + +### Regular Events (1000-9999) +``` +Event A published → Stored +Event A' published → Both A and A' stored +``` + +### Replaceable Events (10000-19999) +``` +Event A published → Stored +Event A' published (same kind, same pubkey) → A deleted, A' stored +``` + +### Parameterized Replaceable Events (30000-39999) +``` +Event A (d="foo") published → Stored +Event B (d="bar") published → Both stored (different d) +Event A' (d="foo") published → A deleted, A' stored (same d) +``` + +### Ephemeral Events (20000-29999) +``` +Event A published → Forwarded to subscribers, NOT stored +``` + +## Common Patterns + +### Metadata (Kind 0) +```json +{ + "kind": 0, + "content": "{\"name\":\"Alice\",\"about\":\"Nostr user\",\"picture\":\"https://...\",\"nip05\":\"alice@example.com\"}", + "tags": [] +} +``` + +### Text Note (Kind 1) +```json +{ + "kind": 1, + "content": "Hello Nostr!", + "tags": [ + ["t", "nostr"], + ["t", "hello"] + ] +} +``` + +### Reply (Kind 1 with thread tags) +```json +{ + "kind": 1, + "content": "Great post!", + "tags": [ + ["e", "", "", "root"], + ["e", "", "", "reply"], + ["p", ""] + ] +} +``` + +### Reaction (Kind 7) +```json +{ + "kind": 7, + "content": "+", + "tags": [ + ["e", ""], + ["p", ""], + ["k", "1"] + ] +} +``` + +### Long-form Article (Kind 30023) +```json +{ + "kind": 30023, + "content": "# My Article\n\nContent here...", + "tags": [ + ["d", "my-article-slug"], + ["title", "My Article"], + ["summary", "This is about..."], + ["published_at", "1234567890"], + ["t", "nostr"], + ["image", "https://..."] + ] +} +``` + +### Relay List (Kind 10002) +```json +{ + "kind": 10002, + "content": "", + "tags": [ + ["r", "wss://relay1.com"], + ["r", "wss://relay2.com", "write"], + ["r", "wss://relay3.com", "read"] + ] +} +``` + +### Zap Request (Kind 9734) +```json +{ + "kind": 9734, + "content": "", + "tags": [ + ["relays", "wss://relay1.com", "wss://relay2.com"], + ["amount", "21000"], + ["lnurl", "lnurl..."], + ["p", ""], + ["e", ""] + ] +} +``` + +### File Metadata (Kind 1063) +```json +{ + "kind": 1063, + "content": "My photo from the trip", + "tags": [ + ["url", "https://cdn.example.com/image.jpg"], + ["m", "image/jpeg"], + ["x", "abc123..."], + ["size", "524288"], + ["dim", "1920x1080"], + ["blurhash", "LEHV6n..."] + ] +} +``` + +### Report (Kind 1984) +```json +{ + "kind": 1984, + "content": "This is spam", + "tags": [ + ["e", "", ""], + ["p", ""], + ["report", "spam"] + ] +} +``` + +## Future Event Kinds + +The event kind space is open-ended. New NIPs may define new event kinds. + +**Guidelines for new event kinds**: +1. Use appropriate range for desired behavior +2. Document in a NIP +3. Implement in at least 2 clients and 1 relay +4. Ensure backwards compatibility +5. Don't overlap with existing kinds + +**Custom event kinds**: +- Applications can use undefined event kinds +- Document behavior for interoperability +- Consider proposing as a NIP if useful broadly + +## Event Kind Selection Guide + +**Choose based on lifecycle needs**: + +- **Regular (1000-9999)**: When you need history + - User posts, comments, reactions + - Payment records, receipts + - Immutable records + +- **Replaceable (10000-19999)**: When you need latest state + - User settings, preferences + - Mute/block lists + - Current status + +- **Ephemeral (20000-29999)**: When you need real-time only + - Typing indicators + - Online presence + - Temporary notifications + +- **Parameterized Replaceable (30000-39999)**: When you need multiple latest states + - Articles (one per slug) + - Product listings (one per product ID) + - Configuration sets (one per setting name) + +## References + +- NIPs Repository: https://github.com/nostr-protocol/nips +- NIP-16: Event Treatment +- NIP-01: Event structure +- Various feature NIPs for specific kinds + diff --git a/.claude/skills/nostr/references/nips-overview.md b/.claude/skills/nostr/references/nips-overview.md new file mode 100644 index 00000000..bcf3e96a --- /dev/null +++ b/.claude/skills/nostr/references/nips-overview.md @@ -0,0 +1,1170 @@ +# Nostr Implementation Possibilities (NIPs) - Complete Overview + +This document provides detailed descriptions of all standard NIPs from the nostr-protocol/nips repository. + +## Core Protocol NIPs + +### NIP-01: Basic Protocol Flow Description + +**Status**: Mandatory for all implementations + +The foundational NIP that defines the entire Nostr protocol. + +#### Events + +Events are the only object type in Nostr. Structure: + +```json +{ + "id": "<32-bytes lowercase hex>", + "pubkey": "<32-bytes lowercase hex>", + "created_at": "", + "kind": "", + "tags": [["", "", ...]], + "content": "", + "sig": "<64-bytes hex>" +} +``` + +**Event ID Calculation**: +1. Serialize to JSON array: `[0, pubkey, created_at, kind, tags, content]` +2. UTF-8 encode +3. Calculate SHA256 hash +4. Result is the event ID + +**Signature**: +- Schnorr signature of the event ID +- Uses secp256k1 curve +- 64-byte hex-encoded + +#### Communication Protocol + +All communication happens over WebSocket. + +**Client Messages**: + +1. `["EVENT", ]` - Publish event +2. `["REQ", , , ...]` - Subscribe +3. `["CLOSE", ]` - Unsubscribe + +**Relay Messages**: + +1. `["EVENT", , ]` - Send event +2. `["OK", , , ]` - Command result +3. `["EOSE", ]` - End of stored events +4. `["CLOSED", , ]` - Forced close +5. `["NOTICE", ]` - Human-readable notice + +#### Filters + +Filter object fields (all optional): +- `ids`: List of event IDs (prefix match) +- `authors`: List of pubkeys (prefix match) +- `kinds`: List of event kinds +- `#`: Tag queries +- `since`: Unix timestamp (events after) +- `until`: Unix timestamp (events before) +- `limit`: Maximum events to return + +A filter matches if ALL conditions are met. Within arrays, conditions are ORed. + +#### Basic Event Kinds + +- `0`: Metadata (user profile) +- `1`: Text note +- `2`: Recommend relay (deprecated) + +### NIP-02: Contact List and Petnames + +**Status**: Widely implemented + +Defines event kind `3` for user contact lists (following lists). + +**Format**: +```json +{ + "kind": 3, + "tags": [ + ["p", "", "", ""] + ], + "content": "" +} +``` + +**Characteristics**: +- Replaceable event (latest version is authoritative) +- Each `p` tag is a followed user +- Relay URL (optional): where to find this user +- Petname (optional): user's chosen name for contact +- Content may contain JSON relay list (deprecated, use NIP-65) + +**Usage**: +- Clients fetch kind 3 to build following list +- Always replace old version with new +- Use for social graph discovery + +### NIP-03: OpenTimestamps Attestations + +**Status**: Optional + +Allows embedding OpenTimestamps proofs in events. + +**Format**: +```json +{ + "tags": [ + ["ots", ""] + ] +} +``` + +Used to prove an event existed at a specific time via Bitcoin blockchain timestamps. + +### NIP-04: Encrypted Direct Messages + +**Status**: Deprecated (use NIP-44) + +Event kind `4` for encrypted private messages. + +**Encryption**: +- ECDH shared secret between sender/receiver +- AES-256-CBC encryption +- Base64 encoded result + +**Format**: +```json +{ + "kind": 4, + "tags": [ + ["p", ""] + ], + "content": "" +} +``` + +**Security Issues**: +- Vulnerable to certain attacks +- No forward secrecy +- Use NIP-44 instead + +### NIP-05: Mapping Nostr Keys to DNS-based Internet Identifiers + +**Status**: Widely implemented + +Allows verification of identity via domain names (like email addresses). + +**Format**: `name@domain.com` + +**Implementation**: + +1. User adds `"nip05": "alice@example.com"` to metadata (kind 0) +2. Domain serves `/.well-known/nostr.json`: + +```json +{ + "names": { + "alice": "" + }, + "relays": { + "": ["wss://relay1.com", "wss://relay2.com"] + } +} +``` + +3. Clients verify by fetching and checking pubkey match + +**Benefits**: +- Human-readable identifiers +- Domain-based verification +- Optional relay hints +- Spam prevention (verified users) + +### NIP-06: Basic Key Derivation from Mnemonic Seed Phrase + +**Status**: Optional + +Derives Nostr keys from BIP39 mnemonic phrases. + +**Derivation Path**: `m/44'/1237'/0'/0/0` +- 1237 is the coin type for Nostr +- Allows HD wallet-style key management + +**Benefits**: +- Backup with 12/24 words +- Multiple accounts from one seed +- Compatible with BIP39 tools + +### NIP-07: window.nostr Capability for Web Browsers + +**Status**: Browser extension standard + +Defines browser API for Nostr key management. + +**API Methods**: + +```javascript +window.nostr.getPublicKey(): Promise +window.nostr.signEvent(event): Promise +window.nostr.getRelays(): Promise<{[url]: {read: boolean, write: boolean}}> +window.nostr.nip04.encrypt(pubkey, plaintext): Promise +window.nostr.nip04.decrypt(pubkey, ciphertext): Promise +``` + +**Usage**: +- Web apps request signatures from extension +- Private keys never leave extension +- User approves each action +- Popular extensions: nos2x, Alby, Flamingo + +### NIP-08: Handling Mentions + +**Status**: Core convention + +Defines how to mention users and events in notes. + +**Format**: +- Add `p` or `e` tags for mentions +- Reference in content with `#[index]` + +```json +{ + "kind": 1, + "tags": [ + ["p", "<pubkey>", "<relay>"], + ["e", "<event-id>", "<relay>"] + ], + "content": "Hello #[0], check out #[1]" +} +``` + +Clients replace `#[0]`, `#[1]` with user-friendly displays. + +### NIP-09: Event Deletion + +**Status**: Widely implemented + +Event kind `5` requests deletion of events. + +**Format**: +```json +{ + "kind": 5, + "tags": [ + ["e", "<event-id-to-delete>"], + ["e", "<another-event-id>"] + ], + "content": "Reason for deletion (optional)" +} +``` + +**Behavior**: +- Only author can delete their events +- Relays SHOULD delete referenced events +- Not guaranteed (relays may ignore) +- Some clients show deletion notice + +### NIP-10: Text Note References (Reply, Threads) + +**Status**: Core threading standard + +Conventions for `e` and `p` tags in threaded conversations. + +**Markers**: +- `root`: The root event of the thread +- `reply`: Direct parent being replied to +- `mention`: Mentioned but not replied to + +**Format**: +```json +{ + "kind": 1, + "tags": [ + ["e", "<root-event-id>", "<relay>", "root"], + ["e", "<parent-event-id>", "<relay>", "reply"], + ["e", "<mentioned-event-id>", "<relay>", "mention"], + ["p", "<author1-pubkey>"], + ["p", "<author2-pubkey>"] + ] +} +``` + +**Best Practices**: +- Always include root marker for thread context +- Include reply marker for direct parent +- Add p tags for all mentioned users +- Maintains thread integrity + +### NIP-11: Relay Information Document + +**Status**: Standard + +HTTP endpoint for relay metadata. + +**Implementation**: +- HTTP GET to relay URL (not WebSocket) +- Accept header: `application/nostr+json` + +**Response Example**: +```json +{ + "name": "Example Relay", + "description": "A Nostr relay", + "pubkey": "<admin-pubkey>", + "contact": "admin@example.com", + "supported_nips": [1, 2, 9, 11, 12, 15, 16, 20, 22], + "software": "git+https://github.com/...", + "version": "1.0.0", + "limitation": { + "max_message_length": 16384, + "max_subscriptions": 20, + "max_filters": 100, + "max_limit": 5000, + "max_subid_length": 100, + "min_prefix": 4, + "max_event_tags": 100, + "max_content_length": 8196, + "min_pow_difficulty": 30, + "auth_required": false, + "payment_required": false + }, + "relay_countries": ["US", "CA"], + "language_tags": ["en", "es"], + "tags": ["adult-content", "no-spam"], + "posting_policy": "https://example.com/policy", + "payments_url": "https://example.com/pay", + "fees": { + "admission": [{"amount": 5000000, "unit": "msats"}], + "subscription": [{"amount": 1000000, "unit": "msats", "period": 2592000}], + "publication": [] + }, + "icon": "https://example.com/icon.png" +} +``` + +**Usage**: +- Clients discover relay capabilities +- Check NIP support before using features +- Display relay info to users +- Respect limitations + +### NIP-12: Generic Tag Queries + +**Status**: Core functionality + +Extends filtering to support any single-letter tag. + +**Syntax**: `#<letter>: [<value>, ...]` + +**Examples**: +```json +{ + "#t": ["bitcoin", "nostr"], + "#p": ["pubkey1", "pubkey2"], + "#e": ["eventid1"] +} +``` + +Matches events with specified tag values. + +### NIP-13: Proof of Work + +**Status**: Spam prevention + +Requires computational work for event publication. + +**Implementation**: +- Add `nonce` tag: `["nonce", "<number>", "<target-difficulty>"]` +- Hash event ID until leading zero bits >= difficulty +- Increment nonce until condition met + +**Example**: +```json +{ + "tags": [ + ["nonce", "12345", "20"] + ], + "id": "00000abcd..." // 20+ leading zero bits +} +``` + +**Difficulty Levels**: +- 0-10: Very easy +- 20: Moderate +- 30+: Difficult +- 40+: Very difficult + +Relays can require minimum PoW for acceptance. + +### NIP-14: Subject Tag + +**Status**: Convenience + +Adds `subject` tag for event titles/subjects. + +**Format**: +```json +{ + "tags": [ + ["subject", "My Post Title"] + ] +} +``` + +Used for long-form content, discussions, emails-style messages. + +### NIP-15: End of Stored Events (EOSE) + +**Status**: Core protocol + +Relay sends `EOSE` after sending all stored events matching a subscription. + +**Format**: `["EOSE", <subscription_id>]` + +**Usage**: +- Clients know when historical events are complete +- Can show "loading" state until EOSE +- New events after EOSE are real-time + +### NIP-16: Event Treatment + +**Status**: Event lifecycle + +Defines three event categories: + +1. **Regular Events** (1000-9999): + - Immutable + - All versions kept + - Examples: notes, reactions + +2. **Replaceable Events** (10000-19999): + - Only latest kept + - Same author + kind → replace + - Examples: metadata, contacts + +3. **Ephemeral Events** (20000-29999): + - Not stored + - Forwarded once + - Examples: typing indicators, presence + +4. **Parameterized Replaceable Events** (30000-39999): + - Replaced based on `d` tag + - Same author + kind + d-tag → replace + - Examples: long-form posts, product listings + +### NIP-18: Reposts + +**Status**: Social feature + +Event kind `6` for reposting/sharing events. + +**Format**: +```json +{ + "kind": 6, + "tags": [ + ["e", "<reposted-event-id>", "<relay>"], + ["p", "<original-author-pubkey>"] + ], + "content": "" // or reposted event JSON +} +``` + +**Generic Repost** (kind 16): +- Can repost any event kind +- Preserves original context + +### NIP-19: bech32-encoded Entities + +**Status**: Widely implemented + +Human-readable encodings for Nostr entities. + +**Formats**: + +1. **npub**: Public key + - `npub1xyz...` + - Safer to share than hex + +2. **nsec**: Private key (SENSITIVE!) + - `nsec1xyz...` + - Never share publicly + +3. **note**: Event ID + - `note1xyz...` + - Links to specific events + +4. **nprofile**: Profile with hints + - Includes pubkey + relay URLs + - Better discovery + +5. **nevent**: Event with hints + - Includes event ID + relay URLs + author + - Reliable event fetching + +6. **naddr**: Replaceable event coordinate + - Includes kind + pubkey + d-tag + relays + - For parameterized replaceable events + +**Usage**: +- Use for sharing/displaying identifiers +- Clients should support all formats +- Always use npub/nsec instead of hex when possible + +### NIP-20: Command Results + +**Status**: Core protocol + +Defines `OK` message format from relays. + +**Format**: `["OK", <event_id>, <accepted>, <message>]` + +**Examples**: +```json +["OK", "abc123...", true, ""] +["OK", "def456...", false, "invalid: signature verification failed"] +["OK", "ghi789...", false, "pow: difficulty too low"] +["OK", "jkl012...", false, "rate-limited: slow down"] +``` + +**Common Rejection Prefixes**: +- `duplicate:` - Event already received +- `pow:` - Insufficient proof of work +- `blocked:` - Pubkey or content blocked +- `rate-limited:` - Too many requests +- `invalid:` - Event validation failed +- `error:` - Server error + +### NIP-21: nostr: URI Scheme + +**Status**: Standard linking + +Defines `nostr:` URI scheme for deep linking. + +**Format**: +- `nostr:npub1...` +- `nostr:note1...` +- `nostr:nevent1...` +- `nostr:nprofile1...` +- `nostr:naddr1...` + +**Usage**: +- Clickable links in web/mobile +- Cross-app navigation +- QR codes + +### NIP-22: Event created_at Limits + +**Status**: Relay policy + +Relays may reject events with timestamps too far in past/future. + +**Recommendations**: +- Reject events created_at > 15 minutes in future +- Reject very old events (relay-specific) +- Prevents timestamp manipulation + +### NIP-23: Long-form Content + +**Status**: Blog/article support + +Event kind `30023` for long-form content (articles, blogs). + +**Format**: +```json +{ + "kind": 30023, + "tags": [ + ["d", "<unique-identifier>"], + ["title", "Article Title"], + ["summary", "Brief description"], + ["published_at", "<unix-timestamp>"], + ["t", "tag1"], ["t", "tag2"], + ["image", "https://..."] + ], + "content": "Markdown content..." +} +``` + +**Characteristics**: +- Parameterized replaceable (by `d` tag) +- Content in Markdown +- Rich metadata +- Can be edited (updates replace) + +### NIP-25: Reactions + +**Status**: Widely implemented + +Event kind `7` for reactions to events (likes, emoji reactions). + +**Format**: +```json +{ + "kind": 7, + "tags": [ + ["e", "<reacted-event-id>"], + ["p", "<event-author-pubkey>"], + ["k", "<reacted-event-kind>"] + ], + "content": "+" // or emoji +} +``` + +**Content Values**: +- `+`: Like/upvote +- `-`: Dislike (discouraged) +- Emoji: 👍, ❤️, 😂, etc. +- Custom reactions + +**Client Display**: +- Count reactions per event +- Group by emoji +- Show who reacted + +### NIP-26: Delegated Event Signing + +**Status**: Advanced delegation + +Allows delegating event signing to another key. + +**Use Cases**: +- Bot accounts posting for user +- Temporary keys for devices +- Service providers posting on behalf + +**Implementation**: +- Delegation token in tags +- Limits by kind, time range +- Original author still verifiable + +### NIP-27: Text Note References + +**Status**: Convenience + +Shortcuts for mentioning entities inline. + +**Format**: +- `nostr:npub1...` → user mention +- `nostr:note1...` → event reference +- `nostr:nevent1...` → event with context + +Clients render as clickable links. + +### NIP-28: Public Chat (Channels) + +**Status**: Channel support + +Event kinds for public chat channels. + +**Event Kinds**: +- `40`: Create channel +- `41`: Set channel metadata +- `42`: Create message +- `43`: Hide message +- `44`: Mute user + +**Channel Creation (kind 40)**: +```json +{ + "kind": 40, + "content": "{\"name\": \"Bitcoin\", \"about\": \"Discussion\", \"picture\": \"url\"}" +} +``` + +**Channel Message (kind 42)**: +```json +{ + "kind": 42, + "tags": [ + ["e", "<channel-id>", "<relay>", "root"] + ], + "content": "Hello channel!" +} +``` + +### NIP-33: Parameterized Replaceable Events + +**Status**: Core feature + +Event kinds 30000-39999 are replaceable by `d` tag. + +**Format**: +```json +{ + "kind": 30000, + "tags": [ + ["d", "<identifier>"] + ] +} +``` + +**Replacement Rule**: +- Same author + kind + d-tag → replace old event +- Different d-tag → separate events +- No d-tag → treated as `d` = "" + +**Coordinate Reference**: +`<kind>:<pubkey>:<d-value>` + +**Use Cases**: +- Product catalogs (each product = d-tag) +- Article revisions (article slug = d-tag) +- Configuration settings (setting name = d-tag) + +### NIP-36: Sensitive Content Warning + +**Status**: Content moderation + +Tags for marking sensitive/NSFW content. + +**Format**: +```json +{ + "tags": [ + ["content-warning", "nudity"], + ["content-warning", "violence"] + ] +} +``` + +Clients can hide/blur until user confirms. + +### NIP-39: External Identities + +**Status**: Identity verification + +Links Nostr identity to external platforms. + +**Format (in kind 0 metadata)**: +```json +{ + "kind": 0, + "content": "{\"identities\": [{\"platform\": \"github\", \"username\": \"alice\", \"proof\": \"url\"}]}" +} +``` + +**Supported Platforms**: +- GitHub +- Twitter +- Mastodon +- Matrix +- Telegram + +### NIP-40: Expiration Timestamp + +**Status**: Ephemeral content + +Tag for auto-expiring events. + +**Format**: +```json +{ + "tags": [ + ["expiration", "<unix-timestamp>"] + ] +} +``` + +Relays should delete event after expiration time. + +### NIP-42: Authentication of Clients to Relays + +**Status**: Access control + +Relays can require client authentication. + +**Flow**: +1. Relay sends: `["AUTH", "<challenge>"]` +2. Client creates kind `22242` event: +```json +{ + "kind": 22242, + "tags": [ + ["relay", "<relay-url>"], + ["challenge", "<challenge-string>"] + ], + "created_at": <now> +} +``` +3. Client sends: `["AUTH", <signed-event>]` +4. Relay verifies signature and challenge + +**Benefits**: +- Spam prevention +- Access control +- Rate limiting per user +- Paid relays + +### NIP-44: Encrypted Payloads (Versioned) + +**Status**: Modern encryption + +Improved encryption replacing NIP-04. + +**Algorithm**: +- ECDH shared secret +- ChaCha20-Poly1305 AEAD +- Version byte for upgradability +- Salt for key derivation + +**Security Improvements**: +- Authenticated encryption +- Better key derivation +- Version support +- Resistance to padding oracle attacks + +**Format**: +``` +<version-byte><encrypted-payload> +``` + +Base64 encode for `content` field. + +### NIP-45: Event Counts + +**Status**: Statistics + +Request for event counts matching filters. + +**Client Request**: +```json +["COUNT", <subscription_id>, <filters>] +``` + +**Relay Response**: +```json +["COUNT", <subscription_id>, {"count": 123, "approximate": false}] +``` + +**Usage**: +- Display follower counts +- Show engagement metrics +- Statistics dashboards + +### NIP-46: Nostr Connect (Remote Signing) + +**Status**: Remote signer protocol + +Protocol for remote key management and signing. + +**Architecture**: +- Signer: Holds private key +- Client: Requests signatures +- Communication via Nostr events + +**Use Cases**: +- Mobile app delegates to desktop signer +- Browser extension as signer +- Hardware wallet integration +- Multi-device key sharing + +### NIP-47: Wallet Connect + +**Status**: Lightning integration + +Protocol for connecting Lightning wallets to Nostr apps. + +**Commands**: +- `pay_invoice` +- `get_balance` +- `get_info` +- `make_invoice` +- `lookup_invoice` + +Enables in-app Lightning payments. + +### NIP-50: Search Capability + +**Status**: Optional + +Full-text search in filter queries. + +**Format**: +```json +{ + "search": "bitcoin nostr" +} +``` + +**Implementation**: +- Relay-specific behavior +- May search content, tags, etc. +- Not standardized ranking + +### NIP-51: Lists + +**Status**: Curation + +Event kinds for various list types. + +**List Kinds**: +- `30000`: Categorized people list +- `30001`: Categorized bookmarks +- `10000`: Mute list +- `10001`: Pin list + +**Format**: +```json +{ + "kind": 30000, + "tags": [ + ["d", "my-list"], + ["p", "<pubkey>", "<relay>", "<petname>"], + ["t", "<category>"] + ] +} +``` + +### NIP-56: Reporting + +**Status**: Moderation + +Event kind `1984` for reporting content. + +**Format**: +```json +{ + "kind": 1984, + "tags": [ + ["e", "<event-id>", "<relay>"], + ["p", "<pubkey>"], + ["report", "spam"] // or "nudity", "profanity", "illegal", "impersonation" + ], + "content": "Additional details" +} +``` + +Used by relays and clients for moderation. + +### NIP-57: Lightning Zaps + +**Status**: Widely implemented + +Protocol for Lightning tips with proof. + +**Flow**: +1. Get user's Lightning address (from metadata) +2. Fetch LNURL data +3. Create zap request (kind `9734`) +4. Pay invoice +5. Relay publishes zap receipt (kind `9735`) + +**Zap Request (kind 9734)**: +```json +{ + "kind": 9734, + "tags": [ + ["p", "<recipient-pubkey>"], + ["amount", "<millisats>"], + ["relays", "relay1", "relay2"], + ["e", "<event-id>"] // if zapping event + ] +} +``` + +**Zap Receipt (kind 9735)**: +Published by LNURL provider, proves payment. + +### NIP-58: Badges + +**Status**: Reputation system + +Award and display badges (achievements, credentials). + +**Event Kinds**: +- `30008`: Badge definition +- `30009`: Profile badges +- `8`: Badge award + +**Badge Definition**: +```json +{ + "kind": 30008, + "tags": [ + ["d", "badge-id"], + ["name", "Badge Name"], + ["description", "What this means"], + ["image", "url"], + ["thumb", "thumbnail-url"] + ] +} +``` + +### NIP-65: Relay List Metadata + +**Status**: Critical for routing + +Event kind `10002` for user's relay preferences. + +**Format**: +```json +{ + "kind": 10002, + "tags": [ + ["r", "wss://relay1.com"], + ["r", "wss://relay2.com", "write"], + ["r", "wss://relay3.com", "read"] + ] +} +``` + +**Usage**: +- Clients discover where to fetch user's events (read) +- Clients know where to send events for user (write) +- Optimizes relay connections +- Reduces bandwidth + +**Best Practice**: +- Always check NIP-65 before querying +- Fall back to NIP-05 relays if no NIP-65 +- Cache relay lists + +### NIP-78: App-Specific Data + +**Status**: Application storage + +Event kind `30078` for arbitrary app data. + +**Format**: +```json +{ + "kind": 30078, + "tags": [ + ["d", "<app-name>:<data-key>"] + ], + "content": "<encrypted-or-public-data>" +} +``` + +**Use Cases**: +- App settings +- Client-specific cache +- User preferences +- Draft posts + +### NIP-84: Highlights + +**Status**: Annotation + +Event kind `9802` for highlighting content. + +**Format**: +```json +{ + "kind": 9802, + "tags": [ + ["e", "<event-id>"], + ["context", "surrounding text..."], + ["a", "<article-coordinate>"] + ], + "content": "highlighted portion" +} +``` + +Like a highlighter pen for web content. + +### NIP-89: Application Handlers + +**Status**: App discovery + +Advertise and discover apps that handle specific event kinds. + +**Format (kind 31989)**: +```json +{ + "kind": 31989, + "tags": [ + ["k", "1"], // handles kind 1 + ["web", "https://app.com/<bech32>"], + ["ios", "app-scheme://<bech32>"], + ["android", "app-package://<bech32>"] + ] +} +``` + +**Kind 31990**: User's preferred handlers + +### NIP-94: File Metadata + +**Status**: File sharing + +Event kind `1063` for file metadata. + +**Format**: +```json +{ + "kind": 1063, + "tags": [ + ["url", "https://..."], + ["m", "image/jpeg"], // MIME type + ["x", "<sha256-hash>"], + ["size", "123456"], + ["dim", "1920x1080"], + ["magnet", "magnet:..."], + ["blurhash", "..."] + ], + "content": "Description" +} +``` + +**Use Cases**: +- Images, videos, audio +- Documents +- Torrents +- IPFS files + +### NIP-96: HTTP File Storage Integration + +**Status**: File hosting + +HTTP API for file uploads/downloads. + +**Endpoints**: +- `GET /.well-known/nostr/nip96.json` - Server info +- `POST /upload` - Upload file +- `DELETE /delete` - Delete file + +**Upload Response**: +Returns kind `1063` event data for the file. + +### NIP-98: HTTP Auth + +**Status**: API authentication + +Use Nostr events for HTTP API auth. + +**Flow**: +1. Create kind `27235` event with: + - `u` tag: API URL + - `method` tag: HTTP method +2. Add `Authorization: Nostr <base64-event>` header +3. Server verifies signature + +**Benefits**: +- No passwords +- Cryptographic authentication +- Works with Nostr keys + +## Summary of Key NIPs by Category + +### Essential (All implementations) +- NIP-01, NIP-02, NIP-10, NIP-19 + +### Social Features +- NIP-25 (reactions), NIP-18 (reposts), NIP-23 (long-form), NIP-28 (channels) + +### Identity & Discovery +- NIP-05 (verification), NIP-39 (external identities), NIP-65 (relay lists) + +### Security & Privacy +- NIP-04 (deprecated encryption), NIP-44 (modern encryption), NIP-42 (auth), NIP-13 (PoW) + +### Lightning Integration +- NIP-47 (wallet connect), NIP-57 (zaps) + +### Content & Moderation +- NIP-56 (reporting), NIP-36 (content warnings), NIP-09 (deletion) + +### Advanced Features +- NIP-33 (parameterized replaceable), NIP-46 (remote signing), NIP-50 (search) + diff --git a/.claude/skills/react/README.md b/.claude/skills/react/README.md new file mode 100644 index 00000000..9144da87 --- /dev/null +++ b/.claude/skills/react/README.md @@ -0,0 +1,119 @@ +# React 19 Skill + +A comprehensive Claude skill for working with React 19, including hooks, components, server components, and modern React architecture. + +## Contents + +### Main Skill File +- **SKILL.md** - Main skill document with React 19 fundamentals, hooks, components, and best practices + +### References +- **hooks-quick-reference.md** - Quick reference for all React hooks with examples +- **server-components.md** - Complete guide to React Server Components and Server Functions +- **performance.md** - Performance optimization strategies and techniques + +### Examples +- **practical-patterns.tsx** - Real-world React patterns and solutions + +## What This Skill Covers + +### Core Topics +- React 19 features and improvements +- All built-in hooks (useState, useEffect, useTransition, useOptimistic, etc.) +- Component patterns and composition +- Server Components and Server Functions +- React Compiler and automatic optimization +- Performance optimization techniques +- Form handling and validation +- Error boundaries and error handling +- Context and global state management +- Code splitting and lazy loading + +### Best Practices +- Component design principles +- State management strategies +- Performance optimization +- Error handling patterns +- TypeScript integration +- Testing considerations +- Accessibility guidelines + +## When to Use This Skill + +Use this skill when: +- Building React 19 applications +- Working with React hooks +- Implementing server components +- Optimizing React performance +- Troubleshooting React-specific issues +- Understanding concurrent features +- Working with forms and user input +- Implementing complex UI patterns + +## Quick Start Examples + +### Basic Component +```typescript +interface ButtonProps { + label: string + onClick: () => void +} + +const Button = ({ label, onClick }: ButtonProps) => { + return <button onClick={onClick}>{label}</button> +} +``` + +### Using Hooks +```typescript +const Counter = () => { + const [count, setCount] = useState(0) + + useEffect(() => { + console.log(`Count is: ${count}`) + }, [count]) + + return ( + <button onClick={() => setCount(c => c + 1)}> + Count: {count} + </button> + ) +} +``` + +### Server Component +```typescript +const Page = async () => { + const data = await fetchData() + return <div>{data}</div> +} +``` + +### Server Function +```typescript +'use server' + +export async function createUser(formData: FormData) { + const name = formData.get('name') + return await db.user.create({ data: { name } }) +} +``` + +## Related Skills + +- **typescript** - TypeScript patterns for React +- **ndk** - Nostr integration with React +- **skill-creator** - Creating reusable component libraries + +## Resources + +- [React Documentation](https://react.dev) +- [React API Reference](https://react.dev/reference/react) +- [React Hooks Reference](https://react.dev/reference/react/hooks) +- [React Server Components](https://react.dev/reference/rsc) +- [React Compiler](https://react.dev/reference/react-compiler) + +## Version + +This skill is based on React 19.2 and includes the latest features and APIs. + diff --git a/.claude/skills/react/SKILL.md b/.claude/skills/react/SKILL.md new file mode 100644 index 00000000..abe826fa --- /dev/null +++ b/.claude/skills/react/SKILL.md @@ -0,0 +1,1026 @@ +--- +name: react +description: This skill should be used when working with React 19, including hooks, components, server components, concurrent features, and React DOM APIs. Provides comprehensive knowledge of React patterns, best practices, and modern React architecture. +--- + +# React 19 Skill + +This skill provides comprehensive knowledge and patterns for working with React 19 effectively in modern applications. + +## When to Use This Skill + +Use this skill when: +- Building React applications with React 19 features +- Working with React hooks and component patterns +- Implementing server components and server functions +- Using concurrent features and transitions +- Optimizing React application performance +- Troubleshooting React-specific issues +- Working with React DOM APIs and client/server rendering +- Using React Compiler features + +## Core Concepts + +### React 19 Overview + +React 19 introduces significant improvements: +- **Server Components** - Components that render on the server +- **Server Functions** - Functions that run on the server from client code +- **Concurrent Features** - Better performance with concurrent rendering +- **React Compiler** - Automatic memoization and optimization +- **Form Actions** - Built-in form handling with useActionState +- **Improved Hooks** - New hooks like useOptimistic, useActionState +- **Better Hydration** - Improved SSR and hydration performance + +### Component Fundamentals + +Use functional components with hooks: + +```typescript +// Functional component with props interface +interface ButtonProps { + label: string + onClick: () => void + variant?: 'primary' | 'secondary' +} + +const Button = ({ label, onClick, variant = 'primary' }: ButtonProps) => { + return ( + <button + onClick={onClick} + className={`btn btn-${variant}`} + > + {label} + </button> + ) +} +``` + +**Key Principles:** +- Use functional components over class components +- Define prop interfaces in TypeScript +- Use destructuring for props +- Provide default values for optional props +- Keep components focused and composable + +## React Hooks Reference + +### State Hooks + +#### useState +Manage local component state: + +```typescript +const [count, setCount] = useState<number>(0) +const [user, setUser] = useState<User | null>(null) + +// Named return variables pattern +const handleIncrement = () => { + setCount(prev => prev + 1) // Functional update +} + +// Update object state immutably +setUser(prev => prev ? { ...prev, name: 'New Name' } : null) +``` + +#### useReducer +Manage complex state with reducer pattern: + +```typescript +type State = { count: number; status: 'idle' | 'loading' } +type Action = + | { type: 'increment' } + | { type: 'decrement' } + | { type: 'setStatus'; status: State['status'] } + +const reducer = (state: State, action: Action): State => { + switch (action.type) { + case 'increment': + return { ...state, count: state.count + 1 } + case 'decrement': + return { ...state, count: state.count - 1 } + case 'setStatus': + return { ...state, status: action.status } + default: + return state + } +} + +const [state, dispatch] = useReducer(reducer, { count: 0, status: 'idle' }) +``` + +#### useActionState +Handle form actions with pending states (React 19): + +```typescript +const [state, formAction, isPending] = useActionState( + async (previousState: FormState, formData: FormData) => { + const name = formData.get('name') as string + + // Server action or async operation + const result = await saveUser({ name }) + + return { success: true, data: result } + }, + { success: false, data: null } +) + +return ( + <form action={formAction}> + <input name="name" /> + <button disabled={isPending}> + {isPending ? 'Saving...' : 'Save'} + </button> + </form> +) +``` + +### Effect Hooks + +#### useEffect +Run side effects after render: + +```typescript +// Named return variables preferred +useEffect(() => { + const controller = new AbortController() + + const fetchData = async () => { + const response = await fetch('/api/data', { + signal: controller.signal + }) + const data = await response.json() + setData(data) + } + + fetchData() + + // Cleanup function + return () => { + controller.abort() + } +}, [dependencies]) // Dependencies array +``` + +**Key Points:** +- Always return cleanup function for subscriptions +- Use dependency array correctly to avoid infinite loops +- Don't forget to handle race conditions with AbortController +- Effects run after paint, not during render + +#### useLayoutEffect +Run effects synchronously after DOM mutations but before paint: + +```typescript +useLayoutEffect(() => { + // Measure DOM nodes + const height = ref.current?.getBoundingClientRect().height + setHeight(height) +}, []) +``` + +Use when you need to: +- Measure DOM layout +- Synchronously re-render before browser paints +- Prevent visual flicker + +#### useInsertionEffect +Insert styles before any DOM reads (for CSS-in-JS libraries): + +```typescript +useInsertionEffect(() => { + const style = document.createElement('style') + style.textContent = '.my-class { color: red; }' + document.head.appendChild(style) + + return () => { + document.head.removeChild(style) + } +}, []) +``` + +### Performance Hooks + +#### useMemo +Memoize expensive calculations: + +```typescript +const expensiveValue = useMemo(() => { + return computeExpensiveValue(a, b) +}, [a, b]) +``` + +**When to use:** +- Expensive calculations that would slow down renders +- Creating stable object references for dependency arrays +- Optimizing child component re-renders + +**When NOT to use:** +- Simple calculations (overhead not worth it) +- Values that change frequently + +#### useCallback +Memoize callback functions: + +```typescript +const handleClick = useCallback(() => { + console.log('Clicked', value) +}, [value]) + +// Pass to child that uses memo +<ChildComponent onClick={handleClick} /> +``` + +**Use when:** +- Passing callbacks to optimized child components +- Function is a dependency in another hook +- Function is used in effect cleanup + +### Ref Hooks + +#### useRef +Store mutable values that don't trigger re-renders: + +```typescript +// DOM reference +const inputRef = useRef<HTMLInputElement>(null) + +useEffect(() => { + inputRef.current?.focus() +}, []) + +// Mutable value storage +const countRef = useRef<number>(0) +countRef.current += 1 // Doesn't trigger re-render +``` + +#### useImperativeHandle +Customize ref handle for parent components: + +```typescript +interface InputHandle { + focus: () => void + clear: () => void +} + +const CustomInput = forwardRef<InputHandle, InputProps>((props, ref) => { + const inputRef = useRef<HTMLInputElement>(null) + + useImperativeHandle(ref, () => ({ + focus: () => { + inputRef.current?.focus() + }, + clear: () => { + if (inputRef.current) { + inputRef.current.value = '' + } + } + })) + + return <input ref={inputRef} {...props} /> +}) +``` + +### Context Hooks + +#### useContext +Access context values: + +```typescript +// Create context +interface ThemeContext { + theme: 'light' | 'dark' + toggleTheme: () => void +} + +const ThemeContext = createContext<ThemeContext | null>(null) + +// Provider +const ThemeProvider = ({ children }: { children: React.ReactNode }) => { + const [theme, setTheme] = useState<'light' | 'dark'>('light') + + const toggleTheme = useCallback(() => { + setTheme(prev => prev === 'light' ? 'dark' : 'light') + }, []) + + return ( + <ThemeContext.Provider value={{ theme, toggleTheme }}> + {children} + </ThemeContext.Provider> + ) +} + +// Consumer +const ThemedButton = () => { + const context = useContext(ThemeContext) + if (!context) throw new Error('useTheme must be used within ThemeProvider') + + const { theme, toggleTheme } = context + + return ( + <button onClick={toggleTheme}> + Current theme: {theme} + </button> + ) +} +``` + +### Transition Hooks + +#### useTransition +Mark state updates as non-urgent: + +```typescript +const [isPending, startTransition] = useTransition() + +const handleTabChange = (newTab: string) => { + startTransition(() => { + setTab(newTab) // Non-urgent update + }) +} + +return ( + <> + <button onClick={() => handleTabChange('profile')}> + Profile + </button> + {isPending && <Spinner />} + <TabContent tab={tab} /> + </> +) +``` + +**Use for:** +- Marking expensive updates as non-urgent +- Keeping UI responsive during state transitions +- Preventing loading states for quick updates + +#### useDeferredValue +Defer re-rendering for non-urgent updates: + +```typescript +const [query, setQuery] = useState('') +const deferredQuery = useDeferredValue(query) + +// Use deferred value for expensive rendering +const results = useMemo(() => { + return searchResults(deferredQuery) +}, [deferredQuery]) + +return ( + <> + <input value={query} onChange={e => setQuery(e.target.value)} /> + <Results data={results} /> + </> +) +``` + +### Optimistic Updates + +#### useOptimistic +Show optimistic state while async operation completes (React 19): + +```typescript +const [optimisticMessages, addOptimisticMessage] = useOptimistic( + messages, + (state, newMessage: string) => [ + ...state, + { id: 'temp', text: newMessage, pending: true } + ] +) + +const handleSend = async (formData: FormData) => { + const message = formData.get('message') as string + + // Show optimistic update immediately + addOptimisticMessage(message) + + // Send to server + await sendMessage(message) +} + +return ( + <> + {optimisticMessages.map(msg => ( + <div key={msg.id} className={msg.pending ? 'opacity-50' : ''}> + {msg.text} + </div> + ))} + <form action={handleSend}> + <input name="message" /> + <button>Send</button> + </form> + </> +) +``` + +### Other Hooks + +#### useId +Generate unique IDs for accessibility: + +```typescript +const id = useId() + +return ( + <> + <label htmlFor={id}>Name:</label> + <input id={id} type="text" /> + </> +) +``` + +#### useSyncExternalStore +Subscribe to external stores: + +```typescript +const subscribe = (callback: () => void) => { + store.subscribe(callback) + return () => store.unsubscribe(callback) +} + +const getSnapshot = () => store.getState() +const getServerSnapshot = () => store.getInitialState() + +const state = useSyncExternalStore( + subscribe, + getSnapshot, + getServerSnapshot +) +``` + +#### useDebugValue +Display custom label in React DevTools: + +```typescript +const useCustomHook = (value: string) => { + useDebugValue(value ? `Active: ${value}` : 'Inactive') + return value +} +``` + +## React Components + +### Fragment +Group elements without extra DOM nodes: + +```typescript +// Short syntax +<> + <ChildA /> + <ChildB /> +</> + +// Full syntax (when you need key prop) +<Fragment key={item.id}> + <dt>{item.term}</dt> + <dd>{item.description}</dd> +</Fragment> +``` + +### Suspense +Show fallback while loading: + +```typescript +<Suspense fallback={<Loading />}> + <AsyncComponent /> +</Suspense> + +// With error boundary +<ErrorBoundary fallback={<Error />}> + <Suspense fallback={<Loading />}> + <AsyncComponent /> + </Suspense> +</ErrorBoundary> +``` + +### StrictMode +Enable additional checks in development: + +```typescript +<StrictMode> + <App /> +</StrictMode> +``` + +**StrictMode checks:** +- Warns about deprecated APIs +- Detects unexpected side effects +- Highlights potential problems +- Double-invokes functions to catch bugs + +### Profiler +Measure rendering performance: + +```typescript +<Profiler id="App" onRender={onRender}> + <App /> +</Profiler> + +const onRender = ( + id: string, + phase: 'mount' | 'update', + actualDuration: number, + baseDuration: number, + startTime: number, + commitTime: number +) => { + console.log(`${id} took ${actualDuration}ms`) +} +``` + +## React APIs + +### memo +Prevent unnecessary re-renders: + +```typescript +const ExpensiveComponent = memo(({ data }: Props) => { + return <div>{data}</div> +}, (prevProps, nextProps) => { + // Return true if props are equal (skip render) + return prevProps.data === nextProps.data +}) +``` + +### lazy +Code-split components: + +```typescript +const Dashboard = lazy(() => import('./Dashboard')) + +<Suspense fallback={<Loading />}> + <Dashboard /> +</Suspense> +``` + +### startTransition +Mark updates as transitions imperatively: + +```typescript +startTransition(() => { + setTab('profile') +}) +``` + +### cache (React Server Components) +Cache function results per request: + +```typescript +const getUser = cache(async (id: string) => { + return await db.user.findUnique({ where: { id } }) +}) +``` + +### use (React 19) +Read context or promises in render: + +```typescript +// Read context +const theme = use(ThemeContext) + +// Read promise (must be wrapped in Suspense) +const data = use(fetchDataPromise) +``` + +## Server Components & Server Functions + +### Server Components + +Components that run only on the server: + +```typescript +// app/page.tsx (Server Component by default) +const Page = async () => { + // Can fetch data directly + const posts = await db.post.findMany() + + return ( + <div> + {posts.map(post => ( + <PostCard key={post.id} post={post} /> + ))} + </div> + ) +} + +export default Page +``` + +**Benefits:** +- Direct database access +- Zero bundle size for server-only code +- Automatic code splitting +- Better performance + +### Server Functions + +Functions that run on server, callable from client: + +```typescript +'use server' + +export async function createPost(formData: FormData) { + const title = formData.get('title') as string + const content = formData.get('content') as string + + const post = await db.post.create({ + data: { title, content } + }) + + revalidatePath('/posts') + return post +} +``` + +**Usage from client:** + +```typescript +'use client' + +import { createPost } from './actions' + +const PostForm = () => { + const [state, formAction] = useActionState(createPost, null) + + return ( + <form action={formAction}> + <input name="title" /> + <textarea name="content" /> + <button>Create</button> + </form> + ) +} +``` + +### Directives + +#### 'use client' +Mark file as client component: + +```typescript +'use client' + +import { useState } from 'react' + +// This component runs on client +export const Counter = () => { + const [count, setCount] = useState(0) + return <button onClick={() => setCount(c => c + 1)}>{count}</button> +} +``` + +#### 'use server' +Mark functions as server functions: + +```typescript +'use server' + +export async function updateUser(userId: string, data: UserData) { + return await db.user.update({ where: { id: userId }, data }) +} +``` + +## React DOM + +### Client APIs + +#### createRoot +Create root for client rendering (React 19): + +```typescript +import { createRoot } from 'react-dom/client' + +const root = createRoot(document.getElementById('root')!) +root.render(<App />) + +// Update root +root.render(<App newProp="value" />) + +// Unmount +root.unmount() +``` + +#### hydrateRoot +Hydrate server-rendered HTML: + +```typescript +import { hydrateRoot } from 'react-dom/client' + +hydrateRoot(document.getElementById('root')!, <App />) +``` + +### Component APIs + +#### createPortal +Render children outside parent DOM hierarchy: + +```typescript +import { createPortal } from 'react-dom' + +const Modal = ({ children }: { children: React.ReactNode }) => { + return createPortal( + <div className="modal">{children}</div>, + document.body + ) +} +``` + +#### flushSync +Force synchronous update: + +```typescript +import { flushSync } from 'react-dom' + +flushSync(() => { + setCount(1) +}) +// DOM is updated synchronously +``` + +### Form Components + +#### <form> with actions + +```typescript +const handleSubmit = async (formData: FormData) => { + 'use server' + const email = formData.get('email') + await saveEmail(email) +} + +<form action={handleSubmit}> + <input name="email" type="email" /> + <button>Subscribe</button> +</form> +``` + +#### useFormStatus + +```typescript +import { useFormStatus } from 'react-dom' + +const SubmitButton = () => { + const { pending } = useFormStatus() + + return ( + <button disabled={pending}> + {pending ? 'Submitting...' : 'Submit'} + </button> + ) +} +``` + +## React Compiler + +### Configuration + +Configure React Compiler in babel or bundler config: + +```javascript +// babel.config.js +module.exports = { + plugins: [ + ['react-compiler', { + compilationMode: 'annotation', // or 'all' + panicThreshold: 'all_errors', + }] + ] +} +``` + +### Directives + +#### "use memo" +Force memoization of component: + +```typescript +'use memo' + +const ExpensiveComponent = ({ data }: Props) => { + const processed = expensiveComputation(data) + return <div>{processed}</div> +} +``` + +#### "use no memo" +Prevent automatic memoization: + +```typescript +'use no memo' + +const SimpleComponent = ({ text }: Props) => { + return <div>{text}</div> +} +``` + +## Best Practices + +### Component Design + +1. **Keep components focused** - Single responsibility principle +2. **Prefer composition** - Build complex UIs from simple components +3. **Extract custom hooks** - Reusable logic in hooks +4. **Named return variables** - Use named returns in functions +5. **Type everything** - Proper TypeScript interfaces for all props + +### Performance + +1. **Use React.memo sparingly** - Only for expensive components +2. **Optimize context** - Split contexts to avoid unnecessary re-renders +3. **Lazy load routes** - Code-split at route boundaries +4. **Use transitions** - Mark non-urgent updates with useTransition +5. **Virtualize lists** - Use libraries like react-window for long lists + +### State Management + +1. **Local state first** - useState for component-specific state +2. **Lift state up** - Only when multiple components need it +3. **Use reducers for complex state** - useReducer for complex logic +4. **Context for global state** - Theme, auth, etc. +5. **External stores** - TanStack Query, Zustand for complex apps + +### Error Handling + +1. **Error boundaries** - Catch rendering errors +2. **Guard clauses** - Early returns for invalid states +3. **Null checks** - Always check for null/undefined +4. **Try-catch in effects** - Handle async errors +5. **User-friendly errors** - Show helpful error messages + +### Testing Considerations + +1. **Testable components** - Pure, predictable components +2. **Test user behavior** - Not implementation details +3. **Mock external dependencies** - APIs, context, etc. +4. **Test error states** - Verify error handling works +5. **Accessibility tests** - Test keyboard navigation, screen readers + +## Common Patterns + +### Compound Components + +```typescript +interface TabsProps { + children: React.ReactNode + defaultValue: string +} + +const TabsContext = createContext<{ + value: string + setValue: (v: string) => void +} | null>(null) + +const Tabs = ({ children, defaultValue }: TabsProps) => { + const [value, setValue] = useState(defaultValue) + + return ( + <TabsContext.Provider value={{ value, setValue }}> + {children} + </TabsContext.Provider> + ) +} + +const TabsList = ({ children }: { children: React.ReactNode }) => ( + <div role="tablist">{children}</div> +) + +const TabsTrigger = ({ value, children }: { value: string, children: React.ReactNode }) => { + const context = useContext(TabsContext) + if (!context) throw new Error('TabsTrigger must be used within Tabs') + + return ( + <button + role="tab" + aria-selected={context.value === value} + onClick={() => context.setValue(value)} + > + {children} + </button> + ) +} + +const TabsContent = ({ value, children }: { value: string, children: React.ReactNode }) => { + const context = useContext(TabsContext) + if (!context) throw new Error('TabsContent must be used within Tabs') + + if (context.value !== value) return null + + return <div role="tabpanel">{children}</div> +} + +// Usage +<Tabs defaultValue="profile"> + <TabsList> + <TabsTrigger value="profile">Profile</TabsTrigger> + <TabsTrigger value="settings">Settings</TabsTrigger> + </TabsList> + <TabsContent value="profile">Profile content</TabsContent> + <TabsContent value="settings">Settings content</TabsContent> +</Tabs> +``` + +### Render Props + +```typescript +interface DataFetcherProps<T> { + url: string + children: (data: T | null, loading: boolean, error: Error | null) => React.ReactNode +} + +const DataFetcher = <T,>({ url, children }: DataFetcherProps<T>) => { + const [data, setData] = useState<T | null>(null) + const [loading, setLoading] = useState(true) + const [error, setError] = useState<Error | null>(null) + + useEffect(() => { + fetch(url) + .then(res => res.json()) + .then(setData) + .catch(setError) + .finally(() => setLoading(false)) + }, [url]) + + return <>{children(data, loading, error)}</> +} + +// Usage +<DataFetcher<User> url="/api/user"> + {(user, loading, error) => { + if (loading) return <Spinner /> + if (error) return <Error error={error} /> + if (!user) return null + return <UserProfile user={user} /> + }} +</DataFetcher> +``` + +### Custom Hooks Pattern + +```typescript +const useLocalStorage = <T,>(key: string, initialValue: T) => { + const [storedValue, setStoredValue] = useState<T>(() => { + try { + const item = window.localStorage.getItem(key) + return item ? JSON.parse(item) : initialValue + } catch (error) { + console.error(error) + return initialValue + } + }) + + const setValue = useCallback((value: T | ((val: T) => T)) => { + try { + const valueToStore = value instanceof Function ? value(storedValue) : value + setStoredValue(valueToStore) + window.localStorage.setItem(key, JSON.stringify(valueToStore)) + } catch (error) { + console.error(error) + } + }, [key, storedValue]) + + return [storedValue, setValue] as const +} +``` + +## Troubleshooting + +### Common Issues + +#### Infinite Loops +- Check useEffect dependencies +- Ensure state updates don't trigger themselves +- Use functional setState updates + +#### Stale Closures +- Add all used variables to dependency arrays +- Use useCallback for functions in dependencies +- Consider using refs for values that shouldn't trigger re-renders + +#### Performance Issues +- Use React DevTools Profiler +- Check for unnecessary re-renders +- Optimize with memo, useMemo, useCallback +- Consider code splitting + +#### Hydration Mismatches +- Ensure server and client render same HTML +- Avoid using Date.now() or random values during render +- Use useEffect for browser-only code +- Check for conditional rendering based on browser APIs + +## References + +- **React Documentation**: https://react.dev +- **React API Reference**: https://react.dev/reference/react +- **React DOM Reference**: https://react.dev/reference/react-dom +- **React Compiler**: https://react.dev/reference/react-compiler +- **Rules of React**: https://react.dev/reference/rules +- **GitHub**: https://github.com/facebook/react + +## Related Skills + +- **typescript** - TypeScript patterns and types for React +- **ndk** - Nostr integration with React hooks +- **skill-creator** - Creating reusable component libraries + diff --git a/.claude/skills/react/examples/practical-patterns.tsx b/.claude/skills/react/examples/practical-patterns.tsx new file mode 100644 index 00000000..2883726f --- /dev/null +++ b/.claude/skills/react/examples/practical-patterns.tsx @@ -0,0 +1,878 @@ +# React Practical Examples + +This file contains real-world examples of React patterns and solutions. + +## Example 1: Custom Hook for Data Fetching + +```typescript +import { useState, useEffect } from 'react' + +interface FetchState<T> { + data: T | null + loading: boolean + error: Error | null +} + +const useFetch = <T,>(url: string) => { + const [state, setState] = useState<FetchState<T>>({ + data: null, + loading: true, + error: null + }) + + useEffect(() => { + let cancelled = false + const controller = new AbortController() + + const fetchData = async () => { + try { + setState(prev => ({ ...prev, loading: true, error: null })) + + const response = await fetch(url, { + signal: controller.signal + }) + + if (!response.ok) { + throw new Error(`HTTP error! status: ${response.status}`) + } + + const data = await response.json() + + if (!cancelled) { + setState({ data, loading: false, error: null }) + } + } catch (error) { + if (!cancelled && error.name !== 'AbortError') { + setState({ + data: null, + loading: false, + error: error as Error + }) + } + } + } + + fetchData() + + return () => { + cancelled = true + controller.abort() + } + }, [url]) + + return state +} + +// Usage +const UserProfile = ({ userId }: { userId: string }) => { + const { data, loading, error } = useFetch<User>(`/api/users/${userId}`) + + if (loading) return <Spinner /> + if (error) return <ErrorMessage error={error} /> + if (!data) return null + + return <UserCard user={data} /> +} +``` + +## Example 2: Form with Validation + +```typescript +import { useState, useCallback } from 'react' +import { z } from 'zod' + +const userSchema = z.object({ + name: z.string().min(2, 'Name must be at least 2 characters'), + email: z.string().email('Invalid email address'), + age: z.number().min(18, 'Must be 18 or older') +}) + +type UserForm = z.infer<typeof userSchema> +type FormErrors = Partial<Record<keyof UserForm, string>> + +const UserForm = () => { + const [formData, setFormData] = useState<UserForm>({ + name: '', + email: '', + age: 0 + }) + const [errors, setErrors] = useState<FormErrors>({}) + const [isSubmitting, setIsSubmitting] = useState(false) + + const handleChange = useCallback(( + field: keyof UserForm, + value: string | number + ) => { + setFormData(prev => ({ ...prev, [field]: value })) + // Clear error when user starts typing + setErrors(prev => ({ ...prev, [field]: undefined })) + }, []) + + const handleSubmit = async (e: React.FormEvent) => { + e.preventDefault() + + // Validate + const result = userSchema.safeParse(formData) + if (!result.success) { + const fieldErrors: FormErrors = {} + result.error.errors.forEach(err => { + const field = err.path[0] as keyof UserForm + fieldErrors[field] = err.message + }) + setErrors(fieldErrors) + return + } + + // Submit + setIsSubmitting(true) + try { + await submitUser(result.data) + // Success handling + } catch (error) { + console.error(error) + } finally { + setIsSubmitting(false) + } + } + + return ( + <form onSubmit={handleSubmit}> + <div> + <label htmlFor="name">Name</label> + <input + id="name" + value={formData.name} + onChange={e => handleChange('name', e.target.value)} + /> + {errors.name && <span className="error">{errors.name}</span>} + </div> + + <div> + <label htmlFor="email">Email</label> + <input + id="email" + type="email" + value={formData.email} + onChange={e => handleChange('email', e.target.value)} + /> + {errors.email && <span className="error">{errors.email}</span>} + </div> + + <div> + <label htmlFor="age">Age</label> + <input + id="age" + type="number" + value={formData.age || ''} + onChange={e => handleChange('age', Number(e.target.value))} + /> + {errors.age && <span className="error">{errors.age}</span>} + </div> + + <button type="submit" disabled={isSubmitting}> + {isSubmitting ? 'Submitting...' : 'Submit'} + </button> + </form> + ) +} +``` + +## Example 3: Modal with Portal + +```typescript +import { createPortal } from 'react-dom' +import { useEffect, useRef, useState } from 'react' + +interface ModalProps { + isOpen: boolean + onClose: () => void + children: React.ReactNode + title?: string +} + +const Modal = ({ isOpen, onClose, children, title }: ModalProps) => { + const modalRef = useRef<HTMLDivElement>(null) + + // Close on Escape key + useEffect(() => { + const handleEscape = (e: KeyboardEvent) => { + if (e.key === 'Escape') onClose() + } + + if (isOpen) { + document.addEventListener('keydown', handleEscape) + // Prevent body scroll + document.body.style.overflow = 'hidden' + } + + return () => { + document.removeEventListener('keydown', handleEscape) + document.body.style.overflow = 'unset' + } + }, [isOpen, onClose]) + + // Close on backdrop click + const handleBackdropClick = (e: React.MouseEvent) => { + if (e.target === modalRef.current) { + onClose() + } + } + + if (!isOpen) return null + + return createPortal( + <div + ref={modalRef} + className="fixed inset-0 bg-black/50 flex items-center justify-center z-50" + onClick={handleBackdropClick} + > + <div className="bg-white rounded-lg p-6 max-w-md w-full mx-4"> + <div className="flex justify-between items-center mb-4"> + {title && <h2 className="text-xl font-bold">{title}</h2>} + <button + onClick={onClose} + className="text-gray-500 hover:text-gray-700" + aria-label="Close modal" + > + ✕ + </button> + </div> + {children} + </div> + </div>, + document.body + ) +} + +// Usage +const App = () => { + const [isOpen, setIsOpen] = useState(false) + + return ( + <> + <button onClick={() => setIsOpen(true)}>Open Modal</button> + <Modal isOpen={isOpen} onClose={() => setIsOpen(false)} title="My Modal"> + <p>Modal content goes here</p> + <button onClick={() => setIsOpen(false)}>Close</button> + </Modal> + </> + ) +} +``` + +## Example 4: Infinite Scroll + +```typescript +import { useState, useEffect, useRef, useCallback } from 'react' + +interface InfiniteScrollProps<T> { + fetchData: (page: number) => Promise<T[]> + renderItem: (item: T, index: number) => React.ReactNode + loader?: React.ReactNode + endMessage?: React.ReactNode +} + +const InfiniteScroll = <T extends { id: string | number },>({ + fetchData, + renderItem, + loader = <div>Loading...</div>, + endMessage = <div>No more items</div> +}: InfiniteScrollProps<T>) => { + const [items, setItems] = useState<T[]>([]) + const [page, setPage] = useState(1) + const [loading, setLoading] = useState(false) + const [hasMore, setHasMore] = useState(true) + const observerRef = useRef<IntersectionObserver | null>(null) + const loadMoreRef = useRef<HTMLDivElement>(null) + + const loadMore = useCallback(async () => { + if (loading || !hasMore) return + + setLoading(true) + try { + const newItems = await fetchData(page) + + if (newItems.length === 0) { + setHasMore(false) + } else { + setItems(prev => [...prev, ...newItems]) + setPage(prev => prev + 1) + } + } catch (error) { + console.error('Failed to load items:', error) + } finally { + setLoading(false) + } + }, [page, loading, hasMore, fetchData]) + + // Set up intersection observer + useEffect(() => { + observerRef.current = new IntersectionObserver( + entries => { + if (entries[0].isIntersecting) { + loadMore() + } + }, + { threshold: 0.1 } + ) + + const currentRef = loadMoreRef.current + if (currentRef) { + observerRef.current.observe(currentRef) + } + + return () => { + if (observerRef.current && currentRef) { + observerRef.current.unobserve(currentRef) + } + } + }, [loadMore]) + + // Initial load + useEffect(() => { + loadMore() + }, []) + + return ( + <div> + {items.map((item, index) => ( + <div key={item.id}> + {renderItem(item, index)} + </div> + ))} + + <div ref={loadMoreRef}> + {loading && loader} + {!loading && !hasMore && endMessage} + </div> + </div> + ) +} + +// Usage +const PostsList = () => { + const fetchPosts = async (page: number) => { + const response = await fetch(`/api/posts?page=${page}`) + return response.json() + } + + return ( + <InfiniteScroll<Post> + fetchData={fetchPosts} + renderItem={(post) => <PostCard post={post} />} + /> + ) +} +``` + +## Example 5: Dark Mode Toggle + +```typescript +import { createContext, useContext, useState, useEffect } from 'react' + +type Theme = 'light' | 'dark' + +interface ThemeContextType { + theme: Theme + toggleTheme: () => void +} + +const ThemeContext = createContext<ThemeContextType | null>(null) + +export const useTheme = () => { + const context = useContext(ThemeContext) + if (!context) { + throw new Error('useTheme must be used within ThemeProvider') + } + return context +} + +export const ThemeProvider = ({ children }: { children: React.ReactNode }) => { + const [theme, setTheme] = useState<Theme>(() => { + // Check localStorage and system preference + const saved = localStorage.getItem('theme') as Theme | null + if (saved) return saved + + if (window.matchMedia('(prefers-color-scheme: dark)').matches) { + return 'dark' + } + + return 'light' + }) + + useEffect(() => { + // Update DOM and localStorage + const root = document.documentElement + root.classList.remove('light', 'dark') + root.classList.add(theme) + localStorage.setItem('theme', theme) + }, [theme]) + + const toggleTheme = () => { + setTheme(prev => prev === 'light' ? 'dark' : 'light') + } + + return ( + <ThemeContext.Provider value={{ theme, toggleTheme }}> + {children} + </ThemeContext.Provider> + ) +} + +// Usage +const ThemeToggle = () => { + const { theme, toggleTheme } = useTheme() + + return ( + <button onClick={toggleTheme} aria-label="Toggle theme"> + {theme === 'light' ? '🌙' : '☀️'} + </button> + ) +} +``` + +## Example 6: Debounced Search + +```typescript +import { useState, useEffect, useMemo } from 'react' + +const useDebounce = <T,>(value: T, delay: number): T => { + const [debouncedValue, setDebouncedValue] = useState(value) + + useEffect(() => { + const timer = setTimeout(() => { + setDebouncedValue(value) + }, delay) + + return () => { + clearTimeout(timer) + } + }, [value, delay]) + + return debouncedValue +} + +const SearchPage = () => { + const [query, setQuery] = useState('') + const [results, setResults] = useState<Product[]>([]) + const [loading, setLoading] = useState(false) + + const debouncedQuery = useDebounce(query, 500) + + useEffect(() => { + if (!debouncedQuery) { + setResults([]) + return + } + + const searchProducts = async () => { + setLoading(true) + try { + const response = await fetch(`/api/search?q=${debouncedQuery}`) + const data = await response.json() + setResults(data) + } catch (error) { + console.error('Search failed:', error) + } finally { + setLoading(false) + } + } + + searchProducts() + }, [debouncedQuery]) + + return ( + <div> + <input + type="search" + value={query} + onChange={e => setQuery(e.target.value)} + placeholder="Search products..." + /> + + {loading && <Spinner />} + + {!loading && results.length > 0 && ( + <div> + {results.map(product => ( + <ProductCard key={product.id} product={product} /> + ))} + </div> + )} + + {!loading && query && results.length === 0 && ( + <p>No results found for "{query}"</p> + )} + </div> + ) +} +``` + +## Example 7: Tabs Component + +```typescript +import { createContext, useContext, useState, useId } from 'react' + +interface TabsContextType { + activeTab: string + setActiveTab: (id: string) => void + tabsId: string +} + +const TabsContext = createContext<TabsContextType | null>(null) + +const useTabs = () => { + const context = useContext(TabsContext) + if (!context) throw new Error('Tabs compound components must be used within Tabs') + return context +} + +interface TabsProps { + children: React.ReactNode + defaultValue: string + className?: string +} + +const Tabs = ({ children, defaultValue, className }: TabsProps) => { + const [activeTab, setActiveTab] = useState(defaultValue) + const tabsId = useId() + + return ( + <TabsContext.Provider value={{ activeTab, setActiveTab, tabsId }}> + <div className={className}> + {children} + </div> + </TabsContext.Provider> + ) +} + +const TabsList = ({ children, className }: { + children: React.ReactNode + className?: string +}) => ( + <div role="tablist" className={className}> + {children} + </div> +) + +interface TabsTriggerProps { + value: string + children: React.ReactNode + className?: string +} + +const TabsTrigger = ({ value, children, className }: TabsTriggerProps) => { + const { activeTab, setActiveTab, tabsId } = useTabs() + const isActive = activeTab === value + + return ( + <button + role="tab" + id={`${tabsId}-tab-${value}`} + aria-controls={`${tabsId}-panel-${value}`} + aria-selected={isActive} + onClick={() => setActiveTab(value)} + className={`${className} ${isActive ? 'active' : ''}`} + > + {children} + </button> + ) +} + +interface TabsContentProps { + value: string + children: React.ReactNode + className?: string +} + +const TabsContent = ({ value, children, className }: TabsContentProps) => { + const { activeTab, tabsId } = useTabs() + + if (activeTab !== value) return null + + return ( + <div + role="tabpanel" + id={`${tabsId}-panel-${value}`} + aria-labelledby={`${tabsId}-tab-${value}`} + className={className} + > + {children} + </div> + ) +} + +// Export compound component +export { Tabs, TabsList, TabsTrigger, TabsContent } + +// Usage +const App = () => ( + <Tabs defaultValue="profile"> + <TabsList> + <TabsTrigger value="profile">Profile</TabsTrigger> + <TabsTrigger value="settings">Settings</TabsTrigger> + <TabsTrigger value="notifications">Notifications</TabsTrigger> + </TabsList> + + <TabsContent value="profile"> + <h2>Profile Content</h2> + </TabsContent> + + <TabsContent value="settings"> + <h2>Settings Content</h2> + </TabsContent> + + <TabsContent value="notifications"> + <h2>Notifications Content</h2> + </TabsContent> + </Tabs> +) +``` + +## Example 8: Error Boundary + +```typescript +import { Component, ErrorInfo, ReactNode } from 'react' + +interface Props { + children: ReactNode + fallback?: (error: Error, reset: () => void) => ReactNode + onError?: (error: Error, errorInfo: ErrorInfo) => void +} + +interface State { + hasError: boolean + error: Error | null +} + +class ErrorBoundary extends Component<Props, State> { + constructor(props: Props) { + super(props) + this.state = { hasError: false, error: null } + } + + static getDerivedStateFromError(error: Error): State { + return { hasError: true, error } + } + + componentDidCatch(error: Error, errorInfo: ErrorInfo) { + console.error('ErrorBoundary caught:', error, errorInfo) + this.props.onError?.(error, errorInfo) + } + + reset = () => { + this.setState({ hasError: false, error: null }) + } + + render() { + if (this.state.hasError && this.state.error) { + if (this.props.fallback) { + return this.props.fallback(this.state.error, this.reset) + } + + return ( + <div className="error-boundary"> + <h2>Something went wrong</h2> + <details> + <summary>Error details</summary> + <pre>{this.state.error.message}</pre> + </details> + <button onClick={this.reset}>Try again</button> + </div> + ) + } + + return this.props.children + } +} + +// Usage +const App = () => ( + <ErrorBoundary + fallback={(error, reset) => ( + <div> + <h1>Oops! Something went wrong</h1> + <p>{error.message}</p> + <button onClick={reset}>Retry</button> + </div> + )} + onError={(error, errorInfo) => { + // Send to error tracking service + console.error('Error logged:', error, errorInfo) + }} + > + <YourApp /> + </ErrorBoundary> +) +``` + +## Example 9: Custom Hook for Local Storage + +```typescript +import { useState, useEffect, useCallback } from 'react' + +const useLocalStorage = <T,>( + key: string, + initialValue: T +): [T, (value: T | ((val: T) => T)) => void, () => void] => { + // Get initial value from localStorage + const [storedValue, setStoredValue] = useState<T>(() => { + try { + const item = window.localStorage.getItem(key) + return item ? JSON.parse(item) : initialValue + } catch (error) { + console.error(`Error loading ${key} from localStorage:`, error) + return initialValue + } + }) + + // Update localStorage when value changes + const setValue = useCallback((value: T | ((val: T) => T)) => { + try { + const valueToStore = value instanceof Function ? value(storedValue) : value + setStoredValue(valueToStore) + window.localStorage.setItem(key, JSON.stringify(valueToStore)) + + // Dispatch storage event for other tabs + window.dispatchEvent(new Event('storage')) + } catch (error) { + console.error(`Error saving ${key} to localStorage:`, error) + } + }, [key, storedValue]) + + // Remove from localStorage + const removeValue = useCallback(() => { + try { + window.localStorage.removeItem(key) + setStoredValue(initialValue) + } catch (error) { + console.error(`Error removing ${key} from localStorage:`, error) + } + }, [key, initialValue]) + + // Listen for changes in other tabs + useEffect(() => { + const handleStorageChange = (e: StorageEvent) => { + if (e.key === key && e.newValue) { + setStoredValue(JSON.parse(e.newValue)) + } + } + + window.addEventListener('storage', handleStorageChange) + return () => window.removeEventListener('storage', handleStorageChange) + }, [key]) + + return [storedValue, setValue, removeValue] +} + +// Usage +const UserPreferences = () => { + const [preferences, setPreferences, clearPreferences] = useLocalStorage('user-prefs', { + theme: 'light', + language: 'en', + notifications: true + }) + + return ( + <div> + <label> + <input + type="checkbox" + checked={preferences.notifications} + onChange={e => setPreferences({ + ...preferences, + notifications: e.target.checked + })} + /> + Enable notifications + </label> + + <button onClick={clearPreferences}> + Reset to defaults + </button> + </div> + ) +} +``` + +## Example 10: Optimistic Updates with useOptimistic + +```typescript +'use client' + +import { useOptimistic } from 'react' +import { likePost, unlikePost } from './actions' + +interface Post { + id: string + content: string + likes: number + isLiked: boolean +} + +const PostCard = ({ post }: { post: Post }) => { + const [optimisticPost, addOptimistic] = useOptimistic( + post, + (currentPost, update: Partial<Post>) => ({ + ...currentPost, + ...update + }) + ) + + const handleLike = async () => { + // Optimistically update UI + addOptimistic({ + likes: optimisticPost.likes + 1, + isLiked: true + }) + + try { + // Send server request + await likePost(post.id) + } catch (error) { + // Server will send correct state via revalidation + console.error('Failed to like post:', error) + } + } + + const handleUnlike = async () => { + addOptimistic({ + likes: optimisticPost.likes - 1, + isLiked: false + }) + + try { + await unlikePost(post.id) + } catch (error) { + console.error('Failed to unlike post:', error) + } + } + + return ( + <div className="post-card"> + <p>{optimisticPost.content}</p> + <button + onClick={optimisticPost.isLiked ? handleUnlike : handleLike} + className={optimisticPost.isLiked ? 'liked' : ''} + > + ❤️ {optimisticPost.likes} + </button> + </div> + ) +} +``` + +## References + +These examples demonstrate: +- Custom hooks for reusable logic +- Form handling with validation +- Portal usage for modals +- Infinite scroll with Intersection Observer +- Context for global state +- Debouncing for performance +- Compound components pattern +- Error boundaries +- LocalStorage integration +- Optimistic updates (React 19) + diff --git a/.claude/skills/react/references/hooks-quick-reference.md b/.claude/skills/react/references/hooks-quick-reference.md new file mode 100644 index 00000000..26e8f595 --- /dev/null +++ b/.claude/skills/react/references/hooks-quick-reference.md @@ -0,0 +1,291 @@ +# React Hooks Quick Reference + +## State Hooks + +### useState +```typescript +const [state, setState] = useState<Type>(initialValue) +const [count, setCount] = useState(0) + +// Functional update +setCount(prev => prev + 1) + +// Lazy initialization +const [state, setState] = useState(() => expensiveComputation()) +``` + +### useReducer +```typescript +type State = { count: number } +type Action = { type: 'increment' } | { type: 'decrement' } + +const reducer = (state: State, action: Action): State => { + switch (action.type) { + case 'increment': return { count: state.count + 1 } + case 'decrement': return { count: state.count - 1 } + } +} + +const [state, dispatch] = useReducer(reducer, { count: 0 }) +dispatch({ type: 'increment' }) +``` + +### useActionState (React 19) +```typescript +const [state, formAction, isPending] = useActionState( + async (previousState, formData: FormData) => { + // Server action + return await processForm(formData) + }, + initialState +) + +<form action={formAction}> + <button disabled={isPending}>Submit</button> +</form> +``` + +## Effect Hooks + +### useEffect +```typescript +useEffect(() => { + // Side effect + const subscription = api.subscribe() + + // Cleanup + return () => subscription.unsubscribe() +}, [dependencies]) +``` + +**Timing**: After render & paint +**Use for**: Data fetching, subscriptions, DOM mutations + +### useLayoutEffect +```typescript +useLayoutEffect(() => { + // Runs before paint + const height = ref.current.offsetHeight + setHeight(height) +}, []) +``` + +**Timing**: After render, before paint +**Use for**: DOM measurements, preventing flicker + +### useInsertionEffect +```typescript +useInsertionEffect(() => { + // Insert styles before any DOM reads + const style = document.createElement('style') + style.textContent = css + document.head.appendChild(style) + return () => document.head.removeChild(style) +}, [css]) +``` + +**Timing**: Before any DOM mutations +**Use for**: CSS-in-JS libraries + +## Performance Hooks + +### useMemo +```typescript +const memoizedValue = useMemo(() => { + return expensiveComputation(a, b) +}, [a, b]) +``` + +**Use for**: Expensive calculations, stable object references + +### useCallback +```typescript +const memoizedCallback = useCallback(() => { + doSomething(a, b) +}, [a, b]) +``` + +**Use for**: Passing callbacks to optimized components + +## Ref Hooks + +### useRef +```typescript +// DOM reference +const ref = useRef<HTMLDivElement>(null) +ref.current?.focus() + +// Mutable value (doesn't trigger re-render) +const countRef = useRef(0) +countRef.current += 1 +``` + +### useImperativeHandle +```typescript +useImperativeHandle(ref, () => ({ + focus: () => inputRef.current?.focus(), + clear: () => inputRef.current && (inputRef.current.value = '') +}), []) +``` + +## Context Hook + +### useContext +```typescript +const value = useContext(MyContext) +``` + +Must be used within a Provider. + +## Transition Hooks + +### useTransition +```typescript +const [isPending, startTransition] = useTransition() + +startTransition(() => { + setState(newValue) // Non-urgent update +}) +``` + +### useDeferredValue +```typescript +const [input, setInput] = useState('') +const deferredInput = useDeferredValue(input) + +// Use deferredInput for expensive operations +const results = useMemo(() => search(deferredInput), [deferredInput]) +``` + +## Optimistic Updates (React 19) + +### useOptimistic +```typescript +const [optimisticState, addOptimistic] = useOptimistic( + actualState, + (currentState, optimisticValue) => { + return [...currentState, optimisticValue] + } +) +``` + +## Other Hooks + +### useId +```typescript +const id = useId() +<label htmlFor={id}>Name</label> +<input id={id} /> +``` + +### useSyncExternalStore +```typescript +const state = useSyncExternalStore( + subscribe, + getSnapshot, + getServerSnapshot +) +``` + +### useDebugValue +```typescript +useDebugValue(isOnline ? 'Online' : 'Offline') +``` + +### use (React 19) +```typescript +// Read context or promise +const value = use(MyContext) +const data = use(fetchPromise) // Must be in Suspense +``` + +## Form Hooks (React DOM) + +### useFormStatus +```typescript +import { useFormStatus } from 'react-dom' + +const { pending, data, method, action } = useFormStatus() +``` + +## Hook Rules + +1. **Only call at top level** - Not in loops, conditions, or nested functions +2. **Only call from React functions** - Components or custom hooks +3. **Custom hooks start with "use"** - Naming convention +4. **Same hooks in same order** - Every render must call same hooks + +## Dependencies Best Practices + +1. **Include all used values** - Variables, props, state from component scope +2. **Use ESLint plugin** - `eslint-plugin-react-hooks` enforces rules +3. **Functions as dependencies** - Wrap with useCallback or define outside component +4. **Object/array dependencies** - Use useMemo for stable references + +## Common Patterns + +### Fetching Data +```typescript +const [data, setData] = useState(null) +const [loading, setLoading] = useState(true) +const [error, setError] = useState(null) + +useEffect(() => { + const controller = new AbortController() + + fetch('/api/data', { signal: controller.signal }) + .then(res => res.json()) + .then(setData) + .catch(setError) + .finally(() => setLoading(false)) + + return () => controller.abort() +}, []) +``` + +### Debouncing +```typescript +const [value, setValue] = useState('') +const [debouncedValue, setDebouncedValue] = useState(value) + +useEffect(() => { + const timer = setTimeout(() => { + setDebouncedValue(value) + }, 500) + + return () => clearTimeout(timer) +}, [value]) +``` + +### Previous Value +```typescript +const usePrevious = <T,>(value: T): T | undefined => { + const ref = useRef<T>() + useEffect(() => { + ref.current = value + }) + return ref.current +} +``` + +### Interval +```typescript +useEffect(() => { + const id = setInterval(() => { + setCount(c => c + 1) + }, 1000) + + return () => clearInterval(id) +}, []) +``` + +### Event Listeners +```typescript +useEffect(() => { + const handleResize = () => setWidth(window.innerWidth) + + window.addEventListener('resize', handleResize) + return () => window.removeEventListener('resize', handleResize) +}, []) +``` + diff --git a/.claude/skills/react/references/performance.md b/.claude/skills/react/references/performance.md new file mode 100644 index 00000000..87c3ba99 --- /dev/null +++ b/.claude/skills/react/references/performance.md @@ -0,0 +1,658 @@ +# React Performance Optimization Guide + +## Overview + +This guide covers performance optimization strategies for React 19 applications. + +## Measurement & Profiling + +### React DevTools Profiler + +Record performance data: +1. Open React DevTools +2. Go to Profiler tab +3. Click record button +4. Interact with app +5. Stop recording +6. Analyze flame graph and ranked chart + +### Profiler Component + +```typescript +import { Profiler } from 'react' + +const App = () => { + const onRender = ( + id: string, + phase: 'mount' | 'update', + actualDuration: number, + baseDuration: number, + startTime: number, + commitTime: number + ) => { + console.log({ + component: id, + phase, + actualDuration, // Time spent rendering this update + baseDuration // Estimated time without memoization + }) + } + + return ( + <Profiler id="App" onRender={onRender}> + <YourApp /> + </Profiler> + ) +} +``` + +### Performance Metrics + +```typescript +// Custom performance tracking +const startTime = performance.now() +// ... do work +const endTime = performance.now() +console.log(`Operation took ${endTime - startTime}ms`) + +// React rendering metrics +import { unstable_trace as trace } from 'react' + +trace('expensive-operation', async () => { + await performExpensiveOperation() +}) +``` + +## Memoization Strategies + +### React.memo + +Prevent unnecessary re-renders: + +```typescript +// Basic memoization +const ExpensiveComponent = memo(({ data }: Props) => { + return <div>{processData(data)}</div> +}) + +// Custom comparison +const MemoizedComponent = memo( + ({ user }: Props) => <UserCard user={user} />, + (prevProps, nextProps) => { + // Return true if props are equal (skip render) + return prevProps.user.id === nextProps.user.id + } +) +``` + +**When to use:** +- Component renders often with same props +- Rendering is expensive +- Component receives complex prop objects + +**When NOT to use:** +- Props change frequently +- Component is already fast +- Premature optimization + +### useMemo + +Memoize computed values: + +```typescript +const SortedList = ({ items, filter }: Props) => { + // Without memoization - runs every render + const filteredItems = items.filter(item => item.type === filter) + const sortedItems = filteredItems.sort((a, b) => a.name.localeCompare(b.name)) + + // With memoization - only runs when dependencies change + const sortedFilteredItems = useMemo(() => { + const filtered = items.filter(item => item.type === filter) + return filtered.sort((a, b) => a.name.localeCompare(b.name)) + }, [items, filter]) + + return ( + <ul> + {sortedFilteredItems.map(item => ( + <li key={item.id}>{item.name}</li> + ))} + </ul> + ) +} +``` + +**When to use:** +- Expensive calculations (sorting, filtering large arrays) +- Creating stable object references +- Computed values used as dependencies + +### useCallback + +Memoize callback functions: + +```typescript +const Parent = () => { + const [count, setCount] = useState(0) + + // Without useCallback - new function every render + const handleClick = () => { + setCount(c => c + 1) + } + + // With useCallback - stable function reference + const handleClickMemo = useCallback(() => { + setCount(c => c + 1) + }, []) + + return <MemoizedChild onClick={handleClickMemo} /> +} + +const MemoizedChild = memo(({ onClick }: Props) => { + return <button onClick={onClick}>Click</button> +}) +``` + +**When to use:** +- Passing callbacks to memoized components +- Callback is used in dependency array +- Callback is expensive to create + +## React Compiler (Automatic Optimization) + +### Enable React Compiler + +React 19 can automatically optimize without manual memoization: + +```javascript +// babel.config.js +module.exports = { + plugins: [ + ['react-compiler', { + compilationMode: 'all', // Optimize all components + }] + ] +} +``` + +### Compilation Modes + +```javascript +{ + compilationMode: 'annotation', // Only components with "use memo" + compilationMode: 'all', // All components (recommended) + compilationMode: 'infer' // Based on component complexity +} +``` + +### Directives + +```typescript +// Force memoization +'use memo' +const Component = ({ data }: Props) => { + return <div>{data}</div> +} + +// Prevent memoization +'use no memo' +const SimpleComponent = ({ text }: Props) => { + return <span>{text}</span> +} +``` + +## State Management Optimization + +### State Colocation + +Keep state as close as possible to where it's used: + +```typescript +// Bad - state too high +const App = () => { + const [showModal, setShowModal] = useState(false) + + return ( + <> + <Header /> + <Content /> + <Modal show={showModal} onClose={() => setShowModal(false)} /> + </> + ) +} + +// Good - state colocated +const App = () => { + return ( + <> + <Header /> + <Content /> + <ModalContainer /> + </> + ) +} + +const ModalContainer = () => { + const [showModal, setShowModal] = useState(false) + + return <Modal show={showModal} onClose={() => setShowModal(false)} /> +} +``` + +### Split Context + +Avoid unnecessary re-renders by splitting context: + +```typescript +// Bad - single context causes all consumers to re-render +const AppContext = createContext({ user, theme, settings }) + +// Good - split into separate contexts +const UserContext = createContext(user) +const ThemeContext = createContext(theme) +const SettingsContext = createContext(settings) +``` + +### Context with useMemo + +```typescript +const ThemeProvider = ({ children }: Props) => { + const [theme, setTheme] = useState('light') + + // Memoize context value to prevent unnecessary re-renders + const value = useMemo(() => ({ + theme, + setTheme + }), [theme]) + + return ( + <ThemeContext.Provider value={value}> + {children} + </ThemeContext.Provider> + ) +} +``` + +## Code Splitting & Lazy Loading + +### React.lazy + +Split components into separate bundles: + +```typescript +import { lazy, Suspense } from 'react' + +// Lazy load components +const Dashboard = lazy(() => import('./Dashboard')) +const Settings = lazy(() => import('./Settings')) +const Profile = lazy(() => import('./Profile')) + +const App = () => { + return ( + <Suspense fallback={<Loading />}> + <Routes> + <Route path="/dashboard" element={<Dashboard />} /> + <Route path="/settings" element={<Settings />} /> + <Route path="/profile" element={<Profile />} /> + </Routes> + </Suspense> + ) +} +``` + +### Route-based Splitting + +```typescript +// App.tsx +const routes = [ + { path: '/', component: lazy(() => import('./pages/Home')) }, + { path: '/about', component: lazy(() => import('./pages/About')) }, + { path: '/products', component: lazy(() => import('./pages/Products')) }, +] + +const App = () => ( + <Suspense fallback={<PageLoader />}> + <Routes> + {routes.map(({ path, component: Component }) => ( + <Route key={path} path={path} element={<Component />} /> + ))} + </Routes> + </Suspense> +) +``` + +### Component-based Splitting + +```typescript +// Split expensive components +const HeavyChart = lazy(() => import('./HeavyChart')) + +const Dashboard = () => { + const [showChart, setShowChart] = useState(false) + + return ( + <> + <button onClick={() => setShowChart(true)}> + Load Chart + </button> + {showChart && ( + <Suspense fallback={<ChartSkeleton />}> + <HeavyChart /> + </Suspense> + )} + </> + ) +} +``` + +## List Rendering Optimization + +### Keys + +Always use stable, unique keys: + +```typescript +// Bad - index as key (causes issues on reorder/insert) +{items.map((item, index) => ( + <Item key={index} data={item} /> +))} + +// Good - unique ID as key +{items.map(item => ( + <Item key={item.id} data={item} /> +))} + +// For static lists without IDs +{items.map(item => ( + <Item key={`${item.name}-${item.category}`} data={item} /> +))} +``` + +### Virtualization + +For long lists, render only visible items: + +```typescript +import { useVirtualizer } from '@tanstack/react-virtual' + +const VirtualList = ({ items }: { items: Item[] }) => { + const parentRef = useRef<HTMLDivElement>(null) + + const virtualizer = useVirtualizer({ + count: items.length, + getScrollElement: () => parentRef.current, + estimateSize: () => 50, // Estimated item height + overscan: 5 // Render 5 extra items above/below viewport + }) + + return ( + <div ref={parentRef} style={{ height: '400px', overflow: 'auto' }}> + <div + style={{ + height: `${virtualizer.getTotalSize()}px`, + position: 'relative' + }} + > + {virtualizer.getVirtualItems().map(virtualItem => ( + <div + key={virtualItem.key} + style={{ + position: 'absolute', + top: 0, + left: 0, + width: '100%', + height: `${virtualItem.size}px`, + transform: `translateY(${virtualItem.start}px)` + }} + > + <Item data={items[virtualItem.index]} /> + </div> + ))} + </div> + </div> + ) +} +``` + +### Pagination + +```typescript +const PaginatedList = ({ items }: Props) => { + const [page, setPage] = useState(1) + const itemsPerPage = 20 + + const paginatedItems = useMemo(() => { + const start = (page - 1) * itemsPerPage + const end = start + itemsPerPage + return items.slice(start, end) + }, [items, page, itemsPerPage]) + + return ( + <> + {paginatedItems.map(item => ( + <Item key={item.id} data={item} /> + ))} + <Pagination + page={page} + total={Math.ceil(items.length / itemsPerPage)} + onChange={setPage} + /> + </> + ) +} +``` + +## Transitions & Concurrent Features + +### useTransition + +Keep UI responsive during expensive updates: + +```typescript +const SearchPage = () => { + const [query, setQuery] = useState('') + const [results, setResults] = useState([]) + const [isPending, startTransition] = useTransition() + + const handleSearch = (value: string) => { + setQuery(value) // Urgent - update input immediately + + // Non-urgent - can be interrupted + startTransition(() => { + const filtered = expensiveFilter(items, value) + setResults(filtered) + }) + } + + return ( + <> + <input value={query} onChange={e => handleSearch(e.target.value)} /> + {isPending && <Spinner />} + <ResultsList results={results} /> + </> + ) +} +``` + +### useDeferredValue + +Defer non-urgent renders: + +```typescript +const SearchPage = () => { + const [query, setQuery] = useState('') + const deferredQuery = useDeferredValue(query) + + // Input updates immediately + // Results update with deferred value (can be interrupted) + const results = useMemo(() => { + return expensiveFilter(items, deferredQuery) + }, [deferredQuery]) + + return ( + <> + <input value={query} onChange={e => setQuery(e.target.value)} /> + <ResultsList results={results} /> + </> + ) +} +``` + +## Image & Asset Optimization + +### Lazy Load Images + +```typescript +const LazyImage = ({ src, alt }: Props) => { + const [isLoaded, setIsLoaded] = useState(false) + + return ( + <div className="relative"> + {!isLoaded && <ImageSkeleton />} + <img + src={src} + alt={alt} + loading="lazy" // Native lazy loading + onLoad={() => setIsLoaded(true)} + className={isLoaded ? 'opacity-100' : 'opacity-0'} + /> + </div> + ) +} +``` + +### Next.js Image Component + +```typescript +import Image from 'next/image' + +const OptimizedImage = () => ( + <Image + src="/hero.jpg" + alt="Hero" + width={800} + height={600} + priority // Load immediately for above-fold images + placeholder="blur" + blurDataURL="data:image/jpeg;base64,..." + /> +) +``` + +## Bundle Size Optimization + +### Tree Shaking + +Import only what you need: + +```typescript +// Bad - imports entire library +import _ from 'lodash' + +// Good - import only needed functions +import debounce from 'lodash/debounce' +import throttle from 'lodash/throttle' + +// Even better - use native methods when possible +const debounce = (fn, delay) => { + let timeoutId + return (...args) => { + clearTimeout(timeoutId) + timeoutId = setTimeout(() => fn(...args), delay) + } +} +``` + +### Analyze Bundle + +```bash +# Next.js +ANALYZE=true npm run build + +# Create React App +npm install --save-dev webpack-bundle-analyzer +``` + +### Dynamic Imports + +```typescript +// Load library only when needed +const handleExport = async () => { + const { jsPDF } = await import('jspdf') + const doc = new jsPDF() + doc.save('report.pdf') +} +``` + +## Common Performance Pitfalls + +### 1. Inline Object Creation + +```typescript +// Bad - new object every render +<Component style={{ margin: 10 }} /> + +// Good - stable reference +const style = { margin: 10 } +<Component style={style} /> + +// Or use useMemo +const style = useMemo(() => ({ margin: 10 }), []) +``` + +### 2. Inline Functions + +```typescript +// Bad - new function every render (if child is memoized) +<MemoizedChild onClick={() => handleClick(id)} /> + +// Good +const handleClickMemo = useCallback(() => handleClick(id), [id]) +<MemoizedChild onClick={handleClickMemo} /> +``` + +### 3. Spreading Props + +```typescript +// Bad - causes re-renders even when props unchanged +<Component {...props} /> + +// Good - pass only needed props +<Component value={props.value} onChange={props.onChange} /> +``` + +### 4. Large Context + +```typescript +// Bad - everything re-renders on any state change +const AppContext = createContext({ user, theme, cart, settings, ... }) + +// Good - split into focused contexts +const UserContext = createContext(user) +const ThemeContext = createContext(theme) +const CartContext = createContext(cart) +``` + +## Performance Checklist + +- [ ] Measure before optimizing (use Profiler) +- [ ] Use React DevTools to identify slow components +- [ ] Implement code splitting for large routes +- [ ] Lazy load below-the-fold content +- [ ] Virtualize long lists +- [ ] Memoize expensive calculations +- [ ] Split large contexts +- [ ] Colocate state close to usage +- [ ] Use transitions for non-urgent updates +- [ ] Optimize images and assets +- [ ] Analyze and minimize bundle size +- [ ] Remove console.logs in production +- [ ] Use production build for testing +- [ ] Monitor real-world performance metrics + +## References + +- React Performance: https://react.dev/learn/render-and-commit +- React Profiler: https://react.dev/reference/react/Profiler +- React Compiler: https://react.dev/reference/react-compiler +- Web Vitals: https://web.dev/vitals/ + diff --git a/.claude/skills/react/references/server-components.md b/.claude/skills/react/references/server-components.md new file mode 100644 index 00000000..3db49801 --- /dev/null +++ b/.claude/skills/react/references/server-components.md @@ -0,0 +1,656 @@ +# React Server Components & Server Functions + +## Overview + +React Server Components (RSC) allow components to render on the server, improving performance and enabling direct data access. Server Functions allow client components to call server-side functions. + +## Server Components + +### What are Server Components? + +Components that run **only on the server**: +- Can access databases directly +- Zero bundle size (code stays on server) +- Better performance (less JavaScript to client) +- Automatic code splitting + +### Creating Server Components + +```typescript +// app/products/page.tsx +// Server Component by default in App Router + +import { db } from '@/lib/db' + +const ProductsPage = async () => { + // Direct database access + const products = await db.product.findMany({ + where: { active: true }, + include: { category: true } + }) + + return ( + <div> + <h1>Products</h1> + {products.map(product => ( + <ProductCard key={product.id} product={product} /> + ))} + </div> + ) +} + +export default ProductsPage +``` + +### Server Component Rules + +**Can do:** +- Access databases and APIs directly +- Use server-only modules (fs, path, etc.) +- Keep secrets secure (API keys, tokens) +- Reduce client bundle size +- Use async/await at top level + +**Cannot do:** +- Use hooks (useState, useEffect, etc.) +- Use browser APIs (window, document) +- Attach event handlers (onClick, etc.) +- Use Context + +### Mixing Server and Client Components + +```typescript +// Server Component (default) +const Page = async () => { + const data = await fetchData() + + return ( + <div> + <ServerComponent data={data} /> + {/* Client component for interactivity */} + <ClientComponent initialData={data} /> + </div> + ) +} + +// Client Component +'use client' + +import { useState } from 'react' + +const ClientComponent = ({ initialData }) => { + const [count, setCount] = useState(0) + + return ( + <button onClick={() => setCount(c => c + 1)}> + {count} + </button> + ) +} +``` + +### Server Component Patterns + +#### Data Fetching +```typescript +// app/user/[id]/page.tsx +interface PageProps { + params: { id: string } +} + +const UserPage = async ({ params }: PageProps) => { + const user = await db.user.findUnique({ + where: { id: params.id } + }) + + if (!user) { + notFound() // Next.js 404 + } + + return <UserProfile user={user} /> +} +``` + +#### Parallel Data Fetching +```typescript +const DashboardPage = async () => { + // Fetch in parallel + const [user, orders, stats] = await Promise.all([ + fetchUser(), + fetchOrders(), + fetchStats() + ]) + + return ( + <> + <UserHeader user={user} /> + <OrdersList orders={orders} /> + <StatsWidget stats={stats} /> + </> + ) +} +``` + +#### Streaming with Suspense +```typescript +const Page = () => { + return ( + <> + <Header /> + <Suspense fallback={<ProductsSkeleton />}> + <Products /> + </Suspense> + <Suspense fallback={<ReviewsSkeleton />}> + <Reviews /> + </Suspense> + </> + ) +} + +const Products = async () => { + const products = await fetchProducts() // Slow query + return <ProductsList products={products} /> +} +``` + +## Server Functions (Server Actions) + +### What are Server Functions? + +Functions that run on the server but can be called from client components: +- Marked with `'use server'` directive +- Can mutate data +- Integrated with forms +- Type-safe with TypeScript + +### Creating Server Functions + +#### File-level directive +```typescript +// app/actions.ts +'use server' + +import { db } from '@/lib/db' +import { revalidatePath } from 'next/cache' + +export async function createProduct(formData: FormData) { + const name = formData.get('name') as string + const price = Number(formData.get('price')) + + const product = await db.product.create({ + data: { name, price } + }) + + revalidatePath('/products') + return product +} + +export async function deleteProduct(id: string) { + await db.product.delete({ where: { id } }) + revalidatePath('/products') +} +``` + +#### Function-level directive +```typescript +// Inside a Server Component +const MyComponent = async () => { + async function handleSubmit(formData: FormData) { + 'use server' + const email = formData.get('email') as string + await saveEmail(email) + } + + return <form action={handleSubmit}>...</form> +} +``` + +### Using Server Functions + +#### With Forms +```typescript +'use client' + +import { createProduct } from './actions' + +const ProductForm = () => { + return ( + <form action={createProduct}> + <input name="name" required /> + <input name="price" type="number" required /> + <button type="submit">Create</button> + </form> + ) +} +``` + +#### With useActionState +```typescript +'use client' + +import { useActionState } from 'react' +import { createProduct } from './actions' + +type FormState = { + message: string + success: boolean +} | null + +const ProductForm = () => { + const [state, formAction, isPending] = useActionState<FormState>( + async (previousState, formData: FormData) => { + try { + await createProduct(formData) + return { message: 'Product created!', success: true } + } catch (error) { + return { message: 'Failed to create product', success: false } + } + }, + null + ) + + return ( + <form action={formAction}> + <input name="name" required /> + <input name="price" type="number" required /> + <button disabled={isPending}> + {isPending ? 'Creating...' : 'Create'} + </button> + {state?.message && ( + <p className={state.success ? 'text-green-600' : 'text-red-600'}> + {state.message} + </p> + )} + </form> + ) +} +``` + +#### Programmatic Invocation +```typescript +'use client' + +import { deleteProduct } from './actions' + +const DeleteButton = ({ productId }: { productId: string }) => { + const [isPending, setIsPending] = useState(false) + + const handleDelete = async () => { + setIsPending(true) + try { + await deleteProduct(productId) + } catch (error) { + console.error(error) + } finally { + setIsPending(false) + } + } + + return ( + <button onClick={handleDelete} disabled={isPending}> + {isPending ? 'Deleting...' : 'Delete'} + </button> + ) +} +``` + +### Server Function Patterns + +#### Validation with Zod +```typescript +'use server' + +import { z } from 'zod' + +const ProductSchema = z.object({ + name: z.string().min(3), + price: z.number().positive(), + description: z.string().optional() +}) + +export async function createProduct(formData: FormData) { + const rawData = { + name: formData.get('name'), + price: Number(formData.get('price')), + description: formData.get('description') + } + + // Validate + const result = ProductSchema.safeParse(rawData) + if (!result.success) { + return { + success: false, + errors: result.error.flatten().fieldErrors + } + } + + // Create product + const product = await db.product.create({ + data: result.data + }) + + revalidatePath('/products') + return { success: true, product } +} +``` + +#### Authentication Check +```typescript +'use server' + +import { auth } from '@/lib/auth' +import { redirect } from 'next/navigation' + +export async function createOrder(formData: FormData) { + const session = await auth() + + if (!session?.user) { + redirect('/login') + } + + const order = await db.order.create({ + data: { + userId: session.user.id, + // ... other fields + } + }) + + return order +} +``` + +#### Error Handling +```typescript +'use server' + +export async function updateProfile(formData: FormData) { + try { + const userId = await getCurrentUserId() + + const profile = await db.user.update({ + where: { id: userId }, + data: { + name: formData.get('name') as string, + bio: formData.get('bio') as string + } + }) + + revalidatePath('/profile') + return { success: true, profile } + } catch (error) { + console.error('Failed to update profile:', error) + return { + success: false, + error: 'Failed to update profile. Please try again.' + } + } +} +``` + +#### Optimistic Updates +```typescript +'use client' + +import { useOptimistic } from 'react' +import { likePost } from './actions' + +const Post = ({ post }: { post: Post }) => { + const [optimisticLikes, addOptimisticLike] = useOptimistic( + post.likes, + (currentLikes) => currentLikes + 1 + ) + + const handleLike = async () => { + addOptimisticLike(null) + await likePost(post.id) + } + + return ( + <div> + <p>{post.content}</p> + <button onClick={handleLike}> + ❤️ {optimisticLikes} + </button> + </div> + ) +} +``` + +## Data Mutations & Revalidation + +### revalidatePath +Invalidate cached data for a path: + +```typescript +'use server' + +import { revalidatePath } from 'next/cache' + +export async function createPost(formData: FormData) { + await db.post.create({ data: {...} }) + + // Revalidate the posts page + revalidatePath('/posts') + + // Revalidate with layout + revalidatePath('/posts', 'layout') +} +``` + +### revalidateTag +Invalidate cached data by tag: + +```typescript +'use server' + +import { revalidateTag } from 'next/cache' + +export async function updateProduct(id: string, data: ProductData) { + await db.product.update({ where: { id }, data }) + + // Revalidate all queries tagged with 'products' + revalidateTag('products') +} +``` + +### redirect +Redirect after mutation: + +```typescript +'use server' + +import { redirect } from 'next/navigation' + +export async function createPost(formData: FormData) { + const post = await db.post.create({ data: {...} }) + + // Redirect to the new post + redirect(`/posts/${post.id}`) +} +``` + +## Caching with Server Components + +### cache Function +Deduplicate requests within a render: + +```typescript +import { cache } from 'react' + +export const getUser = cache(async (id: string) => { + return await db.user.findUnique({ where: { id } }) +}) + +// Called multiple times but only fetches once per render +const Page = async () => { + const user1 = await getUser('123') + const user2 = await getUser('123') // Uses cached result + + return <div>...</div> +} +``` + +### Next.js fetch Caching +```typescript +// Cached by default +const data = await fetch('https://api.example.com/data') + +// Revalidate every 60 seconds +const data = await fetch('https://api.example.com/data', { + next: { revalidate: 60 } +}) + +// Never cache +const data = await fetch('https://api.example.com/data', { + cache: 'no-store' +}) + +// Tag for revalidation +const data = await fetch('https://api.example.com/data', { + next: { tags: ['products'] } +}) +``` + +## Best Practices + +### 1. Component Placement +- Keep interactive components client-side +- Use server components for data fetching +- Place 'use client' as deep as possible in tree + +### 2. Data Fetching +- Fetch in parallel when possible +- Use Suspense for streaming +- Cache expensive operations + +### 3. Server Functions +- Validate all inputs +- Check authentication/authorization +- Handle errors gracefully +- Return serializable data only + +### 4. Performance +- Minimize client JavaScript +- Use streaming for slow queries +- Implement proper caching +- Optimize database queries + +### 5. Security +- Never expose secrets to client +- Validate server function inputs +- Use environment variables +- Implement rate limiting + +## Common Patterns + +### Layout with Dynamic Data +```typescript +// app/layout.tsx +const RootLayout = async ({ children }: { children: React.ReactNode }) => { + const user = await getCurrentUser() + + return ( + <html> + <body> + <Header user={user} /> + {children} + <Footer /> + </body> + </html> + ) +} +``` + +### Loading States +```typescript +// app/products/loading.tsx +export default function Loading() { + return <ProductsSkeleton /> +} + +// app/products/page.tsx +const ProductsPage = async () => { + const products = await fetchProducts() + return <ProductsList products={products} /> +} +``` + +### Error Boundaries +```typescript +// app/products/error.tsx +'use client' + +export default function Error({ + error, + reset +}: { + error: Error + reset: () => void +}) { + return ( + <div> + <h2>Something went wrong!</h2> + <p>{error.message}</p> + <button onClick={reset}>Try again</button> + </div> + ) +} +``` + +### Search with Server Functions +```typescript +'use client' + +import { searchProducts } from './actions' +import { useDeferredValue, useState, useEffect } from 'react' + +const SearchPage = () => { + const [query, setQuery] = useState('') + const [results, setResults] = useState([]) + const deferredQuery = useDeferredValue(query) + + useEffect(() => { + if (deferredQuery) { + searchProducts(deferredQuery).then(setResults) + } + }, [deferredQuery]) + + return ( + <> + <input + value={query} + onChange={e => setQuery(e.target.value)} + /> + <ResultsList results={results} /> + </> + ) +} +``` + +## Troubleshooting + +### Common Issues + +1. **"Cannot use hooks in Server Component"** + - Add 'use client' directive + - Move state logic to client component + +2. **"Functions cannot be passed to Client Components"** + - Use Server Functions instead + - Pass data, not functions + +3. **Hydration mismatches** + - Ensure server and client render same HTML + - Use useEffect for browser-only code + +4. **Slow initial load** + - Implement Suspense boundaries + - Use streaming rendering + - Optimize database queries + +## References + +- React Server Components: https://react.dev/reference/rsc/server-components +- Server Functions: https://react.dev/reference/rsc/server-functions +- Next.js App Router: https://nextjs.org/docs/app + diff --git a/.claude/skills/secp256k1.md b/.claude/skills/secp256k1.md new file mode 100644 index 00000000..aaae3231 --- /dev/null +++ b/.claude/skills/secp256k1.md @@ -0,0 +1,388 @@ +# secp256k1 High-Performance Scalar Multiplication + +This skill provides detailed documentation of libsecp256k1's optimization techniques for elliptic curve scalar multiplication, enabling accurate replication in other languages. + +## Overview + +libsecp256k1 achieves exceptional performance through several combined techniques: +1. **GLV Endomorphism** - Halves scalar size from 256-bit to 128-bit +2. **wNAF Representation** - Sparse signed-digit encoding reducing additions +3. **Strauss-Shamir Trick** - Simultaneous multi-scalar multiplication +4. **Precomputed Tables** - Trading memory for computation +5. **Jacobian Coordinates with Z-ratio tracking** - Minimizing field inversions + +## GLV Endomorphism (The Key Speedup) + +### Mathematical Foundation + +secp256k1 has a special property: `y² = x³ + 7` with `p ≡ 1 mod 3`, meaning cube roots of unity exist. + +**Beta (β)** is a cube root of unity in the field: `β³ = 1 mod p` +``` +β = 0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee +``` + +**Lambda (λ)** is a cube root of unity in the scalar field: `λ³ = 1 mod n` +``` +λ = 0x5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72 +``` + +### The Endomorphism + +For any point `P = (x, y)` on secp256k1: +``` +λ·P = (β·x, y) +``` + +This works because if `(x, y)` is on the curve: +- `y² = x³ + 7` +- Then for `(β·x, y)`: `y² = (β·x)³ + 7 = β³·x³ + 7 = x³ + 7` ✓ + +**The multiplication by λ costs only ONE field multiplication** (multiply x by β), not ~256 point additions. + +### Scalar Decomposition + +Any scalar `k` can be decomposed as: `k = k₁ + k₂·λ mod n` + +Where `k₁` and `k₂` are both ~128 bits (half the original size). + +**Algorithm from `scalar_impl.h:142-180`:** + +``` +// Precomputed constants derived from Extended Euclidean Algorithm +minus_b1 = 0xe4437ed6010e88286f547fa90abfe4c3 // ~128 bits +minus_b2 = 0xfffffffffffffffe8a280ac50774346dd765cda83db1562c +g1 = 0x3086d221a7d46bcde86c90e49284eb153daa8a1471e8ca7fe893209a45dbb031 +g2 = 0xe4437ed6010e88286f547fa90abfe4c4221208ac9df506c61571b4ae8ac47f71 + +function split_lambda(k): + // Compute c1 = round(k * g1 / 2^384) + c1 = mul_shift_var(k, g1, 384) + + // Compute c2 = round(k * g2 / 2^384) + c2 = mul_shift_var(k, g2, 384) + + // k2 = c1*(-b1) + c2*(-b2) + c1 = c1 * minus_b1 + c2 = c2 * minus_b2 + k2 = c1 + c2 + + // k1 = k - k2*λ + k1 = k - k2 * λ + + return (k1, k2) +``` + +**Result:** `k·P = k₁·P + k₂·(λ·P) = k₁·P + k₂·(β·P.x, P.y)` + +Two 128-bit multiplications instead of one 256-bit multiplication = ~42% fewer operations. + +## wNAF (Windowed Non-Adjacent Form) + +### Why wNAF? + +Standard binary: `k = 1011 = 1·2³ + 0·2² + 1·2¹ + 1·2⁰` → 3 additions + +wNAF allows negative digits, creating sparse representation with gaps: +`k = 11 = 16 - 4 - 1 = 2⁴ - 2² - 1` → only 2 additions (but adding negatives) + +Point negation is cheap: `-(x, y) = (x, -y)` (one field negation) + +### wNAF Encoding Algorithm + +From `ecmult_impl.h:162-221`: + +``` +function ecmult_wnaf(scalar, window_size): + wnaf = array of zeros + w = window_size // typically 5 + + s = scalar + if s is negative: + s = -s + sign = -1 + else: + sign = 1 + + carry = 0 + bit = 0 + + while bit < 256: + if bit_at(s, bit) == carry: + bit++ + continue + + // Extract w bits starting at 'bit' + word = get_bits(s, bit, w) + carry + + // Determine if we need to carry + carry = (word >> (w-1)) & 1 + word = word - (carry << w) + + wnaf[bit] = sign * word + bit += w + + return wnaf +``` + +**Properties of wNAF output:** +- Each non-zero entry is odd and in range `[-(2^(w-1)-1), 2^(w-1)-1]` +- At least `w-1` zeros between non-zero entries +- Density of ~1/(w+1) non-zero entries + +**Example with w=5:** +- Possible values: -15, -13, -11, -9, -7, -5, -3, -1, 1, 3, 5, 7, 9, 11, 13, 15 +- Precompute: `[1·P, 3·P, 5·P, 7·P, 9·P, 11·P, 13·P, 15·P]` (8 points) +- Negative lookups use negation + +## Strauss-Shamir Simultaneous Multiplication + +### The Core Insight + +Computing `k₁·P₁ + k₂·P₂` naively: do each multiplication separately, then add. + +Strauss-Shamir: process both scalars bit-by-bit simultaneously: + +``` +function strauss_shamir(k1, k2, P1, P2): + // Precompute: P1, P2, P1+P2 + P12 = P1 + P2 + + R = infinity + for i = max_bits-1 down to 0: + R = 2·R // double + + b1 = bit_at(k1, i) + b2 = bit_at(k2, i) + + if b1 and b2: + R = R + P12 + else if b1: + R = R + P1 + else if b2: + R = R + P2 + + return R +``` + +**Improvement:** ~1.75n additions instead of ~3n additions for n-bit scalars (42% reduction). + +### Combined with wNAF and GLV + +libsecp256k1 combines all three: + +From `ecmult_impl.h:252-362`: + +``` +function ecmult_strauss_wnaf(points[], scalars[], ng): + // For generator G multiplication: + // Split ng into ng_1 (low 128 bits) and ng_128 (high 128 bits) + split_128(ng, &ng_1, &ng_128) + + // Use precomputed tables for G and 2^128·G + wnaf_ng_1 = wnaf(ng_1, WINDOW_G) // WINDOW_G = 15 + wnaf_ng_128 = wnaf(ng_128, WINDOW_G) + + // For each point P: + for each (P, na) in (points, scalars): + // GLV decomposition + split_lambda(na, &na_1, &na_lam) + + // wNAF encode both halves + wnaf_na_1 = wnaf(na_1, WINDOW_A) // WINDOW_A = 5 + wnaf_na_lam = wnaf(na_lam, WINDOW_A) + + // Precompute odd multiples: [1·P, 3·P, ..., 15·P] + precompute_odd_multiples(P, table) + + // Also store lambda-transformed x-coordinates + for each entry in table: + aux[i] = table[i].x * β + + // Main loop: process all wnaf arrays simultaneously + R = infinity + for i = max_bits-1 down to 0: + R = 2·R + + // Add contributions from each point's wnaf_na_1 + for each point: + if wnaf_na_1[i] != 0: + R += lookup_table(wnaf_na_1[i]) + + // Add contributions from each point's wnaf_na_lam (using β-scaled x) + for each point: + if wnaf_na_lam[i] != 0: + R += lookup_table_lambda(wnaf_na_lam[i]) + + // Add contributions from G tables + if wnaf_ng_1[i] != 0: + R += lookup_precomputed_G(wnaf_ng_1[i]) + if wnaf_ng_128[i] != 0: + R += lookup_precomputed_G_128(wnaf_ng_128[i]) + + return R +``` + +## Precomputed Tables + +### For Generator G (Verification) + +Two tables of 2^(WINDOW_G-2) = 2^13 = 8192 points each: +- `secp256k1_pre_g`: odd multiples of G +- `secp256k1_pre_g_128`: odd multiples of 2^128·G + +**Memory:** 2 × 8192 × 64 bytes = 1 MB + +The generator scalar is split at bit 128 (not using GLV), then each half uses the massive precomputed tables. + +### For Signing (ecmult_gen) + +Uses **signed-digit multi-comb** algorithm instead: + +``` +Configuration (default): +- COMB_BLOCKS = 11 +- COMB_TEETH = 6 +- COMB_SPACING = ceil(256 / (11*6)) = 4 + +Table size: 11 * 2^(6-1) = 11 * 32 = 352 entries = 22 KB +``` + +The comb algorithm: +1. Represents scalar using bits at spacing intervals +2. Each "block" covers TEETH bits spaced SPACING apart +3. Look up combined contribution from table +4. Total: BLOCKS × SPACING additions, SPACING-1 doublings + +## Jacobian Coordinates with Z-Ratio Optimization + +### Why Jacobian? + +Affine: `(x, y)` where `y² = x³ + 7` +Jacobian: `(X, Y, Z)` represents `(X/Z², Y/Z³)` + +Point addition in affine requires field inversion (~100× slower than multiplication). +Jacobian postpones inversions until final result. + +### Z-Ratio Tracking + +When building precomputation tables, libsecp256k1 tracks ratios between Z coordinates instead of computing each Z independently. + +From `ecmult_impl.h:73-115`: + +``` +function build_odd_multiples_table(P): + D = 2·P + + // Work in isomorphic curve Y² = X³ + 7·C⁶ where C = D.z + // This lets us use faster mixed addition (affine + jacobian) + + table[0] = P (scaled) + zr[0] = D.z // ratio: table[0].z_actual = P.z * zr[0] + + for i = 1 to n-1: + // Add D (in affine form on isomorphic curve) + table[i], zr[i] = table[i-1] + D_affine + + // At end: one multiplication undoes the isomorphism + final_z = last.z * D.z +``` + +Then `secp256k1_ge_table_set_globalz` applies all ratios to convert to common Z. + +## Point Addition Formulas + +### Mixed Addition (Jacobian + Affine) - `secp256k1_gej_add_ge_var` + +8 mul, 3 sqr when adding affine point to Jacobian point. Used when one operand comes from precomputed table. + +### Unified Addition/Doubling - `secp256k1_gej_add_ge` + +7 mul, 5 sqr - handles both addition and doubling without branching, critical for constant-time signing. + +Uses Brier-Joye formula that avoids special-case for y₁ = -y₂. + +### Point Doubling - `secp256k1_gej_double` + +3 mul, 4 sqr - exploits secp256k1's a=0 coefficient. + +``` +Formula (from group_impl.h:460-492): +L = (3/2) * X₁² +S = Y₁² +T = -X₁*S +X₃ = L² + 2*T +Y₃ = -(L*(X₃ + T) + S²) +Z₃ = Y₁*Z₁ +``` + +## Constant-Time Considerations + +Critical for signing to prevent timing attacks: + +1. **Table lookups use conditional moves** - scan entire table, cmov on match +2. **No branching on secret data** - use arithmetic instead of if/else +3. **Projective blinding** - random Z coordinate masks intermediate values +4. **Scalar blinding** - add random offset, compensate with point offset + +## Key Implementation Details for Porting + +### Table Lookup Without Branches + +``` +function table_get_ge(table, n, window): + // n is odd, signed: -15, -13, ..., -1, 1, ..., 15 + if n > 0: + result = table[(n-1)/2] + else: + result = table[(-n-1)/2] + result.y = -result.y // negate +``` + +### Lambda Application for GLV + +``` +function ge_mul_lambda(P): + // Returns λ·P = (β·x, y) + return (P.x * β, P.y) +``` + +No point arithmetic needed - just one field multiplication! + +### Scalar Split for G Multiplication + +The generator uses bit-128 splitting (not GLV): + +``` +function split_128(k): + k_lo = k & ((1 << 128) - 1) + k_hi = k >> 128 + return (k_lo, k_hi) +``` + +This pairs with precomputed tables for G and 2^128·G. + +## Algorithm Selection + +From `ecmult_impl.h:822-866`: + +- **< 88 points:** Strauss algorithm (interleaved wNAF) +- **≥ 88 points:** Pippenger algorithm (bucket method) +- **Single point + G:** Basic Strauss with GLV +- **Generator only:** Comb algorithm (constant-time) + +## Performance Summary + +For signature verification (`na·P + ng·G`): +- GLV: 256-bit → two 128-bit multiplications +- wNAF: ~20% of bits are non-zero (density 1/6 with w=5) +- Strauss: processes 4 scalars simultaneously (na_1, na_lam, ng_1, ng_128) +- Precomputation: ~1 MB for G eliminates most additions +- Result: ~42% speedup from GLV, ~40% from Strauss, ~50% from large window = ~80% total improvement over naive + +## References + +- [Guide to Elliptic Curve Cryptography](https://www.springer.com/gp/book/9780387952734) - Hankerson, Menezes, Vanstone +- [GLV Paper](https://www.iacr.org/cryptodb/archive/2001/CRYPTO/21390001.pdf) - Gallant, Lambert, Vanstone +- [Fast ECC by Hamburg](https://eprint.iacr.org/2012/309) - Signed-digit multi-comb +- [Paul Miller's noble-secp256k1](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/) - JavaScript implementation diff --git a/.claude/skills/skill-creator/LICENSE.txt b/.claude/skills/skill-creator/LICENSE.txt new file mode 100644 index 00000000..7a4a3ea2 --- /dev/null +++ b/.claude/skills/skill-creator/LICENSE.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/.claude/skills/skill-creator/SKILL.md b/.claude/skills/skill-creator/SKILL.md new file mode 100644 index 00000000..40699358 --- /dev/null +++ b/.claude/skills/skill-creator/SKILL.md @@ -0,0 +1,209 @@ +--- +name: skill-creator +description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. +license: Complete terms in LICENSE.txt +--- + +# Skill Creator + +This skill provides guidance for creating effective skills. + +## About Skills + +Skills are modular, self-contained packages that extend Claude's capabilities by providing +specialized knowledge, workflows, and tools. Think of them as "onboarding guides" for specific +domains or tasks—they transform Claude from a general-purpose agent into a specialized agent +equipped with procedural knowledge that no model can fully possess. + +### What Skills Provide + +1. Specialized workflows - Multi-step procedures for specific domains +2. Tool integrations - Instructions for working with specific file formats or APIs +3. Domain expertise - Company-specific knowledge, schemas, business logic +4. Bundled resources - Scripts, references, and assets for complex and repetitive tasks + +### Anatomy of a Skill + +Every skill consists of a required SKILL.md file and optional bundled resources: + +``` +skill-name/ +├── SKILL.md (required) +│ ├── YAML frontmatter metadata (required) +│ │ ├── name: (required) +│ │ └── description: (required) +│ └── Markdown instructions (required) +└── Bundled Resources (optional) + ├── scripts/ - Executable code (Python/Bash/etc.) + ├── references/ - Documentation intended to be loaded into context as needed + └── assets/ - Files used in output (templates, icons, fonts, etc.) +``` + +#### SKILL.md (required) + +**Metadata Quality:** The `name` and `description` in YAML frontmatter determine when Claude will use the skill. Be specific about what the skill does and when to use it. Use the third-person (e.g. "This skill should be used when..." instead of "Use this skill when..."). + +#### Bundled Resources (optional) + +##### Scripts (`scripts/`) + +Executable code (Python/Bash/etc.) for tasks that require deterministic reliability or are repeatedly rewritten. + +- **When to include**: When the same code is being rewritten repeatedly or deterministic reliability is needed +- **Example**: `scripts/rotate_pdf.py` for PDF rotation tasks +- **Benefits**: Token efficient, deterministic, may be executed without loading into context +- **Note**: Scripts may still need to be read by Claude for patching or environment-specific adjustments + +##### References (`references/`) + +Documentation and reference material intended to be loaded as needed into context to inform Claude's process and thinking. + +- **When to include**: For documentation that Claude should reference while working +- **Examples**: `references/finance.md` for financial schemas, `references/mnda.md` for company NDA template, `references/policies.md` for company policies, `references/api_docs.md` for API specifications +- **Use cases**: Database schemas, API documentation, domain knowledge, company policies, detailed workflow guides +- **Benefits**: Keeps SKILL.md lean, loaded only when Claude determines it's needed +- **Best practice**: If files are large (>10k words), include grep search patterns in SKILL.md +- **Avoid duplication**: Information should live in either SKILL.md or references files, not both. Prefer references files for detailed information unless it's truly core to the skill—this keeps SKILL.md lean while making information discoverable without hogging the context window. Keep only essential procedural instructions and workflow guidance in SKILL.md; move detailed reference material, schemas, and examples to references files. + +##### Assets (`assets/`) + +Files not intended to be loaded into context, but rather used within the output Claude produces. + +- **When to include**: When the skill needs files that will be used in the final output +- **Examples**: `assets/logo.png` for brand assets, `assets/slides.pptx` for PowerPoint templates, `assets/frontend-template/` for HTML/React boilerplate, `assets/font.ttf` for typography +- **Use cases**: Templates, images, icons, boilerplate code, fonts, sample documents that get copied or modified +- **Benefits**: Separates output resources from documentation, enables Claude to use files without loading them into context + +### Progressive Disclosure Design Principle + +Skills use a three-level loading system to manage context efficiently: + +1. **Metadata (name + description)** - Always in context (~100 words) +2. **SKILL.md body** - When skill triggers (<5k words) +3. **Bundled resources** - As needed by Claude (Unlimited*) + +*Unlimited because scripts can be executed without reading into context window. + +## Skill Creation Process + +To create a skill, follow the "Skill Creation Process" in order, skipping steps only if there is a clear reason why they are not applicable. + +### Step 1: Understanding the Skill with Concrete Examples + +Skip this step only when the skill's usage patterns are already clearly understood. It remains valuable even when working with an existing skill. + +To create an effective skill, clearly understand concrete examples of how the skill will be used. This understanding can come from either direct user examples or generated examples that are validated with user feedback. + +For example, when building an image-editor skill, relevant questions include: + +- "What functionality should the image-editor skill support? Editing, rotating, anything else?" +- "Can you give some examples of how this skill would be used?" +- "I can imagine users asking for things like 'Remove the red-eye from this image' or 'Rotate this image'. Are there other ways you imagine this skill being used?" +- "What would a user say that should trigger this skill?" + +To avoid overwhelming users, avoid asking too many questions in a single message. Start with the most important questions and follow up as needed for better effectiveness. + +Conclude this step when there is a clear sense of the functionality the skill should support. + +### Step 2: Planning the Reusable Skill Contents + +To turn concrete examples into an effective skill, analyze each example by: + +1. Considering how to execute on the example from scratch +2. Identifying what scripts, references, and assets would be helpful when executing these workflows repeatedly + +Example: When building a `pdf-editor` skill to handle queries like "Help me rotate this PDF," the analysis shows: + +1. Rotating a PDF requires re-writing the same code each time +2. A `scripts/rotate_pdf.py` script would be helpful to store in the skill + +Example: When designing a `frontend-webapp-builder` skill for queries like "Build me a todo app" or "Build me a dashboard to track my steps," the analysis shows: + +1. Writing a frontend webapp requires the same boilerplate HTML/React each time +2. An `assets/hello-world/` template containing the boilerplate HTML/React project files would be helpful to store in the skill + +Example: When building a `big-query` skill to handle queries like "How many users have logged in today?" the analysis shows: + +1. Querying BigQuery requires re-discovering the table schemas and relationships each time +2. A `references/schema.md` file documenting the table schemas would be helpful to store in the skill + +To establish the skill's contents, analyze each concrete example to create a list of the reusable resources to include: scripts, references, and assets. + +### Step 3: Initializing the Skill + +At this point, it is time to actually create the skill. + +Skip this step only if the skill being developed already exists, and iteration or packaging is needed. In this case, continue to the next step. + +When creating a new skill from scratch, always run the `init_skill.py` script. The script conveniently generates a new template skill directory that automatically includes everything a skill requires, making the skill creation process much more efficient and reliable. + +Usage: + +```bash +scripts/init_skill.py <skill-name> --path <output-directory> +``` + +The script: + +- Creates the skill directory at the specified path +- Generates a SKILL.md template with proper frontmatter and TODO placeholders +- Creates example resource directories: `scripts/`, `references/`, and `assets/` +- Adds example files in each directory that can be customized or deleted + +After initialization, customize or remove the generated SKILL.md and example files as needed. + +### Step 4: Edit the Skill + +When editing the (newly-generated or existing) skill, remember that the skill is being created for another instance of Claude to use. Focus on including information that would be beneficial and non-obvious to Claude. Consider what procedural knowledge, domain-specific details, or reusable assets would help another Claude instance execute these tasks more effectively. + +#### Start with Reusable Skill Contents + +To begin implementation, start with the reusable resources identified above: `scripts/`, `references/`, and `assets/` files. Note that this step may require user input. For example, when implementing a `brand-guidelines` skill, the user may need to provide brand assets or templates to store in `assets/`, or documentation to store in `references/`. + +Also, delete any example files and directories not needed for the skill. The initialization script creates example files in `scripts/`, `references/`, and `assets/` to demonstrate structure, but most skills won't need all of them. + +#### Update SKILL.md + +**Writing Style:** Write the entire skill using **imperative/infinitive form** (verb-first instructions), not second person. Use objective, instructional language (e.g., "To accomplish X, do Y" rather than "You should do X" or "If you need to do X"). This maintains consistency and clarity for AI consumption. + +To complete SKILL.md, answer the following questions: + +1. What is the purpose of the skill, in a few sentences? +2. When should the skill be used? +3. In practice, how should Claude use the skill? All reusable skill contents developed above should be referenced so that Claude knows how to use them. + +### Step 5: Packaging a Skill + +Once the skill is ready, it should be packaged into a distributable zip file that gets shared with the user. The packaging process automatically validates the skill first to ensure it meets all requirements: + +```bash +scripts/package_skill.py <path/to/skill-folder> +``` + +Optional output directory specification: + +```bash +scripts/package_skill.py <path/to/skill-folder> ./dist +``` + +The packaging script will: + +1. **Validate** the skill automatically, checking: + - YAML frontmatter format and required fields + - Skill naming conventions and directory structure + - Description completeness and quality + - File organization and resource references + +2. **Package** the skill if validation passes, creating a zip file named after the skill (e.g., `my-skill.zip`) that includes all files and maintains the proper directory structure for distribution. + +If validation fails, the script will report the errors and exit without creating a package. Fix any validation errors and run the packaging command again. + +### Step 6: Iterate + +After testing the skill, users may request improvements. Often this happens right after using the skill, with fresh context of how the skill performed. + +**Iteration workflow:** +1. Use the skill on real tasks +2. Notice struggles or inefficiencies +3. Identify how SKILL.md or bundled resources should be updated +4. Implement changes and test again diff --git a/.claude/skills/skill-creator/scripts/init_skill.py b/.claude/skills/skill-creator/scripts/init_skill.py new file mode 100755 index 00000000..329ad4e5 --- /dev/null +++ b/.claude/skills/skill-creator/scripts/init_skill.py @@ -0,0 +1,303 @@ +#!/usr/bin/env python3 +""" +Skill Initializer - Creates a new skill from template + +Usage: + init_skill.py <skill-name> --path <path> + +Examples: + init_skill.py my-new-skill --path skills/public + init_skill.py my-api-helper --path skills/private + init_skill.py custom-skill --path /custom/location +""" + +import sys +from pathlib import Path + + +SKILL_TEMPLATE = """--- +name: {skill_name} +description: [TODO: Complete and informative explanation of what the skill does and when to use it. Include WHEN to use this skill - specific scenarios, file types, or tasks that trigger it.] +--- + +# {skill_title} + +## Overview + +[TODO: 1-2 sentences explaining what this skill enables] + +## Structuring This Skill + +[TODO: Choose the structure that best fits this skill's purpose. Common patterns: + +**1. Workflow-Based** (best for sequential processes) +- Works well when there are clear step-by-step procedures +- Example: DOCX skill with "Workflow Decision Tree" → "Reading" → "Creating" → "Editing" +- Structure: ## Overview → ## Workflow Decision Tree → ## Step 1 → ## Step 2... + +**2. Task-Based** (best for tool collections) +- Works well when the skill offers different operations/capabilities +- Example: PDF skill with "Quick Start" → "Merge PDFs" → "Split PDFs" → "Extract Text" +- Structure: ## Overview → ## Quick Start → ## Task Category 1 → ## Task Category 2... + +**3. Reference/Guidelines** (best for standards or specifications) +- Works well for brand guidelines, coding standards, or requirements +- Example: Brand styling with "Brand Guidelines" → "Colors" → "Typography" → "Features" +- Structure: ## Overview → ## Guidelines → ## Specifications → ## Usage... + +**4. Capabilities-Based** (best for integrated systems) +- Works well when the skill provides multiple interrelated features +- Example: Product Management with "Core Capabilities" → numbered capability list +- Structure: ## Overview → ## Core Capabilities → ### 1. Feature → ### 2. Feature... + +Patterns can be mixed and matched as needed. Most skills combine patterns (e.g., start with task-based, add workflow for complex operations). + +Delete this entire "Structuring This Skill" section when done - it's just guidance.] + +## [TODO: Replace with the first main section based on chosen structure] + +[TODO: Add content here. See examples in existing skills: +- Code samples for technical skills +- Decision trees for complex workflows +- Concrete examples with realistic user requests +- References to scripts/templates/references as needed] + +## Resources + +This skill includes example resource directories that demonstrate how to organize different types of bundled resources: + +### scripts/ +Executable code (Python/Bash/etc.) that can be run directly to perform specific operations. + +**Examples from other skills:** +- PDF skill: `fill_fillable_fields.py`, `extract_form_field_info.py` - utilities for PDF manipulation +- DOCX skill: `document.py`, `utilities.py` - Python modules for document processing + +**Appropriate for:** Python scripts, shell scripts, or any executable code that performs automation, data processing, or specific operations. + +**Note:** Scripts may be executed without loading into context, but can still be read by Claude for patching or environment adjustments. + +### references/ +Documentation and reference material intended to be loaded into context to inform Claude's process and thinking. + +**Examples from other skills:** +- Product management: `communication.md`, `context_building.md` - detailed workflow guides +- BigQuery: API reference documentation and query examples +- Finance: Schema documentation, company policies + +**Appropriate for:** In-depth documentation, API references, database schemas, comprehensive guides, or any detailed information that Claude should reference while working. + +### assets/ +Files not intended to be loaded into context, but rather used within the output Claude produces. + +**Examples from other skills:** +- Brand styling: PowerPoint template files (.pptx), logo files +- Frontend builder: HTML/React boilerplate project directories +- Typography: Font files (.ttf, .woff2) + +**Appropriate for:** Templates, boilerplate code, document templates, images, icons, fonts, or any files meant to be copied or used in the final output. + +--- + +**Any unneeded directories can be deleted.** Not every skill requires all three types of resources. +""" + +EXAMPLE_SCRIPT = '''#!/usr/bin/env python3 +""" +Example helper script for {skill_name} + +This is a placeholder script that can be executed directly. +Replace with actual implementation or delete if not needed. + +Example real scripts from other skills: +- pdf/scripts/fill_fillable_fields.py - Fills PDF form fields +- pdf/scripts/convert_pdf_to_images.py - Converts PDF pages to images +""" + +def main(): + print("This is an example script for {skill_name}") + # TODO: Add actual script logic here + # This could be data processing, file conversion, API calls, etc. + +if __name__ == "__main__": + main() +''' + +EXAMPLE_REFERENCE = """# Reference Documentation for {skill_title} + +This is a placeholder for detailed reference documentation. +Replace with actual reference content or delete if not needed. + +Example real reference docs from other skills: +- product-management/references/communication.md - Comprehensive guide for status updates +- product-management/references/context_building.md - Deep-dive on gathering context +- bigquery/references/ - API references and query examples + +## When Reference Docs Are Useful + +Reference docs are ideal for: +- Comprehensive API documentation +- Detailed workflow guides +- Complex multi-step processes +- Information too lengthy for main SKILL.md +- Content that's only needed for specific use cases + +## Structure Suggestions + +### API Reference Example +- Overview +- Authentication +- Endpoints with examples +- Error codes +- Rate limits + +### Workflow Guide Example +- Prerequisites +- Step-by-step instructions +- Common patterns +- Troubleshooting +- Best practices +""" + +EXAMPLE_ASSET = """# Example Asset File + +This placeholder represents where asset files would be stored. +Replace with actual asset files (templates, images, fonts, etc.) or delete if not needed. + +Asset files are NOT intended to be loaded into context, but rather used within +the output Claude produces. + +Example asset files from other skills: +- Brand guidelines: logo.png, slides_template.pptx +- Frontend builder: hello-world/ directory with HTML/React boilerplate +- Typography: custom-font.ttf, font-family.woff2 +- Data: sample_data.csv, test_dataset.json + +## Common Asset Types + +- Templates: .pptx, .docx, boilerplate directories +- Images: .png, .jpg, .svg, .gif +- Fonts: .ttf, .otf, .woff, .woff2 +- Boilerplate code: Project directories, starter files +- Icons: .ico, .svg +- Data files: .csv, .json, .xml, .yaml + +Note: This is a text placeholder. Actual assets can be any file type. +""" + + +def title_case_skill_name(skill_name): + """Convert hyphenated skill name to Title Case for display.""" + return ' '.join(word.capitalize() for word in skill_name.split('-')) + + +def init_skill(skill_name, path): + """ + Initialize a new skill directory with template SKILL.md. + + Args: + skill_name: Name of the skill + path: Path where the skill directory should be created + + Returns: + Path to created skill directory, or None if error + """ + # Determine skill directory path + skill_dir = Path(path).resolve() / skill_name + + # Check if directory already exists + if skill_dir.exists(): + print(f"❌ Error: Skill directory already exists: {skill_dir}") + return None + + # Create skill directory + try: + skill_dir.mkdir(parents=True, exist_ok=False) + print(f"✅ Created skill directory: {skill_dir}") + except Exception as e: + print(f"❌ Error creating directory: {e}") + return None + + # Create SKILL.md from template + skill_title = title_case_skill_name(skill_name) + skill_content = SKILL_TEMPLATE.format( + skill_name=skill_name, + skill_title=skill_title + ) + + skill_md_path = skill_dir / 'SKILL.md' + try: + skill_md_path.write_text(skill_content) + print("✅ Created SKILL.md") + except Exception as e: + print(f"❌ Error creating SKILL.md: {e}") + return None + + # Create resource directories with example files + try: + # Create scripts/ directory with example script + scripts_dir = skill_dir / 'scripts' + scripts_dir.mkdir(exist_ok=True) + example_script = scripts_dir / 'example.py' + example_script.write_text(EXAMPLE_SCRIPT.format(skill_name=skill_name)) + example_script.chmod(0o755) + print("✅ Created scripts/example.py") + + # Create references/ directory with example reference doc + references_dir = skill_dir / 'references' + references_dir.mkdir(exist_ok=True) + example_reference = references_dir / 'api_reference.md' + example_reference.write_text(EXAMPLE_REFERENCE.format(skill_title=skill_title)) + print("✅ Created references/api_reference.md") + + # Create assets/ directory with example asset placeholder + assets_dir = skill_dir / 'assets' + assets_dir.mkdir(exist_ok=True) + example_asset = assets_dir / 'example_asset.txt' + example_asset.write_text(EXAMPLE_ASSET) + print("✅ Created assets/example_asset.txt") + except Exception as e: + print(f"❌ Error creating resource directories: {e}") + return None + + # Print next steps + print(f"\n✅ Skill '{skill_name}' initialized successfully at {skill_dir}") + print("\nNext steps:") + print("1. Edit SKILL.md to complete the TODO items and update the description") + print("2. Customize or delete the example files in scripts/, references/, and assets/") + print("3. Run the validator when ready to check the skill structure") + + return skill_dir + + +def main(): + if len(sys.argv) < 4 or sys.argv[2] != '--path': + print("Usage: init_skill.py <skill-name> --path <path>") + print("\nSkill name requirements:") + print(" - Hyphen-case identifier (e.g., 'data-analyzer')") + print(" - Lowercase letters, digits, and hyphens only") + print(" - Max 40 characters") + print(" - Must match directory name exactly") + print("\nExamples:") + print(" init_skill.py my-new-skill --path skills/public") + print(" init_skill.py my-api-helper --path skills/private") + print(" init_skill.py custom-skill --path /custom/location") + sys.exit(1) + + skill_name = sys.argv[1] + path = sys.argv[3] + + print(f"🚀 Initializing skill: {skill_name}") + print(f" Location: {path}") + print() + + result = init_skill(skill_name, path) + + if result: + sys.exit(0) + else: + sys.exit(1) + + +if __name__ == "__main__": + main() diff --git a/.claude/skills/skill-creator/scripts/package_skill.py b/.claude/skills/skill-creator/scripts/package_skill.py new file mode 100755 index 00000000..3ee8e8e9 --- /dev/null +++ b/.claude/skills/skill-creator/scripts/package_skill.py @@ -0,0 +1,110 @@ +#!/usr/bin/env python3 +""" +Skill Packager - Creates a distributable zip file of a skill folder + +Usage: + python utils/package_skill.py <path/to/skill-folder> [output-directory] + +Example: + python utils/package_skill.py skills/public/my-skill + python utils/package_skill.py skills/public/my-skill ./dist +""" + +import sys +import zipfile +from pathlib import Path +from quick_validate import validate_skill + + +def package_skill(skill_path, output_dir=None): + """ + Package a skill folder into a zip file. + + Args: + skill_path: Path to the skill folder + output_dir: Optional output directory for the zip file (defaults to current directory) + + Returns: + Path to the created zip file, or None if error + """ + skill_path = Path(skill_path).resolve() + + # Validate skill folder exists + if not skill_path.exists(): + print(f"❌ Error: Skill folder not found: {skill_path}") + return None + + if not skill_path.is_dir(): + print(f"❌ Error: Path is not a directory: {skill_path}") + return None + + # Validate SKILL.md exists + skill_md = skill_path / "SKILL.md" + if not skill_md.exists(): + print(f"❌ Error: SKILL.md not found in {skill_path}") + return None + + # Run validation before packaging + print("🔍 Validating skill...") + valid, message = validate_skill(skill_path) + if not valid: + print(f"❌ Validation failed: {message}") + print(" Please fix the validation errors before packaging.") + return None + print(f"✅ {message}\n") + + # Determine output location + skill_name = skill_path.name + if output_dir: + output_path = Path(output_dir).resolve() + output_path.mkdir(parents=True, exist_ok=True) + else: + output_path = Path.cwd() + + zip_filename = output_path / f"{skill_name}.zip" + + # Create the zip file + try: + with zipfile.ZipFile(zip_filename, 'w', zipfile.ZIP_DEFLATED) as zipf: + # Walk through the skill directory + for file_path in skill_path.rglob('*'): + if file_path.is_file(): + # Calculate the relative path within the zip + arcname = file_path.relative_to(skill_path.parent) + zipf.write(file_path, arcname) + print(f" Added: {arcname}") + + print(f"\n✅ Successfully packaged skill to: {zip_filename}") + return zip_filename + + except Exception as e: + print(f"❌ Error creating zip file: {e}") + return None + + +def main(): + if len(sys.argv) < 2: + print("Usage: python utils/package_skill.py <path/to/skill-folder> [output-directory]") + print("\nExample:") + print(" python utils/package_skill.py skills/public/my-skill") + print(" python utils/package_skill.py skills/public/my-skill ./dist") + sys.exit(1) + + skill_path = sys.argv[1] + output_dir = sys.argv[2] if len(sys.argv) > 2 else None + + print(f"📦 Packaging skill: {skill_path}") + if output_dir: + print(f" Output directory: {output_dir}") + print() + + result = package_skill(skill_path, output_dir) + + if result: + sys.exit(0) + else: + sys.exit(1) + + +if __name__ == "__main__": + main() diff --git a/.claude/skills/skill-creator/scripts/quick_validate.py b/.claude/skills/skill-creator/scripts/quick_validate.py new file mode 100755 index 00000000..6fa6c636 --- /dev/null +++ b/.claude/skills/skill-creator/scripts/quick_validate.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 +""" +Quick validation script for skills - minimal version +""" + +import sys +import os +import re +from pathlib import Path + +def validate_skill(skill_path): + """Basic validation of a skill""" + skill_path = Path(skill_path) + + # Check SKILL.md exists + skill_md = skill_path / 'SKILL.md' + if not skill_md.exists(): + return False, "SKILL.md not found" + + # Read and validate frontmatter + content = skill_md.read_text() + if not content.startswith('---'): + return False, "No YAML frontmatter found" + + # Extract frontmatter + match = re.match(r'^---\n(.*?)\n---', content, re.DOTALL) + if not match: + return False, "Invalid frontmatter format" + + frontmatter = match.group(1) + + # Check required fields + if 'name:' not in frontmatter: + return False, "Missing 'name' in frontmatter" + if 'description:' not in frontmatter: + return False, "Missing 'description' in frontmatter" + + # Extract name for validation + name_match = re.search(r'name:\s*(.+)', frontmatter) + if name_match: + name = name_match.group(1).strip() + # Check naming convention (hyphen-case: lowercase with hyphens) + if not re.match(r'^[a-z0-9-]+$', name): + return False, f"Name '{name}' should be hyphen-case (lowercase letters, digits, and hyphens only)" + if name.startswith('-') or name.endswith('-') or '--' in name: + return False, f"Name '{name}' cannot start/end with hyphen or contain consecutive hyphens" + + # Extract and validate description + desc_match = re.search(r'description:\s*(.+)', frontmatter) + if desc_match: + description = desc_match.group(1).strip() + # Check for angle brackets + if '<' in description or '>' in description: + return False, "Description cannot contain angle brackets (< or >)" + + return True, "Skill is valid!" + +if __name__ == "__main__": + if len(sys.argv) != 2: + print("Usage: python quick_validate.py <skill_directory>") + sys.exit(1) + + valid, message = validate_skill(sys.argv[1]) + print(message) + sys.exit(0 if valid else 1) \ No newline at end of file diff --git a/.claude/skills/typescript/README.md b/.claude/skills/typescript/README.md new file mode 100644 index 00000000..84093f7b --- /dev/null +++ b/.claude/skills/typescript/README.md @@ -0,0 +1,133 @@ +# TypeScript Claude Skill + +Comprehensive TypeScript skill for type-safe development with modern JavaScript/TypeScript applications. + +## Overview + +This skill provides in-depth knowledge about TypeScript's type system, patterns, best practices, and integration with popular frameworks like React. It covers everything from basic types to advanced type manipulation techniques. + +## Files + +### Core Documentation +- **SKILL.md** - Main skill file with workflows and when to use this skill +- **quick-reference.md** - Quick lookup guide for common TypeScript syntax and patterns + +### Reference Materials +- **references/type-system.md** - Comprehensive guide to TypeScript's type system +- **references/utility-types.md** - Complete reference for built-in and custom utility types +- **references/common-patterns.md** - Real-world TypeScript patterns and idioms + +### Examples +- **examples/type-system-basics.ts** - Fundamental TypeScript concepts +- **examples/advanced-types.ts** - Generics, conditional types, mapped types +- **examples/react-patterns.ts** - Type-safe React components and hooks +- **examples/README.md** - Guide to using the examples + +## Usage + +### When to Use This Skill + +Reference this skill when: +- Writing or refactoring TypeScript code +- Designing type-safe APIs and interfaces +- Working with advanced type system features +- Configuring TypeScript projects +- Troubleshooting type errors +- Implementing type-safe patterns with libraries +- Converting JavaScript to TypeScript + +### Quick Start + +For quick lookups, start with `quick-reference.md` which provides concise syntax and patterns. + +For learning or deep dives: +1. **Fundamentals**: Start with `references/type-system.md` +2. **Utilities**: Learn about transformations in `references/utility-types.md` +3. **Patterns**: Study real-world patterns in `references/common-patterns.md` +4. **Practice**: Explore code examples in `examples/` + +## Key Topics Covered + +### Type System +- Primitive types and special types +- Object types (interfaces, type aliases) +- Union and intersection types +- Literal types and template literal types +- Type inference and narrowing +- Generic types with constraints +- Conditional types and mapped types +- Recursive types + +### Advanced Features +- Type guards and type predicates +- Assertion functions +- Branded types for nominal typing +- Key remapping and filtering +- Distributive conditional types +- Type-level programming + +### Utility Types +- Built-in utilities (Partial, Pick, Omit, etc.) +- Custom utility type patterns +- Deep transformations +- Type composition + +### React Integration +- Component props typing +- Generic components +- Hooks with TypeScript +- Context with type safety +- Event handlers +- Ref typing + +### Best Practices +- Type safety patterns +- Error handling +- Code organization +- Integration with Zod for runtime validation +- Named return variables (Go-style) +- Discriminated unions for state management + +## Integration with Project Stack + +This skill is designed to work seamlessly with: +- **React 19**: Type-safe component development +- **TanStack Ecosystem**: Typed queries, routing, forms, and stores +- **Zod**: Runtime validation with type inference +- **Radix UI**: Component prop typing +- **Tailwind CSS**: Type-safe className composition + +## Examples + +All examples are self-contained and demonstrate practical patterns: +- Based on real-world usage +- Follow project best practices +- Include comprehensive comments +- Can be run with `ts-node` +- Ready to adapt to your needs + +## Configuration + +The skill includes guidance on TypeScript configuration with recommended settings for: +- Strict type checking +- Module resolution +- JSX support +- Path aliases +- Declaration files + +## Contributing + +When adding new patterns or examples: +1. Follow existing file structure +2. Include comprehensive comments +3. Demonstrate real-world usage +4. Add to appropriate reference file +5. Update this README if needed + +## Resources + +- [TypeScript Handbook](https://www.typescriptlang.org/docs/handbook/) +- [TypeScript Deep Dive](https://basarat.gitbook.io/typescript/) +- [Type Challenges](https://github.com/type-challenges/type-challenges) +- [TSConfig Reference](https://www.typescriptlang.org/tsconfig) + diff --git a/.claude/skills/typescript/SKILL.md b/.claude/skills/typescript/SKILL.md new file mode 100644 index 00000000..ebe59377 --- /dev/null +++ b/.claude/skills/typescript/SKILL.md @@ -0,0 +1,359 @@ +--- +name: typescript +description: This skill should be used when working with TypeScript code, including type definitions, type inference, generics, utility types, and TypeScript configuration. Provides comprehensive knowledge of TypeScript patterns, best practices, and advanced type system features. +--- + +# TypeScript Skill + +This skill provides comprehensive knowledge and patterns for working with TypeScript effectively in modern applications. + +## When to Use This Skill + +Use this skill when: +- Writing or refactoring TypeScript code +- Designing type-safe APIs and interfaces +- Working with advanced type system features (generics, conditional types, mapped types) +- Configuring TypeScript projects (tsconfig.json) +- Troubleshooting type errors +- Implementing type-safe patterns with libraries (React, TanStack, etc.) +- Converting JavaScript code to TypeScript + +## Core Concepts + +### Type System Fundamentals + +TypeScript provides static typing for JavaScript with a powerful type system that includes: +- Primitive types (string, number, boolean, null, undefined, symbol, bigint) +- Object types (interfaces, type aliases, classes) +- Array and tuple types +- Union and intersection types +- Literal types and template literal types +- Type inference and type narrowing +- Generic types with constraints +- Conditional types and mapped types + +### Type Inference + +Leverage TypeScript's type inference to write less verbose code: +- Let TypeScript infer return types when obvious +- Use type inference for variable declarations +- Rely on generic type inference in function calls +- Use `as const` for immutable literal types + +### Type Safety Patterns + +Implement type-safe patterns: +- Use discriminated unions for state management +- Implement type guards for runtime type checking +- Use branded types for nominal typing +- Leverage conditional types for API design +- Use template literal types for string manipulation + +## Key Workflows + +### 1. Designing Type-Safe APIs + +When designing APIs, follow these patterns: + +**Interface vs Type Alias:** +- Use `interface` for object shapes that may be extended +- Use `type` for unions, intersections, and complex type operations +- Use `type` with mapped types and conditional types + +**Generic Constraints:** +```typescript +// Use extends for generic constraints +function getValue<T extends { id: string }>(item: T): string { + return item.id +} +``` + +**Discriminated Unions:** +```typescript +// Use for type-safe state machines +type State = + | { status: 'idle' } + | { status: 'loading' } + | { status: 'success'; data: Data } + | { status: 'error'; error: Error } +``` + +### 2. Working with Utility Types + +Use built-in utility types for common transformations: +- `Partial<T>` - Make all properties optional +- `Required<T>` - Make all properties required +- `Readonly<T>` - Make all properties readonly +- `Pick<T, K>` - Select specific properties +- `Omit<T, K>` - Exclude specific properties +- `Record<K, T>` - Create object type with specific keys +- `Exclude<T, U>` - Exclude types from union +- `Extract<T, U>` - Extract types from union +- `NonNullable<T>` - Remove null/undefined +- `ReturnType<T>` - Get function return type +- `Parameters<T>` - Get function parameter types +- `Awaited<T>` - Unwrap Promise type + +### 3. Advanced Type Patterns + +**Mapped Types:** +```typescript +// Transform object types +type Nullable<T> = { + [K in keyof T]: T[K] | null +} + +type ReadonlyDeep<T> = { + readonly [K in keyof T]: T[K] extends object + ? ReadonlyDeep<T[K]> + : T[K] +} +``` + +**Conditional Types:** +```typescript +// Type-level logic +type IsArray<T> = T extends Array<any> ? true : false + +type Flatten<T> = T extends Array<infer U> ? U : T +``` + +**Template Literal Types:** +```typescript +// String manipulation at type level +type EventName<T extends string> = `on${Capitalize<T>}` +type Route = `/api/${'users' | 'posts'}/${string}` +``` + +### 4. Type Narrowing + +Use type guards and narrowing techniques: + +**typeof guards:** +```typescript +if (typeof value === 'string') { + // value is string here +} +``` + +**instanceof guards:** +```typescript +if (error instanceof Error) { + // error is Error here +} +``` + +**Custom type guards:** +```typescript +function isUser(value: unknown): value is User { + return typeof value === 'object' && value !== null && 'id' in value +} +``` + +**Discriminated unions:** +```typescript +function handle(state: State) { + switch (state.status) { + case 'idle': + // state is { status: 'idle' } + break + case 'success': + // state is { status: 'success'; data: Data } + console.log(state.data) + break + } +} +``` + +### 5. Working with External Libraries + +**Typing Third-Party Libraries:** +- Install type definitions: `npm install --save-dev @types/package-name` +- Create custom declarations in `.d.ts` files when types unavailable +- Use module augmentation to extend existing type definitions + +**Declaration Files:** +```typescript +// globals.d.ts +declare global { + interface Window { + myCustomProperty: string + } +} + +export {} +``` + +### 6. TypeScript Configuration + +Configure `tsconfig.json` for strict type checking: + +**Essential Strict Options:** +```json +{ + "compilerOptions": { + "strict": true, + "noImplicitAny": true, + "strictNullChecks": true, + "strictFunctionTypes": true, + "strictBindCallApply": true, + "strictPropertyInitialization": true, + "noImplicitThis": true, + "alwaysStrict": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "noImplicitReturns": true, + "noFallthroughCasesInSwitch": true, + "skipLibCheck": true + } +} +``` + +## Best Practices + +### 1. Prefer Type Inference Over Explicit Types +Let TypeScript infer types when they're obvious from context. + +### 2. Use Strict Mode +Enable strict type checking to catch more errors at compile time. + +### 3. Avoid `any` Type +Use `unknown` for truly unknown types, then narrow with type guards. + +### 4. Use Const Assertions +Use `as const` for immutable values and narrow literal types. + +### 5. Leverage Discriminated Unions +Use for state machines and variant types for better type safety. + +### 6. Create Reusable Generic Types +Extract common type patterns into reusable generics. + +### 7. Use Branded Types for Nominal Typing +Create distinct types for values with same structure but different meaning. + +### 8. Document Complex Types +Add JSDoc comments to explain non-obvious type decisions. + +### 9. Use Type-Only Imports +Use `import type` for type-only imports to aid tree-shaking. + +### 10. Handle Errors with Type Guards +Use type guards to safely work with error objects. + +## Common Patterns + +### React Component Props +```typescript +// Use interface for component props +interface ButtonProps { + variant?: 'primary' | 'secondary' + size?: 'sm' | 'md' | 'lg' + onClick?: () => void + children: React.ReactNode +} + +export function Button({ variant = 'primary', size = 'md', onClick, children }: ButtonProps) { + // implementation +} +``` + +### API Response Types +```typescript +// Use discriminated unions for API responses +type ApiResponse<T> = + | { success: true; data: T } + | { success: false; error: string } + +// Helper for safe API calls +async function fetchData<T>(url: string): Promise<ApiResponse<T>> { + try { + const response = await fetch(url) + const data = await response.json() + return { success: true, data } + } catch (error) { + return { success: false, error: String(error) } + } +} +``` + +### Store/State Types +```typescript +// Use interfaces for state objects +interface AppState { + user: User | null + isAuthenticated: boolean + theme: 'light' | 'dark' +} + +// Use type for actions (discriminated union) +type AppAction = + | { type: 'LOGIN'; payload: User } + | { type: 'LOGOUT' } + | { type: 'SET_THEME'; payload: 'light' | 'dark' } +``` + +## References + +For detailed information on specific topics, refer to: +- `references/type-system.md` - Deep dive into TypeScript's type system +- `references/utility-types.md` - Complete guide to built-in utility types +- `references/advanced-types.md` - Advanced type patterns and techniques +- `references/tsconfig-reference.md` - Comprehensive tsconfig.json reference +- `references/common-patterns.md` - Common TypeScript patterns and idioms +- `examples/` - Practical code examples + +## Troubleshooting + +### Common Type Errors + +**Type 'X' is not assignable to type 'Y':** +- Check if types are compatible +- Use type assertions when you know better than the compiler +- Consider using union types or widening the target type + +**Object is possibly 'null' or 'undefined':** +- Use optional chaining: `object?.property` +- Use nullish coalescing: `value ?? defaultValue` +- Add type guards or null checks + +**Type 'any' implicitly has...** +- Enable strict mode and fix type definitions +- Add explicit type annotations +- Use `unknown` instead of `any` when appropriate + +**Cannot find module or its type declarations:** +- Install type definitions: `@types/package-name` +- Create custom `.d.ts` declaration file +- Add to `types` array in tsconfig.json + +## Integration with Project Stack + +### React 19 +Use TypeScript with React 19 features: +- Type component props with interfaces +- Use generic types for hooks +- Type context providers properly +- Use `React.FC` sparingly (prefer explicit typing) + +### TanStack Ecosystem +Type TanStack libraries properly: +- TanStack Query: Type query keys and data +- TanStack Router: Use typed route definitions +- TanStack Form: Type form values and validation +- TanStack Store: Type state and actions + +### Zod Integration +Combine Zod with TypeScript: +- Use `z.infer<typeof schema>` to extract types from schemas +- Let Zod handle runtime validation +- Use TypeScript for compile-time type checking + +## Resources + +The TypeScript documentation provides comprehensive information: +- Handbook: https://www.typescriptlang.org/docs/handbook/ +- Type manipulation: https://www.typescriptlang.org/docs/handbook/2/types-from-types.html +- Utility types: https://www.typescriptlang.org/docs/handbook/utility-types.html +- TSConfig reference: https://www.typescriptlang.org/tsconfig + diff --git a/.claude/skills/typescript/examples/README.md b/.claude/skills/typescript/examples/README.md new file mode 100644 index 00000000..4a19a0a5 --- /dev/null +++ b/.claude/skills/typescript/examples/README.md @@ -0,0 +1,45 @@ +# TypeScript Examples + +This directory contains practical TypeScript examples demonstrating various patterns and features. + +## Examples + +1. **type-system-basics.ts** - Fundamental TypeScript types and features +2. **advanced-types.ts** - Generics, conditional types, and mapped types +3. **react-patterns.ts** - Type-safe React components and hooks +4. **api-patterns.ts** - API response handling with type safety +5. **validation.ts** - Runtime validation with Zod and TypeScript + +## How to Use + +Each example file is self-contained and demonstrates specific TypeScript concepts. They're based on real-world patterns used in the Plebeian Market application and follow best practices for: + +- Type safety +- Error handling +- Code organization +- Reusability +- Maintainability + +## Running Examples + +These examples are TypeScript files that can be: +- Copied into your project +- Used as reference for patterns +- Modified for your specific needs +- Run with `ts-node` for testing + +```bash +# Run an example +npx ts-node examples/type-system-basics.ts +``` + +## Learning Path + +1. Start with `type-system-basics.ts` to understand fundamentals +2. Move to `advanced-types.ts` for complex type patterns +3. Explore `react-patterns.ts` for component typing +4. Study `api-patterns.ts` for type-safe API handling +5. Review `validation.ts` for runtime safety + +Each example builds on previous concepts, so following this order is recommended for learners. + diff --git a/.claude/skills/typescript/examples/advanced-types.ts b/.claude/skills/typescript/examples/advanced-types.ts new file mode 100644 index 00000000..0a00ac60 --- /dev/null +++ b/.claude/skills/typescript/examples/advanced-types.ts @@ -0,0 +1,478 @@ +/** + * Advanced TypeScript Types + * + * This file demonstrates advanced TypeScript features including: + * - Generics with constraints + * - Conditional types + * - Mapped types + * - Template literal types + * - Recursive types + * - Utility type implementations + */ + +// ============================================================================ +// Generics Basics +// ============================================================================ + +// Generic function +function identity<T>(value: T): T { + return value +} + +const stringValue = identity('hello') // Type: string +const numberValue = identity(42) // Type: number + +// Generic interface +interface Box<T> { + value: T +} + +const stringBox: Box<string> = { value: 'hello' } +const numberBox: Box<number> = { value: 42 } + +// Generic class +class Stack<T> { + private items: T[] = [] + + push(item: T): void { + this.items.push(item) + } + + pop(): T | undefined { + return this.items.pop() + } + + peek(): T | undefined { + return this.items[this.items.length - 1] + } + + isEmpty(): boolean { + return this.items.length === 0 + } +} + +const numberStack = new Stack<number>() +numberStack.push(1) +numberStack.push(2) +numberStack.pop() // Type: number | undefined + +// ============================================================================ +// Generic Constraints +// ============================================================================ + +// Constrain to specific type +interface HasLength { + length: number +} + +function logLength<T extends HasLength>(item: T): void { + console.log(item.length) +} + +logLength('string') // OK +logLength([1, 2, 3]) // OK +logLength({ length: 10 }) // OK +// logLength(42) // Error: number doesn't have length + +// Constrain to object keys +function getProperty<T, K extends keyof T>(obj: T, key: K): T[K] { + return obj[key] +} + +interface User { + id: string + name: string + age: number +} + +const user: User = { id: '1', name: 'Alice', age: 30 } +const userName = getProperty(user, 'name') // Type: string +// const invalid = getProperty(user, 'invalid') // Error + +// Multiple type parameters with constraints +function merge<T extends object, U extends object>(obj1: T, obj2: U): T & U { + return { ...obj1, ...obj2 } +} + +const merged = merge({ a: 1 }, { b: 2 }) // Type: { a: number } & { b: number } + +// ============================================================================ +// Conditional Types +// ============================================================================ + +// Basic conditional type +type IsString<T> = T extends string ? true : false + +type A = IsString<string> // true +type B = IsString<number> // false + +// Nested conditional types +type TypeName<T> = T extends string + ? 'string' + : T extends number + ? 'number' + : T extends boolean + ? 'boolean' + : T extends undefined + ? 'undefined' + : T extends Function + ? 'function' + : 'object' + +type T1 = TypeName<string> // "string" +type T2 = TypeName<number> // "number" +type T3 = TypeName<() => void> // "function" + +// Distributive conditional types +type ToArray<T> = T extends any ? T[] : never + +type StrArrOrNumArr = ToArray<string | number> // string[] | number[] + +// infer keyword +type Flatten<T> = T extends Array<infer U> ? U : T + +type Str = Flatten<string[]> // string +type Num = Flatten<number> // number + +// Return type extraction +type MyReturnType<T> = T extends (...args: any[]) => infer R ? R : never + +function exampleFn(): string { + return 'hello' +} + +type ExampleReturn = MyReturnType<typeof exampleFn> // string + +// Parameters extraction +type MyParameters<T> = T extends (...args: infer P) => any ? P : never + +function createUser(name: string, age: number): User { + return { id: '1', name, age } +} + +type CreateUserParams = MyParameters<typeof createUser> // [string, number] + +// ============================================================================ +// Mapped Types +// ============================================================================ + +// Make all properties optional +type MyPartial<T> = { + [K in keyof T]?: T[K] +} + +interface Person { + name: string + age: number + email: string +} + +type PartialPerson = MyPartial<Person> +// { +// name?: string +// age?: number +// email?: string +// } + +// Make all properties required +type MyRequired<T> = { + [K in keyof T]-?: T[K] +} + +// Make all properties readonly +type MyReadonly<T> = { + readonly [K in keyof T]: T[K] +} + +// Pick specific properties +type MyPick<T, K extends keyof T> = { + [P in K]: T[P] +} + +type UserProfile = MyPick<User, 'id' | 'name'> +// { id: string; name: string } + +// Omit specific properties +type MyOmit<T, K extends keyof T> = { + [P in keyof T as P extends K ? never : P]: T[P] +} + +type UserWithoutAge = MyOmit<User, 'age'> +// { id: string; name: string } + +// Transform property types +type Nullable<T> = { + [K in keyof T]: T[K] | null +} + +type NullablePerson = Nullable<Person> +// { +// name: string | null +// age: number | null +// email: string | null +// } + +// ============================================================================ +// Key Remapping +// ============================================================================ + +// Add prefix to keys +type Getters<T> = { + [K in keyof T as `get${Capitalize<string & K>}`]: () => T[K] +} + +type PersonGetters = Getters<Person> +// { +// getName: () => string +// getAge: () => number +// getEmail: () => string +// } + +// Filter keys by type +type PickByType<T, U> = { + [K in keyof T as T[K] extends U ? K : never]: T[K] +} + +interface Model { + id: number + name: string + description: string + price: number +} + +type StringFields = PickByType<Model, string> +// { name: string; description: string } + +// Remove specific key +type RemoveKindField<T> = { + [K in keyof T as Exclude<K, 'kind'>]: T[K] +} + +// ============================================================================ +// Template Literal Types +// ============================================================================ + +// Event name generation +type EventName<T extends string> = `on${Capitalize<T>}` + +type ClickEvent = EventName<'click'> // "onClick" +type SubmitEvent = EventName<'submit'> // "onSubmit" + +// Combining literals +type Color = 'red' | 'green' | 'blue' +type Shade = 'light' | 'dark' +type ColorShade = `${Shade}-${Color}` +// "light-red" | "light-green" | "light-blue" | "dark-red" | "dark-green" | "dark-blue" + +// CSS properties +type CSSProperty = 'margin' | 'padding' +type Side = 'top' | 'right' | 'bottom' | 'left' +type CSSPropertyWithSide = `${CSSProperty}-${Side}` +// "margin-top" | "margin-right" | ... | "padding-left" + +// Route generation +type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' +type Endpoint = '/users' | '/products' | '/orders' +type ApiRoute = `${HttpMethod} ${Endpoint}` +// "GET /users" | "POST /users" | ... | "DELETE /orders" + +// ============================================================================ +// Recursive Types +// ============================================================================ + +// JSON value type +type JSONValue = string | number | boolean | null | JSONObject | JSONArray + +interface JSONObject { + [key: string]: JSONValue +} + +interface JSONArray extends Array<JSONValue> {} + +// Tree structure +interface TreeNode<T> { + value: T + children?: TreeNode<T>[] +} + +const tree: TreeNode<number> = { + value: 1, + children: [ + { value: 2, children: [{ value: 4 }, { value: 5 }] }, + { value: 3, children: [{ value: 6 }] }, + ], +} + +// Deep readonly +type DeepReadonly<T> = { + readonly [K in keyof T]: T[K] extends object ? DeepReadonly<T[K]> : T[K] +} + +interface NestedConfig { + api: { + url: string + timeout: number + } + features: { + darkMode: boolean + } +} + +type ImmutableConfig = DeepReadonly<NestedConfig> +// All properties at all levels are readonly + +// Deep partial +type DeepPartial<T> = { + [K in keyof T]?: T[K] extends object ? DeepPartial<T[K]> : T[K] +} + +// ============================================================================ +// Advanced Utility Types +// ============================================================================ + +// Exclude types from union +type MyExclude<T, U> = T extends U ? never : T + +type T4 = MyExclude<'a' | 'b' | 'c', 'a'> // "b" | "c" + +// Extract types from union +type MyExtract<T, U> = T extends U ? T : never + +type T5 = MyExtract<'a' | 'b' | 'c', 'a' | 'f'> // "a" + +// NonNullable +type MyNonNullable<T> = T extends null | undefined ? never : T + +type T6 = MyNonNullable<string | null | undefined> // string + +// Record +type MyRecord<K extends keyof any, T> = { + [P in K]: T +} + +type PageInfo = MyRecord<string, number> + +// Awaited +type MyAwaited<T> = T extends Promise<infer U> ? MyAwaited<U> : T + +type T7 = MyAwaited<Promise<string>> // string +type T8 = MyAwaited<Promise<Promise<number>>> // number + +// ============================================================================ +// Branded Types +// ============================================================================ + +type Brand<K, T> = K & { __brand: T } + +type USD = Brand<number, 'USD'> +type EUR = Brand<number, 'EUR'> +type UserId = Brand<string, 'UserId'> +type ProductId = Brand<string, 'ProductId'> + +function makeUSD(amount: number): USD { + return amount as USD +} + +function makeUserId(id: string): UserId { + return id as UserId +} + +const usd = makeUSD(100) +const userId = makeUserId('user-123') + +// Type-safe operations +function addMoney(a: USD, b: USD): USD { + return (a + b) as USD +} + +// Prevents mixing different branded types +// const total = addMoney(usd, eur) // Error + +// ============================================================================ +// Union to Intersection +// ============================================================================ + +type UnionToIntersection<U> = (U extends any ? (k: U) => void : never) extends ( + k: infer I, +) => void + ? I + : never + +type Union = { a: string } | { b: number } +type Intersection = UnionToIntersection<Union> +// { a: string } & { b: number } + +// ============================================================================ +// Advanced Generic Patterns +// ============================================================================ + +// Constraining multiple related types +function merge< + T extends Record<string, any>, + U extends Record<string, any>, + K extends keyof T & keyof U, +>(obj1: T, obj2: U, conflictKeys: K[]): T & U { + const result = { ...obj1, ...obj2 } + conflictKeys.forEach((key) => { + // Handle conflicts + }) + return result as T & U +} + +// Builder pattern with fluent API +class QueryBuilder<T, Selected extends keyof T = never> { + private selectFields: Set<keyof T> = new Set() + + select<K extends keyof T>( + ...fields: K[] + ): QueryBuilder<T, Selected | K> { + fields.forEach((field) => this.selectFields.add(field)) + return this as any + } + + execute(): Pick<T, Selected> { + // Execute query + return {} as Pick<T, Selected> + } +} + +// Usage +interface Product { + id: string + name: string + price: number + description: string +} + +const result = new QueryBuilder<Product>() + .select('id', 'name') + .select('price') + .execute() +// Type: { id: string; name: string; price: number } + +// ============================================================================ +// Exports +// ============================================================================ + +export type { + Box, + HasLength, + IsString, + Flatten, + MyPartial, + MyRequired, + MyReadonly, + Nullable, + DeepReadonly, + DeepPartial, + Brand, + USD, + EUR, + UserId, + ProductId, + JSONValue, + TreeNode, +} + +export { Stack, identity, getProperty, merge, makeUSD, makeUserId } + diff --git a/.claude/skills/typescript/examples/react-patterns.ts b/.claude/skills/typescript/examples/react-patterns.ts new file mode 100644 index 00000000..a50b6895 --- /dev/null +++ b/.claude/skills/typescript/examples/react-patterns.ts @@ -0,0 +1,555 @@ +/** + * TypeScript React Patterns + * + * This file demonstrates type-safe React patterns including: + * - Component props typing + * - Hooks with TypeScript + * - Context with type safety + * - Generic components + * - Event handlers + * - Ref types + */ + +import { createContext, useContext, useEffect, useReducer, useRef, useState } from 'react' +import type { ReactNode, InputHTMLAttributes, FormEvent, ChangeEvent } from 'react' + +// ============================================================================ +// Component Props Patterns +// ============================================================================ + +// Basic component with props +interface ButtonProps { + variant?: 'primary' | 'secondary' | 'tertiary' + size?: 'sm' | 'md' | 'lg' + disabled?: boolean + onClick?: () => void + children: ReactNode +} + +export function Button({ + variant = 'primary', + size = 'md', + disabled = false, + onClick, + children, +}: ButtonProps) { + return ( + <button + className={`btn-${variant} btn-${size}`} + disabled={disabled} + onClick={onClick} + > + {children} + </button> + ) +} + +// Props extending HTML attributes +interface InputProps extends InputHTMLAttributes<HTMLInputElement> { + label?: string + error?: string + helperText?: string +} + +export function Input({ label, error, helperText, ...inputProps }: InputProps) { + return ( + <div className="input-wrapper"> + {label && <label>{label}</label>} + <input className={error ? 'input-error' : ''} {...inputProps} /> + {error && <span className="error">{error}</span>} + {helperText && <span className="helper">{helperText}</span>} + </div> + ) +} + +// Generic component +interface ListProps<T> { + items: T[] + renderItem: (item: T, index: number) => ReactNode + keyExtractor: (item: T, index: number) => string + emptyMessage?: string +} + +export function List<T>({ + items, + renderItem, + keyExtractor, + emptyMessage = 'No items', +}: ListProps<T>) { + if (items.length === 0) { + return <div>{emptyMessage}</div> + } + + return ( + <ul> + {items.map((item, index) => ( + <li key={keyExtractor(item, index)}>{renderItem(item, index)}</li> + ))} + </ul> + ) +} + +// Component with children render prop +interface ContainerProps { + isLoading: boolean + error: Error | null + children: (props: { retry: () => void }) => ReactNode +} + +export function Container({ isLoading, error, children }: ContainerProps) { + const retry = () => { + // Retry logic + } + + if (isLoading) return <div>Loading...</div> + if (error) return <div>Error: {error.message}</div> + + return <>{children({ retry })}</> +} + +// ============================================================================ +// Hooks Patterns +// ============================================================================ + +// useState with explicit type +function useCounter(initialValue: number = 0) { + const [count, setCount] = useState<number>(initialValue) + + const increment = () => setCount((c) => c + 1) + const decrement = () => setCount((c) => c - 1) + const reset = () => setCount(initialValue) + + return { count, increment, decrement, reset } +} + +// useState with union type +type LoadingState = 'idle' | 'loading' | 'success' | 'error' + +function useLoadingState() { + const [state, setState] = useState<LoadingState>('idle') + + const startLoading = () => setState('loading') + const setSuccess = () => setState('success') + const setError = () => setState('error') + const reset = () => setState('idle') + + return { state, startLoading, setSuccess, setError, reset } +} + +// Custom hook with options +interface UseFetchOptions<T> { + initialData?: T + onSuccess?: (data: T) => void + onError?: (error: Error) => void +} + +interface UseFetchReturn<T> { + data: T | undefined + loading: boolean + error: Error | null + refetch: () => Promise<void> +} + +function useFetch<T>(url: string, options?: UseFetchOptions<T>): UseFetchReturn<T> { + const [data, setData] = useState<T | undefined>(options?.initialData) + const [loading, setLoading] = useState(false) + const [error, setError] = useState<Error | null>(null) + + const fetchData = async () => { + setLoading(true) + setError(null) + + try { + const response = await fetch(url) + if (!response.ok) { + throw new Error(`HTTP ${response.status}`) + } + const json = await response.json() + setData(json) + options?.onSuccess?.(json) + } catch (err) { + const error = err instanceof Error ? err : new Error(String(err)) + setError(error) + options?.onError?.(error) + } finally { + setLoading(false) + } + } + + useEffect(() => { + fetchData() + }, [url]) + + return { data, loading, error, refetch: fetchData } +} + +// useReducer with discriminated unions +interface User { + id: string + name: string + email: string +} + +type FetchState<T> = + | { status: 'idle' } + | { status: 'loading' } + | { status: 'success'; data: T } + | { status: 'error'; error: Error } + +type FetchAction<T> = + | { type: 'FETCH_START' } + | { type: 'FETCH_SUCCESS'; payload: T } + | { type: 'FETCH_ERROR'; error: Error } + | { type: 'RESET' } + +function fetchReducer<T>(state: FetchState<T>, action: FetchAction<T>): FetchState<T> { + switch (action.type) { + case 'FETCH_START': + return { status: 'loading' } + case 'FETCH_SUCCESS': + return { status: 'success', data: action.payload } + case 'FETCH_ERROR': + return { status: 'error', error: action.error } + case 'RESET': + return { status: 'idle' } + } +} + +function useFetchWithReducer<T>(url: string) { + const [state, dispatch] = useReducer(fetchReducer<T>, { status: 'idle' }) + + useEffect(() => { + let isCancelled = false + + const fetchData = async () => { + dispatch({ type: 'FETCH_START' }) + + try { + const response = await fetch(url) + const data = await response.json() + + if (!isCancelled) { + dispatch({ type: 'FETCH_SUCCESS', payload: data }) + } + } catch (error) { + if (!isCancelled) { + dispatch({ + type: 'FETCH_ERROR', + error: error instanceof Error ? error : new Error(String(error)), + }) + } + } + } + + fetchData() + + return () => { + isCancelled = true + } + }, [url]) + + return state +} + +// ============================================================================ +// Context Patterns +// ============================================================================ + +// Type-safe context +interface AuthContextType { + user: User | null + isAuthenticated: boolean + login: (email: string, password: string) => Promise<void> + logout: () => void +} + +const AuthContext = createContext<AuthContextType | undefined>(undefined) + +export function AuthProvider({ children }: { children: ReactNode }) { + const [user, setUser] = useState<User | null>(null) + + const login = async (email: string, password: string) => { + // Login logic + const userData = await fetch('/api/login', { + method: 'POST', + body: JSON.stringify({ email, password }), + }).then((r) => r.json()) + + setUser(userData) + } + + const logout = () => { + setUser(null) + } + + const value: AuthContextType = { + user, + isAuthenticated: user !== null, + login, + logout, + } + + return <AuthContext.Provider value={value}>{children}</AuthContext.Provider> +} + +// Custom hook with error handling +export function useAuth(): AuthContextType { + const context = useContext(AuthContext) + + if (context === undefined) { + throw new Error('useAuth must be used within AuthProvider') + } + + return context +} + +// ============================================================================ +// Event Handler Patterns +// ============================================================================ + +interface FormData { + name: string + email: string + message: string +} + +function ContactForm() { + const [formData, setFormData] = useState<FormData>({ + name: '', + email: '', + message: '', + }) + + // Type-safe change handler + const handleChange = (e: ChangeEvent<HTMLInputElement | HTMLTextAreaElement>) => { + const { name, value } = e.target + setFormData((prev) => ({ + ...prev, + [name]: value, + })) + } + + // Type-safe submit handler + const handleSubmit = (e: FormEvent<HTMLFormElement>) => { + e.preventDefault() + console.log('Submitting:', formData) + } + + // Specific field handler + const handleNameChange = (e: ChangeEvent<HTMLInputElement>) => { + setFormData((prev) => ({ ...prev, name: e.target.value })) + } + + return ( + <form onSubmit={handleSubmit}> + <input + name="name" + value={formData.name} + onChange={handleChange} + placeholder="Name" + /> + <input + name="email" + value={formData.email} + onChange={handleChange} + placeholder="Email" + /> + <textarea + name="message" + value={formData.message} + onChange={handleChange} + placeholder="Message" + /> + <button type="submit">Submit</button> + </form> + ) +} + +// ============================================================================ +// Ref Patterns +// ============================================================================ + +function FocusInput() { + // useRef with DOM element + const inputRef = useRef<HTMLInputElement>(null) + + const focusInput = () => { + inputRef.current?.focus() + } + + return ( + <div> + <input ref={inputRef} /> + <button onClick={focusInput}>Focus Input</button> + </div> + ) +} + +function Timer() { + // useRef for mutable value + const countRef = useRef<number>(0) + const intervalRef = useRef<NodeJS.Timeout | null>(null) + + const startTimer = () => { + intervalRef.current = setInterval(() => { + countRef.current += 1 + console.log(countRef.current) + }, 1000) + } + + const stopTimer = () => { + if (intervalRef.current) { + clearInterval(intervalRef.current) + intervalRef.current = null + } + } + + return ( + <div> + <button onClick={startTimer}>Start</button> + <button onClick={stopTimer}>Stop</button> + </div> + ) +} + +// ============================================================================ +// Generic Component Patterns +// ============================================================================ + +// Select component with generic options +interface SelectProps<T> { + options: T[] + value: T + onChange: (value: T) => void + getLabel: (option: T) => string + getValue: (option: T) => string +} + +export function Select<T>({ + options, + value, + onChange, + getLabel, + getValue, +}: SelectProps<T>) { + return ( + <select + value={getValue(value)} + onChange={(e) => { + const selectedValue = e.target.value + const option = options.find((opt) => getValue(opt) === selectedValue) + if (option) { + onChange(option) + } + }} + > + {options.map((option) => ( + <option key={getValue(option)} value={getValue(option)}> + {getLabel(option)} + </option> + ))} + </select> + ) +} + +// Data table component +interface Column<T> { + key: keyof T + header: string + render?: (value: T[keyof T], row: T) => ReactNode +} + +interface TableProps<T> { + data: T[] + columns: Column<T>[] + keyExtractor: (row: T) => string +} + +export function Table<T>({ data, columns, keyExtractor }: TableProps<T>) { + return ( + <table> + <thead> + <tr> + {columns.map((col) => ( + <th key={String(col.key)}>{col.header}</th> + ))} + </tr> + </thead> + <tbody> + {data.map((row) => ( + <tr key={keyExtractor(row)}> + {columns.map((col) => ( + <td key={String(col.key)}> + {col.render ? col.render(row[col.key], row) : String(row[col.key])} + </td> + ))} + </tr> + ))} + </tbody> + </table> + ) +} + +// ============================================================================ +// Higher-Order Component Pattern +// ============================================================================ + +interface WithLoadingProps { + isLoading: boolean +} + +function withLoading<P extends object>( + Component: React.ComponentType<P>, +): React.FC<P & WithLoadingProps> { + return ({ isLoading, ...props }: WithLoadingProps & P) => { + if (isLoading) { + return <div>Loading...</div> + } + + return <Component {...(props as P)} /> + } +} + +// Usage +interface UserListProps { + users: User[] +} + +const UserList: React.FC<UserListProps> = ({ users }) => ( + <ul> + {users.map((user) => ( + <li key={user.id}>{user.name}</li> + ))} + </ul> +) + +const UserListWithLoading = withLoading(UserList) + +// ============================================================================ +// Exports +// ============================================================================ + +export { + useCounter, + useLoadingState, + useFetch, + useFetchWithReducer, + ContactForm, + FocusInput, + Timer, +} + +export type { + ButtonProps, + InputProps, + ListProps, + UseFetchOptions, + UseFetchReturn, + FetchState, + FetchAction, + AuthContextType, + SelectProps, + Column, + TableProps, +} + diff --git a/.claude/skills/typescript/examples/type-system-basics.ts b/.claude/skills/typescript/examples/type-system-basics.ts new file mode 100644 index 00000000..bc9742d5 --- /dev/null +++ b/.claude/skills/typescript/examples/type-system-basics.ts @@ -0,0 +1,361 @@ +/** + * TypeScript Type System Basics + * + * This file demonstrates fundamental TypeScript concepts including: + * - Primitive types + * - Object types (interfaces, type aliases) + * - Union and intersection types + * - Type inference and narrowing + * - Function types + */ + +// ============================================================================ +// Primitive Types +// ============================================================================ + +const message: string = 'Hello, TypeScript!' +const count: number = 42 +const isActive: boolean = true +const nothing: null = null +const notDefined: undefined = undefined + +// ============================================================================ +// Object Types +// ============================================================================ + +// Interface definition +interface User { + id: string + name: string + email: string + age?: number // Optional property + readonly createdAt: Date // Readonly property +} + +// Type alias definition +type Product = { + id: string + name: string + price: number + category: string +} + +// Creating objects +const user: User = { + id: '1', + name: 'Alice', + email: 'alice@example.com', + createdAt: new Date(), +} + +const product: Product = { + id: 'p1', + name: 'Laptop', + price: 999, + category: 'electronics', +} + +// ============================================================================ +// Union Types +// ============================================================================ + +type Status = 'idle' | 'loading' | 'success' | 'error' +type ID = string | number + +function formatId(id: ID): string { + if (typeof id === 'string') { + return id.toUpperCase() + } + return id.toString() +} + +// Discriminated unions +type ApiResponse = + | { success: true; data: User } + | { success: false; error: string } + +function handleResponse(response: ApiResponse) { + if (response.success) { + // TypeScript knows response.data exists here + console.log(response.data.name) + } else { + // TypeScript knows response.error exists here + console.error(response.error) + } +} + +// ============================================================================ +// Intersection Types +// ============================================================================ + +type Timestamped = { + createdAt: Date + updatedAt: Date +} + +type TimestampedUser = User & Timestamped + +const timestampedUser: TimestampedUser = { + id: '1', + name: 'Bob', + email: 'bob@example.com', + createdAt: new Date(), + updatedAt: new Date(), +} + +// ============================================================================ +// Array Types +// ============================================================================ + +const numbers: number[] = [1, 2, 3, 4, 5] +const strings: Array<string> = ['a', 'b', 'c'] +const users: User[] = [user, timestampedUser] + +// Readonly arrays +const immutableNumbers: readonly number[] = [1, 2, 3] +// immutableNumbers.push(4) // Error: push does not exist on readonly array + +// ============================================================================ +// Tuple Types +// ============================================================================ + +type Point = [number, number] +type NamedPoint = [x: number, y: number, z?: number] + +const point: Point = [10, 20] +const namedPoint: NamedPoint = [10, 20, 30] + +// ============================================================================ +// Function Types +// ============================================================================ + +// Function declaration +function add(a: number, b: number): number { + return a + b +} + +// Arrow function +const subtract = (a: number, b: number): number => a - b + +// Function type alias +type MathOperation = (a: number, b: number) => number + +const multiply: MathOperation = (a, b) => a * b + +// Optional parameters +function greet(name: string, greeting?: string): string { + return `${greeting ?? 'Hello'}, ${name}!` +} + +// Default parameters +function createUser(name: string, role: string = 'user'): User { + return { + id: Math.random().toString(), + name, + email: `${name.toLowerCase()}@example.com`, + createdAt: new Date(), + } +} + +// Rest parameters +function sum(...numbers: number[]): number { + return numbers.reduce((acc, n) => acc + n, 0) +} + +// ============================================================================ +// Type Inference +// ============================================================================ + +// Type is inferred as string +let inferredString = 'hello' + +// Type is inferred as number +let inferredNumber = 42 + +// Type is inferred as { name: string; age: number } +let inferredObject = { + name: 'Alice', + age: 30, +} + +// Return type is inferred as number +function inferredReturn(a: number, b: number) { + return a + b +} + +// ============================================================================ +// Type Narrowing +// ============================================================================ + +// typeof guard +function processValue(value: string | number) { + if (typeof value === 'string') { + // value is string here + return value.toUpperCase() + } + // value is number here + return value.toFixed(2) +} + +// Truthiness narrowing +function printName(name: string | null | undefined) { + if (name) { + // name is string here + console.log(name.toUpperCase()) + } +} + +// Equality narrowing +function example(x: string | number, y: string | boolean) { + if (x === y) { + // x and y are both string here + console.log(x.toUpperCase(), y.toLowerCase()) + } +} + +// in operator narrowing +type Fish = { swim: () => void } +type Bird = { fly: () => void } + +function move(animal: Fish | Bird) { + if ('swim' in animal) { + // animal is Fish here + animal.swim() + } else { + // animal is Bird here + animal.fly() + } +} + +// instanceof narrowing +function processError(error: Error | string) { + if (error instanceof Error) { + // error is Error here + console.error(error.message) + } else { + // error is string here + console.error(error) + } +} + +// ============================================================================ +// Type Predicates (Custom Type Guards) +// ============================================================================ + +function isUser(value: unknown): value is User { + return ( + typeof value === 'object' && + value !== null && + 'id' in value && + 'name' in value && + 'email' in value + ) +} + +function processData(data: unknown) { + if (isUser(data)) { + // data is User here + console.log(data.name) + } +} + +// ============================================================================ +// Const Assertions +// ============================================================================ + +// Without const assertion +const mutableConfig = { + host: 'localhost', + port: 8080, +} +// mutableConfig.host = 'example.com' // OK + +// With const assertion +const immutableConfig = { + host: 'localhost', + port: 8080, +} as const +// immutableConfig.host = 'example.com' // Error: cannot assign to readonly property + +// Array with const assertion +const directions = ['north', 'south', 'east', 'west'] as const +// Type: readonly ["north", "south", "east", "west"] + +// ============================================================================ +// Literal Types +// ============================================================================ + +type Direction = 'north' | 'south' | 'east' | 'west' +type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' +type DiceValue = 1 | 2 | 3 | 4 | 5 | 6 + +function move(direction: Direction, steps: number) { + console.log(`Moving ${direction} by ${steps} steps`) +} + +move('north', 10) // OK +// move('up', 10) // Error: "up" is not assignable to Direction + +// ============================================================================ +// Index Signatures +// ============================================================================ + +interface StringMap { + [key: string]: string +} + +const translations: StringMap = { + hello: 'Hola', + goodbye: 'Adiós', + thanks: 'Gracias', +} + +// ============================================================================ +// Utility Functions +// ============================================================================ + +// Type-safe object keys +function getObjectKeys<T extends object>(obj: T): Array<keyof T> { + return Object.keys(obj) as Array<keyof T> +} + +// Type-safe property access +function getProperty<T, K extends keyof T>(obj: T, key: K): T[K] { + return obj[key] +} + +const userName = getProperty(user, 'name') // Type: string +const userAge = getProperty(user, 'age') // Type: number | undefined + +// ============================================================================ +// Named Return Values (Go-style) +// ============================================================================ + +function parseJSON(json: string): { data: unknown | null; err: Error | null } { + let data: unknown | null = null + let err: Error | null = null + + try { + data = JSON.parse(json) + } catch (error) { + err = error instanceof Error ? error : new Error(String(error)) + } + + return { data, err } +} + +// Usage +const { data, err } = parseJSON('{"name": "Alice"}') +if (err) { + console.error('Failed to parse JSON:', err.message) +} else { + console.log('Parsed data:', data) +} + +// ============================================================================ +// Exports +// ============================================================================ + +export type { User, Product, Status, ID, ApiResponse, TimestampedUser } +export { formatId, handleResponse, processValue, isUser, getProperty, parseJSON } + diff --git a/.claude/skills/typescript/quick-reference.md b/.claude/skills/typescript/quick-reference.md new file mode 100644 index 00000000..260d1c6d --- /dev/null +++ b/.claude/skills/typescript/quick-reference.md @@ -0,0 +1,395 @@ +# TypeScript Quick Reference + +Quick lookup guide for common TypeScript patterns and syntax. + +## Basic Types + +```typescript +// Primitives +string, number, boolean, null, undefined, symbol, bigint + +// Special types +any // Avoid - disables type checking +unknown // Type-safe alternative to any +void // No return value +never // Never returns + +// Arrays +number[] +Array<string> +readonly number[] + +// Tuples +[string, number] +[x: number, y: number] + +// Objects +{ name: string; age: number } +Record<string, number> +``` + +## Type Declarations + +```typescript +// Interface +interface User { + id: string + name: string + age?: number // Optional + readonly createdAt: Date // Readonly +} + +// Type alias +type Status = 'idle' | 'loading' | 'success' | 'error' +type ID = string | number +type Point = { x: number; y: number } + +// Function type +type Callback = (data: string) => void +type MathOp = (a: number, b: number) => number +``` + +## Union & Intersection + +```typescript +// Union (OR) +string | number +type Result = Success | Error + +// Intersection (AND) +A & B +type Combined = User & Timestamped + +// Discriminated union +type State = + | { status: 'idle' } + | { status: 'loading' } + | { status: 'success'; data: Data } + | { status: 'error'; error: Error } +``` + +## Generics + +```typescript +// Generic function +function identity<T>(value: T): T + +// Generic interface +interface Box<T> { value: T } + +// Generic with constraint +function getProperty<T, K extends keyof T>(obj: T, key: K): T[K] + +// Multiple type parameters +function merge<T, U>(a: T, b: U): T & U + +// Default type parameter +interface Response<T = unknown> { data: T } +``` + +## Utility Types + +```typescript +Partial<T> // Make all optional +Required<T> // Make all required +Readonly<T> // Make all readonly +Pick<T, K> // Select properties +Omit<T, K> // Exclude properties +Record<K, T> // Object with specific keys +Exclude<T, U> // Remove from union +Extract<T, U> // Extract from union +NonNullable<T> // Remove null/undefined +ReturnType<T> // Get function return type +Parameters<T> // Get function parameters +Awaited<T> // Unwrap Promise +``` + +## Type Guards + +```typescript +// typeof +if (typeof value === 'string') { } + +// instanceof +if (error instanceof Error) { } + +// in operator +if ('property' in object) { } + +// Custom type guard +function isUser(value: unknown): value is User { + return typeof value === 'object' && value !== null && 'id' in value +} + +// Assertion function +function assertIsString(value: unknown): asserts value is string { + if (typeof value !== 'string') throw new Error() +} +``` + +## Advanced Types + +```typescript +// Conditional types +type IsString<T> = T extends string ? true : false + +// Mapped types +type Nullable<T> = { [K in keyof T]: T[K] | null } + +// Template literal types +type EventName<T extends string> = `on${Capitalize<T>}` + +// Key remapping +type Getters<T> = { + [K in keyof T as `get${Capitalize<string & K>}`]: () => T[K] +} + +// infer keyword +type Flatten<T> = T extends Array<infer U> ? U : T +``` + +## Functions + +```typescript +// Function declaration +function add(a: number, b: number): number { return a + b } + +// Arrow function +const subtract = (a: number, b: number): number => a - b + +// Optional parameters +function greet(name: string, greeting?: string): string { } + +// Default parameters +function create(name: string, role = 'user'): User { } + +// Rest parameters +function sum(...numbers: number[]): number { } + +// Overloads +function format(value: string): string +function format(value: number): string +function format(value: string | number): string { } +``` + +## Classes + +```typescript +class User { + // Properties + private id: string + public name: string + protected age: number + readonly createdAt: Date + + // Constructor + constructor(name: string) { + this.name = name + this.createdAt = new Date() + } + + // Methods + greet(): string { + return `Hello, ${this.name}` + } + + // Static + static create(name: string): User { + return new User(name) + } + + // Getters/Setters + get displayName(): string { + return this.name.toUpperCase() + } +} + +// Inheritance +class Admin extends User { + constructor(name: string, public permissions: string[]) { + super(name) + } +} + +// Abstract class +abstract class Animal { + abstract makeSound(): void +} +``` + +## React Patterns + +```typescript +// Component props +interface ButtonProps { + variant?: 'primary' | 'secondary' + onClick?: () => void + children: React.ReactNode +} + +export function Button({ variant = 'primary', onClick, children }: ButtonProps) { } + +// Generic component +interface ListProps<T> { + items: T[] + renderItem: (item: T) => React.ReactNode +} + +export function List<T>({ items, renderItem }: ListProps<T>) { } + +// Hooks +const [state, setState] = useState<string>('') +const [data, setData] = useState<User | null>(null) + +// Context +interface AuthContextType { + user: User | null + login: () => Promise<void> +} + +const AuthContext = createContext<AuthContextType | undefined>(undefined) + +export function useAuth(): AuthContextType { + const context = useContext(AuthContext) + if (!context) throw new Error('useAuth must be used within AuthProvider') + return context +} +``` + +## Common Patterns + +### Result Type +```typescript +type Result<T, E = Error> = + | { success: true; data: T } + | { success: false; error: E } +``` + +### Option Type +```typescript +type Option<T> = Some<T> | None +interface Some<T> { _tag: 'Some'; value: T } +interface None { _tag: 'None' } +``` + +### Branded Types +```typescript +type Brand<K, T> = K & { __brand: T } +type UserId = Brand<string, 'UserId'> +``` + +### Named Returns (Go-style) +```typescript +function parseJSON(json: string): { data: unknown | null; err: Error | null } { + let data: unknown | null = null + let err: Error | null = null + + try { + data = JSON.parse(json) + } catch (error) { + err = error instanceof Error ? error : new Error(String(error)) + } + + return { data, err } +} +``` + +## Type Assertions + +```typescript +// as syntax (preferred) +const value = input as string + +// Angle bracket syntax (not in JSX) +const value = <string>input + +// as const +const config = { host: 'localhost' } as const + +// Non-null assertion (use sparingly) +const element = document.getElementById('app')! +``` + +## Type Narrowing + +```typescript +// Control flow +if (value !== null) { + // value is non-null here +} + +// Switch with discriminated unions +switch (state.status) { + case 'success': + console.log(state.data) // TypeScript knows data exists + break + case 'error': + console.log(state.error) // TypeScript knows error exists + break +} + +// Optional chaining +user?.profile?.name + +// Nullish coalescing +const name = user?.name ?? 'Anonymous' +``` + +## Module Syntax + +```typescript +// Named exports +export function helper() { } +export const CONFIG = { } + +// Default export +export default class App { } + +// Type-only imports/exports +import type { User } from './types' +export type { User } + +// Namespace imports +import * as utils from './utils' +``` + +## TSConfig Essentials + +```json +{ + "compilerOptions": { + "strict": true, + "target": "ES2022", + "module": "ESNext", + "moduleResolution": "bundler", + "jsx": "react-jsx", + "esModuleInterop": true, + "skipLibCheck": true, + "resolveJsonModule": true + } +} +``` + +## Common Errors & Fixes + +| Error | Fix | +|-------|-----| +| Type 'X' is not assignable to type 'Y' | Check type compatibility, use type assertion if needed | +| Object is possibly 'null' | Use optional chaining `?.` or null check | +| Cannot find module | Install `@types/package-name` | +| Implicit any | Add type annotation or enable strict mode | +| Property does not exist | Check object shape, use type guard | + +## Best Practices + +1. Enable `strict` mode in tsconfig.json +2. Avoid `any`, use `unknown` instead +3. Use discriminated unions for state +4. Leverage type inference +5. Use `const` assertions for immutable data +6. Create custom type guards for runtime safety +7. Use utility types instead of recreating +8. Document complex types with JSDoc +9. Prefer interfaces for objects, types for unions +10. Use branded types for domain-specific primitives + diff --git a/.claude/skills/typescript/references/common-patterns.md b/.claude/skills/typescript/references/common-patterns.md new file mode 100644 index 00000000..b73d42b6 --- /dev/null +++ b/.claude/skills/typescript/references/common-patterns.md @@ -0,0 +1,756 @@ +# TypeScript Common Patterns Reference + +This document contains commonly used TypeScript patterns and idioms from real-world applications. + +## React Patterns + +### Component Props + +```typescript +// Basic props with children +interface ButtonProps { + variant?: 'primary' | 'secondary' | 'tertiary' + size?: 'sm' | 'md' | 'lg' + disabled?: boolean + onClick?: () => void + children: React.ReactNode +} + +export function Button({ + variant = 'primary', + size = 'md', + disabled = false, + onClick, + children, +}: ButtonProps) { + return ( + <button className={`btn-${variant} btn-${size}`} disabled={disabled} onClick={onClick}> + {children} + </button> + ) +} + +// Props extending HTML attributes +interface InputProps extends React.InputHTMLAttributes<HTMLInputElement> { + label?: string + error?: string +} + +export function Input({ label, error, ...inputProps }: InputProps) { + return ( + <div> + {label && <label>{label}</label>} + <input {...inputProps} /> + {error && <span>{error}</span>} + </div> + ) +} + +// Generic component props +interface ListProps<T> { + items: T[] + renderItem: (item: T) => React.ReactNode + keyExtractor: (item: T) => string +} + +export function List<T>({ items, renderItem, keyExtractor }: ListProps<T>) { + return ( + <ul> + {items.map((item) => ( + <li key={keyExtractor(item)}>{renderItem(item)}</li> + ))} + </ul> + ) +} +``` + +### Hooks + +```typescript +// Custom hook with return type +function useLocalStorage<T>(key: string, initialValue: T): [T, (value: T) => void] { + const [storedValue, setStoredValue] = useState<T>(() => { + try { + const item = window.localStorage.getItem(key) + return item ? JSON.parse(item) : initialValue + } catch (error) { + return initialValue + } + }) + + const setValue = (value: T) => { + setStoredValue(value) + window.localStorage.setItem(key, JSON.stringify(value)) + } + + return [storedValue, setValue] +} + +// Hook with options object +interface UseFetchOptions<T> { + initialData?: T + onSuccess?: (data: T) => void + onError?: (error: Error) => void +} + +function useFetch<T>(url: string, options?: UseFetchOptions<T>) { + const [data, setData] = useState<T | undefined>(options?.initialData) + const [loading, setLoading] = useState(false) + const [error, setError] = useState<Error | null>(null) + + useEffect(() => { + let isCancelled = false + + const fetchData = async () => { + setLoading(true) + try { + const response = await fetch(url) + const json = await response.json() + if (!isCancelled) { + setData(json) + options?.onSuccess?.(json) + } + } catch (err) { + if (!isCancelled) { + const error = err instanceof Error ? err : new Error(String(err)) + setError(error) + options?.onError?.(error) + } + } finally { + if (!isCancelled) { + setLoading(false) + } + } + } + + fetchData() + + return () => { + isCancelled = true + } + }, [url]) + + return { data, loading, error } +} +``` + +### Context + +```typescript +// Type-safe context +interface AuthContextType { + user: User | null + login: (email: string, password: string) => Promise<void> + logout: () => void + isAuthenticated: boolean +} + +const AuthContext = createContext<AuthContextType | undefined>(undefined) + +export function AuthProvider({ children }: { children: React.ReactNode }) { + const [user, setUser] = useState<User | null>(null) + + const login = async (email: string, password: string) => { + // Login logic + const user = await api.login(email, password) + setUser(user) + } + + const logout = () => { + setUser(null) + } + + const value: AuthContextType = { + user, + login, + logout, + isAuthenticated: user !== null, + } + + return <AuthContext.Provider value={value}>{children}</AuthContext.Provider> +} + +// Custom hook with proper error handling +export function useAuth(): AuthContextType { + const context = useContext(AuthContext) + if (context === undefined) { + throw new Error('useAuth must be used within AuthProvider') + } + return context +} +``` + +## API Response Patterns + +### Result Type Pattern + +```typescript +// Discriminated union for API responses +type Result<T, E = Error> = + | { success: true; data: T } + | { success: false; error: E } + +// Helper functions +function success<T>(data: T): Result<T> { + return { success: true, data } +} + +function failure<E = Error>(error: E): Result<never, E> { + return { success: false, error } +} + +// Usage +async function fetchUser(id: string): Promise<Result<User>> { + try { + const response = await fetch(`/api/users/${id}`) + if (!response.ok) { + return failure(new Error(`HTTP ${response.status}`)) + } + const data = await response.json() + return success(data) + } catch (error) { + return failure(error instanceof Error ? error : new Error(String(error))) + } +} + +// Consuming the result +const result = await fetchUser('123') +if (result.success) { + console.log(result.data.name) // Type-safe access +} else { + console.error(result.error.message) // Type-safe error handling +} +``` + +### Option Type Pattern + +```typescript +// Option/Maybe type for nullable values +type Option<T> = Some<T> | None + +interface Some<T> { + readonly _tag: 'Some' + readonly value: T +} + +interface None { + readonly _tag: 'None' +} + +// Constructors +function some<T>(value: T): Option<T> { + return { _tag: 'Some', value } +} + +function none(): Option<never> { + return { _tag: 'None' } +} + +// Helper functions +function isSome<T>(option: Option<T>): option is Some<T> { + return option._tag === 'Some' +} + +function isNone<T>(option: Option<T>): option is None { + return option._tag === 'None' +} + +function map<T, U>(option: Option<T>, fn: (value: T) => U): Option<U> { + return isSome(option) ? some(fn(option.value)) : none() +} + +function getOrElse<T>(option: Option<T>, defaultValue: T): T { + return isSome(option) ? option.value : defaultValue +} + +// Usage +function findUser(id: string): Option<User> { + const user = users.find((u) => u.id === id) + return user ? some(user) : none() +} + +const user = findUser('123') +const userName = getOrElse(map(user, (u) => u.name), 'Unknown') +``` + +## State Management Patterns + +### Discriminated Union for State + +```typescript +// State machine using discriminated unions +type FetchState<T> = + | { status: 'idle' } + | { status: 'loading' } + | { status: 'success'; data: T } + | { status: 'error'; error: Error } + +// Reducer pattern +type FetchAction<T> = + | { type: 'FETCH_START' } + | { type: 'FETCH_SUCCESS'; payload: T } + | { type: 'FETCH_ERROR'; error: Error } + | { type: 'RESET' } + +function fetchReducer<T>(state: FetchState<T>, action: FetchAction<T>): FetchState<T> { + switch (action.type) { + case 'FETCH_START': + return { status: 'loading' } + case 'FETCH_SUCCESS': + return { status: 'success', data: action.payload } + case 'FETCH_ERROR': + return { status: 'error', error: action.error } + case 'RESET': + return { status: 'idle' } + } +} + +// Usage in component +function UserProfile({ userId }: { userId: string }) { + const [state, dispatch] = useReducer(fetchReducer<User>, { status: 'idle' }) + + useEffect(() => { + dispatch({ type: 'FETCH_START' }) + fetchUser(userId) + .then((user) => dispatch({ type: 'FETCH_SUCCESS', payload: user })) + .catch((error) => dispatch({ type: 'FETCH_ERROR', error })) + }, [userId]) + + switch (state.status) { + case 'idle': + return <div>Ready to load</div> + case 'loading': + return <div>Loading...</div> + case 'success': + return <div>{state.data.name}</div> + case 'error': + return <div>Error: {state.error.message}</div> + } +} +``` + +### Store Pattern + +```typescript +// Type-safe store implementation +interface Store<T> { + getState: () => T + setState: (partial: Partial<T>) => void + subscribe: (listener: (state: T) => void) => () => void +} + +function createStore<T>(initialState: T): Store<T> { + let state = initialState + const listeners = new Set<(state: T) => void>() + + return { + getState: () => state, + setState: (partial) => { + state = { ...state, ...partial } + listeners.forEach((listener) => listener(state)) + }, + subscribe: (listener) => { + listeners.add(listener) + return () => listeners.delete(listener) + }, + } +} + +// Usage +interface AppState { + user: User | null + theme: 'light' | 'dark' +} + +const store = createStore<AppState>({ + user: null, + theme: 'light', +}) + +// React hook integration +function useStore<T, U>(store: Store<T>, selector: (state: T) => U): U { + const [value, setValue] = useState(() => selector(store.getState())) + + useEffect(() => { + const unsubscribe = store.subscribe((state) => { + setValue(selector(state)) + }) + return unsubscribe + }, [store, selector]) + + return value +} + +// Usage in component +function ThemeToggle() { + const theme = useStore(store, (state) => state.theme) + + return ( + <button + onClick={() => store.setState({ theme: theme === 'light' ? 'dark' : 'light' })} + > + Toggle Theme + </button> + ) +} +``` + +## Form Patterns + +### Form State Management + +```typescript +// Generic form state +interface FormState<T> { + values: T + errors: Partial<Record<keyof T, string>> + touched: Partial<Record<keyof T, boolean>> + isSubmitting: boolean +} + +// Form hook +function useForm<T extends Record<string, any>>( + initialValues: T, + validate: (values: T) => Partial<Record<keyof T, string>>, +) { + const [state, setState] = useState<FormState<T>>({ + values: initialValues, + errors: {}, + touched: {}, + isSubmitting: false, + }) + + const handleChange = <K extends keyof T>(field: K, value: T[K]) => { + setState((prev) => ({ + ...prev, + values: { ...prev.values, [field]: value }, + errors: { ...prev.errors, [field]: undefined }, + })) + } + + const handleBlur = <K extends keyof T>(field: K) => { + setState((prev) => ({ + ...prev, + touched: { ...prev.touched, [field]: true }, + })) + } + + const handleSubmit = async (onSubmit: (values: T) => Promise<void>) => { + const errors = validate(state.values) + + if (Object.keys(errors).length > 0) { + setState((prev) => ({ + ...prev, + errors, + touched: Object.keys(state.values).reduce( + (acc, key) => ({ ...acc, [key]: true }), + {}, + ), + })) + return + } + + setState((prev) => ({ ...prev, isSubmitting: true })) + try { + await onSubmit(state.values) + } finally { + setState((prev) => ({ ...prev, isSubmitting: false })) + } + } + + return { + values: state.values, + errors: state.errors, + touched: state.touched, + isSubmitting: state.isSubmitting, + handleChange, + handleBlur, + handleSubmit, + } +} + +// Usage +interface LoginFormValues { + email: string + password: string +} + +function LoginForm() { + const form = useForm<LoginFormValues>( + { email: '', password: '' }, + (values) => { + const errors: Partial<Record<keyof LoginFormValues, string>> = {} + if (!values.email) { + errors.email = 'Email is required' + } + if (!values.password) { + errors.password = 'Password is required' + } + return errors + }, + ) + + return ( + <form + onSubmit={(e) => { + e.preventDefault() + form.handleSubmit(async (values) => { + await login(values.email, values.password) + }) + }} + > + <input + value={form.values.email} + onChange={(e) => form.handleChange('email', e.target.value)} + onBlur={() => form.handleBlur('email')} + /> + {form.touched.email && form.errors.email && <span>{form.errors.email}</span>} + + <input + type="password" + value={form.values.password} + onChange={(e) => form.handleChange('password', e.target.value)} + onBlur={() => form.handleBlur('password')} + /> + {form.touched.password && form.errors.password && ( + <span>{form.errors.password}</span> + )} + + <button type="submit" disabled={form.isSubmitting}> + Login + </button> + </form> + ) +} +``` + +## Validation Patterns + +### Zod Integration + +```typescript +import { z } from 'zod' + +// Schema definition +const userSchema = z.object({ + id: z.string().uuid(), + name: z.string().min(1).max(100), + email: z.string().email(), + age: z.number().int().min(0).max(120), + role: z.enum(['admin', 'user', 'guest']), +}) + +// Extract type from schema +type User = z.infer<typeof userSchema> + +// Validation function +function validateUser(data: unknown): Result<User> { + const result = userSchema.safeParse(data) + if (result.success) { + return { success: true, data: result.data } + } + return { + success: false, + error: new Error(result.error.errors.map((e) => e.message).join(', ')), + } +} + +// API integration +async function createUser(data: unknown): Promise<Result<User>> { + const validation = validateUser(data) + if (!validation.success) { + return validation + } + + try { + const response = await fetch('/api/users', { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify(validation.data), + }) + + if (!response.ok) { + return failure(new Error(`HTTP ${response.status}`)) + } + + const user = await response.json() + return success(user) + } catch (error) { + return failure(error instanceof Error ? error : new Error(String(error))) + } +} +``` + +## Builder Pattern + +```typescript +// Fluent builder pattern +class QueryBuilder<T> { + private filters: Array<(item: T) => boolean> = [] + private sortFn?: (a: T, b: T) => number + private limitValue?: number + + where(predicate: (item: T) => boolean): this { + this.filters.push(predicate) + return this + } + + sortBy(compareFn: (a: T, b: T) => number): this { + this.sortFn = compareFn + return this + } + + limit(count: number): this { + this.limitValue = count + return this + } + + execute(data: T[]): T[] { + let result = data + + // Apply filters + this.filters.forEach((filter) => { + result = result.filter(filter) + }) + + // Apply sorting + if (this.sortFn) { + result = result.sort(this.sortFn) + } + + // Apply limit + if (this.limitValue !== undefined) { + result = result.slice(0, this.limitValue) + } + + return result + } +} + +// Usage +interface Product { + id: string + name: string + price: number + category: string +} + +const products: Product[] = [ + /* ... */ +] + +const query = new QueryBuilder<Product>() + .where((p) => p.category === 'electronics') + .where((p) => p.price < 1000) + .sortBy((a, b) => a.price - b.price) + .limit(10) + .execute(products) +``` + +## Factory Pattern + +```typescript +// Abstract factory pattern with TypeScript +interface Button { + render: () => string + onClick: () => void +} + +interface ButtonFactory { + createButton: (label: string, onClick: () => void) => Button +} + +class PrimaryButton implements Button { + constructor(private label: string, private clickHandler: () => void) {} + + render() { + return `<button class="primary">${this.label}</button>` + } + + onClick() { + this.clickHandler() + } +} + +class SecondaryButton implements Button { + constructor(private label: string, private clickHandler: () => void) {} + + render() { + return `<button class="secondary">${this.label}</button>` + } + + onClick() { + this.clickHandler() + } +} + +class PrimaryButtonFactory implements ButtonFactory { + createButton(label: string, onClick: () => void): Button { + return new PrimaryButton(label, onClick) + } +} + +class SecondaryButtonFactory implements ButtonFactory { + createButton(label: string, onClick: () => void): Button { + return new SecondaryButton(label, onClick) + } +} + +// Usage +function createUI(factory: ButtonFactory) { + const button = factory.createButton('Click me', () => console.log('Clicked!')) + return button.render() +} +``` + +## Named Return Variables Pattern + +```typescript +// Following Go-style named returns +function parseUser(data: unknown): { user: User | null; err: Error | null } { + let user: User | null = null + let err: Error | null = null + + try { + user = userSchema.parse(data) + } catch (error) { + err = error instanceof Error ? error : new Error(String(error)) + } + + return { user, err } +} + +// With explicit naming +function fetchData(url: string): { + data: unknown | null + status: number + err: Error | null +} { + let data: unknown | null = null + let status = 0 + let err: Error | null = null + + try { + const response = fetch(url) + // Process response + } catch (error) { + err = error instanceof Error ? error : new Error(String(error)) + } + + return { data, status, err } +} +``` + +## Best Practices + +1. **Use discriminated unions** for type-safe state management +2. **Leverage generic types** for reusable components and hooks +3. **Extract types from Zod schemas** for runtime + compile-time safety +4. **Use Result/Option types** for explicit error handling +5. **Create builder patterns** for complex object construction +6. **Use factory patterns** for flexible object creation +7. **Type context properly** to catch usage errors at compile time +8. **Prefer const assertions** for immutable configurations +9. **Use branded types** for domain-specific primitives +10. **Document patterns** with JSDoc for team knowledge sharing + diff --git a/.claude/skills/typescript/references/type-system.md b/.claude/skills/typescript/references/type-system.md new file mode 100644 index 00000000..c7cac7b9 --- /dev/null +++ b/.claude/skills/typescript/references/type-system.md @@ -0,0 +1,804 @@ +# TypeScript Type System Reference + +## Overview + +TypeScript's type system is structural (duck-typed) rather than nominal. Two types are compatible if their structure matches, regardless of their names. + +## Primitive Types + +### Basic Primitives + +```typescript +let str: string = 'hello' +let num: number = 42 +let bool: boolean = true +let nul: null = null +let undef: undefined = undefined +let sym: symbol = Symbol('key') +let big: bigint = 100n +``` + +### Special Types + +**any** - Disables type checking (avoid when possible): +```typescript +let anything: any = 'string' +anything = 42 // OK +anything.nonExistent() // OK at compile time, error at runtime +``` + +**unknown** - Type-safe alternative to any (requires type checking): +```typescript +let value: unknown = 'string' +// value.toUpperCase() // Error: must narrow type first + +if (typeof value === 'string') { + value.toUpperCase() // OK after narrowing +} +``` + +**void** - Absence of a value (function return type): +```typescript +function log(message: string): void { + console.log(message) +} +``` + +**never** - Value that never occurs (exhaustive checks, infinite loops): +```typescript +function throwError(message: string): never { + throw new Error(message) +} + +function exhaustiveCheck(value: never): never { + throw new Error(`Unhandled case: ${value}`) +} +``` + +## Object Types + +### Interfaces + +```typescript +// Basic interface +interface User { + id: string + name: string + email: string +} + +// Optional properties +interface Product { + id: string + name: string + description?: string // Optional +} + +// Readonly properties +interface Config { + readonly apiUrl: string + readonly timeout: number +} + +// Index signatures +interface Dictionary { + [key: string]: string +} + +// Method signatures +interface Calculator { + add(a: number, b: number): number + subtract(a: number, b: number): number +} + +// Extending interfaces +interface Employee extends User { + role: string + department: string +} + +// Multiple inheritance +interface Admin extends User, Employee { + permissions: string[] +} +``` + +### Type Aliases + +```typescript +// Basic type alias +type ID = string | number + +// Object type +type Point = { + x: number + y: number +} + +// Union type +type Status = 'idle' | 'loading' | 'success' | 'error' + +// Intersection type +type Timestamped = { + createdAt: Date + updatedAt: Date +} + +type TimestampedUser = User & Timestamped + +// Function type +type Callback = (data: string) => void + +// Generic type alias +type Result<T> = { success: true; data: T } | { success: false; error: string } +``` + +### Interface vs Type Alias + +**Use interface when:** +- Defining object shapes +- Need declaration merging +- Building public API types that others might extend + +**Use type when:** +- Creating unions or intersections +- Working with mapped types +- Need conditional types +- Defining primitive aliases + +## Array and Tuple Types + +### Arrays + +```typescript +// Array syntax +let numbers: number[] = [1, 2, 3] +let strings: Array<string> = ['a', 'b', 'c'] + +// Readonly arrays +let immutable: readonly number[] = [1, 2, 3] +let alsoImmutable: ReadonlyArray<string> = ['a', 'b'] +``` + +### Tuples + +```typescript +// Fixed-length, mixed-type arrays +type Point = [number, number] +type NamedPoint = [x: number, y: number] + +// Optional elements +type OptionalTuple = [string, number?] + +// Rest elements +type StringNumberBooleans = [string, number, ...boolean[]] + +// Readonly tuples +type ReadonlyPair = readonly [string, number] +``` + +## Union and Intersection Types + +### Union Types + +```typescript +// Value can be one of several types +type StringOrNumber = string | number + +function format(value: StringOrNumber): string { + if (typeof value === 'string') { + return value + } + return value.toString() +} + +// Discriminated unions +type Shape = + | { kind: 'circle'; radius: number } + | { kind: 'square'; size: number } + | { kind: 'rectangle'; width: number; height: number } + +function area(shape: Shape): number { + switch (shape.kind) { + case 'circle': + return Math.PI * shape.radius ** 2 + case 'square': + return shape.size ** 2 + case 'rectangle': + return shape.width * shape.height + } +} +``` + +### Intersection Types + +```typescript +// Combine multiple types +type Draggable = { + drag: () => void +} + +type Resizable = { + resize: () => void +} + +type UIWidget = Draggable & Resizable + +const widget: UIWidget = { + drag: () => console.log('dragging'), + resize: () => console.log('resizing'), +} +``` + +## Literal Types + +### String Literal Types + +```typescript +type Direction = 'north' | 'south' | 'east' | 'west' +type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' + +function move(direction: Direction) { + // direction can only be one of the four values +} +``` + +### Number Literal Types + +```typescript +type DiceValue = 1 | 2 | 3 | 4 | 5 | 6 +type PowerOfTwo = 1 | 2 | 4 | 8 | 16 | 32 +``` + +### Boolean Literal Types + +```typescript +type Yes = true +type No = false +``` + +### Template Literal Types + +```typescript +// String manipulation at type level +type EventName<T extends string> = `on${Capitalize<T>}` +type ClickEvent = EventName<'click'> // "onClick" + +// Combining literals +type Color = 'red' | 'blue' | 'green' +type Shade = 'light' | 'dark' +type ColorShade = `${Shade}-${Color}` // "light-red" | "light-blue" | ... + +// Extract patterns +type EmailLocaleIDs = 'welcome_email' | 'email_heading' +type FooterLocaleIDs = 'footer_title' | 'footer_sendoff' +type AllLocaleIDs = `${EmailLocaleIDs | FooterLocaleIDs}_id` +``` + +## Type Inference + +### Automatic Inference + +```typescript +// Type inferred as string +let message = 'hello' + +// Type inferred as number[] +let numbers = [1, 2, 3] + +// Type inferred as { name: string; age: number } +let person = { + name: 'Alice', + age: 30, +} + +// Return type inferred +function add(a: number, b: number) { + return a + b // Returns number +} +``` + +### Const Assertions + +```typescript +// Without const assertion +let colors1 = ['red', 'green', 'blue'] // Type: string[] + +// With const assertion +let colors2 = ['red', 'green', 'blue'] as const // Type: readonly ["red", "green", "blue"] + +// Object with const assertion +const config = { + host: 'localhost', + port: 8080, +} as const // All properties become readonly with literal types +``` + +### Type Inference in Generics + +```typescript +// Generic type inference from usage +function identity<T>(value: T): T { + return value +} + +let str = identity('hello') // T inferred as string +let num = identity(42) // T inferred as number + +// Multiple type parameters +function pair<T, U>(first: T, second: U): [T, U] { + return [first, second] +} + +let p = pair('hello', 42) // [string, number] +``` + +## Type Narrowing + +### typeof Guards + +```typescript +function padLeft(value: string, padding: string | number) { + if (typeof padding === 'number') { + // padding is number here + return ' '.repeat(padding) + value + } + // padding is string here + return padding + value +} +``` + +### instanceof Guards + +```typescript +class Dog { + bark() { + console.log('Woof!') + } +} + +class Cat { + meow() { + console.log('Meow!') + } +} + +function makeSound(animal: Dog | Cat) { + if (animal instanceof Dog) { + animal.bark() + } else { + animal.meow() + } +} +``` + +### in Operator + +```typescript +type Fish = { swim: () => void } +type Bird = { fly: () => void } + +function move(animal: Fish | Bird) { + if ('swim' in animal) { + animal.swim() + } else { + animal.fly() + } +} +``` + +### Equality Narrowing + +```typescript +function example(x: string | number, y: string | boolean) { + if (x === y) { + // x and y are both string here + x.toUpperCase() + y.toLowerCase() + } +} +``` + +### Control Flow Analysis + +```typescript +function example(value: string | null) { + if (value === null) { + return + } + // value is string here (null eliminated) + console.log(value.toUpperCase()) +} +``` + +### Type Predicates (Custom Type Guards) + +```typescript +function isString(value: unknown): value is string { + return typeof value === 'string' +} + +function example(value: unknown) { + if (isString(value)) { + // value is string here + console.log(value.toUpperCase()) + } +} + +// More complex example +interface User { + id: string + name: string +} + +function isUser(value: unknown): value is User { + return ( + typeof value === 'object' && + value !== null && + 'id' in value && + 'name' in value && + typeof (value as User).id === 'string' && + typeof (value as User).name === 'string' + ) +} +``` + +### Assertion Functions + +```typescript +function assert(condition: unknown, message?: string): asserts condition { + if (!condition) { + throw new Error(message || 'Assertion failed') + } +} + +function assertIsString(value: unknown): asserts value is string { + if (typeof value !== 'string') { + throw new Error('Value must be a string') + } +} + +function example(value: unknown) { + assertIsString(value) + // value is string here + console.log(value.toUpperCase()) +} +``` + +## Generic Types + +### Basic Generics + +```typescript +// Generic function +function first<T>(items: T[]): T | undefined { + return items[0] +} + +// Generic interface +interface Box<T> { + value: T +} + +// Generic type alias +type Result<T> = { success: true; data: T } | { success: false; error: string } + +// Generic class +class Stack<T> { + private items: T[] = [] + + push(item: T) { + this.items.push(item) + } + + pop(): T | undefined { + return this.items.pop() + } +} +``` + +### Generic Constraints + +```typescript +// Constrain to specific type +function getProperty<T, K extends keyof T>(obj: T, key: K): T[K] { + return obj[key] +} + +// Constrain to interface +interface HasLength { + length: number +} + +function logLength<T extends HasLength>(item: T): void { + console.log(item.length) +} + +logLength('string') // OK +logLength([1, 2, 3]) // OK +logLength({ length: 10 }) // OK +// logLength(42) // Error: number doesn't have length +``` + +### Default Generic Parameters + +```typescript +interface Response<T = unknown> { + data: T + status: number +} + +// Uses default +let response1: Response = { data: 'anything', status: 200 } + +// Explicitly typed +let response2: Response<User> = { data: user, status: 200 } +``` + +### Generic Utility Functions + +```typescript +// Pick specific properties +function pick<T, K extends keyof T>(obj: T, keys: K[]): Pick<T, K> { + const result = {} as Pick<T, K> + keys.forEach((key) => { + result[key] = obj[key] + }) + return result +} + +// Map array +function map<T, U>(items: T[], fn: (item: T) => U): U[] { + return items.map(fn) +} +``` + +## Advanced Type Features + +### Conditional Types + +```typescript +// Basic conditional type +type IsString<T> = T extends string ? true : false + +type A = IsString<string> // true +type B = IsString<number> // false + +// Distributive conditional types +type ToArray<T> = T extends any ? T[] : never + +type StrArrOrNumArr = ToArray<string | number> // string[] | number[] + +// Infer keyword +type Flatten<T> = T extends Array<infer U> ? U : T + +type Str = Flatten<string[]> // string +type Num = Flatten<number> // number + +// ReturnType implementation +type MyReturnType<T> = T extends (...args: any[]) => infer R ? R : never +``` + +### Mapped Types + +```typescript +// Make all properties optional +type Partial<T> = { + [K in keyof T]?: T[K] +} + +// Make all properties required +type Required<T> = { + [K in keyof T]-?: T[K] +} + +// Make all properties readonly +type Readonly<T> = { + readonly [K in keyof T]: T[K] +} + +// Transform keys +type Getters<T> = { + [K in keyof T as `get${Capitalize<string & K>}`]: () => T[K] +} + +interface Person { + name: string + age: number +} + +type PersonGetters = Getters<Person> +// { +// getName: () => string +// getAge: () => number +// } +``` + +### Key Remapping + +```typescript +// Filter keys +type RemoveKindField<T> = { + [K in keyof T as Exclude<K, 'kind'>]: T[K] +} + +// Conditional key inclusion +type PickByType<T, U> = { + [K in keyof T as T[K] extends U ? K : never]: T[K] +} + +interface Model { + id: number + name: string + age: number + email: string +} + +type StringFields = PickByType<Model, string> // { name: string, email: string } +``` + +### Recursive Types + +```typescript +// JSON value type +type JSONValue = string | number | boolean | null | JSONObject | JSONArray + +interface JSONObject { + [key: string]: JSONValue +} + +interface JSONArray extends Array<JSONValue> {} + +// Tree structure +interface TreeNode<T> { + value: T + children?: TreeNode<T>[] +} + +// Deep readonly +type DeepReadonly<T> = { + readonly [K in keyof T]: T[K] extends object ? DeepReadonly<T[K]> : T[K] +} +``` + +## Type Compatibility + +### Structural Typing + +```typescript +interface Point { + x: number + y: number +} + +interface Named { + name: string +} + +// Compatible if structure matches +let point: Point = { x: 0, y: 0 } +let namedPoint = { x: 0, y: 0, name: 'origin' } + +point = namedPoint // OK: namedPoint has x and y +``` + +### Variance + +**Covariance** (return types): +```typescript +interface Animal { + name: string +} + +interface Dog extends Animal { + breed: string +} + +let getDog: () => Dog +let getAnimal: () => Animal + +getAnimal = getDog // OK: Dog is assignable to Animal +``` + +**Contravariance** (parameter types): +```typescript +let handleAnimal: (animal: Animal) => void +let handleDog: (dog: Dog) => void + +handleDog = handleAnimal // OK: can pass Dog to function expecting Animal +``` + +## Index Types + +### Index Signatures + +```typescript +// String index +interface StringMap { + [key: string]: string +} + +// Number index +interface NumberArray { + [index: number]: number +} + +// Combine with named properties +interface MixedInterface { + length: number + [index: number]: string +} +``` + +### keyof Operator + +```typescript +interface Person { + name: string + age: number +} + +type PersonKeys = keyof Person // "name" | "age" + +function getProperty<T, K extends keyof T>(obj: T, key: K): T[K] { + return obj[key] +} +``` + +### Indexed Access Types + +```typescript +interface Person { + name: string + age: number + address: { + street: string + city: string + } +} + +type Name = Person['name'] // string +type Age = Person['age'] // number +type Address = Person['address'] // { street: string; city: string } +type AddressCity = Person['address']['city'] // string + +// Access multiple keys +type NameOrAge = Person['name' | 'age'] // string | number +``` + +## Branded Types + +```typescript +// Create nominal types from structural types +type Brand<K, T> = K & { __brand: T } + +type USD = Brand<number, 'USD'> +type EUR = Brand<number, 'EUR'> + +function makeUSD(amount: number): USD { + return amount as USD +} + +function makeEUR(amount: number): EUR { + return amount as EUR +} + +let usd = makeUSD(100) +let eur = makeEUR(100) + +// usd = eur // Error: different brands +``` + +## Best Practices + +1. **Prefer type inference** - Let TypeScript infer types when obvious +2. **Use strict null checks** - Enable strictNullChecks for better safety +3. **Avoid `any`** - Use `unknown` and narrow with type guards +4. **Use discriminated unions** - Better than loose unions for state +5. **Leverage const assertions** - Get narrow literal types +6. **Use branded types** - When structural typing isn't enough +7. **Document complex types** - Add JSDoc comments +8. **Extract reusable types** - DRY principle applies to types too +9. **Use utility types** - Leverage built-in transformation types +10. **Test your types** - Use type assertions to verify type correctness + diff --git a/.claude/skills/typescript/references/utility-types.md b/.claude/skills/typescript/references/utility-types.md new file mode 100644 index 00000000..6783be38 --- /dev/null +++ b/.claude/skills/typescript/references/utility-types.md @@ -0,0 +1,666 @@ +# TypeScript Utility Types Reference + +TypeScript provides several built-in utility types that help transform and manipulate types. These are implemented using advanced type features like mapped types and conditional types. + +## Property Modifiers + +### Partial\<T\> + +Makes all properties in `T` optional. + +```typescript +interface User { + id: string + name: string + email: string + age: number +} + +type PartialUser = Partial<User> +// { +// id?: string +// name?: string +// email?: string +// age?: number +// } + +// Useful for update operations +function updateUser(id: string, updates: Partial<User>) { + // Only update provided fields +} + +updateUser('123', { name: 'Alice' }) // OK +updateUser('123', { name: 'Alice', age: 30 }) // OK +``` + +### Required\<T\> + +Makes all properties in `T` required (removes optionality). + +```typescript +interface Config { + host?: string + port?: number + timeout?: number +} + +type RequiredConfig = Required<Config> +// { +// host: string +// port: number +// timeout: number +// } + +function initServer(config: RequiredConfig) { + // All properties are guaranteed to exist + console.log(config.host, config.port, config.timeout) +} +``` + +### Readonly\<T\> + +Makes all properties in `T` readonly. + +```typescript +interface MutablePoint { + x: number + y: number +} + +type ImmutablePoint = Readonly<MutablePoint> +// { +// readonly x: number +// readonly y: number +// } + +const point: ImmutablePoint = { x: 0, y: 0 } +// point.x = 10 // Error: Cannot assign to 'x' because it is a read-only property +``` + +### Mutable\<T\> (Custom) + +Removes readonly modifiers (not built-in, but useful pattern). + +```typescript +type Mutable<T> = { + -readonly [K in keyof T]: T[K] +} + +interface ReadonlyPerson { + readonly name: string + readonly age: number +} + +type MutablePerson = Mutable<ReadonlyPerson> +// { +// name: string +// age: number +// } +``` + +## Property Selection + +### Pick\<T, K\> + +Creates a type by picking specific properties from `T`. + +```typescript +interface User { + id: string + name: string + email: string + password: string + createdAt: Date +} + +type UserProfile = Pick<User, 'id' | 'name' | 'email'> +// { +// id: string +// name: string +// email: string +// } + +// Useful for API responses +function getUserProfile(id: string): UserProfile { + // Return only safe properties +} +``` + +### Omit\<T, K\> + +Creates a type by omitting specific properties from `T`. + +```typescript +interface User { + id: string + name: string + email: string + password: string +} + +type UserWithoutPassword = Omit<User, 'password'> +// { +// id: string +// name: string +// email: string +// } + +// Useful for public user data +function publishUser(user: User): UserWithoutPassword { + const { password, ...publicData } = user + return publicData +} +``` + +## Union Type Utilities + +### Exclude\<T, U\> + +Excludes types from `T` that are assignable to `U`. + +```typescript +type T1 = Exclude<'a' | 'b' | 'c', 'a'> // "b" | "c" +type T2 = Exclude<string | number | boolean, boolean> // string | number + +type EventType = 'click' | 'scroll' | 'mousemove' | 'keypress' +type UIEvent = Exclude<EventType, 'scroll'> // "click" | "mousemove" | "keypress" +``` + +### Extract\<T, U\> + +Extracts types from `T` that are assignable to `U`. + +```typescript +type T1 = Extract<'a' | 'b' | 'c', 'a' | 'f'> // "a" +type T2 = Extract<string | number | boolean, boolean> // boolean + +type Shape = 'circle' | 'square' | 'triangle' | 'rectangle' +type RoundedShape = Extract<Shape, 'circle'> // "circle" +``` + +### NonNullable\<T\> + +Excludes `null` and `undefined` from `T`. + +```typescript +type T1 = NonNullable<string | null | undefined> // string +type T2 = NonNullable<string | number | null> // string | number + +function processValue(value: string | null | undefined) { + if (value !== null && value !== undefined) { + const nonNull: NonNullable<typeof value> = value + // nonNull is guaranteed to be string + } +} +``` + +## Object Construction + +### Record\<K, T\> + +Constructs an object type with keys of type `K` and values of type `T`. + +```typescript +type PageInfo = Record<string, number> +// { [key: string]: number } + +const pages: PageInfo = { + home: 1, + about: 2, + contact: 3, +} + +// Useful for mapped objects +type UserRole = 'admin' | 'user' | 'guest' +type RolePermissions = Record<UserRole, string[]> + +const permissions: RolePermissions = { + admin: ['read', 'write', 'delete'], + user: ['read', 'write'], + guest: ['read'], +} + +// With specific keys +type ThemeColors = Record<'primary' | 'secondary' | 'accent', string> + +const colors: ThemeColors = { + primary: '#007bff', + secondary: '#6c757d', + accent: '#28a745', +} +``` + +## Function Utilities + +### Parameters\<T\> + +Extracts the parameter types of a function type as a tuple. + +```typescript +function createUser(name: string, age: number, email: string) { + // ... +} + +type CreateUserParams = Parameters<typeof createUser> +// [name: string, age: number, email: string] + +// Useful for higher-order functions +function withLogging<T extends (...args: any[]) => any>( + fn: T, + ...args: Parameters<T> +): ReturnType<T> { + console.log('Calling with:', args) + return fn(...args) +} +``` + +### ConstructorParameters\<T\> + +Extracts the parameter types of a constructor function type. + +```typescript +class User { + constructor(public name: string, public age: number) {} +} + +type UserConstructorParams = ConstructorParameters<typeof User> +// [name: string, age: number] + +function createUser(...args: UserConstructorParams): User { + return new User(...args) +} +``` + +### ReturnType\<T\> + +Extracts the return type of a function type. + +```typescript +function createUser() { + return { + id: '123', + name: 'Alice', + email: 'alice@example.com', + } +} + +type User = ReturnType<typeof createUser> +// { +// id: string +// name: string +// email: string +// } + +// Useful with async functions +async function fetchData() { + return { success: true, data: [1, 2, 3] } +} + +type FetchResult = ReturnType<typeof fetchData> +// Promise<{ success: boolean; data: number[] }> + +type UnwrappedResult = Awaited<FetchResult> +// { success: boolean; data: number[] } +``` + +### InstanceType\<T\> + +Extracts the instance type of a constructor function type. + +```typescript +class User { + name: string + constructor(name: string) { + this.name = name + } +} + +type UserInstance = InstanceType<typeof User> +// User + +function processUser(user: UserInstance) { + console.log(user.name) +} +``` + +### ThisParameterType\<T\> + +Extracts the type of the `this` parameter for a function type. + +```typescript +function toHex(this: Number) { + return this.toString(16) +} + +type ThisType = ThisParameterType<typeof toHex> // Number +``` + +### OmitThisParameter\<T\> + +Removes the `this` parameter from a function type. + +```typescript +function toHex(this: Number) { + return this.toString(16) +} + +type PlainFunction = OmitThisParameter<typeof toHex> +// () => string +``` + +## String Manipulation + +### Uppercase\<S\> + +Converts string literal type to uppercase. + +```typescript +type Greeting = 'hello' +type LoudGreeting = Uppercase<Greeting> // "HELLO" + +// Useful for constants +type HttpMethod = 'get' | 'post' | 'put' | 'delete' +type HttpMethodUppercase = Uppercase<HttpMethod> +// "GET" | "POST" | "PUT" | "DELETE" +``` + +### Lowercase\<S\> + +Converts string literal type to lowercase. + +```typescript +type Greeting = 'HELLO' +type QuietGreeting = Lowercase<Greeting> // "hello" +``` + +### Capitalize\<S\> + +Capitalizes the first letter of a string literal type. + +```typescript +type Event = 'click' | 'scroll' | 'mousemove' +type EventHandler = `on${Capitalize<Event>}` +// "onClick" | "onScroll" | "onMousemove" +``` + +### Uncapitalize\<S\> + +Uncapitalizes the first letter of a string literal type. + +```typescript +type Greeting = 'Hello' +type LowerGreeting = Uncapitalize<Greeting> // "hello" +``` + +## Async Utilities + +### Awaited\<T\> + +Unwraps the type of a Promise (recursively). + +```typescript +type T1 = Awaited<Promise<string>> // string +type T2 = Awaited<Promise<Promise<number>>> // number +type T3 = Awaited<boolean | Promise<string>> // boolean | string + +// Useful with async functions +async function fetchUser() { + return { id: '123', name: 'Alice' } +} + +type User = Awaited<ReturnType<typeof fetchUser>> +// { id: string; name: string } +``` + +## Custom Utility Types + +### DeepPartial\<T\> + +Makes all properties and nested properties optional. + +```typescript +type DeepPartial<T> = { + [K in keyof T]?: T[K] extends object ? DeepPartial<T[K]> : T[K] +} + +interface User { + id: string + profile: { + name: string + address: { + street: string + city: string + } + } +} + +type PartialUser = DeepPartial<User> +// All properties at all levels are optional +``` + +### DeepReadonly\<T\> + +Makes all properties and nested properties readonly. + +```typescript +type DeepReadonly<T> = { + readonly [K in keyof T]: T[K] extends object ? DeepReadonly<T[K]> : T[K] +} + +interface User { + id: string + profile: { + name: string + address: { + street: string + city: string + } + } +} + +type ImmutableUser = DeepReadonly<User> +// All properties at all levels are readonly +``` + +### PartialBy\<T, K\> + +Makes specific properties optional. + +```typescript +type PartialBy<T, K extends keyof T> = Omit<T, K> & Partial<Pick<T, K>> + +interface User { + id: string + name: string + email: string + age: number +} + +type UserWithOptionalEmail = PartialBy<User, 'email' | 'age'> +// { +// id: string +// name: string +// email?: string +// age?: number +// } +``` + +### RequiredBy\<T, K\> + +Makes specific properties required. + +```typescript +type RequiredBy<T, K extends keyof T> = Omit<T, K> & Required<Pick<T, K>> + +interface User { + id?: string + name?: string + email?: string +} + +type UserWithRequiredId = RequiredBy<User, 'id'> +// { +// id: string +// name?: string +// email?: string +// } +``` + +### PickByType\<T, U\> + +Picks properties by their value type. + +```typescript +type PickByType<T, U> = { + [K in keyof T as T[K] extends U ? K : never]: T[K] +} + +interface User { + id: string + name: string + age: number + active: boolean +} + +type StringProperties = PickByType<User, string> +// { id: string; name: string } + +type NumberProperties = PickByType<User, number> +// { age: number } +``` + +### OmitByType\<T, U\> + +Omits properties by their value type. + +```typescript +type OmitByType<T, U> = { + [K in keyof T as T[K] extends U ? never : K]: T[K] +} + +interface User { + id: string + name: string + age: number + active: boolean +} + +type NonStringProperties = OmitByType<User, string> +// { age: number; active: boolean } +``` + +### Prettify\<T\> + +Flattens intersections for better IDE tooltips. + +```typescript +type Prettify<T> = { + [K in keyof T]: T[K] +} & {} + +type A = { a: string } +type B = { b: number } +type C = A & B + +type PrettyC = Prettify<C> +// Displays as: { a: string; b: number } +// Instead of: A & B +``` + +### ValueOf\<T\> + +Gets the union of all value types. + +```typescript +type ValueOf<T> = T[keyof T] + +interface Colors { + red: '#ff0000' + green: '#00ff00' + blue: '#0000ff' +} + +type ColorValue = ValueOf<Colors> +// "#ff0000" | "#00ff00" | "#0000ff" +``` + +### Nullable\<T\> + +Makes type nullable. + +```typescript +type Nullable<T> = T | null + +type NullableString = Nullable<string> // string | null +``` + +### Maybe\<T\> + +Makes type nullable or undefined. + +```typescript +type Maybe<T> = T | null | undefined + +type MaybeString = Maybe<string> // string | null | undefined +``` + +### UnionToIntersection\<U\> + +Converts union to intersection (advanced). + +```typescript +type UnionToIntersection<U> = (U extends any ? (k: U) => void : never) extends ( + k: infer I, +) => void + ? I + : never + +type Union = { a: string } | { b: number } +type Intersection = UnionToIntersection<Union> +// { a: string } & { b: number } +``` + +## Combining Utility Types + +Utility types can be composed for powerful transformations: + +```typescript +// Make specific properties optional and readonly +type PartialReadonly<T, K extends keyof T> = Readonly<Pick<T, K>> & + Partial<Omit<T, K>> + +interface User { + id: string + name: string + email: string + password: string +} + +type SafeUser = PartialReadonly<User, 'id' | 'name'> +// { +// readonly id: string +// readonly name: string +// email?: string +// password?: string +// } + +// Pick and make readonly +type ReadonlyPick<T, K extends keyof T> = Readonly<Pick<T, K>> + +// Omit and make required +type RequiredOmit<T, K extends keyof T> = Required<Omit<T, K>> +``` + +## Best Practices + +1. **Use built-in utilities first** - They're well-tested and optimized +2. **Compose utilities** - Combine utilities for complex transformations +3. **Create custom utilities** - For patterns you use frequently +4. **Name utilities clearly** - Make intent obvious from the name +5. **Document complex utilities** - Add JSDoc for non-obvious transformations +6. **Test utility types** - Use type assertions to verify behavior +7. **Avoid over-engineering** - Don't create utilities for one-off uses +8. **Consider readability** - Sometimes explicit types are clearer +9. **Use Prettify** - For better IDE tooltips with intersections +10. **Leverage keyof** - For type-safe property selection + diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 00000000..6f449318 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,93 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Overview + +libsecp256k1 is a high-performance C library for cryptographic operations on the secp256k1 elliptic curve, primarily developed for Bitcoin. It provides ECDSA signing/verification, Schnorr signatures (BIP-340), ECDH, ElligatorSwift (BIP-324), and MuSig2 (BIP-327). + +## Build Commands + +### Autotools (primary) +```bash +./autogen.sh # Generate configure script +./configure # Configure build (add --enable-module-* flags for optional modules) +make # Build +make check # Run tests +``` + +### CMake +```bash +cmake -B build # Configure +cmake --build build # Build +ctest --test-dir build # Run tests +``` + +### Common configure flags +- `--enable-module-recovery` - ECDSA pubkey recovery (off by default) +- `--enable-module-schnorrsig` - Schnorr signatures +- `--enable-module-musig` - MuSig2 multi-signatures +- `--enable-module-ellswift` - ElligatorSwift +- `--enable-module-ecdh` - ECDH key exchange +- `--enable-examples` - Build example programs +- `--enable-coverage` - Enable coverage analysis (requires GCC) + +### Test coverage +```bash +./configure --enable-coverage +make check +gcovr --exclude 'src/bench*' --exclude 'src/modules/.*/bench_impl.h' --print-summary +``` + +## Architecture + +### Core structure +- `src/secp256k1.c` - Main library implementation, includes all other source files +- `include/secp256k1.h` - Primary public API header with argument ordering rules +- `include/secp256k1_*.h` - Module-specific public headers + +### Implementation pattern +The library uses a header-only internal architecture: +- `src/*.h` - Internal declarations +- `src/*_impl.h` - Corresponding implementations (included by secp256k1.c) + +### Key components +- **Field operations**: `field_5x52*.h` (64-bit) or `field_10x26*.h` (32-bit) - arithmetic mod p +- **Scalar operations**: `scalar_4x64*.h` (64-bit) or `scalar_8x32*.h` (32-bit) - arithmetic mod n +- **Group operations**: `group*.h` - elliptic curve point operations +- **Modular inverse**: `modinv64*.h` / `modinv32*.h` - safegcd-based inversion +- **ecmult**: `ecmult*.h` - point multiplication (signing and verification) + +### Optional modules (src/modules/) +- `ecdh/` - Elliptic curve Diffie-Hellman +- `recovery/` - ECDSA public key recovery +- `extrakeys/` - x-only pubkeys (required by schnorrsig) +- `schnorrsig/` - BIP-340 Schnorr signatures (requires extrakeys) +- `musig/` - BIP-327 MuSig2 (requires schnorrsig) +- `ellswift/` - BIP-324 ElligatorSwift encoding + +## Code Conventions + +- **Language**: C89 with `/* */` comments only (no `//`) +- **Declarations**: Must appear at beginning of blocks before statements +- **Memory**: No runtime heap allocation unless explicitly requested by caller +- **Identifiers**: File-scope identifiers must start with `secp256k1_` +- **Pointers**: Use `void *ptr` not `void* ptr`; use `unsigned int` not `unsigned` +- **Comparison**: Use `secp256k1_memcmp_var` instead of `memcmp` +- **Secret data**: Must be constant-time, cleared after use, tested with ctime_tests + +## Testing + +- `src/tests.c` - Main test suite +- `src/tests_exhaustive.c` - Exhaustive tests on small groups +- `src/ctime_tests.c` - Constant-time verification (requires valgrind) +- `src/unit_test.c` - Unit tests + +## API Design + +Arguments follow a specific order (from include/secp256k1.h): +1. Context pointers first +2. Output arguments +3. Combined output/input arguments +4. Input-only arguments +5. Array lengths immediately follow their arrays