- Add Gitea issue templates for bug reports and feature requests with
structured YAML forms for version, database backend, and log level
- Add GitHub Actions CI workflow for automated testing on push/PR
- Add GitHub Actions release workflow for building multi-platform
binaries on tag push with SHA256 checksums
- Add CONTRIBUTING.md with development setup, PR guidelines, and
commit message format documentation
- Add DECENTRALIZE_NOSTR.md expansion plan outlining WireGuard tunnel,
GUI installer, system tray, and proxy server architecture
- Update allowed commands in Claude settings
- Bump version to v0.35.5
Files modified:
- .gitea/issue_template/: Bug report, feature request, and config YAML
- .github/workflows/: CI and release automation workflows
- CONTRIBUTING.md: New contributor guide
- docs/plans/DECENTRALIZE_NOSTR.md: Expansion architecture plan
- .claude/settings.local.json: Updated allowed commands
- pkg/version/version: Version bump to v0.35.5
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ORLY_POLICY_PATH environment variable to configure custom policy
file path, overriding the default ~/.config/ORLY/policy.json location
- Enforce ABSOLUTE paths only - relay panics on startup if relative path
is provided, preventing common misconfiguration errors
- Update PolicyManager to store and expose configPath for hot-reload saves
- Add ConfigPath() method to P struct delegating to internal PolicyManager
- Update NewWithManager() signature to accept optional custom path parameter
- Add BUG_REPORTS_AND_FEATURE_REQUEST_PROTOCOL.md with issue submission
guidelines requiring environment details, reproduction steps, and logs
- Update README.md with system requirements (500MB minimum memory) and
link to bug report protocol
- Update CLAUDE.md and README.md documentation for new ORLY_POLICY_PATH
Files modified:
- app/config/config.go: Add PolicyPath config field
- pkg/policy/policy.go: Add configPath storage and validation
- app/handle-policy-config.go: Use policyManager.ConfigPath()
- app/main.go: Pass cfg.PolicyPath to NewWithManager
- pkg/policy/*_test.go: Update test calls with new parameter
- BUG_REPORTS_AND_FEATURE_REQUEST_PROTOCOL.md: New file
- README.md, CLAUDE.md: Documentation updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Design comprehensive rate limiting for both reads (REQ) and writes (EVENT)
- Implement PID controller with filtered derivative to avoid noise amplification
- Apply low-pass filter before derivative computation (bandpass effect)
- Add anti-windup for integral term to prevent saturation
- Support setpoint-based control (target operating point as memory fraction)
- Separate tuning parameters for read vs write operations
- Monitor database-specific metrics (Badger LSM, Neo4j transactions)
- Combine memory pressure (70%) and load level (30%) into process variable
- Include integration examples for WebSocket handlers and import loop
- Add configuration via environment variables with sensible defaults
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Introduce a comprehensive reference guide for ORLY policy configuration. This document outlines policy options, validation rules, access control, and debugging methods, serving as the authoritative resource for policy-related behavior.
Replaced individual environment variable access with a unified `DatabaseConfig` struct for all database backends. This centralizes configuration management, reduces redundant code, and ensures all options are documented in `app/config/config.go`. Backward compatibility is maintained with default values and retained constructors.
- Bump git.mleku.dev/mleku/nostr from v1.0.4 to v1.0.7
- Add p256k1.mleku.dev as indirect dependency for pure Go crypto
- Remove local replace directive for CI compatibility
- Add WASM/Mobile build plan documentation
- Bump version to v0.31.5
nostr v1.0.7 changes:
- Split crypto/p8k into platform-specific files
- Linux uses libsecp256k1 via purego (fast)
- Other platforms (darwin, windows, android) use pure Go p256k1
- Enables cross-compilation without CGO or native libraries
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Introduce comprehensive tests for policy validation logic, including owner and policy admin scenarios. Update `HandlePolicyConfigUpdate` to differentiate permissions for owners and policy admins, enforcing stricter field restrictions and validation flows.
Introduced default security settings with stricter access control, including policies requiring owner/admin privileges by default. Added multiple pre-configured policy recipes, custom validator support, and extended documentation for security, configurations, and use cases.
Introduce tests to validate functionality for new policy fields, including `max_expiry_duration`, `protected_required`, `identifier_regex`, and `follows_whitelist_admins`. Also, cover combinations of new and existing fields to ensure compatibility and precedence rules are correctly enforced.
bump to v0.31.2
- Add 'serve' subcommand for ephemeral RAM-based relay at /dev/shm with
open ACL mode for testing and benchmarking
- Fix e-tag and p-tag decoding to use ValueHex()/ValueBinary() methods
instead of Value() which returns raw bytes for binary-optimized storage
- Document all command-line tools in readme.adoc (relay-tester, benchmark,
stresstest, blossomtest, aggregator, convert, FIND, policytest, etc.)
- Switch Docker images from Alpine to Debian for proper libsecp256k1
Schnorr signature and ECDH support required by Nostr
- Upgrade Docker Go version from 1.21 to 1.25
- Add ramdisk mode (--ramdisk) to benchmark script for eliminating disk
I/O bottlenecks in performance measurements
- Add docker-compose.ramdisk.yml for tmpfs-based benchmark volumes
- Add test coverage for privileged policy with binary-encoded p-tags
- Fix blossom test to expect 200 OK for anonymous uploads when auth is
not required (RequireAuth=false with ACL mode 'none')
- Update follows ACL to handle both binary and hex p-tag formats
- Grant owner access to all users in serve mode via None ACL
- Add benchmark reports from multi-relay comparison run
- Update CLAUDE.md with binary tag handling documentation
- Bump version to v0.30.2
- Introduced CLAUDE.md to provide guidance for working with the Claude Code repository, including project overview, build commands, testing guidelines, and performance considerations.
- Added INDEX.md for a structured overview of the strfry WebSocket implementation analysis, detailing document contents and usage.
- Created SKILL.md for the nostr-websocket skill, covering WebSocket protocol fundamentals, connection management, and performance optimization techniques.
- Included multiple reference documents for Go, C++, and Rust implementations of WebSocket patterns, enhancing the knowledge base for developers.
- Updated deployment and build documentation to reflect new multi-platform capabilities and pure Go build processes.
- Bumped version to reflect the addition of extensive documentation and resources for developers working with Nostr relays and WebSocket connections.
- Included an additional line to summarize the guide's purpose and its support for testing complex Nostr protocol features.
- Enhanced documentation to provide clearer guidance for users.
- Introduced a comprehensive build system that supports multiple platforms (Linux, macOS, Windows, Android) using pure Go builds (`CGO_ENABLED=0`).
- Updated all build and test scripts to ensure compatibility with the new purego approach, allowing for dynamic loading of `libsecp256k1` at runtime.
- Added detailed documentation on the build process, platform detection, and deployment options.
- Enhanced CI/CD workflows to automate builds for all supported platforms and include necessary libraries in releases.
- Updated `.gitignore` to exclude build output files.
- Created new documentation files for deployment and multi-platform build summaries.
- Replaced all instances of p256k1signer with the new p8k.Signer across various modules, including event creation, policy handling, and database interactions.
- Updated related test cases and benchmarks to ensure compatibility with the new signer interface.
- Bumped version to v0.25.0 to reflect these significant changes and improvements in cryptographic operations.
- Bumped p256k1.mleku.dev version from v1.0.1 to v1.0.3 in go.mod and updated go.sum accordingly.
- Updated deployment script to use Go version 1.25.3 and adjusted CGO settings for building the binary.
- Added new lines to POLICY_USAGE_GUIDE.md and RELAY_TESTING_GUIDE.md for improved documentation clarity.
- Added a closing section to the POLICY_USAGE_GUIDE.md to emphasize the benefits of the policy system for implementing complex relay behavior.
- Included a closing section in the RELAY_TESTING_GUIDE.md to summarize the guide's purpose and its support for testing complex Nostr protocol features.
- Introduced support for cluster replication in the ORLY system, allowing for distributed relay clusters with active replication.
- Updated the configuration to include a new option for propagating privileged events to relay peers.
- Enhanced the `ClusterManager` to manage event propagation based on the new configuration setting.
- Improved the handling of event fetching to respect the propagation settings, ensuring better privacy for privileged events.
- Updated documentation to reflect the new cluster replication features and privacy considerations.
- Bumped version to v0.24.3 to reflect these changes.
- Introduced a new `ClusterManager` to handle cluster membership events and facilitate event replication across relay peers.
- Implemented HTTP endpoints for retrieving the latest serial and fetching events within a specified range.
- Enhanced event handling to process cluster membership events (Kind 39108) and update relay lists accordingly.
- Updated configuration to support cluster administrators and their management capabilities.
- Added comprehensive tests to validate the new cluster replication functionalities.
- Documented the cluster replication protocol in a new specification file.
- Bumped version to reflect these changes.
- Introduced a new `sync` package for managing NIP-11 relay information and relay group configurations.
- Implemented a cache for NIP-11 documents, allowing retrieval of relay public keys and authoritative configurations.
- Enhanced the sync manager to update peer lists based on authoritative configurations from relay group events.
- Updated event handling to incorporate policy checks during event imports, ensuring compliance with relay rules.
- Refactored various components to utilize the new `sha256-simd` package for improved performance.
- Added comprehensive tests to validate the new synchronization and group management functionalities.
- Bumped version to v0.24.1 to reflect these changes.
- Introduced a TypeScript client library for the Distributed Directory Consensus Protocol (NIP-XX), providing a high-level API for managing directory events, identity resolution, and trust calculations.
- Implemented core functionalities including event parsing, trust score aggregation, and replication filtering, mirroring the Go implementation.
- Added comprehensive documentation and development guides for ease of use and integration.
- Updated the `.gitignore` to include additional dependencies and build artifacts for the TypeScript client.
- Enhanced validation mechanisms for group tag names and trust levels, ensuring robust input handling and security.
- Created a new `bun.lock` file to manage package dependencies effectively.
- Updated the NIP-XX document to clarify terminology, replacing "attestations" with "acts" for consistency.
- Enhanced the protocol by introducing new event kinds: Trust Act (Kind 39101) and Group Tag Act (Kind 39102), with detailed specifications for their structure and usage.
- Modified the signature generation process to include the canonical WebSocket URL, ensuring proper binding and verification.
- Improved validation mechanisms for identity tags and event replication requests, reinforcing security and integrity within the directory consensus protocol.
- Added comprehensive documentation for new event types and their respective validation processes, ensuring clarity for developers and users.
- Introduced new helper functions and structures to facilitate the creation and management of directory events and acts.
- Renamed "Replica Identity Keys" to "Relay Identity Keys" for clarity.
- Enhanced specifications for signing and encryption keys, detailing their usage with secp256k1.
- Introduced a new section on Hierarchical Deterministic Key Derivation, outlining key management protocols and derivation paths.
- Expanded guidelines for key pool management, consumption tracking, and cross-client synchronization to improve security and usability.
- Updated key advertisement structure to include derivation paths and key indices for better tracking and management.
- Modified the signature generation and verification processes to include the relay address, ensuring cryptographic binding between the relay identity and its network location.
- Enhanced the description of the address binding mechanism to clarify its role in preventing relay impersonation attacks.
- Updated related sections to reflect changes in the concatenation process for signature generation and verification, reinforcing security measures for NIP-11 documents.
- Added new `K` and `I` tags to support event kind replication and identity verification in trust attestations.
- Expanded trust level definitions to include replication of custom event kinds specified in the `K` tag.
- Introduced detailed specifications for the `I` tag, including identity proof-of-control signature requirements and usage guidelines.
- Updated event synchronization and conflict resolution processes to incorporate identity verification and key delegation management.
- Enhanced security considerations to address identity tag verification and delegation limits, ensuring robust trust management among relays.
- Introduced a new document defining a protocol for distributed consensus among Nostr relays using replica identity keys and a web of trust.
- Addressed issues of data availability, synchronization overhead, discovery challenges, and trust management among relay operators.
- Specified relay identity keys, trust attestations, and new event kinds for directory event replication.
- Detailed mechanisms for identity verification, event synchronization, and conflict resolution to ensure Byzantine fault tolerance.
- Ensured backwards compatibility with existing Nostr implementations while enhancing directory event management.
- Bumped versions of several dependencies in go.mod, including golang.org/x/crypto to v0.43.0 and golang.org/x/net to v0.46.0.
- Added new indirect dependencies for improved functionality.
- Removed outdated files: package.json, POLICY_TESTS_SUCCESS.md, and POLICY_TESTS_SUMMARY.md.
- Introduced a comprehensive deployment script for automated setup and configuration.
- Added testing scripts for deployment validation and policy system tests.
- Bumped version to v0.19.0.
- Bumped the version of the `lol.mleku.dev` dependency from v1.0.3 to v1.0.4.
- Removed redundant checks for disabled policy in event handling.
- Introduced a `default_policy` field in the policy configuration, allowing for more flexible event handling based on default behaviors.
- Enhanced documentation to clarify the default policy logic and its implications on event processing.
- Updated tests to validate the new default policy behavior and ensure correct fallback mechanisms are in place.
