- Change version link color from muted to readable text color
- Add background color hover effect matching tab styling
- Replace Gitea icon with mug-and-leaf icon
- Rename CSS class from gitea-icon to version-icon
Files modified:
- app/web/src/Sidebar.svelte: Updated version link styling and icon
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add version footer to sidebar bottom-left with Gitea icon link
- Fetch relay version from NIP-11 relay info document
- Link opens https://next.orly.dev in new tab
- Responsive design hides version text on medium screens
Files modified:
- app/web/src/api.js: Add fetchRelayInfo() function
- app/web/src/Sidebar.svelte: Add version display with Gitea SVG icon
- app/web/src/App.svelte: Add relayVersion state and fetch on init
- pkg/version/version: Bump to v0.36.18
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add buffer pool (pkg/database/bufpool) with SmallPool (64B) and MediumPool (1KB)
for reusing bytes.Buffer instances on hot paths
- Fix escape analysis in index types (uint40, letter, word) by using fixed-size
arrays instead of make() calls that escape to heap
- Add handler concurrency limiter (ORLY_MAX_HANDLERS_PER_CONN, default 100) to
prevent unbounded goroutine growth under WebSocket load
- Add pre-allocation hints to Uint40s.Union/Intersection/Difference methods
- Update compact_event.go, save-event.go, serial_cache.go, and
get-indexes-for-event.go to use pooled buffers
Files modified:
- app/config/config.go: Add MaxHandlersPerConnection config
- app/handle-websocket.go: Initialize handler semaphore
- app/listener.go: Add semaphore acquire/release in messageProcessor
- pkg/database/bufpool/pool.go: New buffer pool package
- pkg/database/compact_event.go: Use buffer pool, fix escape analysis
- pkg/database/get-indexes-for-event.go: Reuse single buffer for all indexes
- pkg/database/indexes/types/letter.go: Fixed array in UnmarshalRead
- pkg/database/indexes/types/uint40.go: Fixed arrays, pre-allocation hints
- pkg/database/indexes/types/word.go: Fixed array in UnmarshalRead
- pkg/database/save-event.go: Use buffer pool for key encoding
- pkg/database/serial_cache.go: Use buffer pool for lookups
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add proper CORS headers for Blossom endpoints including X-SHA-256,
X-Content-Length, X-Content-Type headers required by blossom-client-sdk
- Add root-level Blossom routes (/upload, /media, /mirror, /report, /list/)
for clients like Jumble that expect Blossom at root
- Export BaseURLKey from pkg/blossom for use by app handlers
- Make blossomRootHandler return URLs with /blossom prefix so blob
downloads work via the registered /blossom/ route
- Remove Access-Control-Allow-Credentials header (not needed for * origin)
- Add Access-Control-Expose-Headers for X-Reason and other response headers
Files modified:
- app/blossom.go: Add blossomRootHandler, use exported BaseURLKey
- app/server.go: Add CORS handling for blossom paths, register root routes
- pkg/blossom/server.go: Fix CORS headers, export BaseURLKey
- pkg/blossom/utils.go: Minor formatting
- pkg/version/version: Bump to v0.36.12
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add nsec-crypto.js library with Argon2id+AES-GCM encryption
- Generate new nsec keys using secure system entropy
- Encrypt nsec with password (~3 sec Argon2id derivation in Web Worker)
- Add unlock flow for returning users with encrypted keys
- Add deriving modal with live timer during key derivation
- Auto-create default profile for new users with ORLY logo avatar
- Fix NIP-42 auth race condition in websocket-auth.js
- Improve header user profile display (avatar fills height, no truncation)
- Add instant light/dark theme colors in HTML head
- Add background box around username/nip05 in settings drawer
- Update CLAUDE.md with nsec-crypto library documentation
Files modified:
- app/web/src/nsec-crypto.js: New encryption library
- app/web/src/LoginModal.svelte: Key gen, encryption, unlock UI
- app/web/src/nostr.js: Default profile creation
- app/web/src/App.svelte: Header and drawer styling
- app/web/public/index.html: Instant theme colors
- CLAUDE.md: Library documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix NIP-42 auth race condition: wait for AUTH challenge before authenticating
- Header user profile: avatar fills vertical space, username vertically centered
- Remove username truncation to show full name/npub
- Standardize header height to 3em across all components
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove sun/moon theme toggle button from header
- Detect system theme preference using window.matchMedia prefers-color-scheme
- Add event listener to automatically switch theme when OS preference changes
- Remove localStorage-based theme persistence in favor of system preference
- Clean up unused theme-toggle-btn CSS styles
Files modified:
- app/web/src/Header.svelte: Remove toggle button, toggleTheme function, and CSS
- app/web/src/App.svelte: Replace localStorage theme init with matchMedia detection
- pkg/version/version: Bump to v0.36.4
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix minifier optimization bug that caused ws:// protocol detection to
always return wss:// by using startsWith('https') instead of === 'https:'
- Update App.svelte to use protocol detection in all 5 WebSocket URL
construction locations (compose, delete, repost, publish functions)
- Update constants.js DEFAULT_RELAYS to use the same minifier-safe pattern
- Enables web UI to work correctly on HTTP-only relay deployments
Files modified:
- app/web/src/App.svelte: Fix 5 hardcoded wss:// URLs with protocol detection
- app/web/src/constants.js: Fix DEFAULT_RELAYS protocol detection
- pkg/version/version: Bump to v0.36.3
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ORLY_POLICY_PATH environment variable to configure custom policy
file path, overriding the default ~/.config/ORLY/policy.json location
- Enforce ABSOLUTE paths only - relay panics on startup if relative path
is provided, preventing common misconfiguration errors
- Update PolicyManager to store and expose configPath for hot-reload saves
- Add ConfigPath() method to P struct delegating to internal PolicyManager
- Update NewWithManager() signature to accept optional custom path parameter
- Add BUG_REPORTS_AND_FEATURE_REQUEST_PROTOCOL.md with issue submission
guidelines requiring environment details, reproduction steps, and logs
- Update README.md with system requirements (500MB minimum memory) and
link to bug report protocol
- Update CLAUDE.md and README.md documentation for new ORLY_POLICY_PATH
Files modified:
- app/config/config.go: Add PolicyPath config field
- pkg/policy/policy.go: Add configPath storage and validation
- app/handle-policy-config.go: Use policyManager.ConfigPath()
- app/main.go: Pass cfg.PolicyPath to NewWithManager
- pkg/policy/*_test.go: Update test calls with new parameter
- BUG_REPORTS_AND_FEATURE_REQUEST_PROTOCOL.md: New file
- README.md, CLAUDE.md: Documentation updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Implement TraverseFollows using Cypher path queries on FOLLOWS relationships
- Implement TraverseFollowers using reverse path traversal
- Implement FindMentions using MENTIONS relationships from p-tags
- Implement TraverseThread using REFERENCES relationships from e-tags
with bidirectional traversal (inbound replies, outbound parents)
- Add GraphAdapter to bridge Neo4j to graph.GraphDatabase interface
- Add GraphResult type implementing graph.GraphResultI for Neo4j
- Initialize graph executor for Neo4j backend in app/main.go
The implementation uses existing Neo4j schema and relationships created
by SaveEvent() - no schema changes required. The _graph extension now
works transparently with either Badger or Neo4j backends.
Bump version to v0.35.0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Ensure AUTH handler always sends OK response per NIP-42 specification,
including for parse failures (uses zero event ID with error reason)
- Add zeroEventID constant for OK responses when event ID cannot be parsed
- Document critical client guidance: clients MUST wait for OK response
after AUTH before publishing events requiring authentication
- Update nostr skill and CLAUDE.md with NIP-42 AUTH protocol requirements
for client developers, emphasizing OK response handling
- Add MAX_THINKING_TOKENS setting to Claude configuration
Files modified:
- app/handle-auth.go: Add OK response for AUTH parse failures
- .claude/skills/nostr/SKILL.md: Document AUTH OK response requirements
- CLAUDE.md: Add NIP-42 AUTH Protocol section for client developers
- .claude/settings.local.json: Add MAX_THINKING_TOKENS setting
- pkg/version/version: Bump to v0.34.7
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Removes the legacy search mode in favor of an improved event filter system. Introduces debounced filter application, JSON-based filter configuration, and a cleaner UI for filtering events, offering greater flexibility and clarity.
Updated "applesauce-core" and "applesauce-signers" to newer versions in lockfile and package.json. Enhanced UI with better button styling and added logic to hide the "policy" tab if not enabled. Included "bun update" in approved commands.
Moved reusable constants and helper functions to dedicated modules for improved maintainability and reusability. Improved build configuration to differentiate output directories for development and production. Enhanced server error handling and added safeguards for disabled web UI scenarios.
Simplified event import to run synchronously, ensuring proper resource handling and accurate feedback. Enhanced frontend with real-time import status messages and error handling. Adjusted migrations to handle events individually, improving reliability and granular progress tracking.
This commit allows skipping authentication, permission checks, and certain filters (e.g., deletions, expirations) when the ACL mode is set to "none" (open relay mode). It also introduces a configuration option to disable query caching to reduce memory usage. These changes improve operational flexibility for open relay setups and resource-constrained environments.
Privileged events are now filtered based on ACL mode, allowing open access when ACL is "none." Added tests to verify behavior for different ACL modes, ensuring unauthorized and unauthenticated users can only access privileged events when explicitly permitted. Version bumped to v0.34.2.
Replaces outdated Neo4j test setup with a robust TestMain, shared test database, and utility functions for test data and migrations. Improves Cypher generation for processing e-tags, p-tags, and other tags to ensure compliance with Neo4j syntax. Added integration test script and updated benchmark reports for Badger backend.
Replaced individual environment variable access with a unified `DatabaseConfig` struct for all database backends. This centralizes configuration management, reduces redundant code, and ensures all options are documented in `app/config/config.go`. Backward compatibility is maintained with default values and retained constructors.
Introduce comprehensive tests for policy validation logic, including owner and policy admin scenarios. Update `HandlePolicyConfigUpdate` to differentiate permissions for owners and policy admins, enforcing stricter field restrictions and validation flows.
Introduced default security settings with stricter access control, including policies requiring owner/admin privileges by default. Added multiple pre-configured policy recipes, custom validator support, and extended documentation for security, configurations, and use cases.
Deleted `subscription_stability_test.go` to clean up unused or redundant code. Updated naming in test files for improved readability, replacing `tag` with `tg` for consistency. Also updated the `github.com/klauspost/compress` dependency to v1.18.2.
Introduce tests to validate functionality for new policy fields, including `max_expiry_duration`, `protected_required`, `identifier_regex`, and `follows_whitelist_admins`. Also, cover combinations of new and existing fields to ensure compatibility and precedence rules are correctly enforced.
bump to v0.31.2
- Increase WebSocket message size limit from 500KB to 10MB to prevent
truncation of large kind 3 follow list events (8000+ follows)
- Add validation in SaveEvent to reject kind 3 events without p tags
before storage, preventing malformed events from buggy relays
- Implement CleanupKind3WithoutPTags() to remove existing malformed
kind 3 events at startup
- Add enhanced logging showing tag count and event ID when rejecting
invalid kind 3 events for better observability
- Create round-trip test proving binary tag encoding preserves p tags
correctly through JSON→binary→JSON cycle
- Root cause: 500KB limit was truncating large follow lists during
WebSocket receive, causing tags to be lost or incomplete
- Three-layer defense: prevent at gate (size), validate (save time),
and cleanup (startup)
Files modified:
- app/handle-websocket.go: Increase DefaultMaxMessageSize to 10MB
- pkg/database/save-event.go: Add kind 3 validation with logging
- pkg/database/cleanup-kind3.go: New cleanup function
- pkg/database/cleanup-kind3_test.go: Round-trip test
- app/main.go: Invoke cleanup at startup
- Update nostr library to v1.0.3 with improved binary tag support
- Replace tag.Value() calls with tag.ValueHex() to handle both binary and hex formats
- Add NormalizeTagValueForHash() for consistent filter tag normalization
- Update QueryPTagGraph to handle binary-encoded and hex-encoded pubkeys
- Fix tag matching in query-events.go using TagValuesMatchUsingTagMethods
- Add filter_utils.go with tag normalization helper functions
- Update delete operations in process-delete.go and neo4j/delete.go
- Fix ACL follows extraction to use ValueHex() for consistent decoding
- Add binary_tag_filter_test.go for testing tag value normalization
- Bump version to v0.30.3
- Add 'serve' subcommand for ephemeral RAM-based relay at /dev/shm with
open ACL mode for testing and benchmarking
- Fix e-tag and p-tag decoding to use ValueHex()/ValueBinary() methods
instead of Value() which returns raw bytes for binary-optimized storage
- Document all command-line tools in readme.adoc (relay-tester, benchmark,
stresstest, blossomtest, aggregator, convert, FIND, policytest, etc.)
- Switch Docker images from Alpine to Debian for proper libsecp256k1
Schnorr signature and ECDH support required by Nostr
- Upgrade Docker Go version from 1.21 to 1.25
- Add ramdisk mode (--ramdisk) to benchmark script for eliminating disk
I/O bottlenecks in performance measurements
- Add docker-compose.ramdisk.yml for tmpfs-based benchmark volumes
- Add test coverage for privileged policy with binary-encoded p-tags
- Fix blossom test to expect 200 OK for anonymous uploads when auth is
not required (RequireAuth=false with ACL mode 'none')
- Update follows ACL to handle both binary and hex p-tag formats
- Grant owner access to all users in serve mode via None ACL
- Add benchmark reports from multi-relay comparison run
- Update CLAUDE.md with binary tag handling documentation
- Bump version to v0.30.2
