- Update deploy command to build to ~/.local/bin/next.orly.dev
- Service uses this path, not ./orly in project directory
Files modified:
- .claude/commands/release.md: Fixed binary output path for VPS deploy
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change version link color from muted to readable text color
- Add background color hover effect matching tab styling
- Replace Gitea icon with mug-and-leaf icon
- Rename CSS class from gitea-icon to version-icon
Files modified:
- app/web/src/Sidebar.svelte: Updated version link styling and icon
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add version footer to sidebar bottom-left with Gitea icon link
- Fetch relay version from NIP-11 relay info document
- Link opens https://next.orly.dev in new tab
- Responsive design hides version text on medium screens
Files modified:
- app/web/src/api.js: Add fetchRelayInfo() function
- app/web/src/Sidebar.svelte: Add version display with Gitea SVG icon
- app/web/src/App.svelte: Add relayVersion state and fetch on init
- pkg/version/version: Bump to v0.36.18
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add generic LRUCache[K, V] implementation using container/list for O(1) ops
- Replace random 50% eviction with proper LRU eviction in SerialCache
- Cache now starts empty and grows on demand up to configured limits
- Use [32]byte keys instead of string([]byte) to avoid allocation overhead
- Single-entry eviction at capacity instead of 50% bulk clearing
- Add comprehensive unit tests and benchmarks for LRUCache
- Benchmarks show ~32-34 ns/op with 0 allocations for Get/Put
Files modified:
- pkg/database/lrucache.go: New generic LRU cache implementation
- pkg/database/lrucache_test.go: Unit tests and benchmarks
- pkg/database/serial_cache.go: Refactored to use LRUCache
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add buffer pool (pkg/database/bufpool) with SmallPool (64B) and MediumPool (1KB)
for reusing bytes.Buffer instances on hot paths
- Fix escape analysis in index types (uint40, letter, word) by using fixed-size
arrays instead of make() calls that escape to heap
- Add handler concurrency limiter (ORLY_MAX_HANDLERS_PER_CONN, default 100) to
prevent unbounded goroutine growth under WebSocket load
- Add pre-allocation hints to Uint40s.Union/Intersection/Difference methods
- Update compact_event.go, save-event.go, serial_cache.go, and
get-indexes-for-event.go to use pooled buffers
Files modified:
- app/config/config.go: Add MaxHandlersPerConnection config
- app/handle-websocket.go: Initialize handler semaphore
- app/listener.go: Add semaphore acquire/release in messageProcessor
- pkg/database/bufpool/pool.go: New buffer pool package
- pkg/database/compact_event.go: Use buffer pool, fix escape analysis
- pkg/database/get-indexes-for-event.go: Reuse single buffer for all indexes
- pkg/database/indexes/types/letter.go: Fixed array in UnmarshalRead
- pkg/database/indexes/types/uint40.go: Fixed arrays, pre-allocation hints
- pkg/database/indexes/types/word.go: Fixed array in UnmarshalRead
- pkg/database/save-event.go: Use buffer pool for key encoding
- pkg/database/serial_cache.go: Use buffer pool for lookups
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace tea CLI with direct Gitea API calls
- Add release ID extraction and validation
- Upload assets via API with proper error handling
- Add release verification step
Files modified:
- .gitea/workflows/go.yml: Direct API release creation
- pkg/version/version: Bump to v0.36.14
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add set -e to all steps to fail fast on errors
- Add debug output for environment variables in checkout step
- Log more context to help diagnose CI failures
Files modified:
- .gitea/workflows/go.yml: Comprehensive error handling
- pkg/version/version: Bump to v0.36.13
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add proper CORS headers for Blossom endpoints including X-SHA-256,
X-Content-Length, X-Content-Type headers required by blossom-client-sdk
- Add root-level Blossom routes (/upload, /media, /mirror, /report, /list/)
for clients like Jumble that expect Blossom at root
- Export BaseURLKey from pkg/blossom for use by app handlers
- Make blossomRootHandler return URLs with /blossom prefix so blob
downloads work via the registered /blossom/ route
- Remove Access-Control-Allow-Credentials header (not needed for * origin)
- Add Access-Control-Expose-Headers for X-Reason and other response headers
Files modified:
- app/blossom.go: Add blossomRootHandler, use exported BaseURLKey
- app/server.go: Add CORS handling for blossom paths, register root routes
- pkg/blossom/server.go: Fix CORS headers, export BaseURLKey
- pkg/blossom/utils.go: Minor formatting
- pkg/version/version: Bump to v0.36.12
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add unicode_normalize.go with mappings for small caps and fraktur
- Map 77 decorative unicode characters to ASCII equivalents:
- Small caps (25 chars): ᴅᴇᴀᴛʜ → death
- Fraktur lowercase (26 chars): 𝔡𝔢𝔞𝔱𝔥 → death
- Fraktur uppercase (26 chars): 𝔇𝔈𝔄𝔗ℌ → death
- Fix broken utf8DecodeRuneInString() that failed on multi-byte UTF-8
- Add migration v7 to rebuild word indexes with normalization
- Add comprehensive unit tests for all character mappings
Files modified:
- pkg/database/unicode_normalize.go: New - character mapping tables
- pkg/database/unicode_normalize_test.go: New - unit tests
- pkg/database/tokenize.go: Integrate normalizeRune(), fix UTF-8 decoder
- pkg/database/migrations.go: Add version 7 migration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove redundant permission entries from .claude/settings.local.json
- Bump version to v0.36.8
Files modified:
- .claude/settings.local.json: Cleanup old permissions
- pkg/version/version: v0.36.7 -> v0.36.8
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add nsec-crypto.js library with Argon2id+AES-GCM encryption
- Generate new nsec keys using secure system entropy
- Encrypt nsec with password (~3 sec Argon2id derivation in Web Worker)
- Add unlock flow for returning users with encrypted keys
- Add deriving modal with live timer during key derivation
- Auto-create default profile for new users with ORLY logo avatar
- Fix NIP-42 auth race condition in websocket-auth.js
- Improve header user profile display (avatar fills height, no truncation)
- Add instant light/dark theme colors in HTML head
- Add background box around username/nip05 in settings drawer
- Update CLAUDE.md with nsec-crypto library documentation
Files modified:
- app/web/src/nsec-crypto.js: New encryption library
- app/web/src/LoginModal.svelte: Key gen, encryption, unlock UI
- app/web/src/nostr.js: Default profile creation
- app/web/src/App.svelte: Header and drawer styling
- app/web/public/index.html: Instant theme colors
- CLAUDE.md: Library documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add step to rebuild embedded web UI before committing releases
- Fix VPS deploy command to add Go to PATH for non-login shells
- Remove web rebuild from VPS deploy (assets now committed to repo)
- Use && instead of ; for proper error handling in deploy script
Files modified:
- .claude/commands/release.md: Updated release workflow
- pkg/version/version: Bump to v0.36.6
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add step 10 to /release command that SSHes to VPS (10.0.0.1) and
runs deployment: git stash, git pull, rebuild web UI, restart service
- Enables one-command releases with automatic production deployment
Files modified:
- .claude/commands/release.md: Add VPS deployment step
- pkg/version/version: Bump to v0.36.5
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove sun/moon theme toggle button from header
- Detect system theme preference using window.matchMedia prefers-color-scheme
- Add event listener to automatically switch theme when OS preference changes
- Remove localStorage-based theme persistence in favor of system preference
- Clean up unused theme-toggle-btn CSS styles
Files modified:
- app/web/src/Header.svelte: Remove toggle button, toggleTheme function, and CSS
- app/web/src/App.svelte: Replace localStorage theme init with matchMedia detection
- pkg/version/version: Bump to v0.36.4
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix minifier optimization bug that caused ws:// protocol detection to
always return wss:// by using startsWith('https') instead of === 'https:'
- Update App.svelte to use protocol detection in all 5 WebSocket URL
construction locations (compose, delete, repost, publish functions)
- Update constants.js DEFAULT_RELAYS to use the same minifier-safe pattern
- Enables web UI to work correctly on HTTP-only relay deployments
Files modified:
- app/web/src/App.svelte: Fix 5 hardcoded wss:// URLs with protocol detection
- app/web/src/constants.js: Fix DEFAULT_RELAYS protocol detection
- pkg/version/version: Bump to v0.36.3
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change processReport() to use MERGE instead of CREATE for REPORTS
relationships, deduplicating by (reporter, reported, report_type)
- Add ON CREATE/ON MATCH clauses to preserve newest event data while
preventing duplicate relationships
- Add getExistingReportEvent() helper to check for existing reports
- Add markReportEventSuperseded() to track superseded events
- Add v4 migration migrateDeduplicateReports() to clean up existing
duplicate REPORTS relationships in databases
- Add comprehensive tests: TestReportDeduplication with subtests for
deduplication, different types, and superseded event tracking
- Update WOT_SPEC.md with REPORTS deduplication behavior and correct
property names (report_type, created_at, created_by_event)
- Bump version to v0.36.1
Fixes: https://git.nostrdev.com/mleku/next.orly.dev/issues/16
Files modified:
- pkg/neo4j/social-event-processor.go: MERGE-based deduplication
- pkg/neo4j/migrations.go: v4 migration for duplicate cleanup
- pkg/neo4j/social-event-processor_test.go: Deduplication tests
- pkg/neo4j/WOT_SPEC.md: Updated REPORTS documentation
- pkg/version/version: Bump to v0.36.1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add unified Tag-based model where e/p tags create intermediate Tag nodes
with REFERENCES relationships to Event/NostrUser nodes
- Update save-event.go: addPTagsInBatches and addETagsInBatches now create
Tag nodes with TAGGED_WITH and REFERENCES relationships
- Update delete.go: CheckForDeleted uses Tag traversal for kind 5 detection
- Add v3 migration in migrations.go to convert existing direct REFERENCES
and MENTIONS relationships to the new Tag-based model
- Create comprehensive test file tag_model_test.go with 15+ test functions
covering Tag model, filter queries, migrations, and deletion detection
- Update save-event_test.go to verify new Tag-based relationship patterns
- Update WOT_SPEC.md with Tag-Based References documentation section
- Update CLAUDE.md and README.md with Neo4j Tag-based model documentation
- Bump version to v0.36.0
This change enables #e and #p filter queries to work correctly by storing
all tags (including e/p) through intermediate Tag nodes.
Files modified:
- pkg/neo4j/save-event.go: Tag-based e/p relationship creation
- pkg/neo4j/delete.go: Tag traversal for deletion detection
- pkg/neo4j/migrations.go: v3 migration for existing data
- pkg/neo4j/tag_model_test.go: New comprehensive test file
- pkg/neo4j/save-event_test.go: Updated for new model
- pkg/neo4j/WOT_SPEC.md: Tag-Based References documentation
- pkg/neo4j/README.md: Architecture and example queries
- CLAUDE.md: Repository documentation update
- pkg/version/version: Bump to v0.36.0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Gitea issue templates for bug reports and feature requests with
structured YAML forms for version, database backend, and log level
- Add GitHub Actions CI workflow for automated testing on push/PR
- Add GitHub Actions release workflow for building multi-platform
binaries on tag push with SHA256 checksums
- Add CONTRIBUTING.md with development setup, PR guidelines, and
commit message format documentation
- Add DECENTRALIZE_NOSTR.md expansion plan outlining WireGuard tunnel,
GUI installer, system tray, and proxy server architecture
- Update allowed commands in Claude settings
- Bump version to v0.35.5
Files modified:
- .gitea/issue_template/: Bug report, feature request, and config YAML
- .github/workflows/: CI and release automation workflows
- CONTRIBUTING.md: New contributor guide
- docs/plans/DECENTRALIZE_NOSTR.md: Expansion architecture plan
- .claude/settings.local.json: Updated allowed commands
- pkg/version/version: Version bump to v0.35.5
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add .claude/commands/release.md slash command for automated release
workflow with version bumping, commit creation, tagging, and push
- Supports patch and minor version increments with proper validation
- Includes build verification step before committing
- Update settings.local.json with allowed commands from previous session
- Bump version from v0.35.3 to v0.35.4
Files modified:
- .claude/commands/release.md: New release automation command
- .claude/settings.local.json: Updated allowed commands
- pkg/version/version: Version bump to v0.35.4
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add ORLY_POLICY_PATH environment variable to configure custom policy
file path, overriding the default ~/.config/ORLY/policy.json location
- Enforce ABSOLUTE paths only - relay panics on startup if relative path
is provided, preventing common misconfiguration errors
- Update PolicyManager to store and expose configPath for hot-reload saves
- Add ConfigPath() method to P struct delegating to internal PolicyManager
- Update NewWithManager() signature to accept optional custom path parameter
- Add BUG_REPORTS_AND_FEATURE_REQUEST_PROTOCOL.md with issue submission
guidelines requiring environment details, reproduction steps, and logs
- Update README.md with system requirements (500MB minimum memory) and
link to bug report protocol
- Update CLAUDE.md and README.md documentation for new ORLY_POLICY_PATH
Files modified:
- app/config/config.go: Add PolicyPath config field
- pkg/policy/policy.go: Add configPath storage and validation
- app/handle-policy-config.go: Use policyManager.ConfigPath()
- app/main.go: Pass cfg.PolicyPath to NewWithManager
- pkg/policy/*_test.go: Update test calls with new parameter
- BUG_REPORTS_AND_FEATURE_REQUEST_PROTOCOL.md: New file
- README.md, CLAUDE.md: Documentation updates
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Convert wss:// to https:// and ws:// to http:// before fetching NIP-11
documents, fixing failures for users not using HTTPS upgrade proxies
- The fetchNIP11 function was using WebSocket URLs directly for HTTP
requests, causing scheme mismatch errors
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Implement TraverseFollows using Cypher path queries on FOLLOWS relationships
- Implement TraverseFollowers using reverse path traversal
- Implement FindMentions using MENTIONS relationships from p-tags
- Implement TraverseThread using REFERENCES relationships from e-tags
with bidirectional traversal (inbound replies, outbound parents)
- Add GraphAdapter to bridge Neo4j to graph.GraphDatabase interface
- Add GraphResult type implementing graph.GraphResultI for Neo4j
- Initialize graph executor for Neo4j backend in app/main.go
The implementation uses existing Neo4j schema and relationships created
by SaveEvent() - no schema changes required. The _graph extension now
works transparently with either Badger or Neo4j backends.
Bump version to v0.35.0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Ensure AUTH handler always sends OK response per NIP-42 specification,
including for parse failures (uses zero event ID with error reason)
- Add zeroEventID constant for OK responses when event ID cannot be parsed
- Document critical client guidance: clients MUST wait for OK response
after AUTH before publishing events requiring authentication
- Update nostr skill and CLAUDE.md with NIP-42 AUTH protocol requirements
for client developers, emphasizing OK response handling
- Add MAX_THINKING_TOKENS setting to Claude configuration
Files modified:
- app/handle-auth.go: Add OK response for AUTH parse failures
- .claude/skills/nostr/SKILL.md: Document AUTH OK response requirements
- CLAUDE.md: Add NIP-42 AUTH Protocol section for client developers
- .claude/settings.local.json: Add MAX_THINKING_TOKENS setting
- pkg/version/version: Bump to v0.34.7
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create pkg/interfaces/pid for generic PID controller interfaces:
- ProcessVariable: abstract input (value + timestamp)
- Source: provides process variable samples
- Output: controller output with P/I/D components and clamping info
- Controller: generic PID interface with setpoint/gains
- Tuning: configuration struct for all PID parameters
- Create pkg/pid as standalone PID controller implementation:
- Thread-safe with mutex protection
- Low-pass filtered derivative to suppress high-frequency noise
- Anti-windup on integral term
- Configurable output clamping
- Presets for common use cases: rate limiting, PoW difficulty,
temperature control, motor speed
- Update pkg/ratelimit to use generic pkg/pid.Controller:
- Limiter now uses pidif.Controller interface
- Type assertions for monitoring/debugging state access
- Maintains backward compatibility with existing API
The generic PID package can now be used for any dynamic adjustment
scenario beyond rate limiting, such as blockchain PoW difficulty
adjustment, temperature regulation, or motor speed control.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove broken submodule reference for pkg/protocol/blossom/blossom
and track blossom spec files as regular files instead
- Add IMPORT_MEMORY_OPTIMIZATION_PLAN.md documenting strategies to
constrain import memory usage to ≤1.5GB through cache reduction,
batched syncs, batch transactions, and adaptive rate limiting
- Based on test results: 2.1M events imported in 48min at 736 events/sec
with peak memory of 6.4GB (target is 1.5GB)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Introduce comprehensive integration tests for Neo4j bug fixes covering batching, event relationships, and processing logic. Add rate-limiting to Neo4j queries using semaphores and retry policies to prevent authentication rate limiting and connection exhaustion, ensuring system stability under load.
Removes the legacy search mode in favor of an improved event filter system. Introduces debounced filter application, JSON-based filter configuration, and a cleaner UI for filtering events, offering greater flexibility and clarity.
Simplified event import to run synchronously, ensuring proper resource handling and accurate feedback. Enhanced frontend with real-time import status messages and error handling. Adjusted migrations to handle events individually, improving reliability and granular progress tracking.
This commit allows skipping authentication, permission checks, and certain filters (e.g., deletions, expirations) when the ACL mode is set to "none" (open relay mode). It also introduces a configuration option to disable query caching to reduce memory usage. These changes improve operational flexibility for open relay setups and resource-constrained environments.
Privileged events are now filtered based on ACL mode, allowing open access when ACL is "none." Added tests to verify behavior for different ACL modes, ensuring unauthorized and unauthenticated users can only access privileged events when explicitly permitted. Version bumped to v0.34.2.
Replaces outdated Neo4j test setup with a robust TestMain, shared test database, and utility functions for test data and migrations. Improves Cypher generation for processing e-tags, p-tags, and other tags to ensure compliance with Neo4j syntax. Added integration test script and updated benchmark reports for Badger backend.
Introduce `read_allow_permissive` and `write_allow_permissive` flags in the global rule to override kind whitelists for read or write operations. These flags allow more flexible policy configurations while maintaining blacklist enforcement and preventing conflicting settings. Updated tests and documentation for clarity.
Merged 'Author' nodes into 'NostrUser' for unified identity tracking and social graph representation. Introduced migrations framework to handle schema changes, including retroactive updates for existing relationships and constraints. Updated tests, schema definitions, and documentation to reflect these changes.
Dgraph-related functionality, configuration, and benchmarks have been removed from the project. This streamlines the codebase to focus on supported backends, specifically eliminating Dgraph references in favor of Neo4j and other implementations. Version bumped to reflect the changes.
Added extensive tests for default-permissive access control, read/write follow whitelists, and privileged-only fields. Updated policy documentation with new configuration examples, access control reference, and logging details.
