Unnamed repository; edit this file 'description' to name the repository. https://upleb.uk/npub1tkq8unhsd5jqx6ueex5lcpsgknrpquxuk44ftpjlpm3ulaake7xs76txrw/ngit-grasp-mirror/atom?h=v1.0.0 2026-02-25T15:07:40+00:00 2026-02-25T15:07:40+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-02-25T15:07:40+00:00 urn:sha1:5ad9d9093fcbe7037e5474a9d8fa20a0b64fb79a 2026-01-27T20:38:15+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-26T16:17:55+00:00 urn:sha1:1ae97cd85aec95f6270f853b28e48774cefc6bf6 Add proper log level configuration following standard approach: - CLI flag: --log-level <level> - Environment variable: NGIT_LOG_LEVEL - Default: info - Supports simple levels (error, warn, info, debug, trace) - Supports filter expressions (e.g., ngit_grasp=debug,actix_web=info) Configuration is now consistent across all four sources: 1. src/config.rs - Config struct with log_level field 2. docs/reference/configuration.md - Full documentation 3. nix/module.nix - NixOS module with logLevel option 4. .env.example - Example configuration file This replaces the previous RUST_LOG approach with proper integration into the ngit-grasp configuration system, enabling trace logging from CLI, environment variables, or NixOS configuration. 2026-01-21T13:38:11+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-21T13:28:37+00:00 urn:sha1:46fbcc0a4c8a8dbf6cd345d6eaa6fe33a82100bb Enables relay operators to backup/archive specific GRASP servers by domain. Includes configuration, validation, documentation, and integration tests. 2026-01-19T15:03:59+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-16T20:55:38+00:00 urn:sha1:16833501a1004a5a661a729e4fd2dbcbeaecd1d5 Increases connection limit across all configuration sources: - src/config.rs: default_value_t = 4096 - docs/reference/configuration.md: updated default and examples - nix/module.nix: maxConnections default = 4096 - .env.example: updated default and comment This allows the relay to handle more concurrent connections and reduces the likelihood of connection exhaustion under normal load. The previous limit of 2000 was too conservative for production deployments. 2026-01-14T13:40:03+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-14T11:42:05+00:00 urn:sha1:50000cd9d47681390c3c45feef98fe51c7b79a0f - Make RateLimit explicit in relay builder (500 subs, 60 events/min) - Add NGIT_MAX_CONNECTIONS config option (default: 500) - Update all 4 config locations (src, nix, docs, .env.example) - Fix documentation error: filter limit 5000→500 - Document Phase 2 deferral decision (per-IP enforcement) Addresses primary DoS vector (connection exhaustion) with minimal code. Per-IP rate limiting deferred until abuse detected in production. Related: issue ff38 (git endpoint throttling - separate concern) 2026-01-12T22:51:43+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-12T22:51:43+00:00 urn:sha1:51751d59f30a0c0f396afd1873ece9f4f77b44de - Update default bind address in src/config.rs to 127.0.0.1:7334 - Update all four critical config sources per AGENTS.md: - src/config.rs (code default and tests) - .env.example (development template) - docs/reference/configuration.md (user documentation) - nix/module.nix (NixOS deployment) - Update all documentation examples and references: - README.md (with note about phone keypad mnemonic) - docs/how-to/*.md (deploy, prometheus-setup, test-compliance) - docs/explanation/*.md (architecture, comparison) - docs/learnings/grasp-audit.md Port 7334 spells NGIT on a phone keypad, making it memorable and project-specific. All tests pass (336 lib tests + 51 integration tests). 2026-01-12T21:51:57+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-12T21:51:57+00:00 urn:sha1:c8ab2c9c294ae9401ff542d0eecc6606b7908412 Adds NGIT_EVENT_BLACKLIST option for blocking all events from specific npubs, taking precedence over all other validation to enable comprehensive moderation without affecting curation policy. Key features: - Simple npub-only format: <npub>,<npub>,... - Checked FIRST before any other validation (including repository blacklist) - Blocks ALL event types (announcements, state events, PRs, comments, etc.) - Events never reach relay storage or purgatory - Specific rejection reason for operator debugging Implementation: - Add EventBlacklistConfig struct with check() method - Add NGIT_EVENT_BLACKLIST config option and event_blacklist_config() method - Add config field to PolicyContext for policy access - Add check_event_blacklist() to Nip34WritePolicy - Check event blacklist first in admit_event() method (before any other validation) - 4 new unit tests covering all blacklist behavior Configuration synced across all four sources: - src/config.rs: Core implementation with EventBlacklistConfig - .env.example: Comprehensive documentation with examples - docs/reference/configuration.md: Complete reference documentation - nix/module.nix: NixOS module option with environment mapping README updates: - Add comprehensive "Curation & Moderation" section - Document repository whitelists (GRASP-01 and GRASP-05 modes) - Document repository and event blacklists with precedence order - Add configuration table for all curation/moderation settings - Provide real-world examples for different relay configurations Testing: - 4 new tests for event blacklist functionality - All 336 library tests passing - All 64 integration tests passing - All 38 filter support tests passing Verification: - Repository blacklist confirmed to apply to sync (uses same admit_event flow) - Sync events validated through process_event_static -> write_policy.admit_event Use cases: - Block spam/abusive users completely - Prevent malicious actors from submitting any events - Temporary blocks for investigation - Moderation without affecting whitelist curation policy 2026-01-12T21:33:15+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-12T21:32:38+00:00 urn:sha1:70c577f10bbe150b6b13bec545dc8720ad005a64 Adds NGIT_REPOSITORY_BLACKLIST option for blocking repositories, taking precedence over all whitelists (archive and repository) to enable moderation without affecting curation policy. Key features: - Three blacklist formats: <npub>, <npub>/<identifier>, <identifier> - Blacklist checked first before any other validation - Overrides archive whitelist and repository whitelist - Specific rejection reasons based on match type (npub/identifier/both) - Not flagged in NIP-11 curation (operational, not policy) Implementation: - Add BlacklistConfig struct with check() method returning detailed reasons - Add NGIT_REPOSITORY_BLACKLIST config option and blacklist_config() method - Update validate_announcement() to check blacklist first with specific reasons - 12 new unit tests covering all blacklist behavior and precedence Configuration synced across all four sources: - src/config.rs: Core implementation with BlacklistConfig - .env.example: Comprehensive documentation with examples - docs/reference/configuration.md: Complete reference documentation - nix/module.nix: NixOS module option with environment mapping Testing: - 12 new tests for blacklist functionality (config + validation) - All 332 library tests passing - All 38 integration tests passing Use cases: - Block spam/malware repos by identifier - Block abusive users by npub - Block specific problematic repos by npub/identifier - Temporary blocks for investigation 2026-01-12T21:21:52+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-12T21:06:39+00:00 urn:sha1:82b56c37b26a2fac1a294873e539b19b9325dca6 Adds NGIT_REPOSITORY_WHITELIST option for curated relay operation that accepts only whitelisted repositories while maintaining GRASP-01 compliance (announcements must list the service). This differs from archive whitelist which enables GRASP-05 mode and doesn't require service listing. Key features: - Supports three whitelist formats: npub, npub/identifier, identifier - Enforces mutual exclusivity with archive read-only mode - Updates NIP-11 curation field when whitelist is enabled - Maintains GRASP-01 compliance (doesn't add GRASP-05 support) Configuration synced across all four sources: src/config.rs, docs/reference/configuration.md, nix/module.nix, and .env.example as required by AGENTS.md. 2026-01-12T20:30:13+00:00 DanConwayDev DanConwayDev@protonmail.com 2026-01-12T20:30:13+00:00 urn:sha1:a12927181c571fc1641772ad44dd4c6a4ab209d9 Implements NGIT_ARCHIVE_READ_ONLY configuration option that defaults to true when archive mode is enabled, allowing relays to operate as read-only syncs of archived repositories. Key changes: - Add NGIT_ARCHIVE_READ_ONLY config option (defaults to true if archive enabled) - NIP-11 advertises GRASP-05 support and includes curation field when read-only - Validation logic rejects non-whitelisted repos in read-only mode - Comprehensive tests for read-only behavior and defaults - Full documentation in config reference, .env.example, and NixOS module Read-only mode enables passive mirroring without being listed in announcements, useful for backup/archive operations while preventing accidental write acceptance.