npub1tkq8unhsd5jqx6ueex5lcpsgknrpquxuk44ftpjlpm3ulaake7xs76txrw/ngit-grasp-mirror/src/config.rs, branch v1.0.0

drop nostr-db backend support, keep only lmdb and memory

2026-02-25T15:07:40+00:00

Merge relay.ngit.dev migration: bug fixes and migration tooling

2026-02-03T15:18:23+00:00

This merge includes critical bug fixes and comprehensive migration tooling developed during the relay.ngit.dev migration effort. Bug Fixes: - Fix git protocol error handling to return HTTP 200 with ERR pkt-line - Fix naughty list false positives and DNS failure identification - Fix database query filters in load_existing_events (remove .since()) - Fix OID fetch tracking to distinguish 0 OIDs from successful fetches - Fix purgatory event source tracking for filtered expiry logging - Implement OID retry logic for 'not our ref' errors Migration Tools & Documentation: - Complete 5-phase migration analysis pipeline with orchestration script - Phase 1: Event fetching from source relay - Phase 2: Git sync verification - Phase 3: Categorization and relay comparison - Phase 4: Log extraction (parse failures, purgatory expiry) - Phase 5: Action classification for migration decisions - Comprehensive migration guide with lessons learned - Troubleshooting guide for permission and corruption issues Configuration: - Add NGIT_LOG_LEVEL configuration option - Update git throttle limits to 60/minute - Improve logging throughout for better observability

feat: add NGIT_LOG_LEVEL configuration option

2026-01-27T20:38:15+00:00

Add proper log level configuration following standard approach: - CLI flag: --log-level - Environment variable: NGIT_LOG_LEVEL - Default: info - Supports simple levels (error, warn, info, debug, trace) - Supports filter expressions (e.g., ngit_grasp=debug,actix_web=info) Configuration is now consistent across all four sources: 1. src/config.rs - Config struct with log_level field 2. docs/reference/configuration.md - Full documentation 3. nix/module.nix - NixOS module with logLevel option 4. .env.example - Example configuration file This replaces the previous RUST_LOG approach with proper integration into the ngit-grasp configuration system, enabling trace logging from CLI, environment variables, or NixOS configuration.

fix: use hex format for pubkey in NIP-11 document

2026-01-21T16:05:02+00:00

The NIP-11 specification requires the pubkey field to be a 64-character hex string, but we were incorrectly using npub (bech32) format. Changes: - Add Config::relay_owner_pubkey_hex() method to get hex format - Update NIP-11 document to use hex format instead of npub - Update test to verify 64-char hex string instead of npub format Fixes nak relay command error: 'must be a hex string of 64 characters'

feat: add archive-grasp-services configuration option

2026-01-21T13:38:11+00:00

Enables relay operators to backup/archive specific GRASP servers by domain. Includes configuration, validation, documentation, and integration tests.

fix: archive_read_only creates bare repos for archived announcements

2026-01-19T15:04:00+00:00

Combined Accept and AcceptArchive match arms in builder.rs to ensure bare repositories are created for both cases. Previously AcceptArchive had duplicate code that didn't call ensure_bare_repository(). Also includes: - Config fix: effective_git_data_path() respects explicit paths with memory backend - TestRelay: Added git_data_path() and archive config support for testing - Integration tests for archive_read_only behavior

config: increase max_connections default from 2000 to 4096

2026-01-19T15:03:59+00:00

Increases connection limit across all configuration sources: - src/config.rs: default_value_t = 4096 - docs/reference/configuration.md: updated default and examples - nix/module.nix: maxConnections default = 4096 - .env.example: updated default and comment This allows the relay to handle more concurrent connections and reduces the likelihood of connection exhaustion under normal load. The previous limit of 2000 was too conservative for production deployments.

Add explicit rate limits and total connection limit

2026-01-14T13:40:03+00:00

- Make RateLimit explicit in relay builder (500 subs, 60 events/min) - Add NGIT_MAX_CONNECTIONS config option (default: 500) - Update all 4 config locations (src, nix, docs, .env.example) - Fix documentation error: filter limit 5000→500 - Document Phase 2 deferral decision (per-IP enforcement) Addresses primary DoS vector (connection exhaustion) with minimal code. Per-IP rate limiting deferred until abuse detected in production. Related: issue ff38 (git endpoint throttling - separate concern)

Change default port from 8080 to 7334 (NGIT on phone keypad)

2026-01-12T22:51:43+00:00

- Update default bind address in src/config.rs to 127.0.0.1:7334 - Update all four critical config sources per AGENTS.md: - src/config.rs (code default and tests) - .env.example (development template) - docs/reference/configuration.md (user documentation) - nix/module.nix (NixOS deployment) - Update all documentation examples and references: - README.md (with note about phone keypad mnemonic) - docs/how-to/*.md (deploy, prometheus-setup, test-compliance) - docs/explanation/*.md (architecture, comparison) - docs/learnings/grasp-audit.md Port 7334 spells NGIT on a phone keypad, making it memorable and project-specific. All tests pass (336 lib tests + 51 integration tests).

feat(config): add event blacklist to block all events from specific authors

2026-01-12T21:51:57+00:00

Adds NGIT_EVENT_BLACKLIST option for blocking all events from specific npubs, taking precedence over all other validation to enable comprehensive moderation without affecting curation policy. Key features: - Simple npub-only format: ,,... - Checked FIRST before any other validation (including repository blacklist) - Blocks ALL event types (announcements, state events, PRs, comments, etc.) - Events never reach relay storage or purgatory - Specific rejection reason for operator debugging Implementation: - Add EventBlacklistConfig struct with check() method - Add NGIT_EVENT_BLACKLIST config option and event_blacklist_config() method - Add config field to PolicyContext for policy access - Add check_event_blacklist() to Nip34WritePolicy - Check event blacklist first in admit_event() method (before any other validation) - 4 new unit tests covering all blacklist behavior Configuration synced across all four sources: - src/config.rs: Core implementation with EventBlacklistConfig - .env.example: Comprehensive documentation with examples - docs/reference/configuration.md: Complete reference documentation - nix/module.nix: NixOS module option with environment mapping README updates: - Add comprehensive "Curation & Moderation" section - Document repository whitelists (GRASP-01 and GRASP-05 modes) - Document repository and event blacklists with precedence order - Add configuration table for all curation/moderation settings - Provide real-world examples for different relay configurations Testing: - 4 new tests for event blacklist functionality - All 336 library tests passing - All 64 integration tests passing - All 38 filter support tests passing Verification: - Repository blacklist confirmed to apply to sync (uses same admit_event flow) - Sync events validated through process_event_static -> write_policy.admit_event Use cases: - Block spam/abusive users completely - Prevent malicious actors from submitting any events - Temporary blocks for investigation - Moderation without affecting whitelist curation policy