feat(config): add repository blacklist to block specific repos/npubs/identifiers

Adds NGIT_REPOSITORY_BLACKLIST option for blocking repositories, taking precedence over all whitelists (archive and repository) to enable moderation without affecting curation policy. Key features: - Three blacklist formats: <npub>, <npub>/<identifier>, <identifier> - Blacklist checked first before any other validation - Overrides archive whitelist and repository whitelist - Specific rejection reasons based on match type (npub/identifier/both) - Not flagged in NIP-11 curation (operational, not policy) Implementation: - Add BlacklistConfig struct with check() method returning detailed reasons - Add NGIT_REPOSITORY_BLACKLIST config option and blacklist_config() method - Update validate_announcement() to check blacklist first with specific reasons - 12 new unit tests covering all blacklist behavior and precedence Configuration synced across all four sources: - src/config.rs: Core implementation with BlacklistConfig - .env.example: Comprehensive documentation with examples - docs/reference/configuration.md: Complete reference documentation - nix/module.nix: NixOS module option with environment mapping Testing: - 12 new tests for blacklist functionality (config + validation) - All 332 library tests passing - All 38 integration tests passing Use cases: - Block spam/malware repos by identifier - Block abusive users by npub - Block specific problematic repos by npub/identifier - Temporary blocks for investigation
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-12 21:32:38 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-12 21:33:15 +0000
commit: 70c577f10bbe150b6b13bec545dc8720ad005a64 (patch)
tree: 4f390cd523248db007ecb4335a61598b930ccad9 /.env.example
parent: 1948312d40f34fca868d1ef6d6d94e165c09738c (diff)
1 files changed, 28 insertions, 1 deletions
diff --git a/.env.example b/.env.example
index 0789b28..993399a 100644
--- a/.env.example
+++ b/.env.example
@@ -227,4 +227,31 @@
 #   NGIT_REPOSITORY_WHITELIST=bitcoin-core,linux,rust
 # Note: Cannot be used with NGIT_ARCHIVE_READ_ONLY=true (mutually exclusive)
 # Note: When set, NIP-11 curation field will indicate curated repository acceptance
-# NGIT_REPOSITORY_WHITELIST=
-\ No newline at end of file
+# NGIT_REPOSITORY_WHITELIST=
+# ============================================================================
+# REPOSITORY BLACKLIST
+# ============================================================================
+# Blacklist specific repos/pubkeys/identifiers to reject
+# Comma-separated list supporting three formats (same as whitelist formats):
+#   <npub>              - Block all repos from this pubkey
+#   <npub>/<identifier> - Block specific repo
+#   <identifier>        - Block repos with this identifier (any pubkey)
+#
+# Blacklist takes precedence over ALL whitelists:
+#   - Blacklisted repos are rejected even if they match archive or repository whitelists
+#   - Blacklisted repos are rejected even if they list our service
+#
+# Rejection reasons indicate the match type:
+#   - "Repository owner <npub> is blacklisted" (npub format)
+#   - "Repository <npub>/<identifier> is blacklisted" (npub/identifier format)
+#   - "Repository identifier <identifier> is blacklisted" (identifier format)
+#
+# CLI: --repository-blacklist <list>
+# Default: (empty - no repositories are blacklisted)
+# Examples:
+#   NGIT_REPOSITORY_BLACKLIST=npub1spam...
+#   NGIT_REPOSITORY_BLACKLIST=npub1alice.../bad-repo
+#   NGIT_REPOSITORY_BLACKLIST=malware-repo,spam-repo
+# NGIT_REPOSITORY_BLACKLIST=
+\ No newline at end of file
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-12 21:32:38 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-12 21:33:15 +0000
commit	70c577f10bbe150b6b13bec545dc8720ad005a64 (patch)
tree	4f390cd523248db007ecb4335a61598b930ccad9 /.env.example
parent	1948312d40f34fca868d1ef6d6d94e165c09738c (diff)

diff --git a/.env.example b/.env.example index 0789b28..993399a 100644 --- a/.env.example +++ b/.env.example
@@ -227,4 +227,31 @@
227	# NGIT_REPOSITORY_WHITELIST=bitcoin-core,linux,rust	227	# NGIT_REPOSITORY_WHITELIST=bitcoin-core,linux,rust
228	# Note: Cannot be used with NGIT_ARCHIVE_READ_ONLY=true (mutually exclusive)	228	# Note: Cannot be used with NGIT_ARCHIVE_READ_ONLY=true (mutually exclusive)
229	# Note: When set, NIP-11 curation field will indicate curated repository acceptance	229	# Note: When set, NIP-11 curation field will indicate curated repository acceptance
230	# NGIT_REPOSITORY_WHITELIST= \ No newline at end of file	230	# NGIT_REPOSITORY_WHITELIST=
		231
		232	# ============================================================================
		233	# REPOSITORY BLACKLIST
		234	# ============================================================================
		235
		236	# Blacklist specific repos/pubkeys/identifiers to reject
		237	# Comma-separated list supporting three formats (same as whitelist formats):
		238	# <npub> - Block all repos from this pubkey
		239	# <npub>/<identifier> - Block specific repo
		240	# <identifier> - Block repos with this identifier (any pubkey)
		241	#
		242	# Blacklist takes precedence over ALL whitelists:
		243	# - Blacklisted repos are rejected even if they match archive or repository whitelists
		244	# - Blacklisted repos are rejected even if they list our service
		245	#
		246	# Rejection reasons indicate the match type:
		247	# - "Repository owner <npub> is blacklisted" (npub format)
		248	# - "Repository <npub>/<identifier> is blacklisted" (npub/identifier format)
		249	# - "Repository identifier <identifier> is blacklisted" (identifier format)
		250	#
		251	# CLI: --repository-blacklist <list>
		252	# Default: (empty - no repositories are blacklisted)
		253	# Examples:
		254	# NGIT_REPOSITORY_BLACKLIST=npub1spam...
		255	# NGIT_REPOSITORY_BLACKLIST=npub1alice.../bad-repo
		256	# NGIT_REPOSITORY_BLACKLIST=malware-repo,spam-repo
		257	# NGIT_REPOSITORY_BLACKLIST= \ No newline at end of file