diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2025-12-04 08:59:29 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2025-12-04 08:59:29 +0000 |
| commit | fe85c32b82b6c3e81d43c71d6152ed6bb4edf732 (patch) | |
| tree | 1ae75f73c069181c14ff18791ba234ebe9bc02b3 /README.md | |
| parent | de683147779eaf57376a90e73bbdd123846a01e3 (diff) | |
add roadmap to readme
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 55 |
1 files changed, 54 insertions, 1 deletions
| @@ -64,6 +64,59 @@ This approach provides: | |||
| 64 | - 🔄 Accept repositories not listing this instance | 64 | - 🔄 Accept repositories not listing this instance |
| 65 | - 🔄 Backup/mirror mode operation | 65 | - 🔄 Backup/mirror mode operation |
| 66 | 66 | ||
| 67 | ## Roadmap | ||
| 68 | |||
| 69 | ### Purgatory | ||
| 70 | |||
| 71 | State events / PR / PR Update events without git data should be accepted with msg: "won't be served until git data arrives" or "in puratory awaiting git data" and not served by the main relay. | ||
| 72 | When the git data arrives, they get released from puratory. If git data doesn't arrive within 1 day, the events get deleted. | ||
| 73 | |||
| 74 | This ensures the grasp serve only serves these events when it can provide the git data to support them. | ||
| 75 | |||
| 76 | Why this is useful: | ||
| 77 | |||
| 78 | 1. owner submits updated state event but loses connectivity before sending the new git data. The relay causing ngit-cli to fail to clone and other clients to show a warning that the git servers state doesn't align with nostr as relays only serve the latest state event (as its addressable). | ||
| 79 | a. clients could be made more resilient if they know older versions of the state event served by a grasp server relate to the state they are currently storing. | ||
| 80 | b. if clients just start using grasp servers (instead of other relays) then they will always be able to find the git data related to the latest versin of the event servered by a grasp server | ||
| 81 | |||
| 82 | 2. serving PR events where the git data isn't accessable isn't useful. | ||
| 83 | |||
| 84 | ### GRASP-02 (Proactive Sync) | ||
| 85 | |||
| 86 | - websockets to other grasp servers listening for our repo. | ||
| 87 | - negentropy catchup | ||
| 88 | - look for missing data (from state or PR / PR update) then try and fetch from other grasp servers. for efficency look for it from other repos (ie repos of other maintainers). Do this on new state event / PR / PR update evnet and on a timer for events we know we don't have the data for. | ||
| 89 | |||
| 90 | #### Proactive Sync + | ||
| 91 | |||
| 92 | . look for announcement events on other relays / grasp servers that list our service. | ||
| 93 | . look on read/write relays of repo / PR / Patch / Issue author to get related comments. pass through stricter anti SPAM mechanism? | ||
| 94 | |||
| 95 | ### Data effiency | ||
| 96 | |||
| 97 | dedupe git data = shared object database or (GIT_ALTERNATE_OBJECT_DIRECTORIES or .git/objects/info/alternates) | ||
| 98 | |||
| 99 | ### Logging | ||
| 100 | |||
| 101 | - look into prometheus and the best way to log to get useful info | ||
| 102 | - look into the best way of monitoring livness | ||
| 103 | |||
| 104 | ### Delete Events | ||
| 105 | |||
| 106 | Git data related to deleted Repositories should be archvied (and deleted after 90 days), also events related to ONLY this repository. | ||
| 107 | |||
| 108 | ### Grasp Server Removed from Announcement Event | ||
| 109 | |||
| 110 | Unless GRASP-05, This should cause the git data and events related ONLY to this repository to be archived (and deleted after 90 days). | ||
| 111 | |||
| 112 | ### Mitigate DoS attack vector | ||
| 113 | |||
| 114 | Grasp servers can be DoS by pushing large amounts of git data to `refs/nostr/<event-id>` without having to first submit a signed nostr event. operators must temporarily disable pushes to `refs/nostr/*` without having recieved a signed event. This breaks the flow of sending PR / Update events in NIP-34 as the client doesnt know if the grasp server will accept git data / event so might include it as a server hint in `clone` without knowing whether the server will accept the data. Could an ephemeral event be sent to authorise or is that too complicated? Maybe require NIP-42 auth and authorise that IP address for the push based on WoT? | ||
| 115 | |||
| 116 | ### Reject Commits with Secrets | ||
| 117 | |||
| 118 | This a useful feature of other git servers. | ||
| 119 | |||
| 67 | ## Technology Stack | 120 | ## Technology Stack |
| 68 | 121 | ||
| 69 | - **Rust**: Core language | 122 | - **Rust**: Core language |
| @@ -141,7 +194,7 @@ NGIT_OWNER_NPUB=npub1... ngit-grasp --domain relay.example.com | |||
| 141 | - `memory`: In-memory database (fastest, no persistence - uses temp directories) | 194 | - `memory`: In-memory database (fastest, no persistence - uses temp directories) |
| 142 | - `nostrdb`: NostrDB backend (persistent, optimized for Nostr) [Not yet implemented] | 195 | - `nostrdb`: NostrDB backend (persistent, optimized for Nostr) [Not yet implemented] |
| 143 | 196 | ||
| 144 | > **Note:** When using the `memory` backend, git data are automatically stored in temporary directories for ephemeral testing. This is useful for development and CI/CD pipelines. | 197 | > **Note:** When using the `memory` backend, git data are automatically stored in temporary directories for ephemeral testing. |
| 145 | 198 | ||
| 146 | ### Example: Production Deployment | 199 | ### Example: Production Deployment |
| 147 | 200 | ||