refactor(config): validate eagerly at startup and remove Result from runtime config methods

Refactors configuration validation to fail fast on fatal errors at startup while gracefully handling recoverable issues (e.g., malformed whitelist entries). Changes: - Add Config::validate() for eager validation called immediately after load - Remove Result<> from archive_config() and repository_config() methods - WhitelistEntry::parse_whitelist() skips invalid entries with warnings - Validate relay_owner_nsec format in Config::validate() - Update all call sites to remove Result handling from config getters Benefits: - Fatal config errors (incompatible settings) fail at startup, not runtime - Recoverable errors (bad whitelist entries) logged as warnings and skipped - No Result handling scattered throughout runtime code after validation - Config methods safe to call without error handling after validate() Testing: - Add 7 new tests for validation edge cases and error handling - Total config tests: 40 (up from 33) - All 320 library tests passing Breaking change: Config users must call config.validate() after Config::load() to ensure configuration is valid. This is enforced in main.rs.
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-12 21:20:00 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-12 21:21:53 +0000
commit: 1948312d40f34fca868d1ef6d6d94e165c09738c (patch)
tree: f25f930785145023be6fe33e52904a5d8383a62d /src/nostr
parent: 82b56c37b26a2fac1a294873e539b19b9325dca6 (diff)
2 files changed, 19 insertions, 27 deletions
diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs
index 10f7648..9819e37 100644
--- a/src/nostr/builder.rs
+++ b/src/nostr/builder.rs
@@ -567,26 +567,24 @@ pub async fn create_relay(
    // Clone Arc for the write policy so both relay and policy can access the database
    let git_data_path = config.effective_git_data_path();
-    // Parse and log archive configuration
+    // Log archive configuration (config.validate() must be called at startup)
-    if let Ok(archive_config) = config.archive_config() {
+    let archive_config = config.archive_config();
-        if archive_config.enabled() {
+    if archive_config.enabled() {
-            tracing::info!(
+        tracing::info!(
-                "GRASP-05 archive mode enabled: archive_all={}, whitelist_entries={}, read_only={}",
+            "GRASP-05 archive mode enabled: archive_all={}, whitelist_entries={}, read_only={}",
-                archive_config.archive_all,
+            archive_config.archive_all,
-                archive_config.whitelist.len(),
+            archive_config.whitelist.len(),
-                archive_config.read_only
+            archive_config.read_only
-            );
+        );
-        }
    }
-    // Parse and log repository configuration
+    // Log repository configuration
-    if let Ok(repository_config) = config.repository_config() {
+    let repository_config = config.repository_config();
-        if repository_config.enabled() {
+    if repository_config.enabled() {
-            tracing::info!(
+        tracing::info!(
-                "Repository whitelist enabled: whitelist_entries={}",
+            "Repository whitelist enabled: whitelist_entries={}",
-                repository_config.whitelist.len()
+            repository_config.whitelist.len()
-            );
+        );
-        }
    }
    // Create write policy with purgatory integration
diff --git a/src/nostr/events.rs b/src/nostr/events.rs
index 3ec075d..3b4ef25 100644
--- a/src/nostr/events.rs
+++ b/src/nostr/events.rs
@@ -400,15 +400,9 @@ pub fn validate_announcement(
        Err(e) => return AnnouncementResult::Reject(format!("Invalid announcement: {}", e)),
    };
-    // Get archive and repository configs (fail-secure: reject on config errors)
+    // Get validated configs (config.validate() must be called at startup)
-    let archive_config = match config.archive_config() {
+    let archive_config = config.archive_config();
-        Ok(c) => c,
+    let repository_config = config.repository_config();
-        Err(e) => return AnnouncementResult::Reject(format!("Config error: {}", e)),
-    };
-    let repository_config = match config.repository_config() {
-        Ok(c) => c,
-        Err(e) => return AnnouncementResult::Reject(format!("Config error: {}", e)),
-    };
    let npub = announcement.owner_npub();
    let lists_service = announcement.lists_service(&config.domain);
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-12 21:20:00 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-12 21:21:53 +0000
commit	1948312d40f34fca868d1ef6d6d94e165c09738c (patch)
tree	f25f930785145023be6fe33e52904a5d8383a62d /src/nostr
parent	82b56c37b26a2fac1a294873e539b19b9325dca6 (diff)

diff --git a/src/nostr/builder.rs b/src/nostr/builder.rs index 10f7648..9819e37 100644 --- a/src/nostr/builder.rs +++ b/src/nostr/builder.rs
@@ -567,26 +567,24 @@ pub async fn create_relay(
567	// Clone Arc for the write policy so both relay and policy can access the database	567	// Clone Arc for the write policy so both relay and policy can access the database
568	let git_data_path = config.effective_git_data_path();	568	let git_data_path = config.effective_git_data_path();
569		569
570	// Parse and log archive configuration	570	// Log archive configuration (config.validate() must be called at startup)
571	if let Ok(archive_config) = config.archive_config() {	571	let archive_config = config.archive_config();
572	if archive_config.enabled() {	572	if archive_config.enabled() {
573	tracing::info!(	573	tracing::info!(
574	"GRASP-05 archive mode enabled: archive_all={}, whitelist_entries={}, read_only={}",	574	"GRASP-05 archive mode enabled: archive_all={}, whitelist_entries={}, read_only={}",
575	archive_config.archive_all,	575	archive_config.archive_all,
576	archive_config.whitelist.len(),	576	archive_config.whitelist.len(),
577	archive_config.read_only	577	archive_config.read_only
578	);	578	);
579	}
580	}	579	}
581		580
582	// Parse and log repository configuration	581	// Log repository configuration
583	if let Ok(repository_config) = config.repository_config() {	582	let repository_config = config.repository_config();
584	if repository_config.enabled() {	583	if repository_config.enabled() {
585	tracing::info!(	584	tracing::info!(
586	"Repository whitelist enabled: whitelist_entries={}",	585	"Repository whitelist enabled: whitelist_entries={}",
587	repository_config.whitelist.len()	586	repository_config.whitelist.len()
588	);	587	);
589	}
590	}	588	}
591		589
592	// Create write policy with purgatory integration	590	// Create write policy with purgatory integration


diff --git a/src/nostr/events.rs b/src/nostr/events.rs index 3ec075d..3b4ef25 100644 --- a/src/nostr/events.rs +++ b/src/nostr/events.rs
@@ -400,15 +400,9 @@ pub fn validate_announcement(
400	Err(e) => return AnnouncementResult::Reject(format!("Invalid announcement: {}", e)),	400	Err(e) => return AnnouncementResult::Reject(format!("Invalid announcement: {}", e)),
401	};	401	};
402		402
403	// Get archive and repository configs (fail-secure: reject on config errors)	403	// Get validated configs (config.validate() must be called at startup)
404	let archive_config = match config.archive_config() {	404	let archive_config = config.archive_config();
405	Ok(c) => c,	405	let repository_config = config.repository_config();
406	Err(e) => return AnnouncementResult::Reject(format!("Config error: {}", e)),
407	};
408	let repository_config = match config.repository_config() {
409	Ok(c) => c,
410	Err(e) => return AnnouncementResult::Reject(format!("Config error: {}", e)),
411	};
412		406
413	let npub = announcement.owner_npub();	407	let npub = announcement.owner_npub();
414	let lists_service = announcement.lists_service(&config.domain);	408	let lists_service = announcement.lists_service(&config.domain);