From 7cc5d37cbf4f02f0bb7eee6342dc1ede5a841a7b Mon Sep 17 00:00:00 2001 From: DanConwayDev Date: Fri, 9 Jan 2026 07:57:54 +0000 Subject: feat: replace owner-npub with relay-owner-nsec for persistent operator identity Replace the owner-npub configuration option with relay-owner-nsec to provide a persistent cryptographic identity for the relay operator. This addresses NIP-42 authentication requirements discovered during sync debugging. Motivation: - Some relays (e.g., relay.damus.io) require NIP-42 authentication for advanced features like NIP-77 negentropy sync - Previously used random ephemeral keys per connection, providing no persistent identity - Other relays can now recognize us by pubkey for reputation-based rate limiting - Ensures consistency between NIP-11 pubkey and authentication key Changes: - Config: relay_owner_nsec with auto-load/generate from .relay-owner.nsec - NIP-11: Pubkey derived from nsec instead of separate npub field - Sync: RelayConnection now uses operator keys for NIP-42 auth - Docs: Updated README, .env.example, and added .relay-owner.nsec to gitignore Key Features: - Auto-generates key on first run and saves to .relay-owner.nsec - Loads existing key from file on subsequent runs - Can override via CLI flag or environment variable - Enables reputation building across relay network - Future-ready for event signing and WoT calculations Testing: - 225/232 tests passing (7 pre-existing purgatory failures unrelated) - Verified key generation, loading, and NIP-11 derivation - Release build successful Related: work/sync-debug-analysis.md, work/relay-owner-nsec-implementation.md --- .env.example | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to '.env.example') diff --git a/.env.example b/.env.example index 7545d03..95db3c2 100644 --- a/.env.example +++ b/.env.example @@ -30,10 +30,16 @@ # RELAY INFORMATION (NIP-11) # ============================================================================ -# Owner's npub (optional, for relay info in NIP-11) -# CLI: --owner-npub -# Default: (none) -# NGIT_OWNER_NPUB=npub1... +# Relay operator's nsec (private key) for signing and authentication +# Used for: +# - NIP-11 relay information document (pubkey field derived from this nsec) +# - NIP-42 authentication when syncing from other relays +# - Future: signing events, WoT-based rate limiting of syncing relays +# +# CLI: --relay-owner-nsec +# Default: Loaded from/saved to .relay-owner.nsec file in current directory +# If file doesn't exist, a new key is generated and saved automatically +# NGIT_RELAY_OWNER_NSEC=nsec1... # Relay name shown in NIP-11 information document # CLI: --relay-name -- cgit v1.2.3