From 7cc5d37cbf4f02f0bb7eee6342dc1ede5a841a7b Mon Sep 17 00:00:00 2001 From: DanConwayDev Date: Fri, 9 Jan 2026 07:57:54 +0000 Subject: feat: replace owner-npub with relay-owner-nsec for persistent operator identity Replace the owner-npub configuration option with relay-owner-nsec to provide a persistent cryptographic identity for the relay operator. This addresses NIP-42 authentication requirements discovered during sync debugging. Motivation: - Some relays (e.g., relay.damus.io) require NIP-42 authentication for advanced features like NIP-77 negentropy sync - Previously used random ephemeral keys per connection, providing no persistent identity - Other relays can now recognize us by pubkey for reputation-based rate limiting - Ensures consistency between NIP-11 pubkey and authentication key Changes: - Config: relay_owner_nsec with auto-load/generate from .relay-owner.nsec - NIP-11: Pubkey derived from nsec instead of separate npub field - Sync: RelayConnection now uses operator keys for NIP-42 auth - Docs: Updated README, .env.example, and added .relay-owner.nsec to gitignore Key Features: - Auto-generates key on first run and saves to .relay-owner.nsec - Loads existing key from file on subsequent runs - Can override via CLI flag or environment variable - Enables reputation building across relay network - Future-ready for event signing and WoT calculations Testing: - 225/232 tests passing (7 pre-existing purgatory failures unrelated) - Verified key generation, loading, and NIP-11 derivation - Release build successful Related: work/sync-debug-analysis.md, work/relay-owner-nsec-implementation.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index b8bff09..7077bc5 100644 --- a/README.md +++ b/README.md @@ -287,10 +287,10 @@ This means CLI flags always take precedence over environment variables, which ta ngit-grasp --help # Run with CLI flags (override everything else) -ngit-grasp --domain relay.example.com --owner-npub npub1... --bind-address 0.0.0.0:8080 +ngit-grasp --domain relay.example.com --relay-owner-nsec nsec1... --bind-address 0.0.0.0:8080 # Mix CLI flags with environment variables -NGIT_OWNER_NPUB=npub1... ngit-grasp --domain relay.example.com +NGIT_RELAY_OWNER_NSEC=nsec1... ngit-grasp --domain relay.example.com ``` ### Configuration Options @@ -300,7 +300,7 @@ NGIT_OWNER_NPUB=npub1... ngit-grasp --domain relay.example.com | Option | CLI Flag | Environment Variable | Default | | ----------------- | --------------------- | ------------------------ | -------------------------------------------- | | Domain | `--domain` | `NGIT_DOMAIN` | (required) | -| Owner npub | `--owner-npub` | `NGIT_OWNER_NPUB` | (optional) | +| Relay owner nsec | `--relay-owner-nsec` | `NGIT_RELAY_OWNER_NSEC` | `.relay-owner.nsec` file (auto-generated) | | Relay name | `--relay-name` | `NGIT_RELAY_NAME` | `${domain} grasp relay` | | Relay description | `--relay-description` | `NGIT_RELAY_DESCRIPTION` | `Git Nostr Relay - a grasp implementation` | | Git data path | `--git-data-path` | `NGIT_GIT_DATA_PATH` | `./data/git` (temp dir for memory backend) | @@ -339,7 +339,7 @@ NGIT_OWNER_NPUB=npub1... ngit-grasp --domain relay.example.com ```bash # Using environment variables (recommended for production) export NGIT_DOMAIN=gitnostr.com -export NGIT_OWNER_NPUB=npub1... +export NGIT_RELAY_OWNER_NSEC=nsec1... # Or let it auto-generate from .relay-owner.nsec export NGIT_BIND_ADDRESS=0.0.0.0:8080 export NGIT_DATABASE_BACKEND=lmdb -- cgit v1.2.3