@bitmacro/relay-agent 0.1.4 → 0.2.0-beta.1

package/dist/bin/relay-agent.mjs

@@ -1488,8 +1488,8 @@ var Node = class _Node {
       this.#index = index;
       return;
     }
-    const [token2, ...restTokens] = tokens;
-    const pattern = token2 === "*" ? restTokens.length === 0 ? ["", "", ONLY_WILDCARD_REG_EXP_STR] : ["", "", LABEL_REG_EXP_STR] : token2 === "/*" ? ["", "", TAIL_WILDCARD_REG_EXP_STR] : token2.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
+    const [token, ...restTokens] = tokens;
+    const pattern = token === "*" ? restTokens.length === 0 ? ["", "", ONLY_WILDCARD_REG_EXP_STR] : ["", "", LABEL_REG_EXP_STR] : token === "/*" ? ["", "", TAIL_WILDCARD_REG_EXP_STR] : token.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
     let node;
     if (pattern) {
       const name = pattern[1];
@@ -1522,7 +1522,7 @@ var Node = class _Node {
         paramMap.push([name, node.#varIndex]);
       }
     } else {
-      node = this.#children[token2];
+      node = this.#children[token];
       if (!node) {
         if (Object.keys(this.#children).some(
           (k) => k.length > 1 && k !== ONLY_WILDCARD_REG_EXP_STR && k !== TAIL_WILDCARD_REG_EXP_STR
@@ -1532,7 +1532,7 @@ var Node = class _Node {
         if (pathErrorCheckOnly) {
           return;
         }
-        node = this.#children[token2] = new _Node();
+        node = this.#children[token] = new _Node();
       }
     }
     node.insert(restTokens, index, paramMap, context, pathErrorCheckOnly);
@@ -2714,20 +2714,81 @@ var serve = (options, listeningListener) => {
   return server;
 };
 
+// src/config/relay-instances.ts
+var cachedInstances = null;
+function parseRelayInstances() {
+  const raw2 = process.env.RELAY_INSTANCES;
+  if (!raw2 || typeof raw2 !== "string") return null;
+  try {
+    const arr = JSON.parse(raw2);
+    if (!Array.isArray(arr)) return null;
+    const instances = [];
+    const defaultWhitelist = process.env.WHITELIST_PATH ?? "/etc/strfry/whitelist.txt";
+    for (const item of arr) {
+      if (!item || typeof item !== "object") continue;
+      const obj = item;
+      const id = typeof obj.id === "string" ? obj.id.trim() : "";
+      const token = typeof obj.token === "string" ? obj.token.trim() : "";
+      const strfryConfig = typeof obj.strfryConfig === "string" ? obj.strfryConfig.trim() : "";
+      const strfryDb = typeof obj.strfryDb === "string" ? obj.strfryDb.trim() : "";
+      if (!id || !token || !strfryConfig || !strfryDb) continue;
+      if (instances.some((i) => i.id === id)) continue;
+      instances.push({
+        id,
+        token,
+        strfryConfig,
+        strfryDb,
+        whitelistPath: typeof obj.whitelistPath === "string" ? obj.whitelistPath.trim() || void 0 : void 0
+      });
+    }
+    return instances.length > 0 ? instances : null;
+  } catch {
+    return null;
+  }
+}
+function getRelayInstances() {
+  if (cachedInstances === null) {
+    cachedInstances = parseRelayInstances();
+  }
+  return cachedInstances;
+}
+function getRelayInstance(relayId) {
+  const instances = getRelayInstances();
+  if (!instances) return null;
+  return instances.find((i) => i.id === relayId) ?? null;
+}
+function isMultiRelayMode() {
+  return getRelayInstances() !== null;
+}
+
 // src/middleware/auth.ts
 var UNAUTHORIZED_JSON = { error: "unauthorized" };
-async function authMiddleware(c, next) {
+function getBearerToken(c) {
   const authHeader = c.req.header("Authorization");
-  const expectedToken = process.env.RELAY_AGENT_TOKEN;
-  if (!expectedToken) {
-    return c.json(UNAUTHORIZED_JSON, 401);
-  }
-  if (!authHeader?.startsWith("Bearer ")) {
-    return c.json(UNAUTHORIZED_JSON, 401);
-  }
-  const token2 = authHeader.slice(7);
-  if (token2 !== expectedToken) {
-    return c.json(UNAUTHORIZED_JSON, 401);
+  if (!authHeader?.startsWith("Bearer ")) return null;
+  return authHeader.slice(7);
+}
+async function authMiddleware(c, next) {
+  const path = c.req.path;
+  if (path === "/health") return next();
+  if (isMultiRelayMode()) {
+    const segments = path.split("/").filter(Boolean);
+    if (segments.length >= 2 && segments[1] === "health") return next();
+  }
+  const token = getBearerToken(c);
+  if (!token) return c.json(UNAUTHORIZED_JSON, 401);
+  if (isMultiRelayMode()) {
+    const segments = path.split("/").filter(Boolean);
+    const relayId = segments[0];
+    if (!relayId) return c.json(UNAUTHORIZED_JSON, 401);
+    const instance = getRelayInstance(relayId);
+    if (!instance) return c.json(UNAUTHORIZED_JSON, 401);
+    if (token !== instance.token) return c.json(UNAUTHORIZED_JSON, 401);
+    c.set("relayInstance", instance);
+  } else {
+    const expectedToken = process.env.RELAY_AGENT_TOKEN;
+    if (!expectedToken) return c.json(UNAUTHORIZED_JSON, 401);
+    if (token !== expectedToken) return c.json(UNAUTHORIZED_JSON, 401);
   }
   await next();
 }
@@ -2735,8 +2796,25 @@ async function authMiddleware(c, next) {
 // src/routes/health.ts
 var healthRoutes = new Hono2();
 healthRoutes.get("/health", (c) => {
+  if (isMultiRelayMode()) {
+    const instances = getRelayInstances() ?? [];
+    return c.json({
+      status: "ok",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      relayIds: instances.map((i) => i.id)
+    });
+  }
   return c.json({ status: "ok", timestamp: (/* @__PURE__ */ new Date()).toISOString() });
 });
+var healthMultiRoutes = new Hono2();
+healthMultiRoutes.get("/:relayId/health", (c) => {
+  const relayId = c.req.param("relayId");
+  const instances = getRelayInstances();
+  if (!instances?.some((i) => i.id === relayId)) {
+    return c.json({ error: "relay not found", relayId }, 404);
+  }
+  return c.json({ status: "ok", relayId, timestamp: (/* @__PURE__ */ new Date()).toISOString() });
+});
 
 // src/adapters/strfry.ts
 import { spawn } from "child_process";
@@ -2822,8 +2900,22 @@ ${stderr}`), {
   });
 }
 var STRFRY_BIN = process.env.STRFRY_BIN ?? "strfry";
-var STRFRY_CONFIG = process.env.STRFRY_CONFIG;
-var WHITELIST_PATH = process.env.WHITELIST_PATH ?? "/etc/strfry/whitelist.txt";
+var DEFAULT_STRFRY_CONFIG = process.env.STRFRY_CONFIG;
+var DEFAULT_WHITELIST_PATH = process.env.WHITELIST_PATH ?? "/etc/strfry/whitelist.txt";
+function resolveConfig(cfg) {
+  if (cfg) {
+    return {
+      strfryConfig: cfg.strfryConfig || void 0,
+      strfryDb: cfg.strfryDb,
+      whitelistPath: cfg.whitelistPath ?? DEFAULT_WHITELIST_PATH
+    };
+  }
+  return {
+    strfryConfig: DEFAULT_STRFRY_CONFIG,
+    strfryDb: process.env.STRFRY_DB_PATH ?? "./strfry-db",
+    whitelistPath: DEFAULT_WHITELIST_PATH
+  };
+}
 function logStrfryError(operation, err) {
   const msg = err instanceof Error ? err.message : String(err);
   const extra = err && typeof err === "object" ? err : {};
@@ -2836,15 +2928,11 @@ function logStrfryError(operation, err) {
   if (stderr) parts.push(`stderr: ${stderr}`);
   console.error(parts.join("\n"));
 }
-function getStrfryDbPath() {
-  return process.env.STRFRY_DB_PATH ?? "./strfry-db";
-}
-function strfryArgs(subcommand, ...args) {
-  const base = STRFRY_CONFIG ? ["--config", STRFRY_CONFIG, subcommand] : [subcommand];
+function strfryArgs(cfg, subcommand, ...args) {
+  const base = cfg.strfryConfig ? ["--config", cfg.strfryConfig, subcommand] : [subcommand];
   return [...base, ...args];
 }
-function getStrfryCwd() {
-  const dbPath = getStrfryDbPath();
+function getStrfryCwd(dbPath) {
   if (!dbPath) return void 0;
   const parent = dirname(dbPath);
   return parent !== "." ? parent : void 0;
@@ -2859,57 +2947,75 @@ function buildFilterJson(filter) {
   if (filter.limit != null) obj.limit = filter.limit;
   return JSON.stringify(obj);
 }
-async function scanEvents(filter) {
-  try {
-    const filterJson = buildFilterJson(filter);
-    const cwd = getStrfryCwd();
-    const { stdout } = await spawnAsync(STRFRY_BIN, strfryArgs("scan", filterJson), {
-      maxBuffer: 50 * 1024 * 1024,
-      cwd: cwd || void 0
-    });
-    const events = [];
-    for (const line of stdout.trim().split("\n")) {
-      if (!line) continue;
-      try {
-        const event = JSON.parse(line);
-        events.push(event);
-      } catch {
+var strfryLocks = /* @__PURE__ */ new Map();
+async function withStrfryMutex(strfryDb, fn) {
+  const prev = strfryLocks.get(strfryDb) ?? Promise.resolve();
+  const work = prev.then(() => fn());
+  strfryLocks.set(strfryDb, work.finally(() => {
+  }));
+  return work;
+}
+async function scanEvents(filter, cfg = null) {
+  const resolved = resolveConfig(cfg);
+  return withStrfryMutex(resolved.strfryDb, async () => {
+    try {
+      const filterJson = buildFilterJson(filter);
+      const cwd = getStrfryCwd(resolved.strfryDb);
+      const { stdout } = await spawnAsync(STRFRY_BIN, strfryArgs(resolved, "scan", filterJson), {
+        maxBuffer: 50 * 1024 * 1024,
+        cwd: cwd || void 0
+      });
+      const events = [];
+      for (const line of stdout.trim().split("\n")) {
+        if (!line) continue;
+        try {
+          const event = JSON.parse(line);
+          events.push(event);
+        } catch {
+        }
       }
+      return events;
+    } catch (err) {
+      logStrfryError("scanEvents", err);
+      throw err;
     }
-    return events;
-  } catch (err) {
-    logStrfryError("scanEvents", err);
-    throw err;
-  }
+  });
 }
-async function deleteEvent(id) {
-  try {
-    const filterJson = JSON.stringify({ ids: [id] });
-    const cwd = getStrfryCwd();
-    await spawnAsync(STRFRY_BIN, strfryArgs("delete", "--filter", filterJson), {
-      cwd: cwd || void 0
-    });
-  } catch (err) {
-    logStrfryError("deleteEvent", err);
-    throw err;
-  }
+async function deleteEvent(id, cfg = null) {
+  const resolved = resolveConfig(cfg);
+  return withStrfryMutex(resolved.strfryDb, async () => {
+    try {
+      const filterJson = JSON.stringify({ ids: [id] });
+      const cwd = getStrfryCwd(resolved.strfryDb);
+      await spawnAsync(STRFRY_BIN, strfryArgs(resolved, "delete", "--filter", filterJson), {
+        cwd: cwd || void 0
+      });
+    } catch (err) {
+      logStrfryError("deleteEvent", err);
+      throw err;
+    }
+  });
 }
-async function deleteByPubkey(pubkey) {
-  try {
-    const filterJson = JSON.stringify({ authors: [pubkey] });
-    const cwd = getStrfryCwd();
-    await spawnAsync(STRFRY_BIN, strfryArgs("delete", "--filter", filterJson), {
-      cwd: cwd || void 0
-    });
-  } catch (err) {
-    logStrfryError("deleteByPubkey", err);
-    throw err;
-  }
+async function deleteByPubkey(pubkey, cfg = null) {
+  const resolved = resolveConfig(cfg);
+  return withStrfryMutex(resolved.strfryDb, async () => {
+    try {
+      const filterJson = JSON.stringify({ authors: [pubkey] });
+      const cwd = getStrfryCwd(resolved.strfryDb);
+      await spawnAsync(STRFRY_BIN, strfryArgs(resolved, "delete", "--filter", filterJson), {
+        cwd: cwd || void 0
+      });
+    } catch (err) {
+      logStrfryError("deleteByPubkey", err);
+      throw err;
+    }
+  });
 }
 var SCAN_COUNT_TIMEOUT_MS = 6e4;
-function spawnScanCount(cwd) {
+function spawnScanCount(resolved) {
+  const cwd = getStrfryCwd(resolved.strfryDb);
   return new Promise((resolve) => {
-    const child = spawn(STRFRY_BIN, strfryArgs("scan", "{}"), {
+    const child = spawn(STRFRY_BIN, strfryArgs(resolved, "scan", "{}"), {
       stdio: ["ignore", "pipe", "pipe"],
       cwd: cwd || void 0
     });
@@ -2933,68 +3039,92 @@ function spawnScanCount(cwd) {
     });
   });
 }
-async function getStats() {
-  let total_events = 0;
-  let strfry_version = "unknown";
-  const cwd = getStrfryCwd();
-  total_events = await spawnScanCount(cwd);
-  try {
-    const { stdout } = await spawnAsync(STRFRY_BIN, ["--version"], {
-      cwd: cwd || void 0
-    });
-    const match2 = stdout.match(/strfry\s+([\d.]+)/i);
-    strfry_version = match2?.[1] ?? "unknown";
-  } catch {
-  }
-  let db_size = "0";
-  try {
-    const { stdout } = await spawnAsync("du", ["-sh", getStrfryDbPath()]);
-    db_size = stdout.trim().split(/\s+/)[0] ?? "0";
-  } catch {
-    db_size = "unknown";
-  }
-  let uptime_seconds = 0;
-  try {
-    const { stdout: pidOut } = await spawnAsync("pgrep", ["-x", "strfry"]);
-    const pid = pidOut.trim().split("\n")[0];
-    if (pid) {
-      const { stdout } = await spawnAsync("ps", ["-o", "etimes=", "-p", pid]);
-      uptime_seconds = parseInt(stdout.trim(), 10) || 0;
+async function getStats(cfg = null) {
+  const resolved = resolveConfig(cfg);
+  return withStrfryMutex(resolved.strfryDb, async () => {
+    let total_events = 0;
+    let strfry_version = "unknown";
+    const cwd = getStrfryCwd(resolved.strfryDb);
+    total_events = await spawnScanCount(resolved);
+    try {
+      const { stdout } = await spawnAsync(STRFRY_BIN, ["--version"], {
+        cwd: cwd || void 0
+      });
+      const match2 = stdout.match(/strfry\s+([\d.]+)/i);
+      strfry_version = match2?.[1] ?? "unknown";
+    } catch {
     }
-  } catch {
-  }
-  return {
-    total_events,
-    db_size,
-    uptime_seconds,
-    strfry_version
-  };
+    let db_size = "0";
+    try {
+      const { stdout } = await spawnAsync("du", ["-sh", resolved.strfryDb]);
+      db_size = stdout.trim().split(/\s+/)[0] ?? "0";
+    } catch {
+      db_size = "unknown";
+    }
+    let uptime_seconds = 0;
+    try {
+      const { stdout: pidOut } = await spawnAsync("pgrep", ["-x", "strfry"]);
+      const pid = pidOut.trim().split("\n")[0];
+      if (pid) {
+        const { stdout } = await spawnAsync("ps", ["-o", "etimes=", "-p", pid]);
+        uptime_seconds = parseInt(stdout.trim(), 10) || 0;
+      }
+    } catch {
+    }
+    return {
+      total_events,
+      db_size,
+      uptime_seconds,
+      strfry_version
+    };
+  });
 }
-async function listUsers(limit = 1e3) {
+async function listUsers(limit = 1e3, cfg = null) {
   const filter = { kinds: [0, 1, 3], limit };
-  const events = await scanEvents(filter);
+  const events = await scanEvents(filter, cfg);
   const pubkeys = /* @__PURE__ */ new Set();
   for (const e of events) {
     pubkeys.add(e.pubkey);
   }
   return Array.from(pubkeys);
 }
-async function readWhitelist() {
-  if (!existsSync(WHITELIST_PATH)) {
+async function readWhitelist(whitelistPath) {
+  if (!existsSync(whitelistPath)) {
     return [];
   }
-  const content = await readFile(WHITELIST_PATH, "utf-8");
+  const content = await readFile(whitelistPath, "utf-8");
   return content.split("\n").map((l) => l.trim()).filter(Boolean);
 }
-async function writeWhitelist(lines) {
-  const dir = dirname(WHITELIST_PATH);
+var PUBKEY_HEX_REGEX = /^[0-9a-f]{64}$/;
+function isValidPubkey(s) {
+  return PUBKEY_HEX_REGEX.test(s.toLowerCase());
+}
+async function getPolicyEntries(cfg = null) {
+  const resolved = resolveConfig(cfg);
+  const lines = await readWhitelist(resolved.whitelistPath);
+  const entries = [];
+  for (const line of lines) {
+    if (line.startsWith("#") || !line) continue;
+    if (line.startsWith("!")) {
+      const pubkey2 = line.slice(1).toLowerCase();
+      if (isValidPubkey(pubkey2)) entries.push({ pubkey: pubkey2, status: "blocked" });
+      continue;
+    }
+    const pubkey = line.toLowerCase();
+    if (isValidPubkey(pubkey)) entries.push({ pubkey, status: "allowed" });
+  }
+  return entries;
+}
+async function writeWhitelist(whitelistPath, lines) {
+  const dir = dirname(whitelistPath);
   if (!existsSync(dir)) {
     await mkdir(dir, { recursive: true });
   }
-  await writeFile(WHITELIST_PATH, lines.join("\n") + "\n", "utf-8");
+  await writeFile(whitelistPath, lines.join("\n") + "\n", "utf-8");
 }
-async function blockPubkey(pubkey) {
-  const lines = await readWhitelist();
+async function blockPubkey(pubkey, cfg = null) {
+  const resolved = resolveConfig(cfg);
+  const lines = await readWhitelist(resolved.whitelistPath);
   const blockLine = `!${pubkey}`;
   const withoutPubkey = lines.filter(
     (l) => l !== pubkey && l !== blockLine
@@ -3002,80 +3132,143 @@ async function blockPubkey(pubkey) {
   if (!withoutPubkey.includes(blockLine)) {
     withoutPubkey.push(blockLine);
   }
-  await writeWhitelist(withoutPubkey);
-  await deleteByPubkey(pubkey);
+  await writeWhitelist(resolved.whitelistPath, withoutPubkey);
+  await deleteByPubkey(pubkey, cfg);
 }
-async function allowPubkey(pubkey) {
-  const lines = await readWhitelist();
+async function allowPubkey(pubkey, cfg = null) {
+  const resolved = resolveConfig(cfg);
+  const lines = await readWhitelist(resolved.whitelistPath);
   const blockLine = `!${pubkey}`;
   const filtered = lines.filter((l) => l !== blockLine);
   if (!filtered.includes(pubkey)) {
     filtered.push(pubkey);
   }
-  await writeWhitelist(filtered);
+  await writeWhitelist(resolved.whitelistPath, filtered);
 }
 
+// src/routes/stats.ts
+var statsLegacyRoutes = new Hono2();
+statsLegacyRoutes.get("/stats", async (c) => {
+  try {
+    const raw2 = await getStats(null);
+    const stats = {
+      total_events: raw2.total_events,
+      db_size: raw2.db_size,
+      uptime: raw2.uptime_seconds,
+      version: raw2.strfry_version
+    };
+    return c.json(stats);
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+var statsMultiRoutes = new Hono2();
+statsMultiRoutes.get("/:relayId/stats", async (c) => {
+  const relayId = c.req.param("relayId");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  try {
+    const cfg = {
+      strfryConfig: instance.strfryConfig,
+      strfryDb: instance.strfryDb,
+      whitelistPath: instance.whitelistPath
+    };
+    const raw2 = await getStats(cfg);
+    const stats = {
+      total_events: raw2.total_events,
+      db_size: raw2.db_size,
+      uptime: raw2.uptime_seconds,
+      version: raw2.strfry_version
+    };
+    return c.json(stats);
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+
 // src/routes/events.ts
-var eventsRoutes = new Hono2();
-eventsRoutes.get("/events", async (c) => {
+function parseFilter(c) {
+  const kinds = c.req.query("kinds");
+  const authors = c.req.query("authors");
+  const since = c.req.query("since");
+  const until = c.req.query("until");
+  const limit = c.req.query("limit");
+  const filter = {};
+  if (kinds) {
+    const parsed = kinds.split(",").map((k) => parseInt(k, 10));
+    if (parsed.some((n) => Number.isNaN(n))) return null;
+    filter.kinds = parsed;
+  }
+  if (authors) filter.authors = authors.split(",").map((a) => a.trim());
+  if (since) {
+    const n = parseInt(since, 10);
+    if (Number.isNaN(n)) return null;
+    filter.since = n;
+  }
+  if (until) {
+    const n = parseInt(until, 10);
+    if (Number.isNaN(n)) return null;
+    filter.until = n;
+  }
+  if (limit) {
+    const n = parseInt(limit, 10);
+    if (Number.isNaN(n)) return null;
+    filter.limit = n;
+  }
+  return filter;
+}
+var eventsLegacyRoutes = new Hono2();
+eventsLegacyRoutes.get("/events", async (c) => {
+  const filter = parseFilter(c);
+  if (!filter) return c.json({ error: "invalid query params" }, 400);
   try {
-    const kinds = c.req.query("kinds");
-    const authors = c.req.query("authors");
-    const since = c.req.query("since");
-    const until = c.req.query("until");
-    const limit = c.req.query("limit");
-    const filter = {};
-    if (kinds) {
-      const parsed = kinds.split(",").map((k) => parseInt(k, 10));
-      if (parsed.some((n) => Number.isNaN(n))) {
-        return c.json({ error: "invalid kinds" }, 400);
-      }
-      filter.kinds = parsed;
-    }
-    if (authors) filter.authors = authors.split(",").map((a) => a.trim());
-    if (since) {
-      const n = parseInt(since, 10);
-      if (Number.isNaN(n)) return c.json({ error: "invalid since" }, 400);
-      filter.since = n;
-    }
-    if (until) {
-      const n = parseInt(until, 10);
-      if (Number.isNaN(n)) return c.json({ error: "invalid until" }, 400);
-      filter.until = n;
-    }
-    if (limit) {
-      const n = parseInt(limit, 10);
-      if (Number.isNaN(n)) return c.json({ error: "invalid limit" }, 400);
-      filter.limit = n;
-    }
-    const events = await scanEvents(filter);
+    const events = await scanEvents(filter, null);
     return c.json(events);
   } catch {
     return c.json({ error: "relay unavailable" }, 503);
   }
 });
-eventsRoutes.delete("/events/:id", async (c) => {
+eventsLegacyRoutes.delete("/events/:id", async (c) => {
   try {
     const id = c.req.param("id");
-    await deleteEvent(id);
+    await deleteEvent(id, null);
     return c.json({ deleted: id });
   } catch {
     return c.json({ error: "relay unavailable" }, 503);
   }
 });
-
-// src/routes/stats.ts
-var statsRoutes = new Hono2();
-statsRoutes.get("/stats", async (c) => {
+var eventsMultiRoutes = new Hono2();
+eventsMultiRoutes.get("/:relayId/events", async (c) => {
+  const relayId = c.req.param("relayId");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  const filter = parseFilter(c);
+  if (!filter) return c.json({ error: "invalid query params" }, 400);
   try {
-    const raw2 = await getStats();
-    const stats = {
-      total_events: raw2.total_events,
-      db_size: raw2.db_size,
-      uptime: raw2.uptime_seconds,
-      version: raw2.strfry_version
+    const cfg = {
+      strfryConfig: instance.strfryConfig,
+      strfryDb: instance.strfryDb,
+      whitelistPath: instance.whitelistPath
     };
-    return c.json(stats);
+    const events = await scanEvents(filter, cfg);
+    return c.json(events);
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+eventsMultiRoutes.delete("/:relayId/events/:id", async (c) => {
+  const relayId = c.req.param("relayId");
+  const id = c.req.param("id");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  try {
+    const cfg = {
+      strfryConfig: instance.strfryConfig,
+      strfryDb: instance.strfryDb,
+      whitelistPath: instance.whitelistPath
+    };
+    await deleteEvent(id, cfg);
+    return c.json({ deleted: id });
   } catch {
     return c.json({ error: "relay unavailable" }, 503);
   }
@@ -3083,34 +3276,83 @@ statsRoutes.get("/stats", async (c) => {
 
 // src/routes/policy.ts
 var PUBKEY_REGEX = /^[0-9a-f]{64}$/;
-var policyRoutes = new Hono2();
-policyRoutes.post("/policy/block", async (c) => {
+function cfgFromInstance(instance) {
+  return {
+    strfryConfig: instance.strfryConfig,
+    strfryDb: instance.strfryDb,
+    whitelistPath: instance.whitelistPath
+  };
+}
+var policyLegacyRoutes = new Hono2();
+policyLegacyRoutes.get("/policy", async (c) => {
+  try {
+    const entries = await getPolicyEntries(null);
+    return c.json({ entries });
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+policyLegacyRoutes.post("/policy/block", async (c) => {
   try {
     const body = await c.req.json();
     const { pubkey } = body;
-    if (!pubkey || typeof pubkey !== "string") {
-      return c.json({ error: "pubkey is required" }, 400);
-    }
-    if (!PUBKEY_REGEX.test(pubkey.toLowerCase())) {
-      return c.json({ error: "invalid pubkey format" }, 400);
-    }
-    await blockPubkey(pubkey);
+    if (!pubkey || typeof pubkey !== "string") return c.json({ error: "pubkey is required" }, 400);
+    if (!PUBKEY_REGEX.test(pubkey.toLowerCase())) return c.json({ error: "invalid pubkey format" }, 400);
+    await blockPubkey(pubkey, null);
     return c.json({ blocked: pubkey });
   } catch {
     return c.json({ error: "relay unavailable" }, 503);
   }
 });
-policyRoutes.post("/policy/allow", async (c) => {
+policyLegacyRoutes.post("/policy/allow", async (c) => {
   try {
     const body = await c.req.json();
     const { pubkey } = body;
-    if (!pubkey || typeof pubkey !== "string") {
-      return c.json({ error: "pubkey is required" }, 400);
-    }
-    if (!PUBKEY_REGEX.test(pubkey.toLowerCase())) {
-      return c.json({ error: "invalid pubkey format" }, 400);
-    }
-    await allowPubkey(pubkey);
+    if (!pubkey || typeof pubkey !== "string") return c.json({ error: "pubkey is required" }, 400);
+    if (!PUBKEY_REGEX.test(pubkey.toLowerCase())) return c.json({ error: "invalid pubkey format" }, 400);
+    await allowPubkey(pubkey, null);
+    return c.json({ allowed: pubkey });
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+var policyMultiRoutes = new Hono2();
+policyMultiRoutes.get("/:relayId/policy", async (c) => {
+  const relayId = c.req.param("relayId");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  try {
+    const entries = await getPolicyEntries(cfgFromInstance(instance));
+    return c.json({ entries });
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+policyMultiRoutes.post("/:relayId/policy/block", async (c) => {
+  const relayId = c.req.param("relayId");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  try {
+    const body = await c.req.json();
+    const { pubkey } = body;
+    if (!pubkey || typeof pubkey !== "string") return c.json({ error: "pubkey is required" }, 400);
+    if (!PUBKEY_REGEX.test(pubkey.toLowerCase())) return c.json({ error: "invalid pubkey format" }, 400);
+    await blockPubkey(pubkey, cfgFromInstance(instance));
+    return c.json({ blocked: pubkey });
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+policyMultiRoutes.post("/:relayId/policy/allow", async (c) => {
+  const relayId = c.req.param("relayId");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  try {
+    const body = await c.req.json();
+    const { pubkey } = body;
+    if (!pubkey || typeof pubkey !== "string") return c.json({ error: "pubkey is required" }, 400);
+    if (!PUBKEY_REGEX.test(pubkey.toLowerCase())) return c.json({ error: "invalid pubkey format" }, 400);
+    await allowPubkey(pubkey, cfgFromInstance(instance));
     return c.json({ allowed: pubkey });
   } catch {
     return c.json({ error: "relay unavailable" }, 503);
@@ -3118,17 +3360,41 @@ policyRoutes.post("/policy/allow", async (c) => {
 });
 
 // src/routes/users.ts
-var usersRoutes = new Hono2();
-usersRoutes.get("/users", async (c) => {
+var usersLegacyRoutes = new Hono2();
+usersLegacyRoutes.get("/users", async (c) => {
+  const limitParam = c.req.query("limit");
+  let limit;
+  if (limitParam) {
+    const n = parseInt(limitParam, 10);
+    if (Number.isNaN(n)) return c.json({ error: "invalid limit" }, 400);
+    limit = n;
+  }
+  try {
+    const pubkeys = await listUsers(limit ?? 1e3, null);
+    return c.json({ users: pubkeys });
+  } catch {
+    return c.json({ error: "relay unavailable" }, 503);
+  }
+});
+var usersMultiRoutes = new Hono2();
+usersMultiRoutes.get("/:relayId/users", async (c) => {
+  const relayId = c.req.param("relayId");
+  const instance = getRelayInstance(relayId);
+  if (!instance) return c.json({ error: "relay not found", relayId }, 404);
+  const limitParam = c.req.query("limit");
+  let limit;
+  if (limitParam) {
+    const n = parseInt(limitParam, 10);
+    if (Number.isNaN(n)) return c.json({ error: "invalid limit" }, 400);
+    limit = n;
+  }
   try {
-    const limitParam = c.req.query("limit");
-    let limit;
-    if (limitParam) {
-      const n = parseInt(limitParam, 10);
-      if (Number.isNaN(n)) return c.json({ error: "invalid limit" }, 400);
-      limit = n;
-    }
-    const pubkeys = await listUsers(limit);
+    const cfg = {
+      strfryConfig: instance.strfryConfig,
+      strfryDb: instance.strfryDb,
+      whitelistPath: instance.whitelistPath
+    };
+    const pubkeys = await listUsers(limit ?? 1e3, cfg);
     return c.json({ users: pubkeys });
   } catch {
     return c.json({ error: "relay unavailable" }, 503);
@@ -3137,22 +3403,32 @@ usersRoutes.get("/users", async (c) => {
 
 // src/index.ts
 var DEFAULT_ORIGINS = [
-  "https://admin.bitmacro.io",
+  "https://relay-panel.bitmacro.io",
   "http://localhost:3000"
 ];
 var EXTRA_ORIGINS = (process.env.ALLOWED_ORIGINS ?? "").split(",").map((s) => s.trim()).filter(Boolean);
 var ALLOWED_ORIGINS = [...DEFAULT_ORIGINS, ...EXTRA_ORIGINS];
 var app = new Hono2();
-app.use("*", cors({ origin: ALLOWED_ORIGINS }));
 app.use("*", async (c, next) => {
-  if (c.req.path === "/health") return next();
-  return authMiddleware(c, next);
+  const start = Date.now();
+  await next();
+  console.log(`[relay-agent] ${c.req.method} ${c.req.path} ${c.res.status} ${Date.now() - start}ms`);
 });
+app.use("*", cors({ origin: ALLOWED_ORIGINS }));
+app.use("*", authMiddleware);
 app.route("/", healthRoutes);
-app.route("/", eventsRoutes);
-app.route("/", statsRoutes);
-app.route("/", policyRoutes);
-app.route("/", usersRoutes);
+if (isMultiRelayMode()) {
+  app.route("/", healthMultiRoutes);
+  app.route("/", statsMultiRoutes);
+  app.route("/", eventsMultiRoutes);
+  app.route("/", policyMultiRoutes);
+  app.route("/", usersMultiRoutes);
+} else {
+  app.route("/", statsLegacyRoutes);
+  app.route("/", eventsLegacyRoutes);
+  app.route("/", policyLegacyRoutes);
+  app.route("/", usersLegacyRoutes);
+}
 function createServer(port2) {
   return serve({
     fetch: app.fetch,
@@ -3206,12 +3482,15 @@ if (values.help) {
   console.log(HELP);
   process.exit(0);
 }
-var token = values.token ?? process.env.RELAY_AGENT_TOKEN ?? process.env.TOKEN;
-if (!token) {
-  console.error("Error: --token is required (or set RELAY_AGENT_TOKEN env var)");
-  process.exit(1);
+var relayInstances = process.env.RELAY_INSTANCES;
+if (!relayInstances) {
+  const token = values.token ?? process.env.RELAY_AGENT_TOKEN ?? process.env.TOKEN;
+  if (!token) {
+    console.error("Error: --token is required (or set RELAY_AGENT_TOKEN env var)");
+    process.exit(1);
+  }
+  process.env.RELAY_AGENT_TOKEN = token;
 }
-process.env.RELAY_AGENT_TOKEN = token;
 var port = parseInt(values.port ?? process.env.PORT ?? "7800", 10);
 createServer(port);
 console.log(`relay-agent listening on http://localhost:${port}`);