@gakr-gakr/nostr 0.1.0

package/src/channel.ts

@@ -0,0 +1,215 @@
+import { describeAccountSnapshot } from "autobot/plugin-sdk/account-helpers";
+import {
+  createScopedDmSecurityResolver,
+  createTopLevelChannelConfigAdapter,
+} from "autobot/plugin-sdk/channel-config-helpers";
+import { createChatChannelPlugin } from "autobot/plugin-sdk/channel-core";
+import { createChannelMessageAdapterFromOutbound } from "autobot/plugin-sdk/channel-message";
+import {
+  buildPassiveChannelStatusSummary,
+  buildTrafficStatusSummary,
+} from "autobot/plugin-sdk/extension-shared";
+import { createComputedAccountStatusAdapter } from "autobot/plugin-sdk/status-helpers";
+import {
+  buildChannelConfigSchema,
+  collectStatusIssuesFromLastError,
+  createDefaultChannelRuntimeState,
+  DEFAULT_ACCOUNT_ID,
+  formatPairingApproveHint,
+  type ChannelPlugin,
+} from "./channel-api.js";
+import type { NostrProfile } from "./config-schema.js";
+import { NostrConfigSchema } from "./config-schema.js";
+import {
+  getActiveNostrBuses,
+  nostrOutboundAdapter,
+  nostrPairingTextAdapter,
+  startNostrGatewayAccount,
+} from "./gateway.js";
+import { normalizePubkey } from "./nostr-key-utils.js";
+import type { ProfilePublishResult } from "./nostr-profile.js";
+import { resolveNostrOutboundSessionRoute } from "./session-route.js";
+import { nostrSetupAdapter, nostrSetupWizard } from "./setup-surface.js";
+import {
+  listNostrAccountIds,
+  resolveDefaultNostrAccountId,
+  resolveNostrAccount,
+  type ResolvedNostrAccount,
+} from "./types.js";
+
+const resolveNostrDmPolicy = createScopedDmSecurityResolver<ResolvedNostrAccount>({
+  channelKey: "nostr",
+  resolvePolicy: (account) => account.config.dmPolicy,
+  resolveAllowFrom: (account) => account.config.allowFrom,
+  policyPathSuffix: "dmPolicy",
+  defaultPolicy: "pairing",
+  approveHint: formatPairingApproveHint("nostr"),
+  normalizeEntry: (raw) => {
+    try {
+      return normalizePubkey(raw.trim().replace(/^nostr:/i, ""));
+    } catch {
+      return raw.trim();
+    }
+  },
+});
+
+const nostrConfigAdapter = createTopLevelChannelConfigAdapter<ResolvedNostrAccount>({
+  sectionKey: "nostr",
+  resolveAccount: (cfg) => resolveNostrAccount({ cfg }),
+  listAccountIds: listNostrAccountIds,
+  defaultAccountId: resolveDefaultNostrAccountId,
+  deleteMode: "clear-fields",
+  clearBaseFields: [
+    "name",
+    "defaultAccount",
+    "privateKey",
+    "relays",
+    "dmPolicy",
+    "allowFrom",
+    "profile",
+  ],
+  resolveAllowFrom: (account) => account.config.allowFrom,
+  formatAllowFrom: (allowFrom) =>
+    allowFrom
+      .map((entry) => String(entry).trim())
+      .filter(Boolean)
+      .map((entry) => {
+        if (entry === "*") {
+          return "*";
+        }
+        try {
+          return normalizePubkey(entry);
+        } catch {
+          return entry;
+        }
+      })
+      .filter(Boolean),
+});
+
+const nostrMessageAdapter = createChannelMessageAdapterFromOutbound({
+  id: "nostr",
+  outbound: nostrOutboundAdapter,
+});
+
+export const nostrPlugin: ChannelPlugin<ResolvedNostrAccount> = createChatChannelPlugin({
+  base: {
+    id: "nostr",
+    meta: {
+      id: "nostr",
+      label: "Nostr",
+      selectionLabel: "Nostr",
+      docsPath: "/channels/nostr",
+      docsLabel: "nostr",
+      blurb: "Decentralized DMs via Nostr relays (NIP-04)",
+      order: 100,
+    },
+    capabilities: {
+      chatTypes: ["direct"], // DMs only for MVP
+      media: false, // No media for MVP
+    },
+    reload: { configPrefixes: ["channels.nostr"] },
+    configSchema: buildChannelConfigSchema(NostrConfigSchema),
+    setup: nostrSetupAdapter,
+    setupWizard: nostrSetupWizard,
+    config: {
+      ...nostrConfigAdapter,
+      isConfigured: (account) => account.configured,
+      describeAccount: (account) =>
+        describeAccountSnapshot({
+          account,
+          configured: account.configured,
+          extra: {
+            publicKey: account.publicKey,
+          },
+        }),
+    },
+    messaging: {
+      targetPrefixes: ["nostr"],
+      normalizeTarget: (target) => {
+        // Strip nostr: prefix if present
+        const cleaned = target.trim().replace(/^nostr:/i, "");
+        try {
+          return normalizePubkey(cleaned);
+        } catch {
+          return cleaned;
+        }
+      },
+      targetResolver: {
+        looksLikeId: (input) => {
+          const trimmed = input.trim();
+          return trimmed.startsWith("npub1") || /^[0-9a-fA-F]{64}$/.test(trimmed);
+        },
+        hint: "<npub|hex pubkey|nostr:npub...>",
+      },
+      resolveOutboundSessionRoute: (params) => resolveNostrOutboundSessionRoute(params),
+    },
+    message: nostrMessageAdapter,
+    status: {
+      ...createComputedAccountStatusAdapter<ResolvedNostrAccount>({
+        defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID),
+        collectStatusIssues: (accounts) => collectStatusIssuesFromLastError("nostr", accounts),
+        buildChannelSummary: ({ snapshot }) =>
+          buildPassiveChannelStatusSummary(snapshot, {
+            publicKey: snapshot.publicKey ?? null,
+          }),
+        resolveAccountSnapshot: ({ account, runtime }) => ({
+          accountId: account.accountId,
+          name: account.name,
+          enabled: account.enabled,
+          configured: account.configured,
+          extra: {
+            publicKey: account.publicKey,
+            profile: account.profile,
+            ...buildTrafficStatusSummary(runtime),
+          },
+        }),
+      }),
+    },
+    gateway: {
+      startAccount: startNostrGatewayAccount,
+    },
+  },
+  pairing: {
+    text: nostrPairingTextAdapter,
+  },
+  security: {
+    resolveDmPolicy: resolveNostrDmPolicy,
+  },
+  outbound: nostrOutboundAdapter,
+});
+
+/**
+ * Publish a profile (kind:0) for a Nostr account.
+ * @param accountId - Account ID (defaults to "default")
+ * @param profile - Profile data to publish
+ * @returns Publish results with successes and failures
+ * @throws Error if account is not running
+ */
+export async function publishNostrProfile(
+  accountId: string | undefined,
+  profile: NostrProfile,
+): Promise<ProfilePublishResult> {
+  const resolvedAccountId = accountId ?? DEFAULT_ACCOUNT_ID;
+  const bus = getActiveNostrBuses().get(resolvedAccountId);
+  if (!bus) {
+    throw new Error(`Nostr bus not running for account ${resolvedAccountId}`);
+  }
+  return bus.publishProfile(profile);
+}
+
+/**
+ * Get profile publish state for a Nostr account.
+ * @param accountId - Account ID (defaults to "default")
+ * @returns Profile publish state or null if account not running
+ */
+export async function getNostrProfileState(accountId: string = DEFAULT_ACCOUNT_ID): Promise<{
+  lastPublishedAt: number | null;
+  lastPublishedEventId: string | null;
+  lastPublishResults: Record<string, "ok" | "failed" | "timeout"> | null;
+} | null> {
+  const bus = getActiveNostrBuses().get(accountId);
+  if (!bus) {
+    return null;
+  }
+  return bus.getProfileState();
+}

package/src/config-schema.ts

@@ -0,0 +1,98 @@
+import {
+  AllowFromListSchema,
+  DmPolicySchema,
+  MarkdownConfigSchema,
+} from "autobot/plugin-sdk/channel-config-primitives";
+import { buildSecretInputSchema } from "autobot/plugin-sdk/secret-input";
+import { z } from "zod";
+
+/**
+ * Validates https:// URLs only (no javascript:, data:, file:, etc.)
+ */
+const safeUrlSchema = z
+  .string()
+  .url()
+  .refine(
+    (url) => {
+      try {
+        const parsed = new URL(url);
+        return parsed.protocol === "https:";
+      } catch {
+        return false;
+      }
+    },
+    { message: "URL must use https:// protocol" },
+  );
+
+/**
+ * NIP-01 profile metadata schema
+ * https://github.com/nostr-protocol/nips/blob/master/01.md
+ */
+export const NostrProfileSchema = z.object({
+  /** Username (NIP-01: name) - max 256 chars */
+  name: z.string().max(256).optional(),
+
+  /** Display name (NIP-01: display_name) - max 256 chars */
+  displayName: z.string().max(256).optional(),
+
+  /** Bio/description (NIP-01: about) - max 2000 chars */
+  about: z.string().max(2000).optional(),
+
+  /** Profile picture URL (must be https) */
+  picture: safeUrlSchema.optional(),
+
+  /** Banner image URL (must be https) */
+  banner: safeUrlSchema.optional(),
+
+  /** Website URL (must be https) */
+  website: safeUrlSchema.optional(),
+
+  /** NIP-05 identifier (e.g., "user@example.com") */
+  nip05: z.string().optional(),
+
+  /** Lightning address (LUD-16) */
+  lud16: z.string().optional(),
+});
+
+export interface NostrProfile {
+  name?: string;
+  displayName?: string;
+  about?: string;
+  picture?: string;
+  banner?: string;
+  website?: string;
+  nip05?: string;
+  lud16?: string;
+}
+
+/**
+ * Zod schema for channels.nostr.* configuration
+ */
+export const NostrConfigSchema = z.object({
+  /** Account name (optional display name) */
+  name: z.string().optional(),
+
+  /** Optional default account id for routing/account selection. */
+  defaultAccount: z.string().optional(),
+
+  /** Whether this channel is enabled */
+  enabled: z.boolean().optional(),
+
+  /** Markdown formatting overrides (tables). */
+  markdown: MarkdownConfigSchema,
+
+  /** Private key in hex or nsec bech32 format */
+  privateKey: buildSecretInputSchema().optional(),
+
+  /** WebSocket relay URLs to connect to */
+  relays: z.array(z.string()).optional(),
+
+  /** DM access policy: pairing, allowlist, open, or disabled */
+  dmPolicy: DmPolicySchema.optional(),
+
+  /** Allowed sender pubkeys (npub or hex format) */
+  allowFrom: AllowFromListSchema,
+
+  /** Profile metadata (NIP-01 kind:0 content) */
+  profile: NostrProfileSchema.optional(),
+});

package/src/default-relays.ts

@@ -0,0 +1 @@
+export const DEFAULT_RELAYS = ["wss://relay.damus.io", "wss://nos.lol"];

package/src/gateway.ts

@@ -0,0 +1,321 @@
+import {
+  resolveStableChannelMessageIngress,
+  type StableChannelIngressIdentityParams,
+} from "autobot/plugin-sdk/channel-ingress-runtime";
+import { createChannelPairingController } from "autobot/plugin-sdk/channel-pairing";
+import { attachChannelToResult } from "autobot/plugin-sdk/channel-send-result";
+import type { AutoBotConfig } from "autobot/plugin-sdk/config-contracts";
+import { type ChannelOutboundAdapter, type ChannelPlugin } from "./channel-api.js";
+import type { MetricEvent, MetricsSnapshot } from "./metrics.js";
+import { startNostrBus, type NostrBusHandle } from "./nostr-bus.js";
+import { normalizePubkey } from "./nostr-key-utils.js";
+import { getNostrRuntime } from "./runtime.js";
+import { resolveDefaultNostrAccountId, type ResolvedNostrAccount } from "./types.js";
+
+type NostrGatewayStart = NonNullable<
+  NonNullable<ChannelPlugin<ResolvedNostrAccount>["gateway"]>["startAccount"]
+>;
+type NostrOutboundAdapter = Pick<
+  ChannelOutboundAdapter,
+  "deliveryCapabilities" | "deliveryMode" | "textChunkLimit" | "sendText"
+> & {
+  sendText: NonNullable<ChannelOutboundAdapter["sendText"]>;
+};
+
+const activeBuses = new Map<string, NostrBusHandle>();
+const metricsSnapshots = new Map<string, MetricsSnapshot>();
+const ACCESS_GROUP_PREFIX = "accessGroup:";
+
+function parseNostrAccessGroupAllowFromEntry(entry: string): string | null {
+  const trimmed = entry.trim();
+  if (!trimmed.startsWith(ACCESS_GROUP_PREFIX)) {
+    return null;
+  }
+  const name = trimmed.slice(ACCESS_GROUP_PREFIX.length).trim();
+  return name || null;
+}
+
+function normalizeNostrAllowEntry(entry: string): string | null {
+  const trimmed = entry.trim();
+  if (!trimmed) {
+    return null;
+  }
+  if (trimmed === "*") {
+    return "*";
+  }
+  const accessGroup = parseNostrAccessGroupAllowFromEntry(trimmed);
+  if (accessGroup) {
+    return `accessGroup:${accessGroup}`;
+  }
+  try {
+    return normalizePubkey(trimmed.replace(/^nostr:/i, ""));
+  } catch {
+    return null;
+  }
+}
+
+function normalizeNostrSenderPubkey(value: string): string | null {
+  try {
+    return normalizePubkey(value);
+  } catch {
+    return null;
+  }
+}
+
+const nostrIngressIdentity = {
+  key: "nostr-pubkey",
+  normalizeEntry: normalizeNostrAllowEntry,
+  normalizeSubject: normalizeNostrSenderPubkey,
+  sensitivity: "pii",
+  entryIdPrefix: "nostr-entry",
+} satisfies StableChannelIngressIdentityParams;
+
+export const startNostrGatewayAccount: NostrGatewayStart = async (ctx) => {
+  const account = ctx.account;
+  ctx.setStatus({
+    accountId: account.accountId,
+    publicKey: account.publicKey,
+  });
+  ctx.log?.info?.(`[${account.accountId}] starting Nostr provider (pubkey: ${account.publicKey})`);
+
+  if (!account.configured) {
+    throw new Error("Nostr private key not configured");
+  }
+
+  const runtime = getNostrRuntime();
+  const pairing = createChannelPairingController({
+    core: runtime,
+    channel: "nostr",
+    accountId: account.accountId,
+  });
+  const resolveInboundAccess = async (senderPubkey: string, rawBody: string) =>
+    await resolveStableChannelMessageIngress({
+      channelId: "nostr",
+      accountId: account.accountId,
+      identity: nostrIngressIdentity,
+      cfg: ctx.cfg,
+      useDefaultPairingStore: true,
+      subject: { stableId: senderPubkey },
+      conversation: {
+        kind: "direct",
+        id: senderPubkey,
+      },
+      dmPolicy: account.config.dmPolicy ?? "pairing",
+      allowFrom: account.config.allowFrom,
+      command: runtime.channel.commands.shouldComputeCommandAuthorized(rawBody, ctx.cfg)
+        ? {
+            modeWhenAccessGroupsOff: "configured",
+          }
+        : undefined,
+    });
+
+  let busHandle: NostrBusHandle | null = null;
+
+  const authorizeSender = async (input: {
+    senderId: string;
+    reply: (text: string) => Promise<void>;
+  }): Promise<"allow" | "block" | "pairing"> => {
+    const resolved = await resolveInboundAccess(input.senderId, "");
+    if (resolved.senderAccess.decision === "allow") {
+      return "allow";
+    }
+    if (resolved.senderAccess.decision === "pairing") {
+      await pairing.issueChallenge({
+        senderId: input.senderId,
+        senderIdLine: `Your Nostr pubkey: ${input.senderId}`,
+        sendPairingReply: input.reply,
+        onCreated: () => {
+          ctx.log?.debug?.(`[${account.accountId}] nostr pairing request sender=${input.senderId}`);
+        },
+        onReplyError: (err) => {
+          ctx.log?.warn?.(
+            `[${account.accountId}] nostr pairing reply failed for ${input.senderId}: ${String(
+              err,
+            )}`,
+          );
+        },
+      });
+      return "pairing";
+    }
+    ctx.log?.debug?.(
+      `[${account.accountId}] blocked Nostr sender ${input.senderId} (${resolved.senderAccess.reasonCode})`,
+    );
+    return "block";
+  };
+
+  const bus = await startNostrBus({
+    accountId: account.accountId,
+    privateKey: account.privateKey,
+    relays: account.relays,
+    authorizeSender: async ({ senderPubkey, reply }) =>
+      await authorizeSender({ senderId: senderPubkey, reply }),
+    onMessage: async (senderPubkey, text, reply, meta) => {
+      const resolvedAccess = await resolveInboundAccess(senderPubkey, text);
+      if (resolvedAccess.senderAccess.decision !== "allow") {
+        ctx.log?.warn?.(
+          `[${account.accountId}] dropping Nostr DM after preflight drift (${senderPubkey}, ${resolvedAccess.senderAccess.reasonCode})`,
+        );
+        return;
+      }
+
+      const { dispatchInboundDirectDmWithRuntime } = await import("./inbound-direct-dm-runtime.js");
+      await dispatchInboundDirectDmWithRuntime({
+        cfg: ctx.cfg,
+        runtime,
+        channel: "nostr",
+        channelLabel: "Nostr",
+        accountId: account.accountId,
+        peer: {
+          kind: "direct",
+          id: senderPubkey,
+        },
+        senderId: senderPubkey,
+        senderAddress: `nostr:${senderPubkey}`,
+        recipientAddress: `nostr:${account.publicKey}`,
+        conversationLabel: senderPubkey,
+        rawBody: text,
+        messageId: meta.eventId,
+        timestamp: meta.createdAt * 1000,
+        commandAuthorized: resolvedAccess.commandAccess.requested
+          ? resolvedAccess.commandAccess.authorized
+          : undefined,
+        deliver: async (payload) => {
+          const outboundText =
+            payload && typeof payload === "object" && "text" in payload
+              ? ((payload as { text?: string }).text ?? "")
+              : "";
+          if (!outboundText.trim()) {
+            return;
+          }
+          const tableMode = runtime.channel.text.resolveMarkdownTableMode({
+            cfg: ctx.cfg,
+            channel: "nostr",
+            accountId: account.accountId,
+          });
+          await reply(runtime.channel.text.convertMarkdownTables(outboundText, tableMode));
+        },
+        onRecordError: (err) => {
+          ctx.log?.error?.(
+            `[${account.accountId}] failed recording Nostr inbound session: ${String(err)}`,
+          );
+        },
+        onDispatchError: (err, info) => {
+          ctx.log?.error?.(
+            `[${account.accountId}] Nostr ${info.kind} reply failed: ${String(err)}`,
+          );
+        },
+      });
+    },
+    onError: (error, context) => {
+      ctx.log?.error?.(`[${account.accountId}] Nostr error (${context}): ${error.message}`);
+    },
+    onConnect: (relay) => {
+      ctx.log?.debug?.(`[${account.accountId}] Connected to relay: ${relay}`);
+    },
+    onDisconnect: (relay) => {
+      ctx.log?.debug?.(`[${account.accountId}] Disconnected from relay: ${relay}`);
+    },
+    onEose: (relays) => {
+      ctx.log?.debug?.(`[${account.accountId}] EOSE received from relays: ${relays}`);
+    },
+    onMetric: (event: MetricEvent) => {
+      if (event.name.startsWith("event.rejected.")) {
+        ctx.log?.debug?.(
+          `[${account.accountId}] Metric: ${event.name} ${JSON.stringify(event.labels)}`,
+        );
+      } else if (event.name === "relay.circuit_breaker.open") {
+        ctx.log?.warn?.(
+          `[${account.accountId}] Circuit breaker opened for relay: ${event.labels?.relay}`,
+        );
+      } else if (event.name === "relay.circuit_breaker.close") {
+        ctx.log?.info?.(
+          `[${account.accountId}] Circuit breaker closed for relay: ${event.labels?.relay}`,
+        );
+      } else if (event.name === "relay.error") {
+        ctx.log?.debug?.(`[${account.accountId}] Relay error: ${event.labels?.relay}`);
+      }
+      if (busHandle) {
+        metricsSnapshots.set(account.accountId, busHandle.getMetrics());
+      }
+    },
+  });
+
+  busHandle = bus;
+  activeBuses.set(account.accountId, bus);
+
+  ctx.log?.info?.(
+    `[${account.accountId}] Nostr provider started, connected to ${account.relays.length} relay(s)`,
+  );
+
+  return {
+    stop: () => {
+      bus.close();
+      activeBuses.delete(account.accountId);
+      metricsSnapshots.delete(account.accountId);
+      ctx.log?.info?.(`[${account.accountId}] Nostr provider stopped`);
+    },
+  };
+};
+
+export const nostrPairingTextAdapter = {
+  idLabel: "nostrPubkey",
+  message: "Your pairing request has been approved!",
+  normalizeAllowEntry: (entry: string) => {
+    try {
+      return normalizePubkey(entry.trim().replace(/^nostr:/i, ""));
+    } catch {
+      return entry.trim();
+    }
+  },
+  notify: async ({
+    cfg,
+    id,
+    message,
+    accountId,
+  }: {
+    cfg: AutoBotConfig;
+    id: string;
+    message: string;
+    accountId?: string;
+  }) => {
+    const bus = activeBuses.get(accountId ?? resolveDefaultNostrAccountId(cfg));
+    if (bus) {
+      await bus.sendDm(id, message);
+    }
+  },
+};
+
+export const nostrOutboundAdapter: NostrOutboundAdapter = {
+  deliveryMode: "direct",
+  textChunkLimit: 4000,
+  deliveryCapabilities: {
+    durableFinal: {
+      text: true,
+      messageSendingHooks: true,
+    },
+  },
+  sendText: async ({ cfg, to, text, accountId }) => {
+    const core = getNostrRuntime();
+    const aid = accountId ?? resolveDefaultNostrAccountId(cfg);
+    const bus = activeBuses.get(aid);
+    if (!bus) {
+      throw new Error(`Nostr bus not running for account ${aid}`);
+    }
+    const tableMode = core.channel.text.resolveMarkdownTableMode({
+      cfg,
+      channel: "nostr",
+      accountId: aid,
+    });
+    const message = core.channel.text.convertMarkdownTables(text ?? "", tableMode);
+    const normalizedTo = normalizePubkey(to);
+    await bus.sendDm(normalizedTo, message);
+    return attachChannelToResult("nostr", {
+      to: normalizedTo,
+      messageId: `nostr-${Date.now()}`,
+    });
+  },
+};
+
+export function getActiveNostrBuses(): Map<string, NostrBusHandle> {
+  return new Map(activeBuses);
+}

package/src/inbound-direct-dm-runtime.ts

@@ -0,0 +1 @@
+export { dispatchInboundDirectDmWithRuntime } from "autobot/plugin-sdk/direct-dm";