@nostrify/nostrify 0.50.5 → 0.51.0

package/.turbo/turbo-build.log

@@ -1,32 +1,36 @@
-
-> @nostrify/nostrify@0.50.5 build /home/alex/Projects/nostrify/packages/nostrify
-> npx tsc -p tsconfig.json && node ../../esbuild.config.js --package ./
-
-npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm.
-npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm.
-Building with esbuild...
-
-  dist/NRelay1.js                       10.7kb
-  dist/NSchema.js                        8.2kb
-  dist/NPool.js                          6.0kb
-  dist/test/TestRelayServer.js           4.7kb
-  dist/NSet.js                           4.1kb
-  dist/NConnectSigner.js                 3.9kb
-  dist/NBrowserSigner.js                 3.9kb
-  dist/ln/LNURL.js                       3.3kb
-  dist/NIP98.js                          2.7kb
-  dist/uploaders/BlossomUploader.js      2.3kb
-  dist/uploaders/NostrBuildUploader.js   1.9kb
-  dist/test/MockRelay.js                 1.4kb
-  dist/BunkerURI.js                      1.4kb
-  dist/NKinds.js                         1.1kb
-  dist/utils/getFilterLimit.js           1.1kb
-  dist/NIP05.js                          1.1kb
-  dist/NSecSigner.js                     1.1kb
-  dist/utils/Machina.js                  925b 
-  dist/NCache.js                         828b 
-  dist/mod.js                            815b 
-  ...and 12 more output files...
-
-⚡ Done in 24ms
-Done!
+
+
+> @nostrify/nostrify@0.51.0 build /home/alex/Projects/nostrify/packages/nostrify
+> npx tsc -p tsconfig.json && node ../../esbuild.config.js --package ./
+
+npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm.
+npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm.
+⠙Building with esbuild...
+
+  dist/NRelay1.js                       12.8kb
+  dist/NSchema.js                        8.2kb
+  dist/NPool.js                          6.0kb
+  dist/test/TestRelayServer.js           4.7kb
+  dist/NSet.js                           4.1kb
+  dist/NConnectSigner.js                 3.9kb
+  dist/NBrowserSigner.js                 3.9kb
+  dist/ln/LNURL.js                       3.3kb
+  dist/NIP98.js                          2.7kb
+  dist/uploaders/BlossomUploader.js      2.3kb
+  dist/uploaders/NostrBuildUploader.js   1.9kb
+  dist/test/MockRelay.js                 1.4kb
+  dist/BunkerURI.js                      1.4kb
+  dist/NKinds.js                         1.1kb
+  dist/utils/getFilterLimit.js           1.1kb
+  dist/NIP05.js                          1.1kb
+  dist/NSecSigner.js                     1.1kb
+  dist/utils/Machina.js                  925b 
+  dist/NCache.js                         828b 
+  dist/mod.js                            815b 
+  dist/test/mod.js                       701b 
+  dist/NIP98Client.js                    664b 
+  dist/test/ErrorRelay.js                557b 
+  ...and 9 more output files...
+
+⚡ Done in 22ms
+Done!

package/.turbo/turbo-test.log

@@ -1,111 +1,130 @@
 
-> @nostrify/nostrify@0.50.4 test /home/alex/Projects/nostrify/packages/nostrify
+> @nostrify/nostrify@0.50.5 test /home/alex/Projects/nostrify/packages/nostrify
 > node --test "**/*.test.ts"
 
-✔ BunkerURI (4.746225ms)
-✔ BunkerURI.fromJSON (2.258631ms)
-✔ NBrowserSigner - without extension (408.083868ms)
-✔ NBrowserSigner - with extension polyfill (210.998188ms)
-✔ NBrowserSigner.nip44 - with extension polyfill (69.247265ms)
-✔ NBrowserSigner.nip04 - with extension polyfill (35.341396ms)
-✔ NBrowserSigner.getRelays - with extension polyfill (2.962389ms)
-✔ NBrowserSigner - missing nip44 support (1.052295ms)
-✔ NBrowserSigner - missing nip04 support (1.702803ms)
-✔ NBrowserSigner - feature detection (1.125042ms)
-✔ NBrowserSigner - extension appears after delay (303.472084ms)
-✔ NBrowserSigner - nip44 works when extension appears after delay (324.400107ms)
-✔ NCache (9.658392ms)
-✔ NConnectSigner.signEvent with nip04 encryption (391.774809ms)
-✔ NConnectSigner.signEvent with nip44 encryption (207.494929ms)
-✔ NIP05.lookup (133.058123ms)
-✔ NIP05.lookup with invalid values but valid profile pointer (14.302013ms)
-✔ NIP05.lookup with invalid document (23.813217ms)
-✔ NIP50.parseInput (8.291733ms)
-✔ NIP50.parseInput with negated token (3.697095ms)
-✔ NIP98.template (11.10432ms)
-✔ NIP98.template with payload (49.424727ms)
-✔ NIP98.verify (196.555049ms)
-✔ NIP98.verify fails with missing header (3.038283ms)
-✔ NIP98.verify fails with missing token (2.190563ms)
-✔ NIP98.verify fails with invalid token (2.09342ms)
-✔ NIP98.verify fails with invalid event (83.997252ms)
-✔ NIP98.verify fails with wrong event kind (41.704081ms)
-✔ NIP98.verify fails with wrong request URL (72.762617ms)
-✔ NIP98.verify fails with wrong request method (48.279566ms)
-✔ NIP98.verify fails with expired event (33.173366ms)
-✔ NIP98.verify fails with invalid payload (49.772463ms)
-✔ NIP98Client.fetch - basic GET request (194.533194ms)
-✔ NIP98Client.fetch - POST request with body (108.697493ms)
-✔ NIP98Client.fetch - with Request object input (38.584365ms)
-✔ NIP98Client.fetch - with URL object input (23.447316ms)
-✔ NIP98Client.fetch - uses default fetch when not provided (14.447727ms)
-✔ NIP98Client.fetch - preserves existing headers (11.962379ms)
-✔ NIP98Client.fetch - event can be verified with NIP98.verify (42.905196ms)
-✔ NIP98Client.fetch - handles different HTTP methods (125.16977ms)
-✔ NKinds (2.69246ms)
-✔ NPool.query (672.497853ms)
-✔ NPool.req (192.651524ms)
-✔ NPool.event (135.901938ms)
-✔ NPool.query with eoseTimeout (674.863957ms)
-✔ NPool.query with eoseTimeout disabled (538.297274ms)
-✔ NRelay1.query (489.184286ms)
-✔ NRelay1.query with NIP-50 search preserves relay order (116.873749ms)
-✔ NRelay1.query mismatched filter (61.927786ms)
-✔ NRelay1.req (181.155305ms)
-✔ NRelay1.event (39.385065ms)
-﹣ NRelay1 backoff (0.638474ms) # SKIP
+✔ BunkerURI (4.028694ms)
+✔ BunkerURI.fromJSON (1.194504ms)
+✔ NBrowserSigner - without extension (408.101823ms)
+✔ NBrowserSigner - with extension polyfill (177.58652ms)
+✔ NBrowserSigner.nip44 - with extension polyfill (53.432633ms)
+✔ NBrowserSigner.nip04 - with extension polyfill (31.318082ms)
+✔ NBrowserSigner.getRelays - with extension polyfill (3.337439ms)
+✔ NBrowserSigner - missing nip44 support (1.117529ms)
+✔ NBrowserSigner - missing nip04 support (1.643893ms)
+✔ NBrowserSigner - feature detection (1.047697ms)
+✔ NBrowserSigner - extension appears after delay (306.657599ms)
+✔ NBrowserSigner - nip44 works when extension appears after delay (336.700014ms)
+✔ NCache (32.945945ms)
+✔ NConnectSigner.signEvent with nip04 encryption (509.267873ms)
+✔ NConnectSigner.signEvent with nip44 encryption (111.33369ms)
+✔ NIP05.lookup (154.653466ms)
+✔ NIP05.lookup with invalid values but valid profile pointer (12.873408ms)
+✔ NIP05.lookup with invalid document (16.375048ms)
+✔ NIP50.parseInput (12.96974ms)
+✔ NIP50.parseInput with negated token (0.650367ms)
+✔ NIP98.template (17.834683ms)
+✔ NIP98.template with payload (52.701182ms)
+✔ NIP98.verify (228.10839ms)
+✔ NIP98.verify fails with missing header (6.332332ms)
+✔ NIP98.verify fails with missing token (2.281917ms)
+✔ NIP98.verify fails with invalid token (2.654441ms)
+✔ NIP98.verify fails with invalid event (31.769946ms)
+✔ NIP98.verify fails with wrong event kind (76.829174ms)
+✔ NIP98.verify fails with wrong request URL (28.079039ms)
+✔ NIP98.verify fails with wrong request method (26.629332ms)
+✔ NIP98.verify fails with expired event (23.384448ms)
+✔ NIP98.verify fails with invalid payload (43.967678ms)
+✔ NIP98Client.fetch - basic GET request (355.876029ms)
+✔ NIP98Client.fetch - POST request with body (162.747693ms)
+✔ NIP98Client.fetch - with Request object input (78.965075ms)
+✔ NIP98Client.fetch - with URL object input (46.142403ms)
+✔ NIP98Client.fetch - uses default fetch when not provided (56.968837ms)
+✔ NIP98Client.fetch - preserves existing headers (38.948264ms)
+✔ NIP98Client.fetch - event can be verified with NIP98.verify (44.201489ms)
+✔ NIP98Client.fetch - handles different HTTP methods (150.07877ms)
+✔ NKinds (2.788644ms)
+✔ NPool.query (692.063225ms)
+✔ NPool.req (214.981082ms)
+✔ NPool.event (126.440494ms)
+✔ NPool.query with eoseTimeout (659.85331ms)
+✔ NPool.query with eoseTimeout disabled (565.131734ms)
+✔ NRelay1.query (485.876171ms)
+✔ NRelay1.query with NIP-50 search preserves relay order (120.209463ms)
+✔ NRelay1.query mismatched filter (63.99025ms)
+✔ NRelay1.req (191.837028ms)
+✔ NRelay1.event sends while connection is open (41.721819ms)
+✔ NRelay1.event sends before connection is open (63.494985ms)
+✔ NRelay1.event throws when OK is false (29.705869ms)
+✔ NRelay1.event sends after reconnect from CLOSING state (88.273164ms)
+﹣ NRelay1 backoff (0.48232ms) # SKIP
 ▶ NRelay1 idleTimeout
-  ✔ websocket opens (7.858275ms)
-  ✔ websocket closes after idleTimeout (151.842041ms)
-  ✔ websocket wakes up during activity (30.190448ms)
-✔ NRelay1 idleTimeout (198.365795ms)
-✔ NRelay1.count rejects when the server sends CLOSED (35.144825ms)
-✔ NRelay1 closes when it receives a binary message (41.616786ms)
-✔ n.id (9.547513ms)
-✔ n.bech32 (4.65879ms)
-✔ n.filter (131.436935ms)
-✔ n.event (70.944096ms)
-✔ n.metadata (97.979282ms)
-✔ NSecSigner (291.691919ms)
-✔ NSecSigner.nip44 (80.607728ms)
-✔ NSet (40.639953ms)
-✔ NSet.add (replaceable) (0.621333ms)
-✔ NSet.add (parameterized) (0.741169ms)
-✔ NSet.add (deletion) (0.904847ms)
-✔ Construct a RelayError from the reason message (4.510339ms)
-✔ Throw a new RelayError if the OK message is false (0.66793ms)
-✔ LNURL.fromString (9.361371ms)
-✔ LNURL.fromLightningAddress (2.017806ms)
-✔ LNURL.toString (0.99139ms)
-✔ LNURL.getDetails (132.517443ms)
-✔ LNURL.getInvoice (13.935902ms)
-✔ ErrorRelay (211.320757ms)
-✔ MockRelay (5.595707ms)
-✔ BlossomUploader.upload (850.402405ms)
-✖ NostrBuildUploader.upload (29.655028ms)
-✔ CircularSet (3.028483ms)
-✔ push, iterate, & close (105.244549ms)
-✔ close & reopen (0.783748ms)
-✔ aborts with signal (53.551362ms)
-✔ already aborted signal in constructor (3.530691ms)
-✔ push after abort (1.118661ms)
-✔ multiple messages in queue (3.467462ms)
-✔ N64 (21.22806ms)
-✔ N64.encodeEvent (0.471119ms)
-✔ N64.decodeEvent (10.169586ms)
-ℹ tests 90
+  ✔ websocket opens (6.360034ms)
+  ✔ websocket closes after idleTimeout (149.970737ms)
+  ✔ websocket wakes up during activity (27.214357ms)
+✔ NRelay1 idleTimeout (191.021158ms)
+✔ NRelay1.count rejects when the server sends CLOSED (20.042641ms)
+✔ NRelay1 closes when it receives a binary message (17.620458ms)
+✔ NRelay1 NIP-42 auth-required REQ retry (118.486511ms)
+✔ NRelay1 NIP-42 auth-required EVENT retry (62.036903ms)
+✔ NRelay1 NIP-42 auth-required does not retry without auth callback (18.852174ms)
+✔ NRelay1 NIP-42 auth-required does not retry infinitely (68.63132ms)
+✔ n.id (24.32918ms)
+✔ n.bech32 (7.411329ms)
+✔ n.filter (135.407499ms)
+✔ n.event (90.556593ms)
+✔ n.metadata (164.43043ms)
+✔ NSecSigner (371.990996ms)
+✔ NSecSigner.nip44 (105.236803ms)
+✔ NSet (49.973754ms)
+✔ NSet.add (replaceable) (0.581187ms)
+✔ NSet.add (parameterized) (5.114544ms)
+✔ NSet.add (deletion) (0.606013ms)
+✔ Construct a RelayError from the reason message (2.640955ms)
+✔ Throw a new RelayError if the OK message is false (0.810269ms)
+✔ LNURL.fromString (13.598537ms)
+✔ LNURL.fromLightningAddress (2.106787ms)
+✔ LNURL.toString (0.99578ms)
+✔ LNURL.getDetails (113.054838ms)
+✔ LNURL.getInvoice (40.071474ms)
+✔ ErrorRelay (216.352701ms)
+✔ MockRelay (5.899475ms)
+✔ BlossomUploader.upload (1023.233031ms)
+✖ NostrBuildUploader.upload (35.675948ms)
+✔ CircularSet (3.09927ms)
+✔ push, iterate, & close (107.709499ms)
+✔ close & reopen (0.89543ms)
+✔ aborts with signal (55.223022ms)
+✔ already aborted signal in constructor (0.925958ms)
+✔ push after abort (3.545873ms)
+✔ multiple messages in queue (0.634127ms)
+✔ N64 (20.852057ms)
+✔ N64.encodeEvent (0.470058ms)
+✔ N64.decodeEvent (13.615198ms)
+✔ getFilterLimit returns Infinity for single replaceable kind + single author (2.743969ms)
+✔ getFilterLimit returns Infinity for single addressable kind + single author + single #d (0.812543ms)
+✔ getFilterLimit allows since/until on coordinate filters (0.598139ms)
+✔ getFilterLimit respects explicit limit on coordinate filters (0.530141ms)
+✔ getFilterLimit enforces limit for multiple authors with replaceable kind (0.868239ms)
+✔ getFilterLimit enforces limit for multiple kinds with replaceable kinds (0.580065ms)
+✔ getFilterLimit returns Infinity for addressable kind without #d (not a coordinate filter, but nostr-tools also returns Infinity) (0.439419ms)
+✔ getFilterLimit enforces limit for addressable kind with multiple #d values (0.465198ms)
+✔ getFilterLimit enforces limit when extra filter properties are present (2.643249ms)
+✔ getFilterLimit returns 0 for empty arrays (0.566329ms)
+✔ getFilterLimit works normally for regular kinds (0.710531ms)
+✔ getFilterLimit works normally for ids filter (0.295778ms)
+ℹ tests 109
 ℹ suites 0
-ℹ pass 88
+ℹ pass 107
 ℹ fail 1
 ℹ cancelled 0
 ℹ skipped 1
 ℹ todo 0
-ℹ duration_ms 4116.611574
+ℹ duration_ms 4739.688853
 
 ✖ failing tests:
 
 test at uploaders/NostrBuildUploader.test.ts:12:7
-✖ NostrBuildUploader.upload (29.655028ms)
+✖ NostrBuildUploader.upload (35.675948ms)
   Error: nostr.build with default uploader requires a secret key to be configured
       at TestContext.<anonymous> (file:///home/alex/Projects/nostrify/packages/nostrify/uploaders/NostrBuildUploader.test.ts:25:13)
       at process.processTicksAndRejections (node:internal/process/task_queues:103:5)

package/.turbo/turbo-typecheck.log

@@ -1,6 +1,8 @@
-
-> @nostrify/nostrify@0.50.5 typecheck /home/alex/Projects/nostrify/packages/nostrify
-> npx tsc --noEmit
-
-npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm.
-npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm.
+
+
+> @nostrify/nostrify@0.51.0 typecheck /home/alex/Projects/nostrify/packages/nostrify
+> npx tsc --noEmit
+
+npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm.
+npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm.
+⠙

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 0.51.0
+
+### Minor Changes
+
+- a9dc610: NRelay1: automatically retry REQ and EVENT after NIP-42 AUTH
+
+  When a relay responds with `auth-required:` in a CLOSED or OK message, NRelay1 now waits for the AUTH flow to complete and re-sends the original request. This implements the full NIP-42 client-side protocol flow. Retries are limited to one attempt per subscription/event to prevent infinite loops.
+
 ## 0.50.5
 
 ### Patch Changes

package/NRelay1.test.ts

@@ -1,5 +1,5 @@
 import { it, test } from "node:test";
-import type { NostrEvent } from "@nostrify/types";
+import type { NostrClientMsg, NostrEvent } from "@nostrify/types";
 import { deepStrictEqual, ok, rejects } from "node:assert";
 import { finalizeEvent, generateSecretKey } from "nostr-tools";
 import { ExponentialBackoff, WebsocketEvent } from "websocket-ts";
@@ -304,3 +304,150 @@ await test("NRelay1 closes when it receives a binary message", async () => {
 
   await rejects(() => relay.query([{ kinds: [1] }]));
 });
+
+await test("NRelay1 NIP-42 auth-required REQ retry", async () => {
+  const sk = generateSecretKey();
+  const testEvent = genEvent({ kind: 4, content: "secret DM" }, sk);
+
+  let reqCount = 0;
+
+  await using server = await TestRelayServer.create({
+    handleMessage(socket, msg: NostrClientMsg) {
+      if (msg[0] === "REQ") {
+        const [, subId] = msg;
+        reqCount++;
+        if (reqCount === 1) {
+          // First REQ: send AUTH challenge, then reject with auth-required
+          socket.send(JSON.stringify(["AUTH", "challenge123"]));
+          socket.send(JSON.stringify(["CLOSED", subId, "auth-required: authentication required"]));
+        } else {
+          // Second REQ (after auth): serve the events
+          socket.send(JSON.stringify(["EVENT", subId, testEvent]));
+          socket.send(JSON.stringify(["EOSE", subId]));
+        }
+      }
+      if (msg[0] === "AUTH") {
+        // Accept the AUTH event
+        socket.send(JSON.stringify(["OK", msg[1].id, true, ""]));
+      }
+    },
+  });
+
+  await using relay = new NRelay1(server.url, {
+    auth: async (challenge) => {
+      return genEvent({
+        kind: 22242,
+        tags: [["relay", server.url], ["challenge", challenge]],
+      }, sk);
+    },
+  });
+
+  const result = await relay.query([{ kinds: [4] }]);
+
+  deepStrictEqual(result.length, 1);
+  deepStrictEqual(result[0].id, testEvent.id);
+  deepStrictEqual(reqCount, 2);
+});
+
+await test("NRelay1 NIP-42 auth-required EVENT retry", async () => {
+  const sk = generateSecretKey();
+  const eventToPublish: NostrEvent = finalizeEvent({
+    kind: 1,
+    content: "Hello from authenticated user",
+    tags: [],
+    created_at: Math.floor(Date.now() / 1000),
+  }, sk);
+
+  let eventCount = 0;
+
+  await using server = await TestRelayServer.create({
+    handleMessage(socket, msg: NostrClientMsg) {
+      if (msg[0] === "EVENT") {
+        eventCount++;
+        if (eventCount === 1) {
+          // First EVENT: send AUTH challenge, then reject with auth-required
+          socket.send(JSON.stringify(["AUTH", "challenge456"]));
+          socket.send(JSON.stringify(["OK", msg[1].id, false, "auth-required: authentication required"]));
+        } else {
+          // Second EVENT (after auth): accept
+          socket.send(JSON.stringify(["OK", msg[1].id, true, ""]));
+        }
+      }
+      if (msg[0] === "AUTH") {
+        // Accept the AUTH event
+        socket.send(JSON.stringify(["OK", msg[1].id, true, ""]));
+      }
+    },
+  });
+
+  await using relay = new NRelay1(server.url, {
+    auth: async (challenge) => {
+      return genEvent({
+        kind: 22242,
+        tags: [["relay", server.url], ["challenge", challenge]],
+      }, sk);
+    },
+  });
+
+  // Should succeed after automatic auth + retry
+  await relay.event(eventToPublish);
+  deepStrictEqual(eventCount, 2);
+});
+
+await test("NRelay1 NIP-42 auth-required does not retry without auth callback", async () => {
+  let reqCount = 0;
+
+  await using server = await TestRelayServer.create({
+    handleMessage(socket, msg: NostrClientMsg) {
+      if (msg[0] === "REQ") {
+        reqCount++;
+        const [, subId] = msg;
+        socket.send(JSON.stringify(["CLOSED", subId, "auth-required: authentication required"]));
+      }
+    },
+  });
+
+  // No auth callback provided — CLOSED should pass through without retry
+  await using relay = new NRelay1(server.url);
+
+  const result = await relay.query([{ kinds: [4] }]);
+  deepStrictEqual(result, []);
+  deepStrictEqual(reqCount, 1);
+});
+
+await test("NRelay1 NIP-42 auth-required does not retry infinitely", async () => {
+  const sk = generateSecretKey();
+  let reqCount = 0;
+
+  await using server = await TestRelayServer.create({
+    handleMessage(socket, msg: NostrClientMsg) {
+      if (msg[0] === "REQ") {
+        const [, subId] = msg;
+        reqCount++;
+        // Send AUTH challenge on first REQ only
+        if (reqCount === 1) {
+          socket.send(JSON.stringify(["AUTH", "challenge789"]));
+        }
+        // Always reject with auth-required, even after auth
+        socket.send(JSON.stringify(["CLOSED", subId, "auth-required: still not allowed"]));
+      }
+      if (msg[0] === "AUTH") {
+        socket.send(JSON.stringify(["OK", msg[1].id, true, ""]));
+      }
+    },
+  });
+
+  await using relay = new NRelay1(server.url, {
+    auth: async (challenge) => {
+      return genEvent({
+        kind: 22242,
+        tags: [["relay", server.url], ["challenge", challenge]],
+      }, sk);
+    },
+  });
+
+  // Should stop after one retry (reqCount=2), not loop forever
+  const result = await relay.query([{ kinds: [4] }]);
+  deepStrictEqual(result, []);
+  deepStrictEqual(reqCount, 2);
+});

package/NRelay1.ts

@@ -65,6 +65,15 @@ export class NRelay1 implements NRelay {
   private opts: NRelay1Opts;
   private relayInfoPromise?: Promise<NostrRelayInfo | undefined>;
 
+  /** Promise that resolves when the current AUTH flow completes. */
+  private authPromise?: Promise<void>;
+  /** Set of subscription IDs that have already been retried after auth, to prevent infinite loops. */
+  private authRetriedSubs = new Set<string>();
+  /** Set of event IDs that have already been retried after auth, to prevent infinite loops. */
+  private authRetriedEvents = new Set<string>();
+  /** Pending events waiting for AUTH, keyed by event ID. */
+  private pendingEvents = new Map<string, NostrEvent>();
+
   private ee = new EventTarget();
 
   get subscriptions(): readonly NostrClientREQ[] {
@@ -241,7 +250,12 @@ export class NRelay1 implements NRelay {
         );
         break;
       case 'CLOSED':
+        if (auth && msg[2].startsWith('auth-required:') && !this.authRetriedSubs.has(msg[1])) {
+          this.retrySubAfterAuth(msg[1]);
+          break;
+        }
         this.subs.delete(msg[1]);
+        this.authRetriedSubs.delete(msg[1]);
         this.maybeStartIdleTimer();
         this.ee.dispatchEvent(
           new CustomEvent(`sub:${msg[1]}`, { detail: msg }),
@@ -251,6 +265,12 @@ export class NRelay1 implements NRelay {
         );
         break;
       case 'OK':
+        if (auth && !msg[2] && msg[3].startsWith('auth-required:') && !this.authRetriedEvents.has(msg[1])) {
+          this.retryEventAfterAuth(msg[1]);
+          break;
+        }
+        this.pendingEvents.delete(msg[1]);
+        this.authRetriedEvents.delete(msg[1]);
         this.ee.dispatchEvent(new CustomEvent(`ok:${msg[1]}`, { detail: msg }));
         break;
       case 'NOTICE':
@@ -262,9 +282,62 @@ export class NRelay1 implements NRelay {
         );
         break;
       case 'AUTH':
-        auth?.(msg[1]).then((event) => this.send(['AUTH', event])).catch(
-          () => {},
-        );
+        if (auth) {
+          this.authPromise = this.doAuth(auth, msg[1]);
+        }
+    }
+  }
+
+  /** Perform NIP-42 authentication and wait for the relay's OK response. */
+  private async doAuth(auth: (challenge: string) => Promise<NostrEvent>, challenge: string): Promise<void> {
+    try {
+      const event = await auth(challenge);
+      const result = this.once(`ok:${event.id}`);
+      this.send(['AUTH', event]);
+      const [, , ok] = await result;
+      if (!ok) {
+        this.log({ level: 'warn', ns: 'relay.auth', message: 'AUTH failed' });
+      }
+    } catch {
+      // AUTH failed, nothing to do
+    }
+  }
+
+  /** Re-send a subscription after AUTH completes. */
+  private async retrySubAfterAuth(subscriptionId: string): Promise<void> {
+    const req = this.subs.get(subscriptionId);
+    if (!req) return;
+
+    this.authRetriedSubs.add(subscriptionId);
+
+    try {
+      await this.authPromise;
+    } catch {
+      // AUTH failed — fall through to let the CLOSED propagate
+    }
+
+    // Re-send the original REQ if the subscription is still active.
+    if (this.subs.has(subscriptionId)) {
+      this.send(req);
+    }
+  }
+
+  /** Re-send an event after AUTH completes. */
+  private async retryEventAfterAuth(eventId: string): Promise<void> {
+    const event = this.pendingEvents.get(eventId);
+    if (!event) return;
+
+    this.authRetriedEvents.add(eventId);
+
+    try {
+      await this.authPromise;
+    } catch {
+      // AUTH failed — fall through to let the failed OK propagate
+    }
+
+    // Re-send the event if it's still pending.
+    if (this.pendingEvents.has(eventId)) {
+      this.send(['EVENT', event]);
     }
   }
 
@@ -282,6 +355,8 @@ export class NRelay1 implements NRelay {
         this.maybeStartIdleTimer();
         break;
       case 'EVENT':
+        this.pendingEvents.set(msg[1].id, msg[1]);
+        return this.socket.send(JSON.stringify(msg));
       case 'COUNT':
         return this.socket.send(JSON.stringify(msg));
     }

package/dist/NRelay1.d.ts

@@ -33,6 +33,14 @@ export declare class NRelay1 implements NRelay {
     private url;
     private opts;
     private relayInfoPromise?;
+    /** Promise that resolves when the current AUTH flow completes. */
+    private authPromise?;
+    /** Set of subscription IDs that have already been retried after auth, to prevent infinite loops. */
+    private authRetriedSubs;
+    /** Set of event IDs that have already been retried after auth, to prevent infinite loops. */
+    private authRetriedEvents;
+    /** Pending events waiting for AUTH, keyed by event ID. */
+    private pendingEvents;
     private ee;
     get subscriptions(): readonly NostrClientREQ[];
     private log;
@@ -47,6 +55,12 @@ export declare class NRelay1 implements NRelay {
     private createSocket;
     /** Handle a NIP-01 relay message. */
     protected receive(msg: NostrRelayMsg): void;
+    /** Perform NIP-42 authentication and wait for the relay's OK response. */
+    private doAuth;
+    /** Re-send a subscription after AUTH completes. */
+    private retrySubAfterAuth;
+    /** Re-send an event after AUTH completes. */
+    private retryEventAfterAuth;
     /** Send a NIP-01 client message to the relay. */
     protected send(msg: NostrClientMsg): void;
     req(filters: NostrFilter[], opts?: {

package/dist/NRelay1.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NRelay1.d.ts","sourceRoot":"","sources":["../NRelay1.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EACd,UAAU,EACV,WAAW,EACX,gBAAgB,EAEhB,cAAc,EACd,eAAe,EACf,aAAa,EAGb,cAAc,EACd,MAAM,EACP,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAkC,SAAS,EAAoC,MAAM,cAAc,CAAC;AAC3G,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAc1C,2DAA2D;AAC7D,MAAM,WAAW,WAAW;IAC1B,6EAA6E;IAC7E,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9C,8GAA8G;IAC9G,OAAO,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IAC1B,8JAA8J;IAC9J,WAAW,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAC7B,wFAAwF;IACxF,WAAW,CAAC,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC;IACzC,uBAAuB;IACvB,GAAG,CAAC,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAAC;IAC5B,kGAAkG;IAClG,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,CAAC;IAC5E,EAAE,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,GAAG;QAAE,MAAM,IAAI,SAAS,CAAA;KAAE,GAAG,KAAK,CAAC;CACtE;AAED,8CAA8C;AAC9C,qBAAa,OAAQ,YAAW,MAAM;IACpC,MAAM,EAAE,SAAS,CAAC;IAElB,OAAO,CAAC,IAAI,CAAqC;IACjD,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAgC;IAClD,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,gBAAgB,CAAC,CAAsC;IAE/D,OAAO,CAAC,EAAE,CAAqB;IAE/B,IAAI,aAAa,IAAI,SAAS,cAAc,EAAE,CAE7C;IAED,OAAO,CAAC,GAAG;gBAIC,GAAG,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB;IAO/C,mDAAmD;YACrC,cAAc;IAsD5B,8FAA8F;IACxF,YAAY,CAAC,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAOxF,yEAAyE;IACzE,OAAO,CAAC,YAAY;IA8EpB,qCAAqC;IACrC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,GAAG,IAAI;IA2C3C,iDAAiD;IACjD,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI;IAsBlC,GAAG,CACR,OAAO,EAAE,WAAW,EAAE,EACtB,IAAI,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAClC,cAAc,CAAC,eAAe,GAAG,cAAc,GAAG,gBAAgB,CAAC;IA0BhE,KAAK,CACT,OAAO,EAAE,WAAW,EAAE,EACtB,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAC9B,OAAO,CAAC,UAAU,EAAE,CAAC;IA4BlB,KAAK,CACT,KAAK,EAAE,UAAU,EACjB,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAC9B,OAAO,CAAC,IAAI,CAAC;IAiBV,KAAK,CACT,OAAO,EAAE,WAAW,EAAE,EACtB,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAC9B,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAyBpD,iCAAiC;YAClB,EAAE;IAsBjB,kCAAkC;YACpB,IAAI;IAUlB,SAAS,CAAC,UAAU,IAAI,YAAY;IAIpC,yCAAyC;IACzC,OAAO,CAAC,mBAAmB;IA6B3B,2BAA2B;IAC3B,OAAO,CAAC,aAAa;IAMrB,0EAA0E;IAC1E,OAAO,CAAC,IAAI;IAaZ;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAetB,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7C;AAED,iEAAiE;AACjE,KAAK,SAAS,GACV;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAAA;CAAE,GACxC,SAAS,EAAE,GACX,MAAM,GACN,MAAM,GACN,OAAO,GACP,IAAI,CAAC"}
+{"version":3,"file":"NRelay1.d.ts","sourceRoot":"","sources":["../NRelay1.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EACd,UAAU,EACV,WAAW,EACX,gBAAgB,EAEhB,cAAc,EACd,eAAe,EACf,aAAa,EAGb,cAAc,EACd,MAAM,EACP,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAAkC,SAAS,EAAoC,MAAM,cAAc,CAAC;AAC3G,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAc1C,2DAA2D;AAC7D,MAAM,WAAW,WAAW;IAC1B,6EAA6E;IAC7E,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9C,8GAA8G;IAC9G,OAAO,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IAC1B,8JAA8J;IAC9J,WAAW,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAC7B,wFAAwF;IACxF,WAAW,CAAC,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC;IACzC,uBAAuB;IACvB,GAAG,CAAC,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAAC;IAC5B,kGAAkG;IAClG,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,CAAC;IAC5E,EAAE,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,GAAG;QAAE,MAAM,IAAI,SAAS,CAAA;KAAE,GAAG,KAAK,CAAC;CACtE;AAED,8CAA8C;AAC9C,qBAAa,OAAQ,YAAW,MAAM;IACpC,MAAM,EAAE,SAAS,CAAC;IAElB,OAAO,CAAC,IAAI,CAAqC;IACjD,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,SAAS,CAAC,CAAgC;IAClD,OAAO,CAAC,UAAU,CAAyB;IAC3C,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,gBAAgB,CAAC,CAAsC;IAE/D,kEAAkE;IAClE,OAAO,CAAC,WAAW,CAAC,CAAgB;IACpC,oGAAoG;IACpG,OAAO,CAAC,eAAe,CAAqB;IAC5C,6FAA6F;IAC7F,OAAO,CAAC,iBAAiB,CAAqB;IAC9C,0DAA0D;IAC1D,OAAO,CAAC,aAAa,CAAiC;IAEtD,OAAO,CAAC,EAAE,CAAqB;IAE/B,IAAI,aAAa,IAAI,SAAS,cAAc,EAAE,CAE7C;IAED,OAAO,CAAC,GAAG;gBAIC,GAAG,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB;IAO/C,mDAAmD;YACrC,cAAc;IAsD5B,8FAA8F;IACxF,YAAY,CAAC,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAOxF,yEAAyE;IACzE,OAAO,CAAC,YAAY;IA8EpB,qCAAqC;IACrC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,GAAG,IAAI;IAsD3C,0EAA0E;YAC5D,MAAM;IAcpB,mDAAmD;YACrC,iBAAiB;IAkB/B,6CAA6C;YAC/B,mBAAmB;IAkBjC,iDAAiD;IACjD,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI;IAwBlC,GAAG,CACR,OAAO,EAAE,WAAW,EAAE,EACtB,IAAI,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAClC,cAAc,CAAC,eAAe,GAAG,cAAc,GAAG,gBAAgB,CAAC;IA0BhE,KAAK,CACT,OAAO,EAAE,WAAW,EAAE,EACtB,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAC9B,OAAO,CAAC,UAAU,EAAE,CAAC;IA4BlB,KAAK,CACT,KAAK,EAAE,UAAU,EACjB,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAC9B,OAAO,CAAC,IAAI,CAAC;IAiBV,KAAK,CACT,OAAO,EAAE,WAAW,EAAE,EACtB,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAE,GAC9B,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAyBpD,iCAAiC;YAClB,EAAE;IAsBjB,kCAAkC;YACpB,IAAI;IAUlB,SAAS,CAAC,UAAU,IAAI,YAAY;IAIpC,yCAAyC;IACzC,OAAO,CAAC,mBAAmB;IA6B3B,2BAA2B;IAC3B,OAAO,CAAC,aAAa;IAMrB,0EAA0E;IAC1E,OAAO,CAAC,IAAI;IAaZ;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAetB,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7C;AAED,iEAAiE;AACjE,KAAK,SAAS,GACV;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAAA;CAAE,GACxC,SAAS,EAAE,GACX,MAAM,GACN,MAAM,GACN,OAAO,GACP,IAAI,CAAC"}