@nostrify/policies 0.36.6 → 0.36.8

package/.turbo/turbo-build.log

@@ -1,28 +1,19 @@
-
-> @nostrify/policies@0.36.5 build /home/sid/repos/nostrify/packages/policies
-> tsc -p tsconfig.json && node ../../esbuild.config.js --package ./
-
-
-  dist/DomainPolicy.js           2.1kb
-  dist/ReplyBotPolicy.js         1.4kb
-  dist/mod.js                    1.3kb
-  dist/AntiDuplicationPolicy.js  1.2kb
-  dist/WoTPolicy.js              1.0kb
-  dist/OpenAIPolicy.js           985b 
-  dist/PowPolicy.js              667b 
-  dist/AuthorPolicy.js           640b 
-  dist/HellthreadPolicy.js       494b 
-  dist/WhitelistPolicy.js        490b 
-  dist/SizePolicy.js             453b 
-  dist/HashtagPolicy.js          425b 
-  dist/AnyPolicy.js              412b 
-  dist/KeywordPolicy.js          411b 
-  dist/FiltersPolicy.js          410b 
-  dist/InvertPolicy.js           385b 
-  dist/PipePolicy.js             383b 
-  dist/PubkeyBanPolicy.js        367b 
-  dist/RegexPolicy.js            332b 
-  dist/ReadOnlyPolicy.js         187b 
-  ...and 1 more output file...
-
-⚡ Done in 51ms
+
+
+> @nostrify/policies@0.36.7 build /home/sid/repos/nostrify/packages/policies
+> npx tsc -p tsconfig.json && node ../../esbuild.config.js --package ./
+
+npm warn Unknown env config "verify-deps-before-run". This will stop working in the next major version of npm.
+npm warn Unknown env config "_jsr-registry". This will stop working in the next major version of npm.
+⠙⠙Building with esbuild...
+
+  dist/DomainPolicy.js           2.1kb
+  dist/ReplyBotPolicy.js         1.4kb
+  dist/mod.js                    1.3kb
+  dist/AntiDuplicationPolicy.js  1.2kb
+  dist/WoTPolicy.js              1.0kb
+  ...and 16 more output files...
+
+⚡ Done in 22ms
+Copying source files...
+Done!

package/.turbo/turbo-test.log

@@ -1,4 +1,53 @@
-
-> @nostrify/policies@0.36.5 test /home/sid/repos/nostrify/packages/policies
-> node --test "**/*.test.ts"
-
+
+
+> @nostrify/policies@0.36.6 test /home/sid/repos/nostrify/packages/policies
+> node --test --test-concurrency=1 "**/*.test.ts"
+
+✔ AntiDuplicationPolicy (319.690432ms)
+✔ AntiDuplicationPolicy with deobfuscate (44.807015ms)
+✔ accepts when all policies accept (64.674178ms)
+✔ accepts when some policies reject (8.399958ms)
+✔ rejects when all policies reject (5.373917ms)
+✔ AuthorPolicy (48.081135ms)
+✔ DomainPolicy allows events from authors with a valid nip05 (46.436288ms)
+✔ DomainPolicy rejects events from authors without a kind 0 (4.13101ms)
+✔ DomainPolicy rejects events from authors with a missing nip05 (9.361192ms)
+✔ DomainPolicy rejects events from authors with a malformed nip05 (11.704458ms)
+✔ DomainPolicy rejects events from authors with an invalid nip05 (9.725418ms)
+✔ DomainPolicy rejects events from authors with a blacklisted nip05 domain (12.135733ms)
+✔ DomainPolicy rejects events from authors who aren't on a whitelisted domain (8.181353ms)
+✔ DomainPolicy allows events from authors who are on a whitelisted domain (9.511213ms)
+✔ DomainPolicy rejects events from authors with a subdomain of a blacklisted domain (8.78339ms)
+✔ DomainPolicy rejects events from authors with a deeply nested subdomain of a blacklisted domain (8.255036ms)
+✔ DomainPolicy allows events from authors with similar but not subdomain of blacklisted domain (8.391158ms)
+✔ FiltersPolicy (47.201126ms)
+✔ HashtagPolicy (57.834978ms)
+✔ HellthreadPolicy (47.231857ms)
+✔ InvertPolicy (39.831057ms)
+✔ KeywordPolicy (52.182532ms)
+✔ NoOpPolicy (38.95077ms)
+✔ rejects flagged events (95.404554ms)
+✔ accepts unflagged events (58.128733ms)
+✔ passes events through multiple policies (38.444137ms)
+✔ short-circuits on the first reject (5.71684ms)
+✔ accepts when all policies accept (4.445368ms)
+✔ blocks events without a nonce (37.656948ms)
+✔ accepts event with sufficient POW (0.213227ms)
+✔ PubkeyBanPolicy (52.882068ms)
+✔ ReadOnlyPolicy (37.273237ms)
+✔ RegexPolicy (42.23802ms)
+✔ ReplyBotPolicy blocks replies within the same second (44.754564ms)
+✔ ReplyBotPolicy allows replies after 1 second (9.42384ms)
+✔ ReplyBotPolicy allows replies within the same second from users who are tagged (11.768783ms)
+✔ SizePolicy (47.893399ms)
+✔ WhitelistPolicy (48.551241ms)
+✔ WoTPolicy (74.334084ms)
+✔ WoTPolicy constructor with error store (0.898097ms)
+ℹ tests 40
+ℹ suites 0
+ℹ pass 40
+ℹ fail 0
+ℹ cancelled 0
+ℹ skipped 0
+ℹ todo 0
+ℹ duration_ms 5386.054741

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.36.8
+
+### Patch Changes
+
+- distribute ts files
+- Updated dependencies
+  - @nostrify/nostrify@0.46.10
+  - @nostrify/types@0.36.6
+
+## 0.36.7
+
+### Patch Changes
+
+- tests should pass now
+- Updated dependencies
+  - @nostrify/nostrify@0.46.9
+  - @nostrify/types@0.36.5
+
 ## 0.36.6
 
 ### Patch Changes

package/dist/AntiDuplicationPolicy.ts

@@ -0,0 +1,82 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+import type { Kv, KvKey } from '@deno/kv';
+
+/** Policy options for `AntiDuplicationPolicy`. */
+interface AntiDuplicationPolicyOpts {
+  /** Deno.Kv implementation to use. */
+  kv: Pick<Kv, 'get' | 'set'>;
+  /** Time in ms until a message with this content may be posted again. Default: `60000` (1 minute). */
+  expireIn?: number;
+  /** Note text under this limit will be skipped by the policy. Default: `50`. */
+  minLength?: number;
+  /** Normalize the event's content before a hash is taken, to prevent the attacker from making small changes. Should return the normalized content. */
+  deobfuscate?(event: NostrEvent): string;
+}
+
+/**
+ * Prevent messages with the exact same content from being submitted repeatedly.
+ *
+ * It stores a hashcode for each content in a Deno.Kv database and rate-limits them. Only messages that meet the minimum length criteria are selected.
+ * Each time a matching message is submitted, the timer will reset, so spammers sending the same message will only ever get the first one through.
+ *
+ * ```ts
+ * // Open a Deno.KV instance.
+ * const kv = await Deno.openKv();
+ *
+ * // Prevent the same message from being posted within 60 seconds.
+ * new AntiDuplicationPolicy({ kv, expireIn: 60000 });
+ *
+ * // Only enforce the policy on messages with at least 50 characters.
+ * new AntiDuplicationPolicy({ kv, expireIn: 60000, minLength: 50 });
+ * ```
+ */
+export class AntiDuplicationPolicy implements NPolicy {
+  private opts: AntiDuplicationPolicyOpts;
+
+  constructor(opts: AntiDuplicationPolicyOpts) {
+    this.opts = opts;
+  }
+
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    const { id, kind } = event;
+    const { kv, expireIn = 60000, minLength = 50, deobfuscate } = this.opts;
+
+    const content = deobfuscate?.(event) ?? event.content;
+
+    if (kind === 1 && content.length >= minLength) {
+      const hash = AntiDuplicationPolicy.hashCode(content);
+      const key: KvKey = ['nostrify', 'policies', 'antiduplication', hash];
+
+      const { value } = await kv.get(key);
+
+      if (value) {
+        await kv.set(key, true, { expireIn });
+        return [
+          'OK',
+          id,
+          false,
+          'blocked: the same message has been repeated too many times',
+        ];
+      }
+
+      await kv.set(key, true, { expireIn });
+    }
+
+    return ['OK', id, true, ''];
+  }
+
+  /**
+   * Get a "good enough" unique identifier for this content.
+   * This algorithm was chosen because it's very fast with a low chance of collisions.
+   * https://stackoverflow.com/a/8831937
+   */
+  private static hashCode(str: string): number {
+    let hash = 0;
+    for (let i = 0, len = str.length; i < len; i++) {
+      const chr = str.charCodeAt(i);
+      hash = (hash << 5) - hash + chr;
+      hash |= 0; // Convert to 32bit integer
+    }
+    return hash;
+  }
+}

package/dist/AnyPolicy.ts

@@ -0,0 +1,24 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/** Similar to `PipePolicy`, but passes if at least one policy passes. */
+export class AnyPolicy implements NPolicy {
+  private policies: NPolicy[];
+  constructor(policies: NPolicy[]) {
+    this.policies = policies;
+  }
+
+  async call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK> {
+    let result: NostrRelayOK = ['OK', event.id, false, 'blocked: no policy passed'];
+
+    for (const policy of this.policies) {
+      result = await policy.call(event, signal);
+
+      const ok = result[2];
+      if (ok) {
+        return result;
+      }
+    }
+
+    return result;
+  }
+}

package/dist/AuthorPolicy.ts

@@ -0,0 +1,29 @@
+import type { NostrEvent, NostrRelayOK, NPolicy, NStore } from '@nostrify/types';
+
+/** Rejects events by authors without a kind 0, then optionally applies another policy to the kind 0. */
+export class AuthorPolicy implements NPolicy {
+  private store: NStore;
+  private policy?: NPolicy;
+
+  constructor(store: NStore, policy?: NPolicy) {
+    this.store = store;
+    this.policy = policy;
+  }
+
+  async call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK> {
+    const author: NostrEvent | undefined = event.kind === 0 ? event : await this.store
+      .query([{ kinds: [0], authors: [event.pubkey], limit: 1 }], { signal })
+      .then(([event]: NostrEvent[]) => event);
+
+    if (!author) {
+      return ['OK', event.id, false, 'blocked: author is missing a kind 0 event'];
+    }
+
+    if (this.policy) {
+      const [, , ok, reason] = await this.policy.call(author, signal);
+      return ['OK', event.id, ok, reason];
+    }
+
+    return ['OK', event.id, true, ''];
+  }
+}

package/dist/DomainPolicy.ts

@@ -0,0 +1,96 @@
+import { NIP05, NSchema as n } from '@nostrify/nostrify';
+import type { NostrEvent, NPolicy, NProfilePointer, NStore } from '@nostrify/types';
+
+import { AuthorPolicy } from './AuthorPolicy.ts';
+
+/** Options for `DomainPolicy`. */
+interface DomainPolicyOpts {
+  /** Custom NIP-05 lookup function. */
+  lookup?(nip05: string, signal?: AbortSignal): Promise<NProfilePointer>;
+  /** List of domains to blacklist. Reject events from users with a NIP-05 matching any of these domains. */
+  blacklist?: string[];
+  /** List of domains to whitelist. If provided, only events from users with a valid NIP-05 on the given domains will be accepted. */
+  whitelist?: string[];
+}
+
+/** Ban events unless their author has a valid NIP-05 name. Domains can also be whitelisted or blacklisted. */
+export class DomainPolicy extends AuthorPolicy implements NPolicy {
+  constructor(store: NStore, opts: DomainPolicyOpts = {}) {
+    super(store, {
+      async call(event: NostrEvent, signal: AbortSignal) {
+        const { blacklist = [], whitelist, lookup = DomainPolicy.lookup } = opts;
+
+        const metadata = n.json().pipe(n.metadata()).safeParse(event.content);
+
+        if (!metadata.success) {
+          return ['OK', event.id, false, 'blocked: invalid kind 0 metadata'];
+        }
+
+        const { nip05 } = metadata.data;
+
+        if (!nip05) {
+          return ['OK', event.id, false, 'blocked: missing nip05'];
+        }
+
+        const domain = nip05.split('@').pop();
+
+        if (!domain) {
+          return ['OK', event.id, false, 'blocked: invalid nip05'];
+        }
+
+        if (DomainPolicy.isDomainBlacklisted(domain, blacklist)) {
+          return ['OK', event.id, false, 'blocked: blacklisted nip05 domain'];
+        }
+
+        try {
+          const { pubkey } = await lookup(nip05, signal);
+
+          if (pubkey !== event.pubkey) {
+            return ['OK', event.id, false, 'blocked: mismatched nip05 pubkey'];
+          }
+
+          if (whitelist && !whitelist.includes(domain)) {
+            return [
+              'OK',
+              event.id,
+              false,
+              'blocked: nip05 domain not in whitelist',
+            ];
+          }
+
+          return ['OK', event.id, true, ''];
+        } catch {
+          return ['OK', event.id, false, 'blocked: failed to lookup nip05'];
+        }
+      },
+    });
+  }
+
+  /** Check if a domain is blacklisted, including subdomains of blacklisted domains. */
+  private static isDomainBlacklisted(
+    domain: string,
+    blacklist: string[],
+  ): boolean {
+    // Check for exact match
+    if (blacklist.includes(domain)) {
+      return true;
+    }
+
+    // Check if domain is a subdomain of any blacklisted domain
+    for (const blacklistedDomain of blacklist) {
+      if (domain.endsWith('.' + blacklistedDomain)) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /** Default NIP-05 lookup method if one isn't provided by the caller. */
+  private static lookup(
+    nip05: string,
+    signal?: AbortSignal,
+  ): Promise<NProfilePointer> {
+    return NIP05.lookup(nip05, { signal });
+  }
+}

package/dist/FiltersPolicy.ts

@@ -0,0 +1,30 @@
+import { matchFilters } from 'nostr-tools';
+
+import type { NostrEvent, NostrFilter, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * Reject events which don't match the filters.
+ *
+ * Only messages which **match** the filters are allowed, and all others are dropped.
+ * The filter is a [NIP-01](https://github.com/nostr-protocol/nips/blob/master/01.md) relay filter.
+ *
+ * ```ts
+ * // Only allow kind 1, 3, 5, and 7 events.
+ * new FiltersPolicy([{ kinds: [0, 1, 3, 5, 6, 7] }]);
+ * ```
+ */
+export class FiltersPolicy implements NPolicy {
+  private filters: NostrFilter[];
+  constructor(filters: NostrFilter[]) {
+    this.filters = filters;
+  }
+
+  // deno-lint-ignore require-await
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    if (matchFilters(this.filters, event)) {
+      return ['OK', event.id, true, ''];
+    }
+
+    return ['OK', event.id, false, "blocked: the event doesn't match the allowed filters"];
+  }
+}

package/dist/HashtagPolicy.ts

@@ -0,0 +1,28 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * Reject events containing any of the banned hashtags.
+ *
+ * @example
+ * ```ts
+ * // Reject events with banned hashtags.
+ * HashtagPolicy(['nsfw']);
+ * ```
+ */
+export class HashtagPolicy implements NPolicy {
+  private hashtags: string[];
+  constructor(hashtags: string[]) {
+    this.hashtags = hashtags;
+  }
+
+  // deno-lint-ignore require-await
+  async call({ id, tags }: NostrEvent): Promise<NostrRelayOK> {
+    for (const [name, value] of tags) {
+      if (name === 't' && this.hashtags.includes(value.toLowerCase())) {
+        return ['OK', id, false, 'blocked: contains a banned hashtag'];
+      }
+    }
+
+    return ['OK', id, true, ''];
+  }
+}

package/dist/HellthreadPolicy.ts

@@ -0,0 +1,30 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/** Policy options for `HellthreadPolicy`. */
+interface HellthreadPolicyOpts {
+  /** Total number of "p" tags a kind 1 note may have before it's rejected. Default: `100` */
+  limit?: number;
+}
+
+/** Basic policy to demonstrate how policies work. Accepts all events. */
+export class HellthreadPolicy implements NPolicy {
+  private opts: HellthreadPolicyOpts;
+  constructor(opts: HellthreadPolicyOpts = {}) {
+    this.opts = opts;
+  }
+
+  // deno-lint-ignore require-await
+  async call({ id, kind, tags }: NostrEvent): Promise<NostrRelayOK> {
+    const { limit = 100 } = this.opts;
+
+    if (kind === 1) {
+      const p = tags.filter((tag: string[]) => tag[0] === 'p');
+
+      if (p.length > limit) {
+        return ['OK', id, false, `blocked: rejected due to ${p.length} "p" tags (${limit} is the limit).`];
+      }
+    }
+
+    return ['OK', id, true, ''];
+  }
+}

package/dist/InvertPolicy.ts

@@ -0,0 +1,23 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/** Rejects if the policy passes, passes if the policy rejects. */
+export class InvertPolicy implements NPolicy {
+  private policy: NPolicy;
+  private reason: string;
+
+  constructor(policy: NPolicy, reason: string) {
+    this.policy = policy;
+    this.reason = reason;
+  }
+
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    const result = await this.policy.call(event);
+    const ok = result[2];
+
+    if (ok) {
+      return ['OK', event.id, false, this.reason];
+    } else {
+      return ['OK', event.id, true, ''];
+    }
+  }
+}

package/dist/KeywordPolicy.ts

@@ -0,0 +1,28 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * Reject events containing any of the strings in its content.
+ *
+ * @example
+ * ```ts
+ * // Reject events with bad words.
+ * KeywordPolicy(['moo', 'oink', 'honk']);
+ * ```
+ */
+export class KeywordPolicy implements NPolicy {
+  private words: Iterable<string>;
+  constructor(words: Iterable<string>) {
+    this.words = words;
+  }
+
+  // deno-lint-ignore require-await
+  async call({ id, content }: NostrEvent): Promise<NostrRelayOK> {
+    for (const word of this.words) {
+      if (content.toLowerCase().includes(word.toLowerCase())) {
+        return ['OK', id, false, 'blocked: contains a banned word or phrase'];
+      }
+    }
+
+    return ['OK', id, true, ''];
+  }
+}

package/dist/NoOpPolicy.ts

@@ -0,0 +1,9 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/** Basic policy to demonstrate how policies work. Accepts all events. */
+export class NoOpPolicy implements NPolicy {
+  // deno-lint-ignore require-await
+  async call(event: NostrEvent): Promise<NostrRelayOK> {
+    return ['OK', event.id, true, ''];
+  }
+}

package/dist/OpenAIPolicy.ts

@@ -0,0 +1,116 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * OpenAI moderation result.
+ *
+ * https://platform.openai.com/docs/api-reference/moderations/create
+ */
+interface OpenAIModerationResult {
+  id: string;
+  model: string;
+  results: {
+    categories: {
+      'hate': boolean;
+      'hate/threatening': boolean;
+      'self-harm': boolean;
+      'sexual': boolean;
+      'sexual/minors': boolean;
+      'violence': boolean;
+      'violence/graphic': boolean;
+    };
+    category_scores: {
+      'hate': number;
+      'hate/threatening': number;
+      'self-harm': number;
+      'sexual': number;
+      'sexual/minors': number;
+      'violence': number;
+      'violence/graphic': number;
+    };
+    flagged: boolean;
+  }[];
+}
+
+/** Policy options for `OpenAIPolicy`. */
+interface OpenAIPolicyOpts {
+  /**
+   * Callback for fine control over the policy. It contains the event and the OpenAI moderation data.
+   * Implementations should return `true` to **reject** the content, and `false` to accept.
+   */
+  handler?(event: NostrEvent, result: OpenAIModerationResult): boolean;
+  /** Custom endpoint to use instead of `https://api.openai.com/v1/moderations`. */
+  endpoint?: string;
+  /** Custom fetch implementation. */
+  fetch?: typeof fetch;
+  /** Which event kinds to apply the policy to. */
+  kinds?: number[];
+  /** OpenAI API key for making the requests. */
+  apiKey: string;
+}
+
+/**
+ * Passes event content to OpenAI and then rejects flagged events.
+ *
+ * By default, this policy will reject kind 1 events that OpenAI flags.
+ * It's possible to pass a custom handler for more control. An OpenAI API key is required.
+ *
+ * ```ts
+ * // Default handler. It's so strict it's suitable for children.
+ * new OpenAIPolicy({ apiKey: Deno.env.get('OPENAI_API_KEY') });
+ *
+ * // With a custom handler.
+ * new OpenAIPolicy({
+ *   apiKey: Deno.env.get('OPENAI_API_KEY'),
+ *   handler(event, data) {
+ *     // Loop each result.
+ *     return data.results.some((result) => {
+ *       if (result.flagged) {
+ *         const { sexual, violence } = result.categories;
+ *         // Reject only events flagged as sexual and violent.
+ *         return sexual && violence;
+ *       }
+ *     });
+ *   },
+ * });
+ * ```
+ */
+export class OpenAIPolicy implements NPolicy {
+  private opts: OpenAIPolicyOpts;
+  constructor(opts: OpenAIPolicyOpts) {
+    this.opts = opts;
+  }
+
+  async call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK> {
+    const {
+      handler = (_, { results }) => results.some((r) => r.flagged),
+      endpoint = 'https://api.openai.com/v1/moderations',
+      kinds = [1, 30023],
+      apiKey,
+    } = this.opts;
+
+    if (kinds.includes(event.kind)) {
+      try {
+        const resp = await fetch(endpoint, {
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${apiKey}`,
+          },
+          body: JSON.stringify({
+            input: event.content,
+          }),
+          signal,
+        });
+
+        const result = await resp.json();
+
+        if (handler(event, result)) {
+          return ['OK', event.id, false, 'blocked: content flagged by AI'];
+        }
+      } catch (_) {
+        return ['OK', event.id, false, 'blocked: error analyzing content'];
+      }
+    }
+
+    return ['OK', event.id, true, ''];
+  }
+}

package/dist/PipePolicy.ts

@@ -0,0 +1,39 @@
+import type { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/types';
+
+/**
+ * Processes events through multiple policies.
+ *
+ * If any policy rejects, the pipeline will stop and return the rejected message.
+ *
+ * ```ts
+ * const policy = new PipePolicy([
+ *   new NoOpPolicy(),
+ *   new FiltersPolicy([{ kinds: [0, 1, 3, 5, 7, 1984, 9734, 9735, 10002] }]),
+ *   new KeywordPolicy(['https://t.me/']),
+ *   new RegexPolicy(/(🟠|🔥|😳)ChtaGPT/i),
+ *   new PubkeyBanPolicy(['e810fafa1e89cdf80cced8e013938e87e21b699b24c8570537be92aec4b12c18']),
+ *   new HellthreadPolicy({ limit: 100 }),
+ *   new AntiDuplicationPolicy({ kv: await Deno.openKv(), expireIn: 60000, minLength: 50 }),
+ * ]);
+ *
+ * const [_, eventId, ok, reason] = await policy.call(event);
+ * ```
+ */
+export class PipePolicy implements NPolicy {
+  private policies: NPolicy[] = [];
+  constructor(policies: NPolicy[]) {
+    this.policies = policies;
+  }
+
+  async call(event: NostrEvent, signal?: AbortSignal): Promise<NostrRelayOK> {
+    for (const policy of this.policies) {
+      const [_, eventId, ok, reason] = await policy.call(event, signal);
+
+      if (!ok) {
+        return [_, eventId, ok, reason];
+      }
+    }
+
+    return ['OK', event.id, true, ''];
+  }
+}