@openclaw/nostr 2026.2.25 → 2026.3.1

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 2026.3.1
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
+## 2026.2.26
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.25
 
 ### Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/nostr",
-  "version": "2026.2.25",
+  "version": "2026.3.1",
   "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs",
   "type": "module",
   "dependencies": {

package/src/config-schema.ts

@@ -60,6 +60,9 @@ export const NostrConfigSchema = z.object({
   /** Account name (optional display name) */
   name: z.string().optional(),
 
+  /** Optional default account id for routing/account selection. */
+  defaultAccount: z.string().optional(),
+
   /** Whether this channel is enabled */
   enabled: z.boolean().optional(),
 

package/src/nostr-profile-http.test.ts

@@ -6,7 +6,10 @@ import { IncomingMessage, ServerResponse } from "node:http";
 import { Socket } from "node:net";
 import { describe, it, expect, vi, beforeEach } from "vitest";
 import {
+  clearNostrProfileRateLimitStateForTest,
   createNostrProfileHttpHandler,
+  getNostrProfileRateLimitStateSizeForTest,
+  isNostrProfileRateLimitedForTest,
   type NostrProfileHttpContext,
 } from "./nostr-profile-http.js";
 
@@ -136,6 +139,7 @@ function mockSuccessfulProfileImport() {
 describe("nostr-profile-http", () => {
   beforeEach(() => {
     vi.clearAllMocks();
+    clearNostrProfileRateLimitStateForTest();
   });
 
   describe("route matching", () => {
@@ -358,6 +362,25 @@ describe("nostr-profile-http", () => {
         }
       }
     });
+
+    it("caps tracked rate-limit keys to prevent unbounded growth", () => {
+      const now = 1_000_000;
+      for (let i = 0; i < 2_500; i += 1) {
+        isNostrProfileRateLimitedForTest(`rate-cap-${i}`, now);
+      }
+      expect(getNostrProfileRateLimitStateSizeForTest()).toBeLessThanOrEqual(2_048);
+    });
+
+    it("prunes stale rate-limit keys after the window elapses", () => {
+      const now = 2_000_000;
+      for (let i = 0; i < 100; i += 1) {
+        isNostrProfileRateLimitedForTest(`rate-stale-${i}`, now);
+      }
+      expect(getNostrProfileRateLimitStateSizeForTest()).toBe(100);
+
+      isNostrProfileRateLimitedForTest("fresh", now + 60_001);
+      expect(getNostrProfileRateLimitStateSizeForTest()).toBe(1);
+    });
   });
 
   describe("POST /api/channels/nostr/:accountId/profile/import", () => {

package/src/nostr-profile-http.ts

@@ -9,6 +9,7 @@
 
 import type { IncomingMessage, ServerResponse } from "node:http";
 import {
+  createFixedWindowRateLimiter,
   isBlockedHostnameOrIp,
   readJsonBodyWithLimit,
   requestBodyErrorToText,
@@ -41,30 +42,29 @@ export interface NostrProfileHttpContext {
 // Rate Limiting
 // ============================================================================
 
-interface RateLimitEntry {
-  count: number;
-  windowStart: number;
-}
-
-const rateLimitMap = new Map<string, RateLimitEntry>();
 const RATE_LIMIT_WINDOW_MS = 60_000; // 1 minute
 const RATE_LIMIT_MAX_REQUESTS = 5; // 5 requests per minute
+const RATE_LIMIT_MAX_TRACKED_KEYS = 2_048;
+const profileRateLimiter = createFixedWindowRateLimiter({
+  windowMs: RATE_LIMIT_WINDOW_MS,
+  maxRequests: RATE_LIMIT_MAX_REQUESTS,
+  maxTrackedKeys: RATE_LIMIT_MAX_TRACKED_KEYS,
+});
 
-function checkRateLimit(accountId: string): boolean {
-  const now = Date.now();
-  const entry = rateLimitMap.get(accountId);
+export function clearNostrProfileRateLimitStateForTest(): void {
+  profileRateLimiter.clear();
+}
 
-  if (!entry || now - entry.windowStart > RATE_LIMIT_WINDOW_MS) {
-    rateLimitMap.set(accountId, { count: 1, windowStart: now });
-    return true;
-  }
+export function getNostrProfileRateLimitStateSizeForTest(): number {
+  return profileRateLimiter.size();
+}
 
-  if (entry.count >= RATE_LIMIT_MAX_REQUESTS) {
-    return false;
-  }
+export function isNostrProfileRateLimitedForTest(accountId: string, nowMs: number): boolean {
+  return profileRateLimiter.isRateLimited(accountId, nowMs);
+}
 
-  entry.count++;
-  return true;
+function checkRateLimit(accountId: string): boolean {
+  return !profileRateLimiter.isRateLimited(accountId);
 }
 
 // ============================================================================

package/src/types.test.ts

@@ -22,6 +22,15 @@ describe("listNostrAccountIds", () => {
     };
     expect(listNostrAccountIds(cfg)).toEqual(["default"]);
   });
+
+  it("returns configured defaultAccount when privateKey is configured", () => {
+    const cfg = {
+      channels: {
+        nostr: { privateKey: TEST_PRIVATE_KEY, defaultAccount: "work" },
+      },
+    };
+    expect(listNostrAccountIds(cfg)).toEqual(["work"]);
+  });
 });
 
 describe("resolveDefaultNostrAccountId", () => {
@@ -38,6 +47,15 @@ describe("resolveDefaultNostrAccountId", () => {
     const cfg = { channels: {} };
     expect(resolveDefaultNostrAccountId(cfg)).toBe("default");
   });
+
+  it("prefers configured defaultAccount when present", () => {
+    const cfg = {
+      channels: {
+        nostr: { privateKey: TEST_PRIVATE_KEY, defaultAccount: "work" },
+      },
+    };
+    expect(resolveDefaultNostrAccountId(cfg)).toBe("work");
+  });
 });
 
 describe("resolveNostrAccount", () => {

package/src/types.ts

@@ -1,4 +1,9 @@
 import type { OpenClawConfig } from "openclaw/plugin-sdk";
+import {
+  DEFAULT_ACCOUNT_ID,
+  normalizeAccountId,
+  normalizeOptionalAccountId,
+} from "openclaw/plugin-sdk/account-id";
 import type { NostrProfile } from "./config-schema.js";
 import { getPublicKeyFromPrivate } from "./nostr-bus.js";
 import { DEFAULT_RELAYS } from "./nostr-bus.js";
@@ -6,6 +11,7 @@ import { DEFAULT_RELAYS } from "./nostr-bus.js";
 export interface NostrAccountConfig {
   enabled?: boolean;
   name?: string;
+  defaultAccount?: string;
   privateKey?: string;
   relays?: string[];
   dmPolicy?: "pairing" | "allowlist" | "open" | "disabled";
@@ -25,7 +31,12 @@ export interface ResolvedNostrAccount {
   config: NostrAccountConfig;
 }
 
-const DEFAULT_ACCOUNT_ID = "default";
+function resolveConfiguredDefaultNostrAccountId(cfg: OpenClawConfig): string | undefined {
+  const nostrCfg = (cfg.channels as Record<string, unknown> | undefined)?.nostr as
+    | NostrAccountConfig
+    | undefined;
+  return normalizeOptionalAccountId(nostrCfg?.defaultAccount);
+}
 
 /**
  * List all configured Nostr account IDs
@@ -37,7 +48,7 @@ export function listNostrAccountIds(cfg: OpenClawConfig): string[] {
 
   // If privateKey is configured at top level, we have a default account
   if (nostrCfg?.privateKey) {
-    return [DEFAULT_ACCOUNT_ID];
+    return [resolveConfiguredDefaultNostrAccountId(cfg) ?? DEFAULT_ACCOUNT_ID];
   }
 
   return [];
@@ -47,6 +58,10 @@ export function listNostrAccountIds(cfg: OpenClawConfig): string[] {
  * Get the default account ID
  */
 export function resolveDefaultNostrAccountId(cfg: OpenClawConfig): string {
+  const preferred = resolveConfiguredDefaultNostrAccountId(cfg);
+  if (preferred) {
+    return preferred;
+  }
   const ids = listNostrAccountIds(cfg);
   if (ids.includes(DEFAULT_ACCOUNT_ID)) {
     return DEFAULT_ACCOUNT_ID;
@@ -61,7 +76,7 @@ export function resolveNostrAccount(opts: {
   cfg: OpenClawConfig;
   accountId?: string | null;
 }): ResolvedNostrAccount {
-  const accountId = opts.accountId ?? DEFAULT_ACCOUNT_ID;
+  const accountId = normalizeAccountId(opts.accountId ?? resolveDefaultNostrAccountId(opts.cfg));
   const nostrCfg = (opts.cfg.channels as Record<string, unknown> | undefined)?.nostr as
     | NostrAccountConfig
     | undefined;