replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
512089ca080adcf2fc4a8d9237e2578abd15c328
timmy-tower/.replit
alexpaynex 74831bba7c feat(#26): Nostr identity + trust engine 
Task #26 — Nostr Identity + Trust Engine (foundational layer for cost-routing)

DB changes:
- New `nostr_identities` table: pubkey PK, trust_score, tier, interaction_count,
  sats_absorbed_today, absorbed_reset_at, last_seen, created_at, updated_at
- Added nullable `nostr_pubkey` column to `sessions` and `jobs` tables
- Schema pushed to DB (drizzle-kit push)
- lib/db rebuilt to emit updated declaration files

New lib:
- `artifacts/api-server/src/lib/trust.ts` — TrustService with:
  - getTier(pubkey): returns tier label for a pubkey
  - getOrCreate(pubkey): upsert identity row
  - recordSuccess/recordFailure: adjust trust score; update tier
  - Soft score decay applied lazily (absent > N days = -1 pt/day)
  - issueToken/verifyToken: HMAC-SHA256 signed nostr_token (pubkey:expiry:hmac)
  - All thresholds env-var configurable (TRUST_TIER_ESTABLISHED/TRUSTED/ELITE)

New route:
- `artifacts/api-server/src/routes/identity.ts`:
  - POST /api/identity/challenge — issues 32-byte hex nonce (5-min TTL, in-memory)
  - POST /api/identity/verify — verifies NIP-01 Nostr signed event, consumes nonce,
    upserts identity, returns signed nostr_token + trust profile
  - GET /api/identity/me — look up trust profile by X-Nostr-Token header
- Route registered in routes/index.ts

Session + job binding:
- POST /api/sessions and POST /api/jobs accept optional nostr_token (header or body)
- Verified pubkey stored on the DB row; returned in create response + poll responses
- trust_tier included in GET /sessions/:id and GET /jobs/:id responses
- After session request completes: recordSuccess on complete, recordFailure on reject
- After job work completes: recordSuccess fire-and-forget

CORS: X-Nostr-Token added to allowedHeaders and exposedHeaders

Smoke tested: all existing routes pass, challenge returns nonce, /identity/me 401 without token, sessions/jobs still create correctly with trust_tier: none (expected for anonymous requests)
2026-03-19 15:59:39 +00:00

37 lines
712 B
Plaintext
Raw Blame History

modules = ["nodejs-24", "postgresql-16"]
[[artifacts]]
id = "artifacts/api-server"
[[artifacts]]
id = "artifacts/mockup-sandbox"
[deployment]
router = "application"
deploymentTarget = "autoscale"
build = ["sh", "-c", "pnpm --filter @workspace/api-server run build"]
run = ["sh", "-c", "node artifacts/api-server/dist/index.cjs"]
[deployment.postBuild]
args = ["pnpm", "store", "prune"]
env = { "CI" = "true" }
[workflows]
runButton = "Project"
[agent]
stack = "PNPM_WORKSPACE"
expertMode = true
[postMerge]
path = "scripts/post-merge.sh"
timeoutMs = 20000
[nix]
channel = "stable-25_05"
[userenv]
[userenv.shared]
TIMMY_TOKEN_SECRET = "33e5ed35e9af236bf4df2df7330d30118e27d0dd83a97a8c50b29e4bae50668e"
Reference in New Issue View Git Blame Copy Permalink