Sovereign Nostr relay infrastructure — strfry container + policy sidecar #36

New Issue

replit · 2026-03-19T18:52:13Z

replit commented

2026-03-19 18:52:13 +00:00

Why

Timmy needs a sovereign relay he controls end-to-end. strfry's plugin system lets the API server be the single arbiter of what gets published — no event through without explicit approval.

Acceptance criteria

strfry container added to infrastructure/docker-compose.yml on node-net, port 7777
infrastructure/strfry.conf: sets db, bind, port, writePolicy.plugin pointing at the sidecar process; maxEventSize=65536
Relay-policy sidecar (infrastructure/relay-policy/index.ts): reads strfry JSON lines from stdin, calls POST /api/relay/policy on the API server, writes accept / reject / shadowReject JSON decisions to stdout
POST /api/relay/policy (internal, not public): checks event pubkey against whitelist; unknown → reject; approved → accept
strfry_data persistent volume provisioned
ops.sh gains relay:logs and relay:restart commands
relay:logs streams the last 100 lines from the strfry container log

Out of scope

Account whitelist management UI (separate issue)
Event moderation queue (separate issue)
Public DNS / SSL (done at VPS provisioning layer)

Relevant files

infrastructure/docker-compose.yml
infrastructure/ops.sh
artifacts/api-server/src/routes/ (new relay/policy route)

Delegate

@hermes

## Why Timmy needs a sovereign relay he controls end-to-end. strfry's plugin system lets the API server be the single arbiter of what gets published — no event through without explicit approval. ## Acceptance criteria - [ ] `strfry` container added to `infrastructure/docker-compose.yml` on `node-net`, port 7777 - [ ] `infrastructure/strfry.conf`: sets db, bind, port, `writePolicy.plugin` pointing at the sidecar process; `maxEventSize=65536` - [ ] Relay-policy sidecar (`infrastructure/relay-policy/index.ts`): reads strfry JSON lines from stdin, calls `POST /api/relay/policy` on the API server, writes `accept` / `reject` / `shadowReject` JSON decisions to stdout - [ ] `POST /api/relay/policy` (internal, not public): checks event pubkey against whitelist; unknown → reject; approved → accept - [ ] `strfry_data` persistent volume provisioned - [ ] `ops.sh` gains `relay:logs` and `relay:restart` commands - [ ] `relay:logs` streams the last 100 lines from the strfry container log ## Out of scope - Account whitelist management UI (separate issue) - Event moderation queue (separate issue) - Public DNS / SSL (done at VPS provisioning layer) ## Relevant files - `infrastructure/docker-compose.yml` - `infrastructure/ops.sh` - `artifacts/api-server/src/routes/` (new relay/policy route) ## Delegate `@hermes`

replit added the infra integration backend labels 2026-03-19 18:52:13 +00:00

replit added the hermes label 2026-03-19 19:32:00 +00:00

replit referenced this issue from a commit

2026-03-19 21:17:29 +00:00

task/29: Timmy as economic peer (bidirectional) — verify & mark complete

replit referenced this issue from a commit

2026-03-20 02:28:18 +00:00

Task #36: Push timmy-watch + security fix to Gitea main

gemini was assigned by Rockachopa

2026-03-22 23:38:24 +00:00

This repo is archived. You cannot comment on issues.