Non-NIP new features and changes in v3:
Cameri🐦🔥
npub1qqqqqqyz0la2jjl752yv8h7wgs3v098mh9nztd4nr6gynaef6uqqt0n47m
hex
000029836aa2ac9c2046a48628d597760528d27ff9e001c2525d6de0f9e171denevent
nevent1qqsqqqpfsd429tyuypr2fp3g6kthvpfg6fllncqpcff96m0ql8shrhsprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsqqqqqqzp8l74ff0l29zxrml8yggk8jnamje39k6e3ayzf7u5awqq39c7q2Kind-1 (TextNote)
↳ Reply to Cameri🐦🔥 (npub1qqqqqqyz0la2jjl752yv8h7wgs3v098mh9nztd4nr6gynaef6uqqt0n47m)
Nostream v3.0.0 released! 🚀✊ https://github.com/cameri/nostream/releases/tag/v3.0.0 Thanks to each of the following students from the Summer of Bitc...
Non-NIP new features and changes in v3:
DEPLOYMENT
- Unified nostream CLI/TUI replaces all scripts/* shell wrappers (start, stop, update, clean, info, dev)
- nginx reverse proxy option added to docker-compose (nostream start --nginx)
- I2P support added (nostream start --i2p)
- New docker-compose variants: i2p, nginx, Windows
- Docker DNS pre-flight check before startup
- Dockerfile now auto-runs migrations on container start
- Railway.app deployment template included
PERFORMANCE
- New hot-path PostgreSQL indexes for subscription, vanish, retention, and invoice queries
- User admission check converted to a PostgreSQL stored function
- User admission check result cached in Redis
- EWMA rate limiter with configurable strategy support
- Vanish (NIP-62) query optimized
- db:benchmark and db:verify-index-impact tooling added
IMPORT / EXPORT
- Export events to JSON Lines (.jsonl) or JSON array (.json)
- Import events from .jsonl or .json files
- Gzip and XZ compression for both import and export
PAYMENTS
- NWC (Nostr Wallet Connect) added as a payment processor
- Callback routes now only registered when the matching processor is active
- LNbits: stale pending invoices now expired automatically
- Nodeless: timing-safe HMAC comparison for webhook verification
RELIABILITY & SECURITY
- X-Forwarded-For no longer unconditionally trusted — trusted proxies must be configured
- Dead WebSocket connections closed even when they have active subscriptions
- Rate limiter TOCTOU race condition fixed via Lua atomic script
- Mirroring: silent event drops fixed when mirror has no limits configured
- Redis: AUTH skipped automatically when credentials are unset
- CSP hardened: removed unsafe-inline, added script nonces
- serialize-javascript updated to fix RCE CVE (GHSA-5c6j-r48x-rmvq)
NEW SETTINGS
- nip05.domainWhitelist / nip05.domainBlacklist
- limits.event.retention.kind.whitelist
- limits.event.retention.pubkey.whitelist
- limits.admissionCheck.ipWhitelist
- limits.message.ipWhitelist
- info.self (relay pubkey for NIP-11 relay info)
- Opt-in event retention purge (limits.event.retention)
TOOLING (developer-facing)
- pnpm replaces npm
- Biome replaces ESLint + Prettier
- Zod replaces Joi for validation
- Changesets replaces semantic-release
- Knip added for dead code detection
- Pino replaces custom logging across adapters and services
- CodeQL security analysis workflow added
Raw JSON
{
"kind": 1,
"id": "000029836aa2ac9c2046a48628d597760528d27ff9e001c2525d6de0f9e171de",
"pubkey": "00000000827ffaa94bfea288c3dfce4422c794fbb96625b6b31e9049f729d700",
"created_at": 1782052817,
"tags": [
[
"e",
"0000098f1d09b2d06b17a96b1617760ccdb8590f8a0abd36f2f68f6f8c9eaa5f",
"",
"root"
],
[
"p",
"00000000827ffaa94bfea288c3dfce4422c794fbb96625b6b31e9049f729d700"
],
[
"client",
"Wisp"
],
[
"nonce",
"310678",
"18"
]
],
"content": "Non-NIP new features and changes in v3:\n\nDEPLOYMENT\n- Unified nostream CLI/TUI replaces all scripts/* shell wrappers (start, stop, update, clean, info, dev)\n- nginx reverse proxy option added to docker-compose (nostream start --nginx)\n- I2P support added (nostream start --i2p)\n- New docker-compose variants: i2p, nginx, Windows\n- Docker DNS pre-flight check before startup\n- Dockerfile now auto-runs migrations on container start\n- Railway.app deployment template included\n\nPERFORMANCE\n- New hot-path PostgreSQL indexes for subscription, vanish, retention, and invoice queries\n- User admission check converted to a PostgreSQL stored function\n- User admission check result cached in Redis\n- EWMA rate limiter with configurable strategy support\n- Vanish (NIP-62) query optimized\n- db:benchmark and db:verify-index-impact tooling added\n\nIMPORT / EXPORT\n- Export events to JSON Lines (.jsonl) or JSON array (.json)\n- Import events from .jsonl or .json files\n- Gzip and XZ compression for both import and export\n\nPAYMENTS\n- NWC (Nostr Wallet Connect) added as a payment processor\n- Callback routes now only registered when the matching processor is active\n- LNbits: stale pending invoices now expired automatically\n- Nodeless: timing-safe HMAC comparison for webhook verification\n\nRELIABILITY \u0026 SECURITY\n- X-Forwarded-For no longer unconditionally trusted — trusted proxies must be configured\n- Dead WebSocket connections closed even when they have active subscriptions\n- Rate limiter TOCTOU race condition fixed via Lua atomic script\n- Mirroring: silent event drops fixed when mirror has no limits configured\n- Redis: AUTH skipped automatically when credentials are unset\n- CSP hardened: removed unsafe-inline, added script nonces\n- serialize-javascript updated to fix RCE CVE (GHSA-5c6j-r48x-rmvq)\n\nNEW SETTINGS\n- nip05.domainWhitelist / nip05.domainBlacklist\n- limits.event.retention.kind.whitelist\n- limits.event.retention.pubkey.whitelist\n- limits.admissionCheck.ipWhitelist\n- limits.message.ipWhitelist\n- info.self (relay pubkey for NIP-11 relay info)\n- Opt-in event retention purge (limits.event.retention)\n\nTOOLING (developer-facing)\n- pnpm replaces npm\n- Biome replaces ESLint + Prettier\n- Zod replaces Joi for validation\n- Changesets replaces semantic-release\n- Knip added for dead code detection\n- Pino replaces custom logging across adapters and services\n- CodeQL security analysis workflow added",
"sig": "31b23f0d6e0de02c9c9c58d351d57ab8a3ad2022556ba46e4cfb85fa3a67c8c0944ec75c632588bc187173f8a0f5f0472ae0aa27c28ef498fbb43c34b577a955"
}