Non-NIP new features and changes in v3:
DEPLOYMENT
- Unified nostream CLI/TUI replaces all scripts/* shell wrappers (start, stop, update, clean, info, dev)
- nginx reverse proxy option added to docker-compose (nostream start --nginx)
- I2P support added (nostream start --i2p)
- New docker-compose variants: i2p, nginx, Windows
- Docker DNS pre-flight check before startup
- Dockerfile now auto-runs migrations on container start
- Railway.app deployment template included
PERFORMANCE
- New hot-path PostgreSQL indexes for subscription, vanish, retention, and invoice queries
- User admission check converted to a PostgreSQL stored function
- User admission check result cached in Redis
- EWMA rate limiter with configurable strategy support
- Vanish (NIP-62) query optimized
- db:benchmark and db:verify-index-impact tooling added
IMPORT / EXPORT
- Export events to JSON Lines (.jsonl) or JSON array (.json)
- Import events from .jsonl or .json files
- Gzip and XZ compression for both import and export
PAYMENTS
- NWC (Nostr Wallet Connect) added as a payment processor
- Callback routes now only registered when the matching processor is active
- LNbits: stale pending invoices now expired automatically
- Nodeless: timing-safe HMAC comparison for webhook verification
RELIABILITY & SECURITY
- X-Forwarded-For no longer unconditionally trusted — trusted proxies must be configured
- Dead WebSocket connections closed even when they have active subscriptions
- Rate limiter TOCTOU race condition fixed via Lua atomic script
- Mirroring: silent event drops fixed when mirror has no limits configured
- Redis: AUTH skipped automatically when credentials are unset
- CSP hardened: removed unsafe-inline, added script nonces
- serialize-javascript updated to fix RCE CVE (GHSA-5c6j-r48x-rmvq)
NEW SETTINGS
- nip05.domainWhitelist / nip05.domainBlacklist
- limits.event.retention.kind.whitelist
- limits.event.retention.pubkey.whitelist
- limits.admissionCheck.ipWhitelist
- limits.message.ipWhitelist
- info.self (relay pubkey for NIP-11 relay info)
- Opt-in event retention purge (limits.event.retention)
TOOLING (developer-facing)
- pnpm replaces npm
- Biome replaces ESLint + Prettier
- Zod replaces Joi for validation
- Changesets replaces semantic-release
- Knip added for dead code detection
- Pino replaces custom logging across adapters and services
- CodeQL security analysis workflow added
Login to reply