v0.1.0 - security fixes and updates

Full Changelog: v0.0.9...v0.1.0

v0.0.9 - Zeabur deploy

1 - shot deploy

• works with zeabur deploy
• add dashboard for local relay nostr.json management
• can still use with external nostr.json
• includes converter for quick npub to hex conversion
• improved guides for environment variables setup

Full Changelog: v0.0.8...v0.0.9

New Year 1-shot deploy

Happy New Year!

This release enables readiness for 1-click deploy on zeabur or fly.io

• Enable S3 for blossom
• Dockerfile for zeabur or fly instant deploy
• updated README, added instructions and environment file samples
• clean up unused code

NOTE: We tested this as a 1 click deploy on zeabur and it does deploy with the default settings of badger db and filesystem for the blossom media. Once deployed the user should reset the environment variables, especially the following ENV variables in the dashboard at a minimum and then redeploy:

NPUB_DOMAIN="hivetalk.org"
RELAY_NAME="Swarm Relay"
RELAY_PUBKEY="...."
RELAY_DESCRIPTION="Team Nostr relay"

Updating these variables will rename the relay appropriately and also indicate which users have access by referencing the "domain.com/.well-known/nostr.json" file

The user can also set their db to a different type such as an external postgres and appropriate S3 if desired instead of a filesystem for their blossom media

Full Changelog: v0.0.7...v0.0.8

v0.0.7 - fly deploy tested for release

What's Changed

• Bump glob from 10.4.5 to 10.5.0 in /clients/bouquet in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1
• Bump golang.org/x/net from 0.35.0 to 0.38.0 in the go_modules group across 1 directory by @dependabot[bot] in #2
• Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in #3
• fix for fly deploy by @bitkarrot in #4

New Contributors

• @dependabot[bot] made their first contribution in #1
• @bitkarrot made their first contribution in #4

Full Changelog: v0.0.6...v0.0.7

v0.0.6 Enhanced Access Control

Release Notes - Swarm v0.0.6

Release Date: December 1, 2025
Tag: v0.0.6

🚀 Major Features

Enhanced Access Control System

• Public Posting: New PUBLIC_ALLOWED_KINDS configuration allows any pubkey to post specific event kinds
• Hierarchical Access Control: Three-tier system (Trusted Clients → Public Users → Team Members)
• Granular Delete Permissions: Public users can delete their own posts, team members can delete any events
• Flexible Configuration: Separate kind filtering for public vs team member access

Rate Limiting & Spam Protection

• Pubkey Rate Limiting: 5 events/minute for non-team members
• IP Rate Limiting: 10 events/minute per IP address
• Connection Rate Limiting: 2 connections per 2 minutes per IP
• Team Member Exemptions: Team members bypass all pubkey rate limits
• Comprehensive Protection: Multi-layer defense against spam and abuse

Trusted Client Support

• Special Client Access: Configure TRUSTED_CLIENT_NAME and TRUSTED_CLIENT_KINDS
• Bypass Restrictions: Trusted clients can post specific kinds regardless of pubkey restrictions
• Application Integration: Perfect for allowing specific apps like "The Lookup" to post specialized content

🔧 Configuration Updates

New Environment Variables

# Public posting configuration
PUBLIC_ALLOWED_KINDS=""  # Event kinds any pubkey can post

# Trusted client configuration  
TRUSTED_CLIENT_NAME="The Lookup"
TRUSTED_CLIENT_KINDS="30017,31990"

Updated Configuration

• Enhanced .env.example with detailed documentation
• Clear examples for common use cases
• Improved configuration comments and guidance

🎨 Frontend Enhancements

Curator Client Integration

• Added link to curator client for enhanced content management
• Improved frontend code organization
• Better user experience for relay management

📚 Documentation Improvements

Comprehensive README Updates

• New Sections: Access Control System and Rate Limiting & Security
• Detailed Examples: Configuration examples for different use cases
• Updated Table of Contents: Better navigation and organization
• Feature Documentation: Complete coverage of all new capabilities

🔄 Access Control Hierarchy

The new system implements a clear hierarchy:

1. Trusted Clients (Highest Priority)

   • Bypass all restrictions for configured kinds
   • Identified by ["client","<name>"] tag

2. Public Users (Medium Priority)

   • Can post PUBLIC_ALLOWED_KINDS event types
   • Can delete their own posts (kind 5 events)

3. Team Members (Full Access)

   • Access to both ALLOWED_KINDS and PUBLIC_ALLOWED_KINDS
   • Can delete any events on the relay
   • Exempt from all rate limiting

🛡️ Security Enhancements

• Multi-layer Rate Limiting: Prevents abuse at pubkey, IP, and connection levels
• Team Member Protection: Ensures authorized users are never throttled
• Spam Prevention: Comprehensive protection against various attack vectors
• Flexible Controls: Configurable limits for different deployment scenarios

🔗 Commits Since v0.0.5

• 98d9355 - Update README.md with new features
• 2f9788a - Add link to curator client
• f3af66c - Add rate limiting and spam protection
• e642715 - Add public posting and enhanced access control
• ebb8a7b - Allow trusted client kinds 30017 and 31990 from The Lookup

🚀 Upgrade Instructions

1. Update Configuration: Add new environment variables to your .env file
2. Review Access Control: Configure PUBLIC_ALLOWED_KINDS based on your needs
3. Set Rate Limits: Default limits are production-ready but can be customized
4. Test Trusted Clients: Configure if you need special client access
5. Update Documentation: Review the updated README for configuration guidance

🐛 Bug Fixes

• Fixed WellKnownURL to use NPUBDomain instead of TeamDomain
• Improved error handling in access control logic
• Enhanced configuration validation

📋 Breaking Changes

• None: This release is fully backward compatible
• Existing configurations will continue to work without changes
• New features are opt-in via configuration

🙏 Contributors

• @bitkarrot - Lead development and implementation

---

For detailed configuration examples and setup instructions, see the updated README.md.

For questions or support, please open an issue on the GitHub repository.

Full Changelog: v0.0.5...v0.0.6

v0.0.5 - Dockerize

Add Dockerfile for deploying with Docker

Full Changelog: v0.0.4...v0.0.5

v0.0.4 ubuntu

release for building on ubuntu with configurable port, npub domain
and trouble shooting note for lmdb

Full Changelog: v0.0.3...v0.0.4

Media Upload client integration (bouquet)

So that you can just upload using the web client to the domain where the relay is hosted at

Full Changelog: v0.0.2...v0.0.3

Initial release

Swarm, a Team based relay by Hivetalk.

• Enhanced fork of bitvora team-relay, a simple relay based on the Khatru Relay framework
• Allow only NIP-05 from nostr.json to have write access to the relay
• Relay Kinds - add support to limit kinds allowed, kinds specified in .env file
• Blossom: additional features
  • added read and write timeouts
  • prevent slow header attacks, max header size
  • max size upload
  • added /mirror endpoint to allow for syncing content with other relays
  • added /list endpoint to allow for listing content for a specific user
• Frontend
  • added front page with relay and blossom information

Tested against Bouquet and Sakura clients.

Full Changelog: https://github.com/HiveTalk/swarm/commits/v0.0.1