v0.7.25 - Implement SQL Query Admin API

- Move non-NIP-17 admin functions from dm_admin.c to api.c for better architecture
- Add NIP-44 encryption to send_admin_response() for secure admin responses
- Implement SQL query validation and execution with safety limits
- Add unified SQL query handler for admin API
- Fix buffer size for encrypted content to handle larger responses
- Update function declarations and includes across files
- Successfully test frontend query execution through web interface

README.md

@@ -164,6 +164,8 @@ All commands are sent as NIP-44 encrypted JSON arrays in the event content. The
 | `system_clear_auth` | `["system_command", "clear_all_auth_rules"]` | Clear all auth rules |
 | `system_status` | `["system_command", "system_status"]` | Get system status |
 | `stats_query` | `["stats_query"]` | Get comprehensive database statistics |
+| **Database Queries** |
+| `sql_query` | `["sql_query", "SELECT * FROM events LIMIT 10"]` | Execute read-only SQL query against relay database |
 
 ### Available Configuration Keys
 
@@ -320,8 +322,68 @@ All admin commands return **signed EVENT responses** via WebSocket following sta
   ],
   "sig": "response_event_signature"
 }]
+```
 
+**SQL Query Response:**
+```json
+["EVENT", "temp_sub_id", {
+  "id": "response_event_id",
+  "pubkey": "relay_public_key",
+  "created_at": 1234567890,
+  "kind": 23457,
+  "content": "nip44 encrypted:{\"query_type\": \"sql_query\", \"request_id\": \"request_event_id\", \"timestamp\": 1234567890, \"query\": \"SELECT * FROM events LIMIT 10\", \"execution_time_ms\": 45, \"row_count\": 10, \"columns\": [\"id\", \"pubkey\", \"created_at\", \"kind\", \"content\"], \"rows\": [[\"abc123...\", \"def456...\", 1234567890, 1, \"Hello world\"], ...]}",
+  "tags": [
+    ["p", "admin_public_key"],
+    ["e", "request_event_id"]
+  ],
+  "sig": "response_event_signature"
+}]
+```
 
+### SQL Query Command
+
+The `sql_query` command allows administrators to execute read-only SQL queries against the relay database. This provides powerful analytics and debugging capabilities through the admin API.
+
+**Request/Response Correlation:**
+- Each response includes the request event ID in both the `tags` array (`["e", "request_event_id"]`) and the decrypted content (`"request_id": "request_event_id"`)
+- This allows proper correlation when multiple queries are submitted concurrently
+- Frontend can track pending queries and match responses to requests
+
+**Security Features:**
+- Only SELECT statements allowed (INSERT, UPDATE, DELETE, DROP, etc. are blocked)
+- Query timeout: 5 seconds (configurable)
+- Result row limit: 1000 rows (configurable)
+- All queries logged with execution time
+
+**Available Tables and Views:**
+- `events` - All Nostr events
+- `config` - Configuration parameters
+- `auth_rules` - Authentication rules
+- `subscription_events` - Subscription lifecycle log
+- `event_broadcasts` - Event broadcast log
+- `recent_events` - Last 1000 events (view)
+- `event_stats` - Event statistics by type (view)
+- `subscription_analytics` - Subscription metrics (view)
+- `active_subscriptions_log` - Currently active subscriptions (view)
+- `event_kinds_view` - Event distribution by kind (view)
+- `top_pubkeys_view` - Top 10 pubkeys by event count (view)
+- `time_stats_view` - Time-based statistics (view)
+
+**Example Queries:**
+```sql
+-- Recent events
+SELECT id, pubkey, created_at, kind FROM events ORDER BY created_at DESC LIMIT 20
+
+-- Event distribution by kind
+SELECT * FROM event_kinds_view ORDER BY count DESC
+
+-- Active subscriptions
+SELECT * FROM active_subscriptions_log ORDER BY created_at DESC
+
+-- Database statistics
+SELECT
+  (SELECT COUNT(*) FROM events) as total_events,
+  (SELECT COUNT(*) FROM subscription_events) as total_subscriptions
 ```