v0.3.15 - How can administration take so long

AGENTS.md

@@ -27,7 +27,7 @@
 ## Critical Integration Issues
 
 ### Event-Based Configuration System
-- **No traditional config files** - all configuration stored as kind 33334 Nostr events
+- **No traditional config files** - all configuration stored in config table
 - Admin private key shown **only once** on first startup
 - Configuration changes require cryptographically signed events
 - Database path determined by generated relay pubkey
@@ -35,7 +35,7 @@
 ### First-Time Startup Sequence
 1. Relay generates admin keypair and relay keypair
 2. Creates database file with relay pubkey as filename
-3. Stores default configuration as kind 33334 event
+3. Stores default configuration in config table
 4. **CRITICAL**: Admin private key displayed once and never stored on disk
 
 ### Port Management
@@ -51,7 +51,7 @@
 ### Configuration Event Structure
 ```json
 {
-  "kind": 33334,
+  "kind": 23455,
   "content": "C Nostr Relay Configuration",
   "tags": [
     ["d", "<relay_pubkey>"],

README.md

@@ -76,6 +76,7 @@ All commands are sent as nip44 encrypted content. The following table lists all
 | **Auth Rules Management** |
 | `auth_add_blacklist` | `["blacklist", "pubkey", "abc123..."]` | Add pubkey to blacklist |
 | `auth_add_whitelist` | `["whitelist", "pubkey", "def456..."]` | Add pubkey to whitelist |
+| `auth_delete_rule` | `["delete_auth_rule", "blacklist", "pubkey", "abc123..."]` | Delete specific auth rule |
 | `auth_query_all` | `["auth_query", "all"]` | Query all auth rules |
 | `auth_query_type` | `["auth_query", "whitelist"]` | Query specific rule type |
 | `auth_query_pattern` | `["auth_query", "pattern", "abc123..."]` | Query specific pattern |

make_and_restart_relay.sh

@@ -282,14 +282,14 @@ cd build
 # Start relay in background and capture its PID
 if [ "$USE_TEST_KEYS" = true ]; then
     echo "Using deterministic test keys for development..."
-    ./$(basename $BINARY_PATH) -a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -r 1111111111111111111111111111111111111111111111111111111111111111 > ../relay.log 2>&1 &
+    ./$(basename $BINARY_PATH) -a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -r 1111111111111111111111111111111111111111111111111111111111111111 --strict-port > ../relay.log 2>&1 &
 elif [ -n "$RELAY_ARGS" ]; then
     echo "Starting relay with custom configuration..."
-    ./$(basename $BINARY_PATH) $RELAY_ARGS > ../relay.log 2>&1 &
+    ./$(basename $BINARY_PATH) $RELAY_ARGS --strict-port > ../relay.log 2>&1 &
 else
     # No command line arguments needed for random key generation
     echo "Starting relay with random key generation..."
-    ./$(basename $BINARY_PATH) > ../relay.log 2>&1 &
+    ./$(basename $BINARY_PATH) --strict-port > ../relay.log 2>&1 &
 fi
 RELAY_PID=$!
 # Change back to original directory

relay.pid

@@ -1 +1 @@
-301669
+659207

src/config.h

@@ -98,6 +98,7 @@ typedef struct {
     int port_override;  // -1 = not set, >0 = port value
     char admin_privkey_override[65];  // Empty string = not set, 64-char hex = override
     char relay_privkey_override[65];  // Empty string = not set, 64-char hex = override
+    int strict_port;  // 0 = allow port increment, 1 = fail if exact port unavailable
 } cli_options_t;
 
 // Global unified configuration cache
@@ -172,10 +173,10 @@ int process_admin_auth_event(cJSON* event, char* error_message, size_t error_siz
 int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_size, struct lws* wsi);
 int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_message, size_t error_size, struct lws* wsi);
 int handle_system_command_unified(cJSON* event, const char* command, char* error_message, size_t error_size, struct lws* wsi);
-int handle_auth_rule_modification_unified(cJSON* event, char* error_message, size_t error_size);
+int handle_auth_rule_modification_unified(cJSON* event, char* error_message, size_t error_size, struct lws* wsi);
 
-// WebSocket response functions
+// Admin response functions
-int send_websocket_response_data(cJSON* event, cJSON* response_data, struct lws* wsi);
+int send_admin_response_event(const cJSON* response_data, const char* recipient_pubkey, struct lws* wsi);
 cJSON* build_query_response(const char* query_type, cJSON* results_array, int total_count);
 
 // Auth rules management functions

src/default_config_event.h

@@ -8,8 +8,7 @@
  * Default Configuration Event Template
  * 
  * This header contains the default configuration values for the C Nostr Relay.
- * These values are used to create the initial kind 33334 configuration event
+ * These values are used to populate the config table during first-time startup.
- * during first-time startup.
  * 
  * IMPORTANT: These values should never be accessed directly by other parts
  * of the program. They are only used during initial configuration event creation.

src/main.c

@@ -224,10 +224,7 @@ int handle_event_message(cJSON* event, char* error_message, size_t error_size);
 // Forward declaration for unified validation
 int nostr_validate_unified_request(const char* json_string, size_t json_length);
 
-// Forward declaration for configuration event handling (kind 33334)
+// Forward declaration for admin event processing (kinds 23455 and 23456)
-int handle_configuration_event(cJSON* event, char* error_message, size_t error_size);
-
-// Forward declaration for admin event processing (kinds 33334 and 33335)
 int process_admin_event_in_config(cJSON* event, char* error_message, size_t error_size, struct lws* wsi);
 
 // Forward declaration for enhanced admin event authorization
@@ -3035,7 +3032,7 @@ int is_authorized_admin_event(cJSON* event, char* error_buffer, size_t error_buf
     }
     
     int event_kind = kind_json->valueint;
-    if (event_kind != 33334 && event_kind != 33335 && event_kind != 23455 && event_kind != 23456) {
+    if (event_kind != 23455 && event_kind != 23456) {
         snprintf(error_buffer, error_buffer_size, "Event kind %d is not an admin event type", event_kind);
         return -1;
     }
@@ -3203,11 +3200,18 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
                     memcpy(message, in, len);
                     message[len] = '\0';
                     
-                    log_info("Received WebSocket message");
+                    // Parse JSON message (this is the normal program flow)
-                    
-                    // Parse JSON message
                     cJSON* json = cJSON_Parse(message);
                     if (json && cJSON_IsArray(json)) {
+                        // Log the complete parsed JSON message once
+                        char* complete_message = cJSON_Print(json);
+                        if (complete_message) {
+                            char debug_msg[2048];
+                            snprintf(debug_msg, sizeof(debug_msg),
+                                     "Received complete WebSocket message: %s", complete_message);
+                            log_info(debug_msg);
+                            free(complete_message);
+                        }
                         // Get message type
                         cJSON* type = cJSON_GetArrayItem(json, 0);
                         if (type && cJSON_IsString(type)) {
@@ -3349,7 +3353,7 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
                                     // Cleanup event JSON string
                                     free(event_json_str);
                                     
-                                    // Check for admin events (kinds 33334, 33335, 23455, and 23456) and intercept them
+                                    // Check for admin events (kinds 23455 and 23456) and intercept them
                                     if (result == 0) {
                                         cJSON* kind_obj = cJSON_GetObjectItem(event, "kind");
                                         if (kind_obj && cJSON_IsNumber(kind_obj)) {
@@ -3371,7 +3375,7 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
                                                 }
                                             }
                                             
-                                            if (event_kind == 33334 || event_kind == 33335 || event_kind == 23455 || event_kind == 23456) {
+                                            if (event_kind == 23455 || event_kind == 23456) {
                                                 // Enhanced admin event security - check authorization first
                                                 log_info("DEBUG ADMIN: Admin event detected, checking authorization");
                                                 
@@ -3690,7 +3694,7 @@ int check_port_available(int port) {
 }
 
 // Start libwebsockets-based WebSocket Nostr relay server
-int start_websocket_relay(int port_override) {
+int start_websocket_relay(int port_override, int strict_port) {
     struct lws_context_creation_info info;
 
     log_info("Starting libwebsockets-based Nostr relay server...");
@@ -3700,7 +3704,7 @@ int start_websocket_relay(int port_override) {
     int configured_port = (port_override > 0) ? port_override : get_config_int("relay_port", DEFAULT_PORT);
     int actual_port = configured_port;
     int port_attempts = 0;
-    const int max_port_attempts = 5;
+    const int max_port_attempts = 10;  // Increased from 5 to 10
 
     // Minimal libwebsockets configuration
     info.protocols = protocols;
@@ -3719,8 +3723,8 @@ int start_websocket_relay(int port_override) {
     // Max payload size for Nostr events
     info.max_http_header_data = 4096;
 
-    // Find an available port with pre-checking
+    // Find an available port with pre-checking (or fail immediately in strict mode)
-    while (port_attempts < max_port_attempts) {
+    while (port_attempts < (strict_port ? 1 : max_port_attempts)) {
         char attempt_msg[256];
         snprintf(attempt_msg, sizeof(attempt_msg), "Checking port availability: %d", actual_port);
         log_info(attempt_msg);
@@ -3728,7 +3732,13 @@ int start_websocket_relay(int port_override) {
         // Pre-check if port is available
         if (!check_port_available(actual_port)) {
             port_attempts++;
-            if (port_attempts < max_port_attempts) {
+            if (strict_port) {
+                char error_msg[256];
+                snprintf(error_msg, sizeof(error_msg),
+                         "Strict port mode: port %d is not available", actual_port);
+                log_error(error_msg);
+                return -1;
+            } else if (port_attempts < max_port_attempts) {
                 char retry_msg[256];
                 snprintf(retry_msg, sizeof(retry_msg), "Port %d is in use, trying port %d (attempt %d/%d)",
                          actual_port, actual_port + 1, port_attempts + 1, max_port_attempts);
@@ -3767,7 +3777,13 @@ int start_websocket_relay(int port_override) {
         log_warning(lws_error_msg);
         
         port_attempts++;
-        if (port_attempts < max_port_attempts) {
+        if (strict_port) {
+            char error_msg[256];
+            snprintf(error_msg, sizeof(error_msg),
+                     "Strict port mode: failed to bind to port %d", actual_port);
+            log_error(error_msg);
+            break;
+        } else if (port_attempts < max_port_attempts) {
             actual_port++;
             continue;
         }
@@ -3833,6 +3849,7 @@ void print_usage(const char* program_name) {
     printf("  -p, --port PORT          Override relay port (first-time startup only)\n");
     printf("  -a, --admin-privkey HEX  Override admin private key (64-char hex)\n");
     printf("  -r, --relay-privkey HEX  Override relay private key (64-char hex)\n");
+    printf("  --strict-port            Fail if exact port is unavailable (no port increment)\n");
     printf("\n");
     printf("Configuration:\n");
     printf("  This relay uses event-based configuration stored in the database.\n");
@@ -3841,10 +3858,16 @@ void print_usage(const char* program_name) {
     printf("  After initial setup, all configuration is managed via database events.\n");
     printf("  Database file: <relay_pubkey>.db (created automatically)\n");
     printf("\n");
+    printf("Port Binding:\n");
+    printf("  Default: Try up to 10 consecutive ports if requested port is busy\n");
+    printf("  --strict-port: Fail immediately if exact requested port is unavailable\n");
+    printf("\n");
     printf("Examples:\n");
     printf("  %s                       # Start relay (auto-configure on first run)\n", program_name);
     printf("  %s -p 8080              # First-time setup with port 8080\n", program_name);
     printf("  %s --port 9000          # First-time setup with port 9000\n", program_name);
+    printf("  %s --strict-port        # Fail if default port 8888 is unavailable\n", program_name);
+    printf("  %s -p 8080 --strict-port # Fail if port 8080 is unavailable\n", program_name);
     printf("  %s --help               # Show this help\n", program_name);
     printf("  %s --version            # Show version info\n", program_name);
     printf("\n");
@@ -3863,7 +3886,8 @@ int main(int argc, char* argv[]) {
     cli_options_t cli_options = {
         .port_override = -1,  // -1 = not set
         .admin_privkey_override = {0},  // Empty string = not set
-        .relay_privkey_override = {0}   // Empty string = not set
+        .relay_privkey_override = {0},   // Empty string = not set
+        .strict_port = 0  // 0 = allow port increment (default)
     };
     
     // Parse command line arguments
@@ -3958,6 +3982,10 @@ int main(int argc, char* argv[]) {
             i++; // Skip the key argument
             
             log_info("Relay private key override specified");
+        } else if (strcmp(argv[i], "--strict-port") == 0) {
+            // Strict port mode option
+            cli_options.strict_port = 1;
+            log_info("Strict port mode enabled - will fail if exact port is unavailable");
         } else {
             log_error("Unknown argument. Use --help for usage information.");
             print_usage(argv[0]);
@@ -4179,7 +4207,7 @@ int main(int argc, char* argv[]) {
     log_info("Starting relay server...");
     
     // Start WebSocket Nostr relay server (port from configuration)
-    int result = start_websocket_relay(-1);  // Let config system determine port
+    int result = start_websocket_relay(-1, cli_options.strict_port);  // Let config system determine port, pass strict_port flag
     
     // Cleanup
     cleanup_relay_info();

src/sql_schema.h

@@ -12,7 +12,7 @@
 static const char* const EMBEDDED_SCHEMA_SQL = 
 "-- C Nostr Relay Database Schema\n\
 -- SQLite schema for storing Nostr events with JSON tags support\n\
--- Event-based configuration system using kind 33334 Nostr events\n\
+-- Configuration system using config table\n\
 \n\
 -- Schema version tracking\n\
 PRAGMA user_version = 7;\n\

tests/white_black_list_test.sh

@@ -117,7 +117,7 @@ generate_test_keypair() {
     
     echo "$pubkey" > "$pubkey_file"
     
-    log_info "Generated keypair for $name: pubkey=${pubkey:0:16}..."
+    log_info "Generated keypair for $name: pubkey=$pubkey"
     
     # Export for use in calling functions
     eval "${name}_PRIVKEY=\"$privkey\""
@@ -135,7 +135,9 @@ encrypt_nip44_content() {
         return 1
     fi
     
-    # log_info "DEBUG: Encrypting content: $content"
+    log_info "DEBUG: About to encrypt content: '$content'" >&2
+    log_info "DEBUG: Sender privkey: $sender_privkey" >&2
+    log_info "DEBUG: Receiver pubkey: $receiver_pubkey" >&2
     
     # Use nak to perform NIP-44 encryption with correct syntax:
     # nak encrypt --recipient-pubkey <pubkey> --sec <private_key> [plaintext]
@@ -145,13 +147,24 @@ encrypt_nip44_content() {
     if [ $? -ne 0 ] || [ -z "$encrypted_content" ]; then
         log_error "Failed to encrypt content with NIP-44"
         log_error "Content: $content"
-        log_error "Sender privkey: ${sender_privkey:0:16}..."
+        log_error "Sender privkey: $sender_privkey"
-        log_error "Receiver pubkey: ${receiver_pubkey:0:16}..."
+        log_error "Receiver pubkey: $receiver_pubkey"
         return 1
     fi
     
-    # log_info "DEBUG: Encrypted content: $encrypted_content"
+    # Validate that encrypted content is valid base64 and doesn't contain problematic characters
-    # log_info "Successfully encrypted content with NIP-44"
+    if ! echo "$encrypted_content" | grep -q '^[A-Za-z0-9+/]*=*$'; then
+        log_error "Encrypted content contains invalid characters for JSON: $encrypted_content"
+        return 1
+    fi
+    
+    # Check if encrypted content is valid UTF-8/base64
+    if ! echo "$encrypted_content" | base64 -d >/dev/null 2>&1; then
+        log_warning "Encrypted content may not be valid base64: $encrypted_content"
+    fi
+    
+    log_info "DEBUG: Encrypted content: $encrypted_content" >&2
+    log_info "Successfully encrypted content with NIP-44" >&2
     echo "$encrypted_content"
     return 0
 }
@@ -167,7 +180,7 @@ decrypt_nip44_content() {
         return 1
     fi
     
-    log_info "DEBUG: Decrypting content: ${encrypted_content:0:32}..."
+    log_info "DEBUG: Decrypting content: $encrypted_content"
     
     # Use nak to perform NIP-44 decryption with correct syntax:
     # nak decrypt --sender-pubkey <pubkey> --sec <private_key> [encrypted_content]
@@ -176,9 +189,9 @@ decrypt_nip44_content() {
     
     if [ $? -ne 0 ] || [ -z "$decrypted_content" ]; then
         log_error "Failed to decrypt content with NIP-44"
-        log_error "Encrypted content: ${encrypted_content:0:32}..."
+        log_error "Encrypted content: $encrypted_content"
-        log_error "Receiver privkey: ${receiver_privkey:0:16}..."
+        log_error "Receiver privkey: $receiver_privkey"
-        log_error "Sender pubkey: ${sender_pubkey:0:16}..."
+        log_error "Sender pubkey: $sender_pubkey"
         return 1
     fi
     
@@ -196,7 +209,7 @@ send_websocket_message() {
     # Use websocat to send message and capture response (following pattern from tests/1_nip_test.sh)
     local response=""
     if command -v websocat &> /dev/null; then
-        response=$(echo "$message" | timeout "$timeout" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
+        response=$(printf '%s\n' "$message" | timeout "$timeout" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
         
         # Check if connection failed
         if [[ "$response" == *"Connection failed"* ]]; then
@@ -220,22 +233,54 @@ send_admin_event() {
     local timeout_seconds="${3:-10}"
     
     log_info "Sending admin event: $description"
-    log_info "DEBUG: Full event JSON: $event_json"
     
-    # Create EVENT message
+    # Create EVENT message using jq to properly handle special characters
-    local event_message="[\"EVENT\",$event_json]"
+    local event_message
-    log_info "DEBUG: Full EVENT message: $event_message"
+    event_message=$(jq -n --argjson event "$event_json" '["EVENT", $event]')
     
-    # Send event using websocat (following 1_nip_test.sh pattern)
+    # Validate that the event message is valid UTF-8 (temporarily disabled for debugging)
+    # if ! echo "$event_message" | iconv -f utf-8 -t utf-8 >/dev/null 2>&1; then
+    #     log_error "Event message contains invalid UTF-8 characters"
+    #     return 1
+    # fi
+    
+    # Use websocat to send event and capture OK response
     local response=""
     if command -v websocat &> /dev/null; then
-        log_info "DEBUG: About to send to relay: $event_message"
+        log_info "Sending event using websocat..."
-        response=$(echo "$event_message" | timeout "$timeout_seconds" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
         
-        # Check if connection failed
+        # Debug: Show what we're sending
-        if [[ "$response" == *"Connection failed"* ]]; then
+        log_info "DEBUG: Event message being sent: $event_message"
+        
+        # Write to temporary file to avoid shell interpretation issues
+        local temp_file="${TEMP_DIR}/event_message_$$"
+        printf '%s\n' "$event_message" > "$temp_file"
+        
+        # Send via websocat using file input with delay to receive response
+        response=$(timeout "$timeout_seconds" sh -c "cat '$temp_file'; sleep 0.5" | websocat "$RELAY_URL" 2>&1)
+        local websocat_exit_code=$?
+        
+        # Clean up temp file
+        rm -f "$temp_file"
+        
+        log_info "DEBUG: Websocat exit code: $websocat_exit_code"
+        log_info "DEBUG: Websocat response: $response"
+        
+        # Check for specific websocat errors
+        if [[ "$response" == *"UTF-8 failure"* ]]; then
+            log_error "UTF-8 encoding error in event data for $description"
+            log_error "Event message: $event_message"
+            return 1
+        elif [[ "$response" == *"Connection failed"* ]] || [[ "$response" == *"Connection refused"* ]] || [[ "$response" == *"timeout"* ]]; then
             log_error "Failed to connect to relay for $description"
             return 1
+        elif [[ "$response" == *"error running"* ]]; then
+            log_error "Websocat error for $description: $response"
+            return 1
+        elif [ $websocat_exit_code -eq 0 ]; then
+            log_info "Event sent successfully via websocat"
+        else
+            log_warning "Websocat returned exit code $websocat_exit_code"
         fi
         
     else
@@ -254,8 +299,9 @@ send_admin_query() {
     
     log_info "Sending admin query: $description"
     
-    # Create EVENT message
+    # Create EVENT message using jq to properly handle special characters
-    local event_message="[\"EVENT\",$event_json]"
+    local event_message
+    event_message=$(jq -n --argjson event "$event_json" '["EVENT", $event]')
     
     # For queries, we need to also send a REQ to get the response
     local sub_id="admin_query_$(date +%s)"
@@ -265,7 +311,7 @@ send_admin_query() {
     # Send query event and subscription in sequence
     local response=""
     if command -v websocat &> /dev/null; then
-        response=$(echo -e "$event_message\n$req_message\n$close_message" | timeout "$timeout_seconds" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
+        response=$(printf '%s\n%s\n%s\n' "$event_message" "$req_message" "$close_message" | timeout "$timeout_seconds" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
         
         # Check if connection failed
         if [[ "$response" == *"Connection failed"* ]]; then
@@ -321,7 +367,7 @@ send_auth_rule_event() {
     local pattern_value="$4" # actual pubkey or hash value
     local description="$5"   # optional description
     
-    log_info "Creating auth rule event: $action $rule_type $pattern_type ${pattern_value:0:16}..."
+    log_info "Creating auth rule event: $action $rule_type $pattern_type $pattern_value"
     
     # Create command array according to README.md API specification
     # Format: ["blacklist", "pubkey", "abc123..."] or ["whitelist", "pubkey", "def456..."]
@@ -430,7 +476,7 @@ test_event_publishing() {
     log_info "Testing event publishing: $description"
     
     # Create a simple test event (kind 1 - text note) using nak like NIP-42 test
-    local test_content="Test message from ${test_pubkey:0:16}... at $(date)"
+    local test_content="Test message from $test_pubkey at $(date)"
     local test_event
     test_event=$(nak event -k 1 --content "$test_content" --sec "$test_privkey" 2>/dev/null)
     
@@ -442,7 +488,7 @@ test_event_publishing() {
     # Send the event using nak directly (more reliable than websocat)
     log_info "Publishing test event to relay..."
     local result
-    result=$(echo "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
+    result=$(printf '%s\n' "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
     local exit_code=$?
     
     log_info "Event publishing result: $result"
@@ -545,15 +591,17 @@ test_admin_authentication() {
         return
     fi
     
-    # Send admin event
+    # Send admin event using the proper admin event function
-    local message="[\"EVENT\",$config_event]"
     local response
-    response=$(send_websocket_message "$message" 10)
+    response=$(send_admin_event "$config_event" "admin authentication test")
+    local exit_code=$?
     
-    if echo "$response" | grep -q '"OK".*true'; then
+    log_info "Admin authentication result: $response"
+    
+    if [ $exit_code -eq 0 ] && echo "$response" | grep -q '"OK".*true'; then
         pass_test "Admin authentication successful"
     else
-        fail_test "Admin authentication failed: $response"
+        fail_test "Admin authentication failed: $response (exit code: $exit_code)"
     fi
 }
 
@@ -786,14 +834,14 @@ test_hash_blacklist() {
         return
     fi
     
-    log_info "Testing hash blacklist with event ID: ${event_id:0:16}..."
+    log_info "Testing hash blacklist with event ID: $event_id"
     
     # Add the event ID to hash blacklist
     if send_auth_rule_event "add" "blacklist" "hash" "$event_id" "Test hash blacklist"; then
         # Try to publish the same event using nak - should be blocked
         log_info "Attempting to publish blacklisted event..."
         local result
-        result=$(echo "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
+        result=$(printf '%s\n' "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
         local exit_code=$?
         
         if [ $exit_code -ne 0 ] || echo "$result" | grep -q -i "blocked\|denied\|rejected\|blacklist"; then
@@ -922,7 +970,7 @@ run_all_tests() {
 
     clear_all_auth_rules
     
-    # test_admin_authentication
+    test_admin_authentication
     # test_auth_rules_storage_query
     # test_basic_whitelist
     # test_basic_blacklist
@@ -980,7 +1028,7 @@ main() {
     echo ""
     
     # Check if relay is running - using websocat like the working tests
-    if ! echo '["REQ","connection_test",{}]' | timeout 5 websocat "$RELAY_URL" >/dev/null 2>&1; then
+    if ! printf '%s\n' '["REQ","connection_test",{}]' | timeout 5 websocat "$RELAY_URL" >/dev/null 2>&1; then
         log_error "Cannot connect to relay at $RELAY_URL"
         log_error "Please ensure the C-Relay server is running in test mode"
         exit 1