v0.8.4 - Updated increment_and_push.sh

NOSTR_RELEASE.md

@@ -0,0 +1,65 @@
+# Relay
+
+I am releasing the code for the nostr relay that I wrote use myself. The code is free for anyone to use in any way that they wish.
+
+Some of the features of this relay are conventional, and some are unconventional.
+
+## The conventional
+
+This relay is written in C99 with a sqlite database.
+
+It implements the following NIPs.
+
+- [x] NIP-01: Basic protocol flow implementation
+- [x] NIP-09: Event deletion
+- [x] NIP-11: Relay information document
+- [x] NIP-13: Proof of Work
+- [x] NIP-15: End of Stored Events Notice
+- [x] NIP-20: Command Results
+- [x] NIP-33: Parameterized Replaceable Events
+- [x] NIP-40: Expiration Timestamp
+- [x] NIP-42: Authentication of clients to relays
+- [x] NIP-45: Counting results
+- [x] NIP-50: Keywords filter
+- [x] NIP-70: Protected Events
+
+## The unconventional
+
+### The binaries are fully self contained.
+
+It should just run in linux without having to worry about what you have on your system. I want to download and run. No docker. No dependency hell.
+
+I'm not bothering with other operating systems.
+
+### The relay is a full nostr citizen with it's own public and private keys.
+
+For example, you can see my relay's profile (wss://relay.laantungir.net) running here:
+
+[Primal link](https://primal.net/p/nprofile1qqswn2jsmm8lq8evas0v9vhqkdpn9nuujt90mtz60nqgsxndy66es4qjjnhr7)
+
+What this means in practice is that when you start the relay, it generates keys for itself, and for it's administrator (You can specify these if you wish)
+
+Now the program and the administrator can have verifed communication between the two, simply by using nostr events. For example, the administrator can send DMs to the relay, asking it's status, and changing it's configuration through any client that can handle nip17 DMs. The relay can also send notifications to the administrator about it's current status, or it can publish it's status on a regular schedule directly to NOSTR as kind-1 notes.
+
+Also included is a more standard administrative web front end. This front end communicates to the relay using an extensive api, which again is nostr events signed by the administrator. You can completely control the relay through signed nostr events.
+
+## Screenshots
+
+![](https://git.laantungir.net/laantungir/c-relay/raw/branch/master/screenshots/main.png)
+Main page with real time updates.
+
+![](https://git.laantungir.net/laantungir/c-relay/raw/branch/master/screenshots/config.png)
+Set your configuration preferences.
+
+![](https://git.laantungir.net/laantungir/c-relay/raw/branch/master/screenshots/subscriptions.png)
+View current subscriptions
+
+![](https://git.laantungir.net/laantungir/c-relay/raw/branch/master/screenshots/white-blacklists.png)
+Add npubs to white or black lists.
+
+![](https://git.laantungir.net/laantungir/c-relay/raw/branch/master/screenshots/sqlQuery.png)
+Run sql queries on the database.
+
+![](https://git.laantungir.net/laantungir/c-relay/raw/branch/master/screenshots/main-light.png)
+Light mode.
+

api/index.js

@@ -93,10 +93,11 @@ function log(message, type = 'INFO') {
 
 
 // NIP-59 helper: randomize created_at to thwart time-analysis (past 2 days)
+// TEMPORARILY DISABLED: Using current timestamp for debugging
 function randomNow() {
-    const TWO_DAYS = 2 * 24 * 60 * 60; // 172800 seconds
+    // const TWO_DAYS = 2 * 24 * 60 * 60; // 172800 seconds
     const now = Math.round(Date.now() / 1000);
-    return Math.round(now - Math.random() * TWO_DAYS);
+    return now; // Math.round(now - Math.random() * TWO_DAYS);
 }
 
 // Safe JSON parse with error handling
@@ -1250,7 +1251,7 @@ async function processAdminResponse(event) {
             throw new Error('Failed to decrypt admin response content');
         }
 
-        console.log('Decrypted admin response:', decryptedContent);
+        // console.log('Decrypted admin response:', decryptedContent);
 
         // Try to parse as JSON first, if it fails treat as plain text
         let responseData;
@@ -4033,9 +4034,9 @@ function updateStatsFromTimeMonitoringEvent(monitoringData) {
 
             // Extract values from periods array
             monitoringData.periods.forEach(period => {
-                if (period.period === '24h') timeStats.last_24h = period.count;
-                else if (period.period === '7d') timeStats.last_7d = period.count;
-                else if (period.period === '30d') timeStats.last_30d = period.count;
+                if (period.period === 'last_24h') timeStats.last_24h = period.count;
+                else if (period.period === 'last_7d') timeStats.last_7d = period.count;
+                else if (period.period === 'last_30d') timeStats.last_30d = period.count;
             });
 
             populateStatsTime({ time_stats: timeStats });
@@ -4069,7 +4070,7 @@ function updateStatsFromTopPubkeysMonitoringEvent(monitoringData) {
 function updateStatsFromSubscriptionDetailsMonitoringEvent(monitoringData) {
     try {
         // DEBUG: Log every subscription_details event that arrives at the webpage
-        console.log('subscription_details', JSON.stringify(monitoringData, null, 2));
+        // console.log('subscription_details', JSON.stringify(monitoringData, null, 2));
         console.log('subscription_details decoded:', monitoringData);
 
         if (monitoringData.data_type !== 'subscription_details') {
@@ -4779,7 +4780,7 @@ const SQL_QUERY_TEMPLATES = {
   subscriptions: "SELECT * FROM active_subscriptions_log ORDER BY created_at DESC",
   top_pubkeys: "SELECT * FROM top_pubkeys_view",
   event_kinds: "SELECT * FROM event_kinds_view ORDER BY count DESC",
-  time_stats: "SELECT * FROM time_stats_view"
+  time_stats: "SELECT 'total' as period, COUNT(*) as total_events, COUNT(DISTINCT pubkey) as unique_pubkeys, MIN(created_at) as oldest_event, MAX(created_at) as newest_event FROM events UNION ALL SELECT '24h' as period, COUNT(*) as total_events, COUNT(DISTINCT pubkey) as unique_pubkeys, MIN(created_at) as oldest_event, MAX(created_at) as newest_event FROM events WHERE created_at >= (strftime('%s', 'now') - 86400) UNION ALL SELECT '7d' as period, COUNT(*) as total_events, COUNT(DISTINCT pubkey) as unique_pubkeys, MIN(created_at) as oldest_event, MAX(created_at) as newest_event FROM events WHERE created_at >= (strftime('%s', 'now') - 604800) UNION ALL SELECT '30d' as period, COUNT(*) as total_events, COUNT(DISTINCT pubkey) as unique_pubkeys, MIN(created_at) as oldest_event, MAX(created_at) as newest_event FROM events WHERE created_at >= (strftime('%s', 'now') - 2592000)"
 };
 
 // Query history management (localStorage)

debug.log

@@ -1,24 +0,0 @@
-
-=== NOSTR WebSocket Debug Log Started ===
-[14:16:28.243] SEND localhost:8888: ["EVENT", {
-		"pubkey":	"193279d1459ba1399aadb954422bf8595aa77367dccf482c682f5f208e435844",
-		"created_at":	1761499411,
-		"kind":	1059,
-		"tags":	[["p", "4f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa"]],
-		"content":	"AmWNi4P5J126kk69XH2o5mYvGj+69+Fjfr/nZx892I2z8edkwtp2IH7XAnPUqdGPu7x1xiZF1sNfr21VKThOhE54K/uQHLFydZN3acgUfX13sCeWhrvnQD0EvjvZC6QzW9DfFayYoYl+rEPYcra1/N68a+N1R7XnNcf1K/ZFh5Grcnln0H5YdXKRBhQI9aai4iFp1VGy2V0IR+6gDJGbJ7TbAbD3wgGWv1i77C03skH3RgzH+f2b7VBtm+vjKX6q7v6v8j3w1lRFE5Qh0Tqgedh3+UsnwqQta7OCzF9OyAVPK7EqKQBss5LzYSRUpcCE1vw5b7I7yeBFwU9WfnGLUW+uZxMJ2C3P4NBBrVO8UFIkBrPL2cqkoD5c8DgMLJjXGmc4EWfB4ZWb3KjbfLbgi6DVQ++cDjBbnCOPhX+/4qOnWq+gI28e/xk3cBvQtgUOkvWX3oGl3/Q33u4UGtxkFEXGfzdKHVDkR86kqf7RMZjIwTjLGpx4uov0cNmzj07hYEdoG/lJ4yA1v/GyF7viJdnnz3tE0hCZaViqSCev0rfUHWRDDMXJzJ9SS+OwpVswSG4NKvYsDhDM89BjhFs08HshTFdIh2AY45jR/16CsZM9JudH5BwqcX23wToYdZ+lrerOA0EkYb0DJUzGVe4lMpdJZoB8qXLHxMAKwKu0UEWEkeBnnZbvTGwCRbfGorxwPrnyqUCy9tzJx0GOLhRIzBmt6lki607VLDYjK97VIz0dff3fyWPAfy/yBlO2nHhVubUgpPaAjcaYNkO/iZwuP8oJkClWWmKwAQoNoxt+Ly2llrkz+Ne8oXMQdJSq416x6MLHo2JbKH8uwjx0yKG0oldLyWaz3A8OHYkJuxOi7HPVTlOOJrsjG4kMn2g97rVUXLs5v9F/StOjzxtiQWmCBtCsvK2LEEK/DzfavcJstEMxQztJjhiYRO3MJanL7lN2zu1ZHO149FJrgqGV6RQ8DDXf55yuabqHilBuUSDKpI0gl0+Efuor1my+L9J7MjJQ83aSwGizX7uXedMsGQRcvU3++Uvbw7sd2l67fb7IoYU04TPGZkIm120qwf7GAUpnDL7Lhulu/9LFMFs3UnGl9cLzY6EAJtDANHjMAoXbGbYclnoSiNW4yr3X9PBHO5o2YhIxfpTyEgLebJLOkzoziuCTpX8/MdhOhFtlIyo5B8Mbt5GDOHh4x1ZMKOl02J00Vvgui0hLw4Vri8Lz/ErPIRSlrEOB+8K5zPzJy/bD8XrOKlOwSbF5j9dsqs+8uCTC/v9YNQ0cC9wP7gVAxErQ3suJVeV7pzY+eGR051AcW7ppTs1gShhxDDaSaKdMlrkBdFDZcCJ+tomSgW56bOi45erpmk8Lcv4RrBzjBtq1hz+XSaTBAtEnGtHNH2uOn7KP/NNaD38dYkpb3N1VR3zuV67RcuPZeB+5WR9jhnLoSMGox2s=",
-		"id":	"c6c18d902744fc0aaa4ca9172b3bcd0dde3fd7d943b41b2a39a16927ede67804",
-		"sig":	"d67e0e914aa361c528510efd216548b6734a5fa68c46426571fbc87626bf19a9ec46e16883e7fad700f4fee5cfffd9bba03c3c08e57938fbca77a28b30a32bb7"
-	}]
-[14:16:28.256] RECV localhost:8888: ["OK", "c6c18d902744fc0aaa4ca9172b3bcd0dde3fd7d943b41b2a39a16927ede67804", true, ""]
-
-=== NOSTR WebSocket Debug Log Started ===
-[15:01:18.592] SEND localhost:8888: ["EVENT", {
-		"pubkey":	"ec9578ade9e74358ed35d8091d41bfa277e86d649614a8865e3725e38ebe5bc9",
-		"created_at":	1761502101,
-		"kind":	1059,
-		"tags":	[["p", "4f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa"]],
-		"content":	"AlgLnVwti8Dk2nu0e4bMrXeZiR/u+RPnA85kpts2svaFGfMByS4iap7xqdiSrXpSQPjQsix6jP9Qiy1a6rrvC6MutqTi3JfsMexLR61/ZKTK41sWTXNDTT3keH543vx3fVQH1mq+LgG4mjNzkPe0RqkYFvC8R0nxyAcCecHDxZUlmXQmAGiB5JB2GvstA4eoZLP1OI3fcLA3qaITLNRJOwRUoTYKqUkENHwz74CW0TnYDrKRZVe9zKNWQBLmtsgVoGd5CXNAVgXwmm2h0eCNIcRGnFqDHzpegpEGO+A7tvB0KJwlj4j/GmRgmnWO4pkrM2fmsTdlb5KNqe7NPuTVgYfdvld70zWpenp7jF/0psaEQEl8R7FbG2rNCv8fXtH+womvJQj4S0eUBxfvsUU1wWYmhusEzvyTfpV/nw0Er+pmAUZ2eGk7LEB2GMsJrkT+G5oohm0n+5c72iWJqW9A1eAzjR6Z21FkH4kAEJOl70fw9Xeig+s9rYk3GcKlMvj42zf7DepMXHPy62TbqUeclcm5W/semyasGP521GBuw152IN+dS67OVVmEvEJ89xhwiTeIty78enR4Gq7d1eNK+rqStdtJ7FN6kD/8gv4sFojUXyi0sIxzaSPrwI3ohOqbpEK1dTs6fmTUiyT/Buq++IhD9UwsZgz/kYpZfm1NVnWx+yTEv4I1H80FDxmMzbYnTHuIdRJFeh/NJRy9h+gXoZlZnteHkbwm1w2AejTkVnGs2Pz7aUZgC+1Za8fhtXq3Z9N3R8f8gtVFnnjRzApg5U89QrXUBS0R6F9dTqINk4qti94JWO4dYcPuudCutME5hfCYBoo+LHuRmdPKry7vSK1WgLYQsHuG+r313Ak8DhZYNbL+0d5UJ9kDFlFKaP3xLahSbEc/7u+AyuN68IyM1NwEehllxqVUsX8dsD4bZ2yW5rVjAQm9tT8Ypm73kJEb+DYVqT0WjFx88ee+HX89a9NgszWf1HE1KNQ9gWjn4eH6xbwrOkS4/v2O2tQoAd00vyPKAWly3Zlrz2cRnrSnxTZ5Lt7HtwAt6Err8MhD/w5rMLXHTBCMrroG1VfMo1OgL1YPafKDZmwVcHWacqtZiB0heRx742WipmTonqMjCOTNufdwxQcRPLLio0mtqiIrzgJqqIQenBXSa1jaG6Lvb5PCUKThbg4sSFfgssoUNKM7ytmBAe+PPmOVe11/gGaFWoQeUordbvmiCtzIPUYiKsuhfeK4I3jKvEofQU37hOam8ZxUczXvX6dgOOto002EWyCVfAzFgyey6wI+FGEbhXqlw7nB+azpqLQMJnHg7pfb1stXk3d8rjgVrRsVRJe/5KrXyZ5cd7ftJuJLxpTYmfFu6CKoUE0L5eRxXiwa16Pi0BehxOLaZteiTzttyfj+ClMKs2J/2/T1BVya1oGUW2Wg6ri/qS8oXv8bqiXBZ1/BwfI=",
-		"id":	"ea5bb419a8efea8ee86bb8696406a70a0387a7d0ac6e60760026d1aea28b427f",
-		"sig":	"0ffde3fd0d83c80693aa656668f2553807f8d474738ff3d9676090a5b8748a8e8e0c75a1d64963e4604046e18a806c4371a9cf2af2fd72f9db50f15bc78a4e25"
-	}]
-[15:01:18.604] RECV localhost:8888: ["OK", "ea5bb419a8efea8ee86bb8696406a70a0387a7d0ac6e60760026d1aea28b427f", true, ""]

deploy_local.sh

@@ -4,16 +4,16 @@
 cp build/c_relay_x86 ~/Storage/c_relay/crelay
 
 # Copy the local service file to systemd
-sudo cp systemd/c-relay-local.service /etc/systemd/system/
+# sudo cp systemd/c-relay-local.service /etc/systemd/system/
 
 # Reload systemd daemon to pick up the new service
-sudo systemctl daemon-reload
+# sudo systemctl daemon-reload
 
 # Enable the service (if not already enabled)
-sudo systemctl enable c-relay-local.service
+# sudo systemctl enable c-relay-local.service
 
 # Restart the service
-sudo systemctl restart c-relay-local.service
+# sudo systemctl restart c-relay-local.service
 
 # Show service status
-sudo systemctl status c-relay-local.service --no-pager -l
+# sudo systemctl status c-relay-local.service --no-pager -l

docs/configuration_guide.md

@@ -175,6 +175,18 @@ Configuration events follow the standard Nostr event format with kind 33334:
 - **Impact**: Allows some flexibility in expiration timing
 - **Example**: `"600"` (10 minute grace period)
 
+### NIP-59 Gift Wrap Timestamp Configuration
+
+#### `nip59_timestamp_max_delay_sec`
+- **Description**: Controls timestamp randomization for NIP-59 gift wraps
+- **Default**: `"0"` (no randomization)
+- **Range**: `0` to `604800` (7 days)
+- **Impact**: Affects compatibility with other Nostr clients for direct messaging
+- **Values**:
+  - `"0"`: No randomization (maximum compatibility)
+  - `"1-604800"`: Random timestamp between now and N seconds ago
+- **Example**: `"172800"` (2 days randomization for privacy)
+
 ## Configuration Examples
 
 ### Basic Relay Setup

docs/nip59_timestamp_configuration_plan.md

@@ -0,0 +1,517 @@
+# NIP-59 Timestamp Configuration Implementation Plan
+
+## Overview
+Add configurable timestamp randomization for NIP-59 gift wraps to improve compatibility with Nostr apps that don't implement timestamp randomization.
+
+## Problem Statement
+The NIP-59 protocol specifies that timestamps on gift wraps should have randomness to prevent time-analysis attacks. However, some Nostr platforms don't implement this, causing compatibility issues with direct messaging (NIP-17).
+
+## Solution
+Add a configuration parameter `nip59_timestamp_max_delay_sec` that controls the maximum random delay applied to timestamps:
+- **Value = 0**: Use current timestamp (no randomization) for maximum compatibility
+- **Value > 0**: Use random timestamp between now and N seconds ago
+- **Default = 0**: Maximum compatibility mode (no randomization)
+
+## Implementation Approach: Option B (Direct Parameter Addition)
+We chose Option B because:
+1. Explicit and stateless - value flows through call chain
+2. Thread-safe by design
+3. No global state needed in nostr_core_lib
+4. DMs are sent rarely, so database query per call is acceptable
+
+---
+
+## Detailed Implementation Steps
+
+### Phase 1: Configuration Setup in c-relay
+
+#### 1.1 Add Configuration Parameter
+**File:** `src/default_config_event.h`
+**Location:** Line 82 (after `trust_proxy_headers`)
+
+```c
+// NIP-59 Gift Wrap Timestamp Configuration
+{"nip59_timestamp_max_delay_sec", "0"}  // Default: 0 (no randomization for compatibility)
+```
+
+**Rationale:**
+- Default of 0 seconds (no randomization) for maximum compatibility
+- Placed after proxy settings, before closing brace
+- Follows existing naming convention
+
+#### 1.2 Add Configuration Validation
+**File:** `src/config.c`
+**Function:** `validate_config_field()` (around line 923)
+
+Add validation case:
+```c
+else if (strcmp(key, "nip59_timestamp_max_delay_sec") == 0) {
+    long value = strtol(value_str, NULL, 10);
+    if (value < 0 || value > 604800) {  // Max 7 days
+        snprintf(error_msg, error_size, 
+                 "nip59_timestamp_max_delay_sec must be between 0 and 604800 (7 days)");
+        return -1;
+    }
+}
+```
+
+**Rationale:**
+- 0 = no randomization (compatibility mode)
+- 604800 = 7 days maximum (reasonable upper bound)
+- Prevents negative values or excessive delays
+
+---
+
+### Phase 2: Modify nostr_core_lib Functions
+
+#### 2.1 Update random_past_timestamp() Function
+**File:** `nostr_core_lib/nostr_core/nip059.c`
+**Current Location:** Lines 31-36
+
+**Current Code:**
+```c
+static time_t random_past_timestamp(void) {
+    time_t now = time(NULL);
+    // Random time up to 2 days (172800 seconds) in the past
+    long random_offset = (long)(rand() % 172800);
+    return now - random_offset;
+}
+```
+
+**New Code:**
+```c
+static time_t random_past_timestamp(long max_delay_sec) {
+    time_t now = time(NULL);
+    
+    // If max_delay_sec is 0, return current timestamp (no randomization)
+    if (max_delay_sec == 0) {
+        return now;
+    }
+    
+    // Random time up to max_delay_sec in the past
+    long random_offset = (long)(rand() % max_delay_sec);
+    return now - random_offset;
+}
+```
+
+**Changes:**
+- Add `long max_delay_sec` parameter
+- Handle special case: `max_delay_sec == 0` returns current time
+- Use `max_delay_sec` instead of hardcoded 172800
+
+#### 2.2 Update nostr_nip59_create_seal() Function
+**File:** `nostr_core_lib/nostr_core/nip059.c`
+**Current Location:** Lines 144-215
+
+**Function Signature Change:**
+```c
+// OLD:
+cJSON* nostr_nip59_create_seal(cJSON* rumor, 
+                               const unsigned char* sender_private_key,
+                               const unsigned char* recipient_public_key);
+
+// NEW:
+cJSON* nostr_nip59_create_seal(cJSON* rumor, 
+                               const unsigned char* sender_private_key,
+                               const unsigned char* recipient_public_key,
+                               long max_delay_sec);
+```
+
+**Code Change at Line 181:**
+```c
+// OLD:
+time_t seal_time = random_past_timestamp();
+
+// NEW:
+time_t seal_time = random_past_timestamp(max_delay_sec);
+```
+
+#### 2.3 Update nostr_nip59_create_gift_wrap() Function
+**File:** `nostr_core_lib/nostr_core/nip059.c`
+**Current Location:** Lines 220-323
+
+**Function Signature Change:**
+```c
+// OLD:
+cJSON* nostr_nip59_create_gift_wrap(cJSON* seal, 
+                                    const char* recipient_public_key_hex);
+
+// NEW:
+cJSON* nostr_nip59_create_gift_wrap(cJSON* seal, 
+                                    const char* recipient_public_key_hex,
+                                    long max_delay_sec);
+```
+
+**Code Change at Line 275:**
+```c
+// OLD:
+time_t wrap_time = random_past_timestamp();
+
+// NEW:
+time_t wrap_time = random_past_timestamp(max_delay_sec);
+```
+
+#### 2.4 Update nip059.h Header
+**File:** `nostr_core_lib/nostr_core/nip059.h`
+**Locations:** Lines 38-39 and 48
+
+**Update Function Declarations:**
+```c
+// Line 38-39: Update nostr_nip59_create_seal
+cJSON* nostr_nip59_create_seal(cJSON* rumor, 
+                               const unsigned char* sender_private_key,
+                               const unsigned char* recipient_public_key,
+                               long max_delay_sec);
+
+// Line 48: Update nostr_nip59_create_gift_wrap
+cJSON* nostr_nip59_create_gift_wrap(cJSON* seal, 
+                                    const char* recipient_public_key_hex,
+                                    long max_delay_sec);
+```
+
+**Update Documentation Comments:**
+```c
+/**
+ * NIP-59: Create a seal (kind 13) wrapping a rumor
+ *
+ * @param rumor The rumor event to seal (cJSON object)
+ * @param sender_private_key 32-byte sender private key
+ * @param recipient_public_key 32-byte recipient public key (x-only)
+ * @param max_delay_sec Maximum random delay in seconds (0 = no randomization)
+ * @return cJSON object representing the seal event, or NULL on error
+ */
+
+/**
+ * NIP-59: Create a gift wrap (kind 1059) wrapping a seal
+ *
+ * @param seal The seal event to wrap (cJSON object)
+ * @param recipient_public_key_hex Recipient's public key in hex format
+ * @param max_delay_sec Maximum random delay in seconds (0 = no randomization)
+ * @return cJSON object representing the gift wrap event, or NULL on error
+ */
+```
+
+---
+
+### Phase 3: Update NIP-17 Integration
+
+#### 3.1 Update nostr_nip17_send_dm() Function
+**File:** `nostr_core_lib/nostr_core/nip017.c`
+**Current Location:** Lines 260-320
+
+**Function Signature Change:**
+```c
+// OLD:
+int nostr_nip17_send_dm(cJSON* dm_event,
+                       const char** recipient_pubkeys,
+                       int num_recipients,
+                       const unsigned char* sender_private_key,
+                       cJSON** gift_wraps_out,
+                       int max_gift_wraps);
+
+// NEW:
+int nostr_nip17_send_dm(cJSON* dm_event,
+                       const char** recipient_pubkeys,
+                       int num_recipients,
+                       const unsigned char* sender_private_key,
+                       cJSON** gift_wraps_out,
+                       int max_gift_wraps,
+                       long max_delay_sec);
+```
+
+**Code Changes:**
+
+At line 281 (seal creation):
+```c
+// OLD:
+cJSON* seal = nostr_nip59_create_seal(dm_event, sender_private_key, recipient_public_key);
+
+// NEW:
+cJSON* seal = nostr_nip59_create_seal(dm_event, sender_private_key, recipient_public_key, max_delay_sec);
+```
+
+At line 287 (gift wrap creation):
+```c
+// OLD:
+cJSON* gift_wrap = nostr_nip59_create_gift_wrap(seal, recipient_pubkeys[i]);
+
+// NEW:
+cJSON* gift_wrap = nostr_nip59_create_gift_wrap(seal, recipient_pubkeys[i], max_delay_sec);
+```
+
+At line 306 (sender seal creation):
+```c
+// OLD:
+cJSON* sender_seal = nostr_nip59_create_seal(dm_event, sender_private_key, sender_public_key);
+
+// NEW:
+cJSON* sender_seal = nostr_nip59_create_seal(dm_event, sender_private_key, sender_public_key, max_delay_sec);
+```
+
+At line 309 (sender gift wrap creation):
+```c
+// OLD:
+cJSON* sender_gift_wrap = nostr_nip59_create_gift_wrap(sender_seal, sender_pubkey_hex);
+
+// NEW:
+cJSON* sender_gift_wrap = nostr_nip59_create_gift_wrap(sender_seal, sender_pubkey_hex, max_delay_sec);
+```
+
+#### 3.2 Update nip017.h Header
+**File:** `nostr_core_lib/nostr_core/nip017.h`
+**Location:** Lines 102-107
+
+**Update Function Declaration:**
+```c
+int nostr_nip17_send_dm(cJSON* dm_event,
+                       const char** recipient_pubkeys,
+                       int num_recipients,
+                       const unsigned char* sender_private_key,
+                       cJSON** gift_wraps_out,
+                       int max_gift_wraps,
+                       long max_delay_sec);
+```
+
+**Update Documentation Comment (lines 88-100):**
+```c
+/**
+ * NIP-17: Send a direct message to recipients
+ *
+ * This function creates the appropriate rumor, seals it, gift wraps it,
+ * and returns the final gift wrap events ready for publishing.
+ *
+ * @param dm_event The unsigned DM event (kind 14 or 15)
+ * @param recipient_pubkeys Array of recipient public keys (hex strings)
+ * @param num_recipients Number of recipients
+ * @param sender_private_key 32-byte sender private key
+ * @param gift_wraps_out Array to store resulting gift wrap events (caller must free)
+ * @param max_gift_wraps Maximum number of gift wraps to create
+ * @param max_delay_sec Maximum random timestamp delay in seconds (0 = no randomization)
+ * @return Number of gift wrap events created, or -1 on error
+ */
+```
+
+---
+
+### Phase 4: Update c-relay Call Sites
+
+#### 4.1 Update src/api.c
+**Location:** Line 1319
+
+**Current Code:**
+```c
+int send_result = nostr_nip17_send_dm(
+    dm_response,                      // dm_event
+    recipient_pubkeys,                // recipient_pubkeys
+    1,                                // num_recipients
+    relay_privkey,                    // sender_private_key
+    gift_wraps,                       // gift_wraps_out
+    1                                 // max_gift_wraps
+);
+```
+
+**New Code:**
+```c
+// Get timestamp delay configuration
+long max_delay_sec = get_config_int("nip59_timestamp_max_delay_sec", 0);
+
+int send_result = nostr_nip17_send_dm(
+    dm_response,                      // dm_event
+    recipient_pubkeys,                // recipient_pubkeys
+    1,                                // num_recipients
+    relay_privkey,                    // sender_private_key
+    gift_wraps,                       // gift_wraps_out
+    1,                                // max_gift_wraps
+    max_delay_sec                     // max_delay_sec
+);
+```
+
+#### 4.2 Update src/dm_admin.c
+**Location:** Line 371
+
+**Current Code:**
+```c
+int send_result = nostr_nip17_send_dm(
+    success_dm,                       // dm_event
+    sender_pubkey_array,              // recipient_pubkeys
+    1,                                // num_recipients
+    relay_privkey,                    // sender_private_key
+    success_gift_wraps,               // gift_wraps_out
+    1                                 // max_gift_wraps
+);
+```
+
+**New Code:**
+```c
+// Get timestamp delay configuration
+long max_delay_sec = get_config_int("nip59_timestamp_max_delay_sec", 0);
+
+int send_result = nostr_nip17_send_dm(
+    success_dm,                       // dm_event
+    sender_pubkey_array,              // recipient_pubkeys
+    1,                                // num_recipients
+    relay_privkey,                    // sender_private_key
+    success_gift_wraps,               // gift_wraps_out
+    1,                                // max_gift_wraps
+    max_delay_sec                     // max_delay_sec
+);
+```
+
+**Note:** Both files already include `config.h`, so `get_config_int()` is available.
+
+---
+
+## Testing Plan
+
+### Test Case 1: No Randomization (Compatibility Mode)
+**Configuration:** `nip59_timestamp_max_delay_sec = 0`
+
+**Expected Behavior:**
+- Gift wrap timestamps should equal current time
+- Seal timestamps should equal current time
+- No random delay applied
+
+**Test Command:**
+```bash
+# Set config via admin API
+# Send test DM
+# Verify timestamps are current (within 1 second of send time)
+```
+
+### Test Case 2: Custom Delay
+**Configuration:** `nip59_timestamp_max_delay_sec = 1000`
+
+**Expected Behavior:**
+- Gift wrap timestamps should be between now and 1000 seconds ago
+- Seal timestamps should be between now and 1000 seconds ago
+- Random delay applied within specified range
+
+**Test Command:**
+```bash
+# Set config via admin API
+# Send test DM
+# Verify timestamps are in past but within 1000 seconds
+```
+
+### Test Case 3: Default Behavior
+**Configuration:** `nip59_timestamp_max_delay_sec = 0` (default)
+
+**Expected Behavior:**
+- Gift wrap timestamps should equal current time
+- Seal timestamps should equal current time
+- No randomization (maximum compatibility)
+
+**Test Command:**
+```bash
+# Use default config
+# Send test DM
+# Verify timestamps are current (within 1 second of send time)
+```
+
+### Test Case 4: Configuration Validation
+**Test Invalid Values:**
+- Negative value: Should be rejected
+- Value > 604800: Should be rejected
+- Valid boundary values (0, 604800): Should be accepted
+
+### Test Case 5: Interoperability
+**Test with Other Nostr Clients:**
+- Send DM with `max_delay_sec = 0` to clients that don't randomize
+- Send DM with `max_delay_sec = 172800` to clients that do randomize
+- Verify both scenarios work correctly
+
+---
+
+## Documentation Updates
+
+### Update docs/configuration_guide.md
+
+Add new section:
+
+```markdown
+### NIP-59 Gift Wrap Timestamp Configuration
+
+#### nip59_timestamp_max_delay_sec
+- **Type:** Integer
+- **Default:** 0 (no randomization)
+- **Range:** 0 to 604800 (7 days)
+- **Description:** Controls timestamp randomization for NIP-59 gift wraps
+
+The NIP-59 protocol recommends randomizing timestamps on gift wraps to prevent
+time-analysis attacks. However, some Nostr platforms don't implement this,
+causing compatibility issues.
+
+**Values:**
+- `0` (default): No randomization - uses current timestamp (maximum compatibility)
+- `1-604800`: Random timestamp between now and N seconds ago
+
+**Use Cases:**
+- Keep default `0` for maximum compatibility with clients that don't randomize
+- Set to `172800` for privacy per NIP-59 specification (2 days randomization)
+- Set to custom value (e.g., `3600`) for 1-hour randomization window
+
+**Example:**
+```json
+["nip59_timestamp_max_delay_sec", "0"]  // Default: compatibility mode
+["nip59_timestamp_max_delay_sec", "3600"]  // 1 hour randomization
+["nip59_timestamp_max_delay_sec", "172800"]  // 2 days randomization
+```
+```
+
+---
+
+## Implementation Checklist
+
+### nostr_core_lib Changes
+- [ ] Modify `random_past_timestamp()` to accept `max_delay_sec` parameter
+- [ ] Update `nostr_nip59_create_seal()` signature and implementation
+- [ ] Update `nostr_nip59_create_gift_wrap()` signature and implementation
+- [ ] Update `nip059.h` function declarations and documentation
+- [ ] Update `nostr_nip17_send_dm()` signature and implementation
+- [ ] Update `nip017.h` function declaration and documentation
+
+### c-relay Changes
+- [ ] Add `nip59_timestamp_max_delay_sec` to `default_config_event.h`
+- [ ] Add validation in `config.c` for new parameter
+- [ ] Update `src/api.c` call site to pass `max_delay_sec`
+- [ ] Update `src/dm_admin.c` call site to pass `max_delay_sec`
+
+### Testing
+- [ ] Test with `max_delay_sec = 0` (no randomization)
+- [ ] Test with `max_delay_sec = 1000` (custom delay)
+- [ ] Test with `max_delay_sec = 172800` (default behavior)
+- [ ] Test configuration validation (invalid values)
+- [ ] Test interoperability with other Nostr clients
+
+### Documentation
+- [ ] Update `docs/configuration_guide.md`
+- [ ] Add this implementation plan to docs
+- [ ] Update README if needed
+
+---
+
+## Rollback Plan
+
+If issues arise:
+1. Revert nostr_core_lib changes (git revert in submodule)
+2. Revert c-relay changes
+3. Configuration parameter will be ignored if not used
+4. Default behavior (0) provides maximum compatibility
+
+---
+
+## Notes
+
+- The configuration is read on each DM send, allowing runtime changes
+- No restart required when changing `nip59_timestamp_max_delay_sec`
+- Thread-safe by design (no global state)
+- Default value of 0 provides maximum compatibility with other Nostr clients
+- Can be changed to 172800 or other values for NIP-59 privacy features
+
+---
+
+## References
+
+- [NIP-59: Gift Wrap](https://github.com/nostr-protocol/nips/blob/master/59.md)
+- [NIP-17: Private Direct Messages](https://github.com/nostr-protocol/nips/blob/master/17.md)
+- [NIP-44: Versioned Encryption](https://github.com/nostr-protocol/nips/blob/master/44.md)

increment_and_push.sh

@@ -16,28 +16,51 @@ print_error() { echo -e "${RED}[ERROR]${NC} $1"; }
 # Global variables
 COMMIT_MESSAGE=""
 RELEASE_MODE=false
+VERSION_INCREMENT_TYPE="patch"  # "patch", "minor", or "major"
 
 show_usage() {
     echo "C-Relay Increment and Push Script"
     echo ""
-    echo "Usage:"
-    echo "  $0 \"commit message\"           - Default: increment patch, commit & push"
-    echo "  $0 -r \"commit message\"        - Release: increment minor, create release"
+    echo "USAGE:"
+    echo "  $0 [OPTIONS] \"commit message\""
     echo ""
-    echo "Examples:"
+    echo "COMMANDS:"
+    echo "  $0 \"commit message\"           Default: increment patch, commit & push"
+    echo "  $0 -p \"commit message\"        Increment patch version"
+    echo "  $0 -m \"commit message\"        Increment minor version"
+    echo "  $0 -M \"commit message\"        Increment major version"
+    echo "  $0 -r \"commit message\"        Create release with assets (no version increment)"
+    echo "  $0 -r -m \"commit message\"     Create release with minor version increment"
+    echo "  $0 -h                          Show this help message"
+    echo ""
+    echo "OPTIONS:"
+    echo "  -p, --patch    Increment patch version (default)"
+    echo "  -m, --minor    Increment minor version"
+    echo "  -M, --major    Increment major version"
+    echo "  -r, --release  Create release with assets"
+    echo "  -h, --help     Show this help message"
+    echo ""
+    echo "EXAMPLES:"
     echo "  $0 \"Fixed event validation bug\""
-    echo "  $0 --release \"Major release with new features\""
+    echo "  $0 -m \"Added new features\""
+    echo "  $0 -M \"Breaking API changes\""
+    echo "  $0 -r \"Release current version\""
+    echo "  $0 -r -m \"Release with minor increment\""
     echo ""
-    echo "Default Mode (patch increment):"
-    echo "  - Increment patch version (v1.2.3 → v1.2.4)"
-    echo "  - Git add, commit with message, and push"
+    echo "VERSION INCREMENT MODES:"
+    echo "  -p, --patch (default): Increment patch version (v1.2.3 → v1.2.4)"
+    echo "  -m, --minor:           Increment minor version, zero patch (v1.2.3 → v1.3.0)"
+    echo "  -M, --major:           Increment major version, zero minor+patch (v1.2.3 → v2.0.0)"
     echo ""
-    echo "Release Mode (-r flag):"
-    echo "  - Increment minor version, zero patch (v1.2.3 → v1.3.0)"
-    echo "  - Git add, commit, push, and create Gitea release"
+    echo "RELEASE MODE (-r flag):"
+    echo "  - Build static binary using build_static.sh"
+    echo "  - Create source tarball"
+    echo "  - Git add, commit, push, and create Gitea release with assets"
+    echo "  - Can be combined with version increment flags"
     echo ""
-    echo "Requirements for Release Mode:"
+    echo "REQUIREMENTS FOR RELEASE MODE:"
     echo "  - Gitea token in ~/.gitea_token for release uploads"
+    echo "  - Docker installed for static binary builds"
 }
 
 # Parse command line arguments
@@ -47,6 +70,18 @@ while [[ $# -gt 0 ]]; do
             RELEASE_MODE=true
             shift
             ;;
+        -p|--patch)
+            VERSION_INCREMENT_TYPE="patch"
+            shift
+            ;;
+        -m|--minor)
+            VERSION_INCREMENT_TYPE="minor"
+            shift
+            ;;
+        -M|--major)
+            VERSION_INCREMENT_TYPE="major"
+            shift
+            ;;
         -h|--help)
             show_usage
             exit 0
@@ -79,7 +114,7 @@ check_git_repo() {
 
 # Function to get current version and increment appropriately
 increment_version() {
-    local increment_type="$1"  # "patch" or "minor"
+    local increment_type="$1"  # "patch", "minor", or "major"
 
     print_status "Getting current version..."
 
@@ -105,24 +140,34 @@ increment_version() {
     fi
 
     # Increment version based on type
-    if [[ "$increment_type" == "minor" ]]; then
+    if [[ "$increment_type" == "major" ]]; then
+        # Major release: increment major, zero minor and patch
+        NEW_MAJOR=$((MAJOR + 1))
+        NEW_MINOR=0
+        NEW_PATCH=0
+        NEW_VERSION="v${NEW_MAJOR}.${NEW_MINOR}.${NEW_PATCH}"
+        print_status "Major version increment: incrementing major version"
+    elif [[ "$increment_type" == "minor" ]]; then
         # Minor release: increment minor, zero patch
+        NEW_MAJOR=$MAJOR
         NEW_MINOR=$((MINOR + 1))
         NEW_PATCH=0
-        NEW_VERSION="v${MAJOR}.${NEW_MINOR}.${NEW_PATCH}"
-        print_status "Release mode: incrementing minor version"
+        NEW_VERSION="v${NEW_MAJOR}.${NEW_MINOR}.${NEW_PATCH}"
+        print_status "Minor version increment: incrementing minor version"
     else
         # Default: increment patch
+        NEW_MAJOR=$MAJOR
+        NEW_MINOR=$MINOR
         NEW_PATCH=$((PATCH + 1))
-        NEW_VERSION="v${MAJOR}.${MINOR}.${NEW_PATCH}"
-        print_status "Default mode: incrementing patch version"
+        NEW_VERSION="v${NEW_MAJOR}.${NEW_MINOR}.${NEW_PATCH}"
+        print_status "Patch version increment: incrementing patch version"
     fi
 
     print_status "Current version: $LATEST_TAG"
     print_status "New version: $NEW_VERSION"
 
     # Update version in src/main.h
-    update_version_in_header "$NEW_VERSION" "$MAJOR" "${NEW_MINOR:-$MINOR}" "${NEW_PATCH:-$PATCH}"
+    update_version_in_header "$NEW_VERSION" "$NEW_MAJOR" "$NEW_MINOR" "$NEW_PATCH"
 
     # Export for use in other functions
     export NEW_VERSION
@@ -261,6 +306,98 @@ git_commit_and_push_no_tag() {
     fi
 }
 
+# Function to build release binary
+build_release_binary() {
+    print_status "Building release binary..."
+
+    # Check if build_static.sh exists
+    if [[ ! -f "build_static.sh" ]]; then
+        print_error "build_static.sh not found"
+        return 1
+    fi
+
+    # Run the static build script
+    if ./build_static.sh > /dev/null 2>&1; then
+        print_success "Built static binary successfully"
+        return 0
+    else
+        print_error "Failed to build static binary"
+        return 1
+    fi
+}
+
+# Function to create source tarball
+create_source_tarball() {
+    print_status "Creating source tarball..."
+
+    local tarball_name="c-relay-${NEW_VERSION#v}.tar.gz"
+
+    # Create tarball excluding build artifacts and git files
+    if tar -czf "$tarball_name" \
+        --exclude='build/*' \
+        --exclude='.git*' \
+        --exclude='*.db' \
+        --exclude='*.db-*' \
+        --exclude='*.log' \
+        --exclude='*.tar.gz' \
+        . > /dev/null 2>&1; then
+        print_success "Created source tarball: $tarball_name"
+        echo "$tarball_name"
+        return 0
+    else
+        print_error "Failed to create source tarball"
+        return 1
+    fi
+}
+
+# Function to upload release assets to Gitea
+upload_release_assets() {
+    local release_id="$1"
+    local binary_path="$2"
+    local tarball_path="$3"
+
+    print_status "Uploading release assets..."
+
+    # Check for Gitea token
+    if [[ ! -f "$HOME/.gitea_token" ]]; then
+        print_warning "No ~/.gitea_token found. Skipping asset uploads."
+        return 0
+    fi
+
+    local token=$(cat "$HOME/.gitea_token" | tr -d '\n\r')
+    local api_url="https://git.laantungir.net/api/v1/repos/laantungir/c-relay"
+
+    # Upload binary
+    if [[ -f "$binary_path" ]]; then
+        print_status "Uploading binary: $(basename "$binary_path")"
+        local binary_response=$(curl -s -X POST "$api_url/releases/$release_id/assets" \
+              -H "Authorization: token $token" \
+              -H "Content-Type: application/octet-stream" \
+              -F "attachment=@$binary_path;filename=$(basename "$binary_path")")
+
+        if echo "$binary_response" | grep -q '"id"'; then
+            print_success "Uploaded binary successfully"
+        else
+            print_warning "Failed to upload binary: $binary_response"
+        fi
+    fi
+
+    # Upload source tarball
+    if [[ -f "$tarball_path" ]]; then
+        print_status "Uploading source tarball: $(basename "$tarball_path")"
+        local tarball_response=$(curl -s -X POST "$api_url/releases/$release_id/assets" \
+              -H "Authorization: token $token" \
+              -H "Content-Type: application/octet-stream" \
+              -F "attachment=@$tarball_path;filename=$(basename "$tarball_path")")
+
+        if echo "$tarball_response" | grep -q '"id"'; then
+            print_success "Uploaded source tarball successfully"
+        else
+            print_warning "Failed to upload source tarball: $tarball_response"
+        fi
+    fi
+}
+
 # Function to create Gitea release
 create_gitea_release() {
     print_status "Creating Gitea release..."
@@ -278,15 +415,24 @@ create_gitea_release() {
     # Create release
     print_status "Creating release $NEW_VERSION..."
     local response=$(curl -s -X POST "$api_url/releases" \
-         -H "Authorization: token $token" \
-         -H "Content-Type: application/json" \
-         -d "{\"tag_name\": \"$NEW_VERSION\", \"name\": \"$NEW_VERSION\", \"body\": \"$COMMIT_MESSAGE\"}")
+          -H "Authorization: token $token" \
+          -H "Content-Type: application/json" \
+          -d "{\"tag_name\": \"$NEW_VERSION\", \"name\": \"$NEW_VERSION\", \"body\": \"$COMMIT_MESSAGE\"}")
 
     if echo "$response" | grep -q '"id"'; then
         print_success "Created release $NEW_VERSION"
-        return 0
+        # Extract release ID for asset uploads
+        local release_id=$(echo "$response" | grep -o '"id":[0-9]*' | cut -d':' -f2)
+        return $release_id
     elif echo "$response" | grep -q "already exists"; then
         print_warning "Release $NEW_VERSION already exists"
+        # Try to get existing release ID
+        local check_response=$(curl -s -H "Authorization: token $token" "$api_url/releases/tags/$NEW_VERSION")
+        if echo "$check_response" | grep -q '"id"'; then
+            local release_id=$(echo "$check_response" | grep -o '"id":[0-9]*' | cut -d':' -f2)
+            print_status "Using existing release ID: $release_id"
+            return $release_id
+        fi
         return 0
     else
         print_error "Failed to create release $NEW_VERSION"
@@ -297,7 +443,8 @@ create_gitea_release() {
         local check_response=$(curl -s -H "Authorization: token $token" "$api_url/releases/tags/$NEW_VERSION")
         if echo "$check_response" | grep -q '"id"'; then
             print_warning "Release exists but creation response was unexpected"
-            return 0
+            local release_id=$(echo "$check_response" | grep -o '"id":[0-9]*' | cut -d':' -f2)
+            return $release_id
         else
             print_error "Release does not exist and creation failed"
             return 1
@@ -315,8 +462,10 @@ main() {
     if [[ "$RELEASE_MODE" == true ]]; then
         print_status "=== RELEASE MODE ==="
 
-        # Increment minor version for releases
-        increment_version "minor"
+        # Only increment version if explicitly requested (not just because of -r flag)
+        if [[ "$VERSION_INCREMENT_TYPE" != "patch" ]]; then
+            increment_version "$VERSION_INCREMENT_TYPE"
+        fi
 
         # Create new git tag BEFORE compilation so version.h picks it up
         if git tag "$NEW_VERSION" > /dev/null 2>&1; then
@@ -330,8 +479,29 @@ main() {
         # Commit and push (but skip tag creation since we already did it)
         git_commit_and_push_no_tag
 
+        # Build release binary
+        if build_release_binary; then
+            local binary_path="build/c_relay_static_x86_64"
+        else
+            print_warning "Binary build failed, continuing with release creation"
+            binary_path=""
+        fi
+
+        # Create source tarball
+        local tarball_path=""
+        if tarball_path=$(create_source_tarball); then
+            : # tarball_path is set by the function
+        else
+            print_warning "Source tarball creation failed, continuing with release creation"
+        fi
+
         # Create Gitea release
-        if create_gitea_release; then
+        local release_id=""
+        if release_id=$(create_gitea_release); then
+            # Upload assets if we have a release ID and assets
+            if [[ -n "$release_id" && (-n "$binary_path" || -n "$tarball_path") ]]; then
+                upload_release_assets "$release_id" "$binary_path" "$tarball_path"
+            fi
             print_success "Release $NEW_VERSION completed successfully!"
         else
             print_error "Release creation failed"
@@ -340,8 +510,8 @@ main() {
     else
         print_status "=== DEFAULT MODE ==="
 
-        # Increment patch version for regular commits
-        increment_version "patch"
+        # Increment version based on type (default to patch)
+        increment_version "$VERSION_INCREMENT_TYPE"
 
         # Create new git tag BEFORE compilation so version.h picks it up
         if git tag "$NEW_VERSION" > /dev/null 2>&1; then

relay.pid

@@ -1 +1 @@
-2352885
+2726527

src/api.c

@@ -271,6 +271,7 @@ cJSON* query_subscription_details(void) {
         long long events_sent = sqlite3_column_int64(stmt, 3);
         long long created_at = sqlite3_column_int64(stmt, 4);
         long long duration_seconds = sqlite3_column_int64(stmt, 5);
+        const char* wsi_pointer = (const char*)sqlite3_column_text(stmt, 6);
 
         // DEBUG: Log each subscription found
         DEBUG_LOG("Row %d: sub_id=%s, client_ip=%s, events_sent=%lld, created_at=%lld",
@@ -284,6 +285,7 @@ cJSON* query_subscription_details(void) {
         cJSON_AddNumberToObject(sub_obj, "duration_seconds", (double)duration_seconds);
         cJSON_AddNumberToObject(sub_obj, "events_sent", events_sent);
         cJSON_AddBoolToObject(sub_obj, "active", 1);  // All from this view are active
+        cJSON_AddStringToObject(sub_obj, "wsi_pointer", wsi_pointer ? wsi_pointer : "N/A");
 
         // Parse and add filter JSON if available
         if (filter_json) {
@@ -499,6 +501,76 @@ void monitoring_on_subscription_change(void) {
     generate_subscription_driven_monitoring();
 }
 
+/**
+ * Generate and post a kind 1 status event with relay statistics
+ * Called periodically from main event loop based on configuration
+ * Returns: 0 on success, -1 on error
+ */
+int generate_and_post_status_event(void) {
+    // Check if feature is enabled
+    int hours_interval = get_config_int("kind_1_status_posts_hours", 0);
+    if (hours_interval <= 0) {
+        return 0; // Feature disabled
+    }
+
+    // Generate statistics text content using existing function
+    char* stats_text = generate_stats_text();
+    if (!stats_text) {
+        DEBUG_ERROR("Failed to generate statistics text for status post");
+        return -1;
+    }
+
+    // Get relay private key
+    char* relay_privkey_hex = get_relay_private_key();
+    if (!relay_privkey_hex) {
+        DEBUG_ERROR("Failed to get relay private key for status post");
+        free(stats_text);
+        return -1;
+    }
+
+    // Convert hex private key to bytes
+    unsigned char relay_privkey_bytes[32];
+    if (nostr_hex_to_bytes(relay_privkey_hex, relay_privkey_bytes, 32) != 0) {
+        DEBUG_ERROR("Failed to convert relay private key to bytes");
+        free(stats_text);
+        return -1;
+    }
+
+    // Create empty tags array (kind 1 doesn't require special tags)
+    cJSON* tags = cJSON_CreateArray();
+
+    // Create and sign the kind 1 event
+    cJSON* signed_event = nostr_create_and_sign_event(
+        1,                      // kind 1 = text note
+        stats_text,             // content = statistics
+        tags,                   // empty tags
+        relay_privkey_bytes,    // relay's private key
+        time(NULL)              // current timestamp
+    );
+
+    free(stats_text);
+
+    if (!signed_event) {
+        DEBUG_ERROR("Failed to create and sign status event");
+        return -1;
+    }
+
+    // Store event in database (kind 1 events MUST be stored)
+    if (store_event(signed_event) != 0) {
+        DEBUG_ERROR("Failed to store status event in database");
+        cJSON_Delete(signed_event);
+        return -1;
+    }
+
+    // Broadcast event to subscriptions
+    broadcast_event_to_subscriptions(signed_event);
+
+    DEBUG_LOG("Successfully posted kind 1 status event");
+    cJSON_Delete(signed_event);
+
+    return 0;
+}
+
 // Forward declaration for known_configs (defined in config.c)
 typedef struct {
     const char* key;
@@ -565,6 +637,9 @@ static const config_definition_t known_configs[] = {
     {"relay_privkey", "string", 0, 65},
     {"admin_pubkey", "string", 0, 65},
 
+    // Kind 1 Status Posts
+    {"kind_1_status_posts_hours", "int", 0, 8760},
+
     // Sentinel
     {NULL, NULL, 0, 0}
 };
@@ -1314,6 +1389,9 @@ int send_nip17_response(const char* sender_pubkey, const char* response_content,
         return -1;
     }
 
+    // Get timestamp delay configuration
+    long max_delay_sec = get_config_int("nip59_timestamp_max_delay_sec", 0);
+
     // Create and sign gift wrap using library function
     cJSON* gift_wraps[1];
     int send_result = nostr_nip17_send_dm(
@@ -1322,7 +1400,8 @@ int send_nip17_response(const char* sender_pubkey, const char* response_content,
         1,                                // num_recipients
         relay_privkey,                    // sender_private_key
         gift_wraps,                       // gift_wraps_out
-        1                                 // max_gift_wraps
+        1,                                // max_gift_wraps
+        max_delay_sec                     // max_delay_sec
     );
 
     cJSON_Delete(dm_response);
@@ -1419,8 +1498,7 @@ char* generate_config_text(void) {
     }
 
     // Footer
-    offset += snprintf(config_text + offset, 8192 - offset,
-        "\n✅ Configuration retrieved successfully");
+    offset += snprintf(config_text + offset, 8192 - offset, "\n");
 
     return config_text;
 }
@@ -1450,7 +1528,7 @@ char* generate_stats_text(void) {
         cJSON* newest_event = cJSON_GetObjectItem(stats_obj, "latest_event_at");
         cJSON* time_stats = cJSON_GetObjectItem(stats_obj, "time_stats");
         cJSON* event_kinds = cJSON_GetObjectItem(stats_obj, "event_kinds");
-        cJSON* top_pubkeys = cJSON_GetObjectItem(stats_obj, "top_pubkeys");
+        // cJSON* top_pubkeys = cJSON_GetObjectItem(stats_obj, "top_pubkeys");
 
         long long total = total_events ? (long long)cJSON_GetNumberValue(total_events) : 0;
         long long db_bytes = db_size ? (long long)cJSON_GetNumberValue(db_size) : 0;
@@ -1491,25 +1569,23 @@ char* generate_stats_text(void) {
 
         // Header
         offset += snprintf(stats_text + offset, 16384 - offset,
-            "📊 Relay Statistics\n"
+            "\nRelay Statistics\n"
             "━━━━━━━━━━━━━━━━━━━━\n");
 
         // Database Overview section
         offset += snprintf(stats_text + offset, 16384 - offset,
-            "Database Overview:\n"
-            "Metric\tValue\tDescription\n"
-            "Database Size\t%.2f MB (%lld bytes)\tCurrent database file size\n"
-            "Total Events\t%lld\tTotal number of events stored\n"
-            "Active Subscriptions\t%d\tCurrent active WebSocket subscriptions\n"
-            "Oldest Event\t%s\tTimestamp of oldest event\n"
-            "Newest Event\t%s\tTimestamp of newest event\n"
+
+     "Database Size  %.2f MB\n"
+             "Total Events  %lld\n"
+             "Active Subscriptions  %d\n"
+             "Oldest Event  %s\n"
+             "Newest Event  %s\n"
             "\n",
             db_mb, db_bytes, total, active_subs, oldest_str, newest_str);
 
         // Event Kind Distribution section
         offset += snprintf(stats_text + offset, 16384 - offset,
-            "Event Kind Distribution:\n"
-            "Event Kind\tCount\tPercentage\n");
+            "Event Kind Distribution:\n");
 
         if (event_kinds && cJSON_IsArray(event_kinds)) {
             cJSON* kind_item = NULL;
@@ -1536,49 +1612,48 @@ char* generate_stats_text(void) {
         // Time-based Statistics section
         offset += snprintf(stats_text + offset, 16384 - offset,
             "Time-based Statistics:\n"
-            "Period\tEvents\tDescription\n"
-            "Last 24 Hours\t%lld\tEvents in the last day\n"
-            "Last 7 Days\t%lld\tEvents in the last week\n"
-            "Last 30 Days\t%lld\tEvents in the last month\n"
+
+            "%lld\tEvents in the last day\n"
+            "%lld\tEvents in the last week\n"
+            "%lld\tEvents in the last month\n"
             "\n",
             last_24h, last_7d, last_30d);
 
         // Top Pubkeys section
-        offset += snprintf(stats_text + offset, 16384 - offset,
-            "Top Pubkeys by Event Count:\n"
-            "Rank\tPubkey\tEvent Count\tPercentage\n");
+        // offset += snprintf(stats_text + offset, 16384 - offset,
+        //     "Top Pubkeys by Event Count:\n"
+        //     "Rank\tPubkey\tEvent Count\tPercentage\n");
 
-        if (top_pubkeys && cJSON_IsArray(top_pubkeys)) {
-            int rank = 1;
-            cJSON* pubkey_item = NULL;
-            cJSON_ArrayForEach(pubkey_item, top_pubkeys) {
-                cJSON* pubkey = cJSON_GetObjectItem(pubkey_item, "pubkey");
-                cJSON* event_count = cJSON_GetObjectItem(pubkey_item, "event_count");
-                cJSON* percentage = cJSON_GetObjectItem(pubkey_item, "percentage");
+        // if (top_pubkeys && cJSON_IsArray(top_pubkeys)) {
+        //     int rank = 1;
+        //     cJSON* pubkey_item = NULL;
+        //     cJSON_ArrayForEach(pubkey_item, top_pubkeys) {
+        //         cJSON* pubkey = cJSON_GetObjectItem(pubkey_item, "pubkey");
+        //         cJSON* event_count = cJSON_GetObjectItem(pubkey_item, "event_count");
+        //         cJSON* percentage = cJSON_GetObjectItem(pubkey_item, "percentage");
 
-                if (pubkey && event_count && percentage) {
-                    const char* pubkey_str = cJSON_GetStringValue(pubkey);
-                    char short_pubkey[20] = "...";
-                    if (pubkey_str && strlen(pubkey_str) >= 16) {
-                        snprintf(short_pubkey, sizeof(short_pubkey), "%.16s...", pubkey_str);
-                    }
+        //         if (pubkey && event_count && percentage) {
+        //             const char* pubkey_str = cJSON_GetStringValue(pubkey);
+        //             char short_pubkey[20] = "...";
+        //             if (pubkey_str && strlen(pubkey_str) >= 16) {
+        //                 snprintf(short_pubkey, sizeof(short_pubkey), "%.16s...", pubkey_str);
+        //             }
 
-                    offset += snprintf(stats_text + offset, 16384 - offset,
-                        "%d\t%s\t%lld\t%.1f%%\n",
-                        rank++,
-                        short_pubkey,
-                        (long long)cJSON_GetNumberValue(event_count),
-                        cJSON_GetNumberValue(percentage));
-                }
-            }
-        } else {
-            offset += snprintf(stats_text + offset, 16384 - offset,
-                "No pubkey data available\n");
-        }
+        //             offset += snprintf(stats_text + offset, 16384 - offset,
+        //                 "%d\t%s\t%lld\t%.1f%%\n",
+        //                 rank++,
+        //                 short_pubkey,
+        //                 (long long)cJSON_GetNumberValue(event_count),
+        //                 cJSON_GetNumberValue(percentage));
+        //         }
+        //     }
+        // } else {
+        //     offset += snprintf(stats_text + offset, 16384 - offset,
+        //         "No pubkey data available\n");
+        // }
 
         // Footer
-        offset += snprintf(stats_text + offset, 16384 - offset,
-            "\n✅ Statistics retrieved successfully");
+        offset += snprintf(stats_text + offset, 16384 - offset, "\n");
 
         cJSON_Delete(stats_obj);
     } else {

src/api.h

@@ -64,4 +64,7 @@ void monitoring_on_event_stored(void);
 void monitoring_on_subscription_change(void);
 int get_monitoring_throttle_seconds(void);
 
+// Kind 1 status posts
+int generate_and_post_status_event(void);
+
 #endif // API_H

src/config.c

@@ -1144,6 +1144,20 @@ static int validate_config_field(const char* key, const char* value, char* error
         }
         return 0;
     }
+
+    // NIP-59 Gift Wrap Timestamp Configuration
+    if (strcmp(key, "nip59_timestamp_max_delay_sec") == 0) {
+        if (!is_valid_non_negative_integer(value)) {
+            snprintf(error_msg, error_size, "invalid nip59_timestamp_max_delay_sec '%s' (must be non-negative integer)", value);
+            return -1;
+        }
+        long val = strtol(value, NULL, 10);
+        if (val > 604800) {  // Max 7 days
+            snprintf(error_msg, error_size, "nip59_timestamp_max_delay_sec '%s' too large (max 604800 seconds = 7 days)", value);
+            return -1;
+        }
+        return 0;
+    }
     
     if (strcmp(key, "nip42_auth_required_kinds") == 0) {
         // Validate comma-separated list of kind numbers
@@ -2538,7 +2552,7 @@ int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_si
         }
 
         // Perform NIP-44 decryption (relay as recipient, admin as sender)
-        char decrypted_text[4096]; // Buffer for decrypted content
+        char decrypted_text[16384]; // Buffer for decrypted content (16KB)
         int decrypt_result = nostr_nip44_decrypt(relay_privkey_bytes, sender_pubkey_bytes, content, decrypted_text, sizeof(decrypted_text));
 
         // Clean up private key immediately after use

src/default_config_event.h

@@ -78,7 +78,13 @@ static const struct {
     // Trust proxy headers (X-Forwarded-For, X-Real-IP) for accurate client IP detection
     // Safe for informational/debugging use. Only becomes a security concern if you implement
     // IP-based rate limiting or access control (which would require firewall protection anyway)
-    {"trust_proxy_headers", "true"}
+    {"trust_proxy_headers", "true"},
+
+    // NIP-59 Gift Wrap Timestamp Configuration
+    {"nip59_timestamp_max_delay_sec", "0"},
+
+    // Kind 1 Status Posts
+    {"kind_1_status_posts_hours", "1"}
 };
 
 // Number of default configuration values

src/dm_admin.c

@@ -368,13 +368,17 @@ cJSON* process_nip17_admin_message(cJSON* gift_wrap_event, char* error_message,
 
                 if (success_dm) {
                     cJSON* success_gift_wraps[1];
+                    // Get timestamp delay configuration
+                    long max_delay_sec = get_config_int("nip59_timestamp_max_delay_sec", 0);
+
                     int send_result = nostr_nip17_send_dm(
                         success_dm,                       // dm_event
                         (const char**)&sender_pubkey,     // recipient_pubkeys
                         1,                                // num_recipients
                         relay_privkey,                    // sender_private_key
                         success_gift_wraps,               // gift_wraps_out
-                        1                                 // max_gift_wraps
+                        1,                                // max_gift_wraps
+                        max_delay_sec                     // max_delay_sec
                     );
 
                     cJSON_Delete(success_dm);
@@ -565,6 +569,35 @@ int process_nip17_admin_command(cJSON* dm_event, char* error_message, size_t err
                 DEBUG_INFO("DM_ADMIN: Config command processed successfully");
                 return 0;
             }
+            // Check for status commands
+            else if (strstr(content_lower, "status") != NULL) {
+                DEBUG_INFO("DM_ADMIN: Processing status command");
+
+                // Create synthetic event for system_command handler
+                cJSON* synthetic_event = cJSON_CreateObject();
+                cJSON_AddNumberToObject(synthetic_event, "kind", 23456);
+                cJSON_AddStringToObject(synthetic_event, "pubkey", sender_pubkey);
+
+                // Create tags array with system_command
+                cJSON* tags = cJSON_CreateArray();
+                cJSON* cmd_tag = cJSON_CreateArray();
+                cJSON_AddItemToArray(cmd_tag, cJSON_CreateString("system_command"));
+                cJSON_AddItemToArray(cmd_tag, cJSON_CreateString("system_status"));
+                cJSON_AddItemToArray(tags, cmd_tag);
+                cJSON_AddItemToObject(synthetic_event, "tags", tags);
+
+                char error_msg[256];
+                int result = handle_system_command_unified(synthetic_event, "system_status", error_msg, sizeof(error_msg), wsi);
+                cJSON_Delete(synthetic_event);
+
+                if (result != 0) {
+                    DEBUG_ERROR(error_msg);
+                    return -1;
+                }
+
+                DEBUG_INFO("DM_ADMIN: Status command processed successfully");
+                return 0;
+            }
             else {
                 DEBUG_INFO("DM_ADMIN: Checking for confirmation or config change requests");
                 // Check if it's a confirmation response (yes/no)

src/main.h

@@ -10,10 +10,10 @@
 #define MAIN_H
 
 // Version information (auto-updated by build system)
-#define VERSION "v0.7.42"
 #define VERSION_MAJOR 0
-#define VERSION_MINOR 7
-#define VERSION_PATCH 42
+#define VERSION_MINOR 8
+#define VERSION_PATCH 4
+#define VERSION "v0.8.4"
 
 // Relay metadata (authoritative source for NIP-11 information)
 #define RELAY_NAME "C-Relay"

src/sql_schema.h

@@ -1,5 +1,4 @@
 /* Embedded SQL Schema for C Nostr Relay
- * Generated from db/schema.sql - Do not edit manually
  * Schema Version: 8
  */
 #ifndef SQL_SCHEMA_H
@@ -242,7 +241,8 @@ SELECT\n\
     s.filter_json,\n\
     s.events_sent,\n\
     s.created_at,\n\
-    (strftime('%s', 'now') - s.created_at) as duration_seconds\n\
+    (strftime('%s', 'now') - s.created_at) as duration_seconds,\n\
+    s.wsi_pointer\n\
 FROM subscriptions s\n\
 WHERE s.event_type = 'created'\n\
 AND NOT EXISTS (\n\

src/websockets.c

@@ -44,6 +44,9 @@ void send_nip42_auth_challenge(struct lws* wsi, struct per_session_data* pss);
 void handle_nip42_auth_signed_event(struct lws* wsi, struct per_session_data* pss, cJSON* auth_event);
 void handle_nip42_auth_challenge_response(struct lws* wsi, struct per_session_data* pss, const char* challenge);
 
+// Forward declaration for status posts
+int generate_and_post_status_event(void);
+
 // Forward declarations for NIP-11 relay information handling
 int handle_nip11_http_request(struct lws* wsi, const char* accept_header);
 
@@ -282,7 +285,19 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
 
                 // Check if this is a GET request to the root path
                 if (strcmp(requested_uri, "/") == 0) {
-                    // Get Accept header
+                    // Check if this is a WebSocket upgrade request
+                    char upgrade_header[64] = {0};
+                    int upgrade_len = lws_hdr_copy(wsi, upgrade_header, sizeof(upgrade_header) - 1, WSI_TOKEN_UPGRADE);
+
+                    if (upgrade_len > 0) {
+                        upgrade_header[upgrade_len] = '\0';
+                        if (strstr(upgrade_header, "websocket") != NULL) {
+                            DEBUG_LOG("WebSocket upgrade request - allowing connection");
+                            return 0;
+                        }
+                    }
+
+                    // Not a WebSocket upgrade, check for NIP-11 request
                     char accept_header[256] = {0};
                     int header_len = lws_hdr_copy(wsi, accept_header, sizeof(accept_header) - 1, WSI_TOKEN_HTTP_ACCEPT);
 
@@ -300,7 +315,8 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
                         }
                     }
 
-                    // Root path without NIP-11 Accept header - return 404
+                    // Root path without NIP-11 Accept header and not WebSocket - return 404
+                    DEBUG_WARN("Rejecting root path request - not WebSocket upgrade and not NIP-11");
                     lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL);
                     return -1;
                 }
@@ -1404,6 +1420,9 @@ int start_websocket_relay(int port_override, int strict_port) {
         snprintf(startup_msg, sizeof(startup_msg), "WebSocket relay started on ws://127.0.0.1:%d", actual_port);
     }
 
+    // Static variable for status post timing (initialize to 0 for immediate first post)
+    static time_t last_status_post_time = 0;
+
     // Main event loop with proper signal handling
     while (g_server_running && !g_shutdown_flag) {
         int result = lws_service(ws_context, 1000);
@@ -1412,6 +1431,19 @@ int start_websocket_relay(int port_override, int strict_port) {
             DEBUG_ERROR("libwebsockets service error");
             break;
         }
+
+        // Check if it's time to post status update
+        time_t current_time = time(NULL);
+        int status_post_hours = get_config_int("kind_1_status_posts_hours", 0);
+
+        if (status_post_hours > 0) {
+            int seconds_interval = status_post_hours * 3600; // Convert hours to seconds
+
+            if (current_time - last_status_post_time >= seconds_interval) {
+                last_status_post_time = current_time;
+                generate_and_post_status_event();
+            }
+        }
     }
 
     lws_context_destroy(ws_context);
@@ -1512,7 +1544,7 @@ int process_dm_stats_command(cJSON* dm_event, char* error_message, size_t error_
     const char* encrypted_content = cJSON_GetStringValue(content_obj);
 
     // Decrypt content
-    char decrypted_content[4096];
+    char decrypted_content[16384];
     int decrypt_result = nostr_nip44_decrypt(relay_privkey, sender_pubkey_bytes,
                                            encrypted_content, decrypted_content, sizeof(decrypted_content));