feat: extract noteguard-core library crate#18
Open
alltheseas wants to merge 2 commits intodamus-io:masterfrom
Open
feat: extract noteguard-core library crate#18alltheseas wants to merge 2 commits intodamus-io:masterfrom
alltheseas wants to merge 2 commits intodamus-io:masterfrom
Conversation
Extracts the core filtering logic into a standalone library crate that
can be embedded in any Nostr relay, not just strfry.
## Changes
- New `noteguard-core` crate containing:
- `Noteguard` struct: filter registry and pipeline executor
- `NoteFilter` trait: interface for implementing filters
- All built-in filters: ratelimit, whitelist, blacklist, kinds,
content, protected_events, forwarder
- `Config` struct for TOML configuration parsing
- `noteguard` binary refactored to be a thin wrapper that:
- Reads from stdin (strfry protocol)
- Delegates filtering to noteguard-core
- Writes results to stdout
## Using noteguard-core
```toml
[dependencies]
noteguard-core = { git = "https://github.com/damus-io/noteguard" }
```
This enables other relays (like notepush) to embed noteguard filtering
directly, preventing DoS attacks from spam that triggers expensive
remote operations.
Addresses: damus-io#9
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
alltheseas
added a commit
to alltheseas/notepush
that referenced
this pull request
Dec 12, 2025
Embeds noteguard-core filtering directly into notepush to prevent DoS attacks from spam events that would trigger expensive remote operations (mute list lookups, follow list fetches). ## Changes - Add noteguard-core dependency (from alltheseas/noteguard branch until damus-io/noteguard#18 is merged) - New event_filter.rs module bridges nostr::Event to noteguard-core - EventFilter wraps Noteguard in Mutex for thread-safe concurrent access - Filter pipeline runs in relay_connection.rs BEFORE notification processing - Rate limiting keyed by pubkey (per-user limits) - Graceful fallback: if no config exists, runs in permissive mode - Added noteguard.toml.example with recommended configuration ## Integration flow 1. WebSocket receives EVENT message 2. Event runs through noteguard filter pipeline 3. If rejected: return error (or shadow-accept for spam hiding) 4. If accepted: proceed with notification logic Resolves: #1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3 tasks
Contributor
|
noteguard should be the library name, note noteguard_core |
Per maintainer feedback, the library should be named `noteguard` not
`noteguard-core`. This restructures the crate to have both a library
(lib.rs) and binary (main.rs) in a single crate.
Users now import as:
use noteguard::{Noteguard, Config, Action};
Changes:
- Move all filters from noteguard-core/src/ to src/
- Add lib.rs exposing the library API
- Update Cargo.toml to build both lib and bin targets
- Remove workspace configuration
- Update doc comments to reference noteguard instead of noteguard_core
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Author
|
fixed in cca48d1 also updated notepush damus-io/notepush@3e742da accordingly |
Author
|
@coderabbitai review please |
|
✅ Actions performedReview triggered.
|
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (14)
Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extracts the core filtering logic into a standalone library crate (
noteguard-core) that can be embedded in any Nostr relay, not just strfry.noteguard-corecrate with filter registry, pipeline executor, and all built-in filtersnoteguardbinary refactored to be a thin stdin/stdout wrapper using noteguard-coreMotivation
This addresses #9 by making noteguard's filtering logic available as a library. Other relays (like notepush) can now embed noteguard filtering directly to prevent DoS attacks from spam that triggers expensive remote operations.
Using noteguard-core
Test plan
cargo test)🤖 Generated with Claude Code