Two major enhancements to the Nostr extension: ## NIP-17 Private Direct Messages Adds NIP-17 with NIP-59 gift wrapping for privacy-preserving DMs. Protocol comparison: - NIP-04 (legacy): Kind 4, sender/timing visible, AES-CBC - NIP-17 (new): Kind 1059→13→14, sender hidden, timestamps randomized ±48h, XChaCha20-Poly1305 New dmProtocol config option: - "dual" (default): Accept both, send NIP-17 - "nip17": NIP-17 only (max privacy) - "nip04": Legacy only Changes: - Subscribe to kind:4 (NIP-04) and kind:1059 (GiftWrap) events - 48-hour lookback for NIP-17 randomized timestamps - Unwrap gift wraps via nostr-tools/nip59 ## NIP-46 Bunker Authentication Users can connect their Nostr identity via remote signers (Amber, nsec.app). Agent tools: - nostr_connect: Link via bunker URL - nostr_post: Kind 1 notes with NIP-10 threading - nostr_react: Reactions (+/-/emoji) per NIP-25 - nostr_repost: Kind 6/16 reposts per NIP-18 - nostr_fetch: Query by author/hashtag/mentions/NIP-50 search - nostr_article: Kind 30023 long-form content per NIP-23 - nostr_disconnect/nostr_status: Session management Bunker features: - Session persistence (client key saved to disk) - NIP-65 relay discovery - Auth URL flow for browser approval - Multi-account via bunkerIndex HTTP endpoints for web UI: - GET/POST/DELETE /api/channels/nostr/:id/bunker/:idx ## Safety - NIP-09 deletion excluded (no agent deletion capability) - Private keys remain in signer app - Explicit user connection required NIPs: 01, 10, 17, 18, 23, 25, 44, 46, 50, 59, 65 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| src | ||
| test | ||
| CHANGELOG.md | ||
| clawdbot.plugin.json | ||
| index.ts | ||
| package.json | ||
| README.md | ||
@clawdbot/nostr
Nostr DM channel plugin for Clawdbot using NIP-04 encrypted direct messages.
Overview
This extension adds Nostr as a messaging channel to Clawdbot. It enables your bot to:
- Receive encrypted DMs from Nostr users
- Send encrypted responses back
- Work with any NIP-04 compatible Nostr client (Damus, Amethyst, etc.)
Installation
clawdbot plugins install @clawdbot/nostr
Quick Setup
-
Generate a Nostr keypair (if you don't have one):
# Using nak CLI nak key generate # Or use any Nostr key generator -
Add to your config:
{ "channels": { "nostr": { "privateKey": "${NOSTR_PRIVATE_KEY}", "relays": ["wss://relay.damus.io", "wss://nos.lol"] } } } -
Set the environment variable:
export NOSTR_PRIVATE_KEY="nsec1..." # or hex format -
Restart the gateway
Configuration
| Key | Type | Default | Description |
|---|---|---|---|
privateKey |
string | required | Bot's private key (nsec or hex format) |
relays |
string[] | ["wss://relay.damus.io", "wss://nos.lol"] |
WebSocket relay URLs |
dmPolicy |
string | "pairing" |
Access control: pairing, allowlist, open, disabled |
allowFrom |
string[] | [] |
Allowed sender pubkeys (npub or hex) |
enabled |
boolean | true |
Enable/disable the channel |
name |
string | - | Display name for the account |
Access Control
DM Policies
- pairing (default): Unknown senders receive a pairing code to request access
- allowlist: Only pubkeys in
allowFromcan message the bot - open: Anyone can message the bot (use with caution)
- disabled: DMs are disabled
Example: Allowlist Mode
{
"channels": {
"nostr": {
"privateKey": "${NOSTR_PRIVATE_KEY}",
"dmPolicy": "allowlist",
"allowFrom": [
"npub1abc...",
"0123456789abcdef..."
]
}
}
}
Testing
Local Relay (Recommended)
# Using strfry
docker run -p 7777:7777 ghcr.io/hoytech/strfry
# Configure clawdbot to use local relay
"relays": ["ws://localhost:7777"]
Manual Test
- Start the gateway with Nostr configured
- Open Damus, Amethyst, or another Nostr client
- Send a DM to your bot's npub
- Verify the bot responds
Protocol Support
| NIP | Status | Notes |
|---|---|---|
| NIP-01 | Supported | Basic event structure |
| NIP-04 | Supported | Encrypted DMs (kind:4) |
| NIP-17 | Planned | Gift-wrapped DMs (v2) |
Security Notes
- Private keys are never logged
- Event signatures are verified before processing
- Use environment variables for keys, never commit to config files
- Consider using
allowlistmode in production
Troubleshooting
Bot not receiving messages
- Verify private key is correctly configured
- Check relay connectivity
- Ensure
enabledis not set tofalse - Check the bot's public key matches what you're sending to
Messages not being delivered
- Check relay URLs are correct (must use
wss://) - Verify relays are online and accepting connections
- Check for rate limiting (reduce message frequency)
License
MIT