NIP-59 randomizes gift wrap created_at up to 2 days into the past so
metadata observers can't correlate publish moments. The lenient
`since = last_dm_time - 5min` window from commit e0fdada was designed
for NIP-04 messages where created_at is the real send time; with
gift wraps it locks out any wrap whose randomized timestamp falls
before the latest stored DM.
aio-demo symptom: established merchant (last_dm_time = today 14:40)
subscribes with `since = today 14:35`. Customer publishes a new gift
wrap whose randomized created_at is May 1 23:11. NostrFilter.matches
sees `event.created_at < self.since` and returns False — relay logs
"❌ Filter didn't match" and the order never reaches the merchant.
Fix: don't apply `since` at all on the kind 1059 filter. Replay risk
is bounded by server-side dedup and our existing
NostrClient.is_duplicate_event() guard. Other filters (stalls,
products, profiles) keep their `since` because those events use
real timestamps.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Both _auto_create_merchant (lazy GET fallback in views_api) and
LNbits' _create_default_merchant (eager signup hook) used to
reimplement merchant + zone + stall creation independently. Moves the
canonical implementation to services.provision_merchant() so both
call sites stay in lockstep — future changes (NIP-17 kind 10050 relay
list, additional default zones, etc.) only happen in one place.
- services.provision_merchant(user_id, wallet_id, public_key,
private_key, display_name, config): creates merchant if absent,
default 'Online' zone, default '<username>'s Store' stall, and
publishes the kind 30017 stall event. Idempotent on the merchant
pubkey: returns the existing merchant unchanged if one exists.
- views_api._auto_create_merchant: now a 10-line wrapper that loads
the account, generates fallback keys if missing, then delegates.
The LNbits-side hook (lnbits/core/services/users.py:_create_default_merchant)
will be updated in a companion commit to also call this service.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two complementary fixes for the "Unknown Stall" bug, where a customer
sees a product on the relay but the parent stall is missing.
1. _auto_create_merchant() now creates a default "<username>'s Store"
stall and publishes its kind 30017 event before returning. New users
land with a fully-published merchant identity, so the very first
product they create has a known parent stall on relays.
2. POST /api/v1/product (api_create_product) now republishes the parent
stall before publishing the product. NIP-33 parameterized replaceable
events make this idempotent, but it self-heals every existing case
where the stall publish failed or never happened (transient relay
issues, accounts that pre-date the auto-publish flow, manual stall
creation that didn't reach all relays).
This complements the LNbits-side fix in core/services/users.py
(_create_default_merchant publishes the stall on signup) and the
webapp self-heal in useMarketStallSelfHeal.ts. With all three layers,
"Unknown Stall" should disappear from the customer view.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 3 (auto-provision merchant from account keypair) removed the
generateKeys / importKeys methods and the dialog data fields, but
left the dialog templates and dropdown menu items behind. They
referenced importKeyDialog.show and generateKeyDialog.show, which
were now undefined — breaking the merchant dashboard with
"Cannot read properties of undefined (reading 'show')".
Removes:
- The Import Key and Generate New Key dialogs from index.html
- The corresponding dropdown items from merchant-tab.html
- The 'import-key' and 'generate-key' emits from merchant-tab.js
- The dangling @import-key / @generate-key listeners in index.html
Merchants are auto-provisioned from the account keypair on first
GET; key rotation is handled by the migrate-keys feature instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a user rotates their Nostr keypair in account settings, the
merchant still holds the old key. This adds:
- key_mismatch flag on MerchantConfig (runtime, not persisted) -
detected on each GET /api/v1/merchant by comparing account vs
merchant pubkey
- POST /api/v1/merchant/{id}/migrate-keys endpoint that updates
the merchant keys, republishes all stalls/products under the new
identity, and resubscribes
- Warning banner in the UI with a "Migrate Keys" button and
confirmation dialog
- update_merchant_keys() crud function
Orders and DM history are preserved since they reference customer
pubkeys. Old stall/product events on relays become orphaned.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The LNbits user account IS the merchant identity. GET /api/v1/merchant
now auto-creates the merchant record using the account's existing Nostr
keypair if one doesn't exist yet, so the extension is immediately
usable without any setup screen.
- Extract _auto_create_merchant() helper used by both GET and POST
- Remove welcome/key-generation screen (replaced with loading spinner)
- Remove dead frontend code (generateKeys, importKeys dialogs)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Modernize the entire customer-merchant communication layer from deprecated
NIP-04 (kind 4, AES-256-CBC) to NIP-17 private direct messages using
NIP-44 v2 encryption (ChaCha20 + HMAC-SHA256) and NIP-59 gift wrapping
(rumor/seal/gift-wrap protocol). No backwards compatibility retained.
New modules:
- nostr/nip44.py: NIP-44 v2 encryption verified against official spec vectors
- nostr/nip59.py: NIP-59 gift wrap with wrap/unwrap convenience functions
- tests/: 44 unit tests for NIP-44 and NIP-59
Key changes:
- Subscription filters: kind 4 → kind 1059 gift wraps
- Message handler: _handle_nip04_message → _handle_gift_wrap (unwrap + route)
- send_dm/reply_to_structured_dm: NIP-59 gift wrap to recipient + self-archive
- Merchant model: removed NIP-04 crypto methods (decrypt/encrypt/build_dm_event)
- helpers.py: removed NIP-04 functions, kept Schnorr signing + key normalization
- views_api.py: consolidated DM sending through send_dm() service function
Reliability improvements:
- Event deduplication via bounded LRU set in NostrClient
- Subscription health monitor (resubscribes after 120s of silence)
- Preserved 5-minute lenient time window from prior work
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Updates type hints in `crud.py`, `helpers.py`, and `models.py` for improved readability and maintainability.
Replaces `Merchant | None` with `Optional[Merchant]` and `list[X]` with `List[X]` for consistency with standard Python typing practices.
Enhances the processing of Nostr messages by adding more robust error handling and logging, providing better insights into potential issues.
Specifically:
- Improves the checks on the websocket connection to log errors and debug information.
- Implements more comprehensive error logging for failed product quantity checks.
- Enhances logging and validation of EVENT messages to prevent potential errors.
- Implements a more robust merchant lookup logic to avoid double processing of events.
- Implements a more lenient time window for direct message subscriptions.
Adds a document analyzing the order discovery mechanism in Nostrmarket.
The document identifies the reasons merchants need to manually refresh to see new orders, instead of receiving them automatically. It analyzes timing window issues, connection stability, subscription state management, and event processing delays. It proposes solutions such as enhanced persistent subscriptions, periodic auto-refresh, WebSocket health monitoring, and event gap detection.
Improves websocket connection reliability by predefining the websocket URL and handling potential queueing errors.
This change also updates the websocket close message for clarity.
Enhance the merchant creation process by automatically generating Nostr keypairs
for users who don't have them, and streamline the API interface.
Changes:
- Add CreateMerchantRequest model to simplify merchant creation API
- Auto-generate Nostr keypairs for users without existing keys
- Update merchant creation endpoint to use user account keypairs
- Improve error handling and validation in merchant creation flow
- Clean up frontend JavaScript for merchant creation
This ensures all merchants have proper Nostr keypairs for marketplace
functionality without requiring manual key management from users.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove backend restriction on one merchant per user
- Add "Generate New Key" dialog with npub/nsec display
- Add "Import Existing Key" option with duplicate check
- Change "Save" to "Save & Publish" in edit profile dialog
- Remove standalone Publish button (now part of Save)
- Add trash icon to saved profile for removal
- Show display_name in saved profiles dropdown
- Hide nsec by default with eye toggle in generate dialog
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add "Import Existing Key" option with vpn_key icon
- Add "Generate New Key" option to create fresh nsec
- Add "Remove <name>" option to delete merchant from DB
- Wire up generate-key event to existing generateKeys function
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add left margin to inset avatar from banner edge
- Use dark background color for avatar
- Add object-fit: cover to prevent image stretching
- Add profile-avatar CSS class with border and shadow
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add PATCH endpoint for updating merchant profile config
- Add website field to MerchantProfile model
- Fix to_nostr_event to include all profile fields (display_name, banner, website, nip05, lud16)
- Always publish merchant profile (kind 0) when publishing to Nostr
- Extract edit-profile-dialog and nostr-keys-dialog into separate components
- Fix profile avatar alignment to match original design
- Simplify keys dialog to show only npub QR code (no nsec QR)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Display merchant profile information with:
- Banner image or grey placeholder
- Profile avatar with shadow
- Display name (or name fallback)
- About description
- NIP-05 verified identity indicator
- Lightning address (LUD16)
Extends MerchantProfile model with new fields:
display_name, banner, nip05, lud16
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
