aiolabs/nsecbunkerd
8
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity Actions
Pulse Contributors Code frequency Recent commits

2026-06-19 - 2026-06-26
Period: 1 week
1 day 3 days 1 week 1 month 3 months 6 months 1 year

Overview

6 active pull requests
11 active issues
6
Merged pull requests 0
Proposed pull requests 7
Closed issues 6
New issues
Excluding merges, 0 authors have pushed 0 commits to master and 7 commits to all branches. On master, 0 files have changed and there have been 0 additions and 0 deletions.

6 pull requests merged by 1 user

Merged #40 fix(admin): make create_new_key idempotent — never clobber an existing key (#39) 2026-06-21 14:01:48 +00:00

Merged #38 fix(acl): hard-reject a lapsed token binding instead of prompting (#36) 2026-06-21 12:57:47 +00:00

Merged #34 feat(acl): per-rule windowed usage caps enforced live at sign time (#28) 2026-06-21 10:34:23 +00:00

Merged #33 test(acl): DB-backed integration tests for checkIfPubkeyAllowed (#29) 2026-06-19 21:09:42 +00:00

Merged #32 docs: migration & DB-maintenance runbook (never full-wipe nsecbunker.db) 2026-06-19 21:09:27 +00:00

Merged #27 fix(acl): enforce token grant lifecycle live at sign time (#24, #25) 2026-06-19 16:05:19 +00:00

7 issues closed from 1 user

Closed #39 create_new_key clobbers an existing key — silent, unrecoverable identity loss on re-pair 2026-06-21 14:01:48 +00:00

Closed #36 ACL: an expired/exhausted bound token should hard-reject (false), not fall through to prompt-admin (undefined) — clients time out instead of re-pairing 2026-06-21 12:57:47 +00:00

Closed #28 Enforce PolicyRule.maxUsageCount live at sign time (needs a durable signing log) 2026-06-21 10:34:23 +00:00

Closed #29 Add a DB-backed test harness + integration tests for checkIfPubkeyAllowed 2026-06-19 21:09:42 +00:00

Closed #12 Trim applyToken SigningCondition fan-out once override layer is rarely-consulted 2026-06-19 20:55:50 +00:00

Closed #25 Design discussion / RFC: enforce token + grant lifecycle at sign time (the root behind #24) 2026-06-19 20:55:39 +00:00

Closed #24 Token expiresAt (TTL) is not enforced post-bind — sign-time ACL ignores it 2026-06-19 20:55:34 +00:00

6 issues created by 1 user

Opened #31 Remove the redundant, always-failing npm run prisma:migrate step in start.js 2026-06-19 16:32:56 +00:00

Opened #35 SigningLog retention/pruning — the usage-cap log grows unbounded 2026-06-20 19:52:43 +00:00

Opened #36 ACL: an expired/exhausted bound token should hard-reject (false), not fall through to prompt-admin (undefined) — clients time out instead of re-pairing 2026-06-21 09:56:00 +00:00

Opened #37 SigningLog retention/prune reaper (unbounded growth from #28 usage caps) 2026-06-21 10:35:20 +00:00

Opened #39 create_new_key clobbers an existing key — silent, unrecoverable identity loss on re-pair 2026-06-21 13:51:39 +00:00

Opened #41 Watchdog reconnect re-opens the socket but never replays subscriptions → bunker goes silently deaf after a relay flap 2026-06-23 22:19:02 +00:00

5 unresolved conversations

Open #6 Docker Hub image pablof7z/nsecbunkerd:latest is arm64-only — fails on amd64 hosts 2026-06-20 18:50:52 +00:00

Open #30 flake devShell exports prisma-engines 7.x — breaks prisma migrate/validate in the dev shell 2026-06-20 18:50:43 +00:00

Open #2 pnpm-lock.yaml is out of date vs package.json — frozen install fails 2026-06-20 18:50:43 +00:00

Open #26 NDK NIP-46 backend: get_public_key bypasses the permit callback — pubkey disclosure is ungated/unauditable through our ACL seam 2026-06-19 20:55:15 +00:00

Open #18 relayConnectionWatchdog: make threshold + poll-interval env-configurable + add soft-fail mode (don't process.exit on transient partitions) 2026-06-19 15:57:24 +00:00