status:draft
since:v0.3.2
Goal
The goal is to allow simple low-latency interactions with an LN Node via a bot-like interface.
Definitions
Owner: the Nostr user from whom the bot accepts commands
Pairing: the process by which the Owner info (pubkey, relays) is configured in the bot
Architecture
The bot has an LN client and a Nostr client. The LN client has sufficient permissions to query data, create and pay invoices.
NIP-04 DMs from the owner are considered commands. The bot executes the commands and returns the result as a DM to the owner.
All other Nostr events, as well as DMs from other pubkeys, are ignored.
The bot holds no state.
Supported Commands
Every command has a one-letter alias consisting of its first letter. The commands are not case-sensitive. For example, all these commands are equivalent: b
, B
, balance
, Balance
.
balance
: check the LN balancecreate <amount>
: create a new invoice for the specified amount of satsdescribe <invoice>
: describe a BOLT11 invoicehelp
: print an overview of the supported commandspay <invoice>
: pay a BOLT11 invoicesend <lightning-address> <amount>
: send the specified amount of sats to the specified LN Addressversion
: print the bot an LN node version
Threat Scenarios
Commands from Non-Paired Pubkeys
These not even received by the bot, because its Nostr client specifically subscribes to NIP-04 DMs from the owner.
Even if a rogue relay were to send such events, the bot re-checks the sender pubkey before processing an event.
Denial of Service from a Nostr Attacker
See above. The bot only accepts events from its owner, no other events are received or processed.
Command Replay by Rogue Relay
A rogue relay could re-send the same DM event over and over.
The bot keeps track of the processed events by tracking the event ID. This makes sure each valid command is only processed once, even if re-played at a later date.