Summary
The resources/updated notification is currently not properly correlated. It is being broadcast to all initialized sessions instead of being delivered only to the intended recipient(s).
Impact
- Incorrect clients may receive sensitive resource updates
- Raises serious privacy and data correctness concerns
- Potential security implications due to unintended data leakage
Reproduction Steps
- Set up multiple client sessions (multi-client environment)
- Emit a
resources/updated notification
- Observe that the notification is broadcast to all active sessions (fan-out behavior)
Actual Behavior
The notification is sent through a broadcast loop that delivers it to every initialized session, without proper correlation or targeting.
Expected Behavior
The resources/updated notification should be delivered only to the correlated recipient(s) using targeted delivery.
Evidence
nostr-server-transport.ts:
Acceptance Criteria
Priority: High
Labels: bug, transport, notification, privacy, nostr-server-transport, correlation
Summary
The
resources/updatednotification is currently not properly correlated. It is being broadcast to all initialized sessions instead of being delivered only to the intended recipient(s).Impact
Reproduction Steps
resources/updatednotificationActual Behavior
The notification is sent through a broadcast loop that delivers it to every initialized session, without proper correlation or targeting.
Expected Behavior
The
resources/updatednotification should be delivered only to the correlated recipient(s) using targeted delivery.Evidence
nostr-server-transport.ts:Acceptance Criteria
resources/updatednotificationsPriority: High
Labels: bug, transport, notification, privacy, nostr-server-transport, correlation