fix(ws): guard send() with isOpen() — eliminate CLOSE-on-dying-connection race (2.0.6)

[tcheeric]

Summary

• NostrRelayClient.send() now fails fast on a closed session (if (!clientSession.isOpen()) throw IOException), mirroring the guard subscribe() already had.
• Eliminates the spec-026 residual IllegalStateException: Concurrent write operations are not permitted storm: a per-subscription Nostr CLOSE sent during teardown of an already-breaking connection reached Tomcat's sendText, where doClose() fires mid-write and emits a WS CLOSE frame while the text write is still pending on the async channel.
• Release 2.0.6 (tag v2.0.6, published to reposilite).

Root cause

Single-thread stack: SubscriptionHandle.close → send(["CLOSE",subId]) → decorator → Tomcat sendText → WsSession.doClose → sendCloseMessage → AsyncChannelWrapperSecure.write throws. Not an app-thread race, so the decorator / sessionGate / adapter sendLock can't cover it — it's Tomcat closing inside one in-flight send.

Test plan

• NostrRelayClientCloseWriteRaceTest.send_onClosedSession_failsFastWithoutDelegateWrite (new) — send on closed session throws IOException, never calls delegate sendMessage
• all 24 nostr-java-client tests pass
• 24h staging soak: grep -c 'Concurrent write' stays 0

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR prepares release 2.0.6 and adds a fail-fast guard for NostrRelayClient.send() when the WebSocket session is already closed, aiming to avoid Tomcat close/write race errors during relay teardown.

Changes:

• Bumps the root and module Maven versions from 2.0.5 to 2.0.6.
• Adds an isOpen() guard before send() writes to the WebSocket session.
• Adds a regression test and changelog entry for the closed-session send behavior.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pom.xml	Updates project version to 2.0.6.
nostr-java-core/pom.xml	Updates parent version to 2.0.6.
nostr-java-event/pom.xml	Updates parent version to 2.0.6.
nostr-java-identity/pom.xml	Updates parent version to 2.0.6.
nostr-java-client/pom.xml	Updates parent version to 2.0.6.
nostr-java-client/src/main/java/nostr/client/springwebsocket/NostrRelayClient.java	Adds closed-session guard before sending relay payloads.
nostr-java-client/src/test/java/nostr/client/springwebsocket/NostrRelayClientCloseWriteRaceTest.java	Adds regression coverage for send-on-closed-session behavior.
CHANGELOG.md	Documents the 2.0.6 fix.

[tcheeric]

Right — the top-of-send() placement left a TOCTOU window. Fixed in fa7b95f (cut as 2.0.7): moved the isOpen() check inside sendFrameGated(), immediately after sessionGate.readLock().lock(), so the open-check and sendMessage() are now in the same critical section and mutually exclusive with closeGated() (which holds the write lock). A concurrent close() can no longer slip between the check and the write.

2.0.6 already handled the dominant case (session already closed when send() is invoked); this closes the narrow in-flight-close window. All 24 nostr-java-client tests still pass (incl. the close-vs-write race + concurrency suites).