I've had to implement NIP-42 auth separate from strfry, it can actually layer on top of any relay implementation.  I am currently filling it out to match basic use cases like private inbox style relays, and also more general use like groups and basic REQ rate limiting of the websockets themselves.  So, I don't think it can be closed.  Thanks for the links I'm reading them over.

https://github.com/relaytools/interceptor-proxy