Skip to content

Add NIP-46 bunker proxy support for remote signing#418

Open
greenart7c3 wants to merge 3 commits into
masterfrom
claude/add-bunker-proxy-login-ciFdm
Open

Add NIP-46 bunker proxy support for remote signing#418
greenart7c3 wants to merge 3 commits into
masterfrom
claude/add-bunker-proxy-login-ciFdm

Conversation

@greenart7c3
Copy link
Copy Markdown
Owner

@greenart7c3 greenart7c3 commented May 4, 2026

Summary

This PR adds support for Amber to function as a NIP-46 bunker proxy, allowing users to connect to remote bunkers and forward all signing operations to them. This enables Amber to act as a local signer interface while delegating cryptographic operations to a remote bunker service.

Key Changes

  • New BunkerProxyLoginScreen UI: Added a new login flow with two tabs:

    • "Paste URI" tab: Users can paste a bunker:// URI to connect to an existing bunker
    • "Generate" tab: Users can generate a nostrconnect:// URI to share with a bunker for pairing
    • Includes QR code generation and clipboard copy functionality

  • RemoteBunkerClient service: New service class that handles all NIP-46 communication with remote bunkers:

    • Implements request/response pattern with timeout handling
    • Supports all major NIP-46 methods: sign_event, sign_message, nip44_encrypt, nip04_encrypt, nip44_decrypt, nip04_decrypt, decrypt_zap_event, get_public_key, connect
    • Handles both NIP-44 and NIP-04 encryption with automatic fallback
    • Includes logging of all proxy requests

  • ProxyResponseSubscription: New subscription manager for receiving NIP-46 responses from remote bunkers:

    • Subscribes to response events (kind 24133) on configured relays
    • Handles both persistent (account-based) and transient (login-time) subscriptions
    • Decrypts responses and routes them to pending requests
    • Supports initial connection handshake for the generate flow

  • Account proxy support: Extended Account model to support proxy mode:

    • Added ProxyAccountMetadata to store remote bunker pubkey, relays, and connection details
    • Modified signing methods to forward to RemoteBunkerClient when in proxy mode
    • Proxy accounts use a local keypair for communication while exposing the remote user's pubkey

  • Intent handling: Added handleProxyIntent() in IntentUtils to short-circuit nostrsigner:// intents:

    • Forwards requests directly to remote bunker without approval UI
    • Bypasses per-app permissions for proxy accounts
    • Delivers results back to caller via setResult or callback URL

  • EventNotificationConsumer integration: Added forwardProxyRequest() to handle inbound NIP-46 requests:

    • Silently forwards most requests to remote bunker
    • Shows UI only for CONNECT/GET_PUBLIC_KEY when multiple accounts exist
    • Relays bunker responses back to requesters

  • UI and navigation:

    • Added "Login as bunker proxy" button to login screen
    • Added route and navigation for bunker proxy login screen
    • Added string resources for all new UI elements

  • Persistence: Extended LocalPreferences to save/load proxy account metadata (remote pubkey, relays, bunker name, secret)

Notable Implementation Details

  • Uses transient login subscriptions during the pairing flow to handle responses before the account is persisted
  • Supports both bunker:// URIs (direct connection) and nostrconnect:// URIs (user-initiated pairing)
  • Implements timeout handling (30 seconds default) for all remote bunker requests
  • Gracefully falls back from NIP-44 to NIP-04 encryption if needed
  • Maintains separate local and remote pubkeys: local keypair for relay communication, remote pubkey exposed to applications
  • Offline flavor builds are prevented from using bunker proxy features

https://claude.ai/code/session_01U28mr2RosEzh1h45VD27Bn

claude added 3 commits May 4, 2026 18:04
@claude
Add bunker proxy login
a94c4d1 
A new login mode that pairs Amber with a remote NIP-46 bunker. All
signing, encryption and decryption requests are forwarded to the bunker
silently — no approval prompts are ever shown — making Amber a fully
transparent NIP-46 proxy. Works for the three ingestion paths:
nostrsigner:// intents, the ContentProvider IPC, and inbound NIP-46
events on Amber's own relays.
@claude
Register bunker proxy login route in post-login NavHost
5a42448 
MainPage is reused inside MainScreen's NavHost for the post-login
"add another account" flow, so the bunkerProxyLogin route also has to
be registered there. Without this, tapping the bunker proxy button
while already logged in throws IllegalArgumentException because the
post-login graph (startDestination=Applications) does not know the
route.
@claude
Bunker proxy: redirect after login, fix layout, surface multi-account…
2d35712 
… picker

- After a successful bunker proxy login, navigate the NavHost to the
  Applications route (mirrors the existing nsec login flow). Without
  this the user was left on the bunker login screen.
- Drop the inner Scaffold in BunkerProxyLoginScreen and accept a
  contentPadding parameter so the post-login MainScreen's top/bottom
  bars no longer cut off the screen content.
- For both the inbound NIP-46 path (EventNotificationConsumer) and
  the nostrsigner:// intent path (IntentUtils.handleProxyIntent), only
  short-circuit "connect" / "get_public_key" silently when there is a
  single saved account. With multiple accounts, fall through to the
  existing connect approval UI so the user can pick which account to
  expose to the requesting app.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@greenart7c3 @claude