Skip to content

zig-nostr/signet

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Signet

A native remote signer for Nostr. Signet keeps your Nostr secret key on a machine you control and signs for your apps over NIP-46 — the key never leaves the signer, and every request waits for your explicit approval.

Built on zig-nostr/nostr.

Status: early / work in progress. The signer works end-to-end over public relays, including those that require NIP-42 authentication. Downloads are ad-hoc signed (not notarized) — see Install.

Signet: first-run key setup, then approving a live signing request

First-run key setup, then the serving screen — the bunker:// connection URL to copy into a client, live per-relay status, and approving a real NIP-46 signing request. The key is generated and held by the signer daemon — it never enters the GUI.

Install

macOS (Apple Silicon):

curl -fsSL https://raw.githubusercontent.com/zig-nostr/signet/main/scripts/install-macos.sh | bash

That downloads the latest release, verifies its SHA-256, installs Signet.app to /Applications, and opens it — ready to use.

Signet is ad-hoc signed, not notarized — on purpose. It holds your keys, so the trust anchor is a build you can reproduce, not an Apple signature: every release is built by CI from a tagged commit (.github/workflows/release.yml). Prefer to trust nothing you didn't run? Read the installer and build from source.

Two components, one product

Signet is split into two processes on purpose, so the secret key stays isolated from the user interface:

  • daemon/ — the headless NIP-46 signer ("bunker"). It holds the encrypted key, connects to your relays, and in GUI mode serves a loopback-only approval API. It runs standalone as a CLI for advanced users, or supervised by the GUI.
  • gui/ — the native desktop approver, built with the Native SDK (declarative markup plus Zig, rendered natively — no WebView, no Electron). It shows each pending request and sends back your approve/deny decision. The key never enters it.

Packaged together, one download brings up both as a single macOS .app.

Build

Each component builds independently — see its own README for details:

# daemon (Zig 0.16)
cd daemon && zig build -Doptimize=ReleaseFast

# gui (Native SDK CLI: npm install -g @native-sdk/cli)
cd gui && native build
  • daemon/README.md — running the signer, key management, relays, and the approval API.
  • gui/README.md — the approval app and how it connects to (or supervises) the daemon.

License

MIT © Sepehr Safari

About

Signet — a native remote signer (NIP-46 bunker) for Nostr. Your key stays on a machine you control; every signing request waits for your approval. Built on zig-nostr/nostr.

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors