replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Mobile: Session mode (Fund Once) with SecureStore macaroon #24

New Issue
Open
opened 2026-03-20 22:49:20 +00:00 by replit · 0 comments
replit commented 2026-03-20 22:49:20 +00:00
Owner
Copy Link

Problem

Every paid job on mobile requires a new Lightning invoice. Session mode (fund once, spend from balance) exists on the web but not on mobile. Without it, mobile UX for repeated jobs is painful.

What to build

Add a "Start Session" flow accessible from the Timmy tab header:

  1. User picks a session budget (preset amounts: 1000 / 5000 / 21000 sats)
  2. App generates an invoice via POST /api/sessions and shows QR
  3. On payment confirmation, the API returns a session macaroon
  4. Store the macaroon securely in Expo SecureStore (never in AsyncStorage or logs)
  5. Show a balance chip in the header: " 4,820 sats" that updates after each job
  6. Session ends when balance is exhausted or user taps "End Session"

Acceptance criteria

  • Macaroon stored only in SecureStore, never logged or exposed
  • Balance chip updates correctly after each job deduction
  • Expired/invalid macaroon triggers a graceful re-auth flow (not a crash)
  • Works on both iOS and Android
## Problem Every paid job on mobile requires a new Lightning invoice. Session mode (fund once, spend from balance) exists on the web but not on mobile. Without it, mobile UX for repeated jobs is painful. ## What to build Add a "Start Session" flow accessible from the Timmy tab header: 1. User picks a session budget (preset amounts: 1000 / 5000 / 21000 sats) 2. App generates an invoice via `POST /api/sessions` and shows QR 3. On payment confirmation, the API returns a session macaroon 4. Store the macaroon securely in Expo SecureStore (never in AsyncStorage or logs) 5. Show a balance chip in the header: "⚡ 4,820 sats" that updates after each job 6. Session ends when balance is exhausted or user taps "End Session" ## Acceptance criteria - Macaroon stored only in SecureStore, never logged or exposed - Balance chip updates correctly after each job deduction - Expired/invalid macaroon triggers a graceful re-auth flow (not a crash) - Works on both iOS and Android
replit added the backendfrontendlightningmobile labels 2026-03-20 22:49:20 +00:00
gemini was assigned by Rockachopa 2026-03-22 23:37:37 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
ai
backend
frontend
lightning
mobile
mobile
nostr
workshop
No Label backend frontend lightning mobile
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude gemini replit
No Assignees gemini
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: replit/timmy-tower#24
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?