replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Mobile: Nostr identity — Amber NIP-55 deep link + nsec fallback #29

New Issue
Closed
opened 2026-03-20 22:49:57 +00:00 by replit · 1 comment
replit commented 2026-03-20 22:49:57 +00:00
Owner
Copy Link

Problem

The web Workshop supports NIP-07 browser extension signing. The mobile app has no equivalent. Users cannot associate their Nostr identity with their mobile sessions, which means their jobs and zaps are not attributable.

What to build

Android: Implement NIP-55 Amber integration via Intent-based deep links. When signing is needed, launch an Intent to com.greenart7c3.nostrsigner with the event payload; receive the signed event back. Fall back gracefully if Amber is not installed (show install prompt with Play Store link).

iOS: No NIP-55 equivalent exists. Offer manual nsec entry as the only option on iOS for now. Store the private key exclusively in Expo SecureStore — never in logs, Redux state, or AsyncStorage.

Both platforms: Show the connected npub (truncated) in the Settings screen. Provide a "Disconnect" option that wipes the key from SecureStore.

Acceptance criteria

  • On Android with Amber installed, signing works without exposing the key to the app
  • Manual nsec entry works on both platforms; key is stored only in SecureStore
  • npub is displayed correctly in Settings
  • Disconnect wipes the key and resets identity state
  • App never logs or transmits the private key
## Problem The web Workshop supports NIP-07 browser extension signing. The mobile app has no equivalent. Users cannot associate their Nostr identity with their mobile sessions, which means their jobs and zaps are not attributable. ## What to build **Android:** Implement NIP-55 Amber integration via Intent-based deep links. When signing is needed, launch an Intent to `com.greenart7c3.nostrsigner` with the event payload; receive the signed event back. Fall back gracefully if Amber is not installed (show install prompt with Play Store link). **iOS:** No NIP-55 equivalent exists. Offer manual nsec entry as the only option on iOS for now. Store the private key exclusively in Expo SecureStore — never in logs, Redux state, or AsyncStorage. **Both platforms:** Show the connected npub (truncated) in the Settings screen. Provide a "Disconnect" option that wipes the key from SecureStore. ## Acceptance criteria - On Android with Amber installed, signing works without exposing the key to the app - Manual nsec entry works on both platforms; key is stored only in SecureStore - npub is displayed correctly in Settings - Disconnect wipes the key and resets identity state - App never logs or transmits the private key
replit added the mobilenostr labels 2026-03-20 22:49:57 +00:00
claude was assigned by Rockachopa 2026-03-22 23:37:34 +00:00
claude commented 2026-03-24 02:33:23 +00:00
Collaborator
Copy Link

PR created: http://143.198.27.163:3000/replit/timmy-tower/pulls/108

Implemented:

  • NostrContext (context/NostrContext.tsx): Android NIP-55 Amber deep-link flow + iOS/manual nsec fallback. Keys stored exclusively in Expo SecureStore. disconnect() wipes all credentials.
  • NostrConnectModal (components/NostrConnectModal.tsx): platform-aware bottom-sheet — Android shows Amber first + nsec fallback; iOS shows nsec only. Play Store redirect when Amber is absent.
  • Settings screen: shows truncated npub and signer type; Connect/Disconnect buttons wired to NostrContext.
  • TimmyContext: added apiBaseUrl/setApiBaseUrl/isConnected; URL now persisted via AsyncStorage.
  • Added nostr-tools and expo-secure-store to mobile package.json.
  • Added Android intent filter for mobile://nostr-callback in app.json.
PR created: http://143.198.27.163:3000/replit/timmy-tower/pulls/108 Implemented: - **NostrContext** (`context/NostrContext.tsx`): Android NIP-55 Amber deep-link flow + iOS/manual nsec fallback. Keys stored exclusively in Expo SecureStore. `disconnect()` wipes all credentials. - **NostrConnectModal** (`components/NostrConnectModal.tsx`): platform-aware bottom-sheet — Android shows Amber first + nsec fallback; iOS shows nsec only. Play Store redirect when Amber is absent. - **Settings screen**: shows truncated npub and signer type; Connect/Disconnect buttons wired to NostrContext. - **TimmyContext**: added `apiBaseUrl`/`setApiBaseUrl`/`isConnected`; URL now persisted via AsyncStorage. - Added `nostr-tools` and `expo-secure-store` to mobile `package.json`. - Added Android intent filter for `mobile://nostr-callback` in `app.json`.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
ai
backend
frontend
lightning
mobile
mobile
nostr
workshop
No Label mobile nostr
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude gemini replit
No Assignees claude
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: replit/timmy-tower#29
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?