{"id":42304518,"url":"https://github.com/Letdown2491/signet","last_synced_at":"2026-02-06T15:01:02.714Z","repository":{"id":320652831,"uuid":"1082776328","full_name":"Letdown2491/signet","owner":"Letdown2491","description":"Signet is a self-hosted NIP-46 compliant remote signer for Nostr. This project is an extensive rewrite of nsecbunkerd. Companion app for Android available.","archived":false,"fork":false,"pushed_at":"2026-02-01T06:26:28.000Z","size":2743,"stargazers_count":13,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-01T17:30:32.673Z","etag":null,"topics":["bunker","nip46","nostr","nsec","oauth","remote-signer","signer"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Letdown2491.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-24T18:49:26.000Z","updated_at":"2026-02-01T17:17:58.000Z","dependencies_parsed_at":"2025-10-25T03:25:38.902Z","dependency_job_id":null,"html_url":"https://github.com/Letdown2491/signet","commit_stats":null,"previous_names":["letdown2491/signet"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/Letdown2491/signet","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Letdown2491%2Fsignet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Letdown2491%2Fsignet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Letdown2491%2Fsignet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Letdown2491%2Fsignet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Letdown2491","download_url":"https://codeload.github.com/Letdown2491/signet/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Letdown2491%2Fsignet/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29165666,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T14:37:12.680Z","status":"ssl_error","status_checked_at":"2026-02-06T14:36:22.973Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bunker","nip46","nostr","nsec","oauth","remote-signer","signer"],"created_at":"2026-01-27T11:00:32.169Z","updated_at":"2026-02-06T15:01:02.704Z","avatar_url":"https://github.com/Letdown2491.png","language":"TypeScript","funding_links":[],"categories":["Offline signers"],"sub_categories":["Client reviews and/or comparisons"],"readme":"# Signet\n\nA modern NIP-46 remote signer for Nostr. Manages multiple keys securely with a web dashboard for administration. This project was originally forked from [nsecbunkerd](https://github.com/kind-0/nsecbunkerd), but has since received an extensive rewrite and now shares very little code with it.\n\nSignet separates the signing back end from the front end, and ships with a web UI. A companion Android app is [available on ZapStore](https://zapstore.dev/apps/naddr1qvzqqqr7pvpzpk4yr0kmdpv3xcalgsrldp7tj7yuc4p76qjtka7z95kgfky02s2nqq2hgetrdqhxwet9dd6x7umgdyh8x6t8dejhgck8a3z). Other platforms are possible and on the roadmap.\n\n## Web UI Screenshots\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"signet.png\" width=\"49%\" alt=\"Signet Dashboard\" /\u003e\n  \u003cimg src=\"signet-help.png\" width=\"49%\" alt=\"Signet Help\" /\u003e\n\u003c/p\u003e\n\n## Android Screenshots\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"apps/signet-android/app/images/signet-android-1-home.png\" width=\"32%\" alt=\"Android Home\" /\u003e\n  \u003cimg src=\"apps/signet-android/app/images/signet-android-2-apps.png\" width=\"32%\" alt=\"Android Apps\" /\u003e\n  \u003cimg src=\"apps/signet-android/app/images/signet-android-3-settings.png\" width=\"32%\" alt=\"Android Settings\" /\u003e\n\u003c/p\u003e\n\n## Quick Start (Docker)\n\n```bash\ngit clone https://github.com/Letdown2491/signet\ncd signet\npnpm install\n# If you plan to run the daemon with the web dashboard\ndocker compose up --build\n# Or if you plan to run the daemon with the Android app\ndocker compose up --build signet\n```\n\n- Daemon + REST API will run on `http://localhost:3000`\n- Web dashboard will run on `http://localhost:4174`. The web dashboard is not required if you plan to manage Signet using the Android app.\n\nThe daemon displays your local network IP address on startup. If a single IP is detected, it also shows a QR code you can scan with the Android app for quick setup.\n\nIf you prefer to add keys directly through the CLI:\n\n```bash\ndocker compose run --rm signet add --name main-key\n```\n\n**Upgrading:** Pull the latest changes, rebuild, and restart. Database migrations run automatically on daemon startup.\n\n## Quick Start (PNPM)\n\nBuild and run the daemon:\n\n```bash\ncd apps/signet\npnpm run build\npnpm run prisma:migrate\npnpm run lfg\n```\n\nFor long-running deployments, use a process supervisor (systemd, PM2, etc.) to ensure automatic restarts on crash. See [docs/DEPLOYMENT.md](docs/DEPLOYMENT.md) for examples.\n\nBuild and run the UI (in a separate terminal):\n\n```bash\ncd apps/signet-ui\npnpm run build\npnpm run start\n```\n\nOr from the monorepo root:\n\n```bash\npnpm run build:daemon \u0026\u0026 pnpm run build:ui\npnpm run start:daemon  # terminal 1\npnpm run start:ui      # terminal 2\n```\n\nThe UI server proxies API requests to the daemon, so you only need to expose port 4174. See [docs/DEPLOYMENT.md](docs/DEPLOYMENT.md) for remote access configuration.\n\n**Upgrading:** Pull the latest changes, rebuild, and restart. Database migrations run automatically on daemon startup.\n\n## Configuration\n\nConfig is auto-generated on first boot at `~/.signet-config/signet.json`.\n\nSee [docs/CONFIGURATION.md](docs/CONFIGURATION.md) for all options.\n\n## Connecting Apps\n\nThere are two ways to connect a Nostr app to Signet:\n\n**bunker:// (Signet initiates)**\n1. Go to the Keys page and select a key\n2. Click \"Generate bunker URI\" to get a one-time connection link\n3. Paste the bunker URI into your Nostr app's remote signer settings\n4. The app connects automatically\n\n**nostrconnect:// (App initiates)**\n1. In your Nostr app, look for \"Connect via remote signer\" or similar\n2. The app displays a nostrconnect:// URI or QR code\n3. In Signet, click + on the Apps page (or scan QR on Android)\n4. Paste the nostrconnect:// URI and choose a key and trust level\n5. Click Connect to complete the handshake\n\nBoth methods result in the same secure connection. Use whichever your app supports.\n\n## Security\n\nKeys are encrypted with NIP-49 (XChaCha20-Poly1305 with scrypt, recommended) or legacy AES-256-GCM. API endpoints require JWT auth with CORS and rate limiting. An optional **Inactivity Lock** (Dead Man's Switch) automatically locks all keys and suspends all apps if not reset within a configurable timeframe. Additional, an optional admin npub can be set to allow sending DM commands (NIP-04/NIP-17) to Signet without access to any UI.\n\nDO NOT run the daemon on a public machine. We recommend private network access only. Tailscale is preferred and documented in [docs/DEPLOYMENT.md](docs/DEPLOYMENT.md). \n\nSee [docs/SECURITY.md](docs/SECURITY.md) for the full security model.\n\n## Documentation\n\n- [Configuration Reference](docs/CONFIGURATION.md) - All config options\n- [Deployment Guide](docs/DEPLOYMENT.md) - Tailscale, reverse proxies, etc.\n- [Security Model](docs/SECURITY.md) - Security architecture and threat model\n- [Kill Switch Guide](docs/KILLSWITCH.md) - Emergency remote control via Nostr DMs\n- [API Reference](docs/API.md) - REST API endpoints\n- [Android App](docs/ANDROID.md) - Setup and building the mobile app\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLetdown2491%2Fsignet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FLetdown2491%2Fsignet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLetdown2491%2Fsignet/lists"}