new release with updated dependencies.

add labels to subscriptions for easier debugging.
use isatty for detecting stuff for the fancy output (it doesn't work).
2025-12-08 16:48:51 +00:00 · 2025-08-18 21:01:52 -03:00 · 2025-08-14 13:28:15 -03:00 · 2025-08-14 13:28:15 -03:00 · 2025-08-14 13:28:15 -03:00 · 2025-07-23 16:11:57 -03:00
23 changed files with 707 additions and 128 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,36 @@
+# git files
+.git
+.gitignore
+
+# documentation
+README.md
+LICENSE
+
+# development files
+justfile
+*.md
+
+# test files
+*_test.go
+cli_test.go
+
+# build artifacts
+nak
+*.exe
+mnt
+
+# ide and editor files
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# os generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
--- a/.github/workflows/smoke-test-release.yml
+++ b/.github/workflows/smoke-test-release.yml
@@ -0,0 +1,97 @@
+name: Smoke test the binary
+
+on:
+  workflow_run:
+    workflows: ["build cli for all platforms"]
+    types:
+      - completed
+    branches:
+      - master
+
+jobs:
+  smoke-test-linux-amd64:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Download and smoke test latest binary
+        run: |
+          set -eo pipefail # Exit on error, and on pipe failures
+
+          echo "Downloading nak binary from releases"
+          RELEASE_URL="https://api.github.com/repos/fiatjaf/nak/releases/latest"
+          wget $(wget -q -O - ${RELEASE_URL} | jq -r '.assets[] | select(.name | contains("linux-amd64")) | .browser_download_url') -O nak -nv
+          chmod +x nak
+
+          echo "Running basic tests..."
+          ./nak --version
+
+          # Generate and manipulate keys
+          echo "Testing key operations..."
+          SECRET_KEY=$(./nak key generate)
+          PUBLIC_KEY=$(echo $SECRET_KEY | ./nak key public)
+          echo "Generated key pair: $PUBLIC_KEY"
+
+          # Create events
+          echo "Testing event creation..."
+          ./nak event -c "hello world"
+          ./nak event --ts "2 days ago" -c "event with timestamp"
+          ./nak event -k 1 -t "t=test" -c "event with tag"
+
+          # Test NIP-19 encoding/decoding
+          echo "Testing NIP-19 encoding/decoding..."
+          NSEC=$(echo $SECRET_KEY | ./nak encode nsec)
+          echo "Encoded nsec: $NSEC"
+          ./nak encode npub 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+          NOTE_ID="5ae731bbc7711f78513da14927c48cc7143a91e6cad0565fdc4d73b8967a7d59"
+          NOTE1=$(./nak encode note $NOTE_ID)
+          echo "Encoded note1: $NOTE1"
+          ./nak decode $NOTE1
+          ./nak decode npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6
+
+          # Test event verification
+          echo "Testing event verification..."
+          # Create an event and verify it
+          VERIFY_EVENT=$(./nak event -c "verify me")
+          echo $VERIFY_EVENT | ./nak verify
+
+          # Test PoW
+          echo "Testing PoW..."
+          ./nak event -c "testing pow" --pow 8
+
+          # Test NIP-49 key encryption/decryption
+          echo "Testing NIP-49 key encryption/decryption..."
+          ENCRYPTED_KEY=$(./nak key encrypt $SECRET_KEY "testpassword")
+          echo "Encrypted key: ${ENCRYPTED_KEY:0:20}..."
+          DECRYPTED_KEY=$(./nak key decrypt $ENCRYPTED_KEY "testpassword")
+          if [ "$DECRYPTED_KEY" != "$SECRET_KEY" ]; then
+            echo "NIP-49 encryption/decryption test failed!"
+            exit 1
+          fi
+
+          # Test multi-value tags
+          echo "Testing multi-value tags..."
+          ./nak event --ts "yesterday" -t "e=f59911b561c37c90b01e9e5c2557307380835c83399756f4d62d8167227e420a;wss://relay.example.com;root" -c "Testing multi-value tags"
+
+          # Test relay operations (with a public relay)
+          echo "Testing relay operations..."
+          # Publish a simple event to a public relay
+          EVENT_JSON=$(./nak event --sec $SECRET_KEY -c "Test from nak smoke test" nos.lol)
+          EVENT_ID=$(echo $EVENT_JSON | jq -r .id)
+          echo "Published event ID: $EVENT_ID"
+
+          # Wait a moment for propagation
+          sleep 2
+
+          # Fetch the event we just published
+          ./nak req -i $EVENT_ID nos.lol
+
+          # Test serving (just start and immediately kill)
+          echo "Testing serve command..."
+          timeout 2s ./nak serve || true
+
+          # Test filesystem mount (just start and immediately kill)
+          echo "Testing fs mount command..."
+          mkdir -p /tmp/nostr-mount
+          timeout 2s ./nak fs --sec $SECRET_KEY /tmp/nostr-mount || true
+
+          echo "All tests passed"
--- a/49
+++ b/49
@@ -0,0 +1,49 @@
+# build stage
+FROM golang:1.24-alpine AS builder
+
+# install git and ca-certificates (needed for fetching dependencies)
+RUN apk add --no-cache git ca-certificates
+
+# set working directory
+WORKDIR /app
+
+# copy go mod files first for better caching
+COPY go.mod go.sum ./
+
+# download dependencies
+RUN go mod download
+
+# copy source code
+COPY . .
+
+# build the application
+# use cgo_enabled=0 to create a static binary
+# use -ldflags to strip debug info and reduce binary size
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o nak .
+
+# runtime stage
+FROM alpine:latest
+
+# install ca-certificates for https requests (needed for relay connections)
+RUN apk --no-cache add ca-certificates
+
+# create a non-root user
+RUN adduser -D -s /bin/sh nakuser
+
+# set working directory
+WORKDIR /home/nakuser
+
+# copy the binary from builder stage
+COPY --from=builder /app/nak /usr/local/bin/nak
+
+# make sure the binary is executable
+RUN chmod +x /usr/local/bin/nak
+
+# switch to non-root user
+USER nakuser
+
+# set the entrypoint
+ENTRYPOINT ["nak"]
+
+# default command (show help)
+CMD ["--help"]
--- a/README.md
+++ b/README.md
@@ -3,6 +3,8 @@
 install with `go install github.com/fiatjaf/nak@latest` or
 [download a binary](https://github.com/fiatjaf/nak/releases).

+or get the source with `git clone https://github.com/fiatjaf/nak` then install with `go install` or run with docker using `docker build -t nak . && docker run nak event`.
+
 ## what can you do with it?

 take a look at the help text that comes in it to learn all possibilities, but here are some:
@@ -128,11 +130,14 @@ type the password to decrypt your secret key: **********
 985d66d2644dfa7676e26046914470d66ebc7fa783a3f57f139fde32d0d631d7
 ```

-### sign an event using a remote NIP-46 bunker
+### sign an event using a bunker provider (amber, promenade etc)
 ```shell
+~> export NOSTR_CLIENT_KEY="$(nak key generate)"
 ~> nak event --sec 'bunker://a9e0f110f636f3191644110c19a33448daf09d7cda9708a769e91b7e91340208?relay=wss%3A%2F%2Frelay.damus.io&relay=wss%3A%2F%2Frelay.nsecbunker.com&relay=wss%3A%2F%2Fnos.lol&secret=TWfGbjQCLxUf' -c 'hello from bunker'
 ```

+(in most cases it's better to set `NOSTR_CLIENT_KEY` permanently on your shell, as that identity will be recorded by the bunker provider.)
+
 ### sign an event using a NIP-49 encrypted key
 ```shell
 ~> nak event --sec ncryptsec1qggx54cg270zy9y8krwmfz29jyypsuxken2fkk99gr52qhje968n6mwkrfstqaqhq9eq94pnzl4nff437l4lp4ur2cs4f9um8738s35l2esx2tas48thtfhrk5kq94pf9j2tpk54yuermra0xu6hl5ls -c 'hello from encrypted key'
@@ -167,6 +172,30 @@ listening at [wss://relay.damus.io wss://nos.lol wss://relay.nsecbunker.com]:
  bunker: bunker://f59911b561c37c90b01e9e5c2557307380835c83399756f4d62d8167227e420a?relay=wss%3A%2F%2Frelay.damus.io&relay=wss%3A%2F%2Fnos.lol&relay=wss%3A%2F%2Frelay.nsecbunker.com&secret=XuuiMbcLwuwL
 ```

+you can also display a QR code for the bunker URI by adding the `--qrcode` flag:
+
+```shell
+~> nak bunker --qrcode --sec ncryptsec1... relay.damus.io
+```
+
+### start a bunker that persists its metadata (secret key, relays, authorized client pubkeys) to disc
+```shell
+~> nak bunker --persist --sec ncryptsec1... relay.nsec.app nos.lol
+```
+
+```shell
+then later just
+
+```shell
+~> nak bunker --persist
+```
+
+or give it a named profile:
+
+```shell
+~> nak bunker --profile myself ...
+```
+
 ### generate a NIP-70 protected event with a date set to two weeks ago and some multi-value tags
 ```shell
 ~> nak event --ts 'two weeks ago' -t '-' -t 'e=f59911b561c37c90b01e9e5c2557307380835c83399756f4d62d8167227e420a;wss://relay.whatever.com;root;a9e0f110f636f3191644110c19a33448daf09d7cda9708a769e91b7e91340208' -t 'p=a9e0f110f636f3191644110c19a33448daf09d7cda9708a769e91b7e91340208;wss://p-relay.com' -c 'I know the future'
@@ -214,7 +243,7 @@ type the password to decrypt your secret key: ********
 ~> nak req -i 412f2d3e73acc312942c055ac2a695dc60bf58ff97e06689a8a79e97796c4cdb relay.westernbtc.com | jq -r .content > ~/.jq
 ```

-### watch a NIP-53 livestream (zap.stream etc)
+### watch a NIP-53 livestream (zap.stream, amethyst, shosho etc)
 ```shell
 ~> # this requires the jq utils from the step above
 ~> mpv $(nak fetch naddr1qqjxvvm9xscnsdtx95cxvcfk956rsvtx943rje3k95mx2dp389jnwwrp8ymxgqg4waehxw309aex2mrp0yhxgctdw4eju6t09upzpn6956apxcad0mfp8grcuugdysg44eepex68h50t73zcathmfs49qvzqqqrkvu7ed38k | jq -r 'tag_value("streaming")')
@@ -271,6 +300,12 @@ echo "#surely you're joking, mr npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn6
 # and there is a --confirm flag that gives you a chance to confirm before actually publishing the result to relays.
 ```

-## contributing to this repository
+### record and publish an audio note (yakbak, nostur etc) signed from a bunker
+```shell
+ffmpeg -f alsa -i default -f webm -t 00:00:03 pipe:1 | nak blossom --server blossom.primal.net upload | jq -rc '{content: .url}' | nak event -k 1222 --sec 'bunker://urlgoeshere' pyramid.fiatjaf.com nostr.wine
+```

-Use NIP-34 to send your patches to `naddr1qqpkucttqy28wumn8ghj7un9d3shjtnwdaehgu3wvfnsz9nhwden5te0wfjkccte9ehx7um5wghxyctwvsq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7q3q80cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsxpqqqpmej2wctpn`.
+### from a file with events get only those that have kind 1111 and were created by a given pubkey
+```shell
+~> cat all.jsonl | nak filter -k 1111 -a 117673e191b10fe1aedf1736ee74de4cffd4c132ca701960b70a5abad5870faa > filtered.jsonl
+```
--- a/blossom.go
+++ b/blossom.go
@@ -41,7 +41,7 @@ var blossomCmd = &cli.Command{
 					if pk, err := nostr.PubKeyFromHex(pubkey); err != nil {
 						return fmt.Errorf("invalid public key '%s': %w", pubkey, err)
 					} else {
-						client = blossom.NewClient(client.GetMediaServer(), keyer.NewReadOnlySigner(pk))
+						client = blossom.NewClient(c.String("server"), keyer.NewReadOnlySigner(pk))
 					}
 				} else {
 					var err error
--- a/bunker.go
+++ b/bunker.go
@@ -1,10 +1,13 @@
 package main

 import (
+	"bytes"
 	"context"
+	"encoding/hex"
 	"fmt"
 	"net/url"
 	"os"
+	"path/filepath"
 	"slices"
 	"strings"
 	"sync"
@@ -14,9 +17,12 @@ import (
 	"fiatjaf.com/nostr/nip19"
 	"fiatjaf.com/nostr/nip46"
 	"github.com/fatih/color"
+	"github.com/mdp/qrterminal/v3"
 	"github.com/urfave/cli/v3"
 )

+const PERSISTENCE = "PERSISTENCE"
+
 var bunker = &cli.Command{
 	Name:                      "bunker",
 	Usage:                     "starts a nip46 signer daemon with the given --sec key",
@@ -24,6 +30,18 @@ var bunker = &cli.Command{
 	Description:               ``,
 	DisableSliceFlagSeparator: true,
 	Flags: []cli.Flag{
+		&cli.BoolFlag{
+			Name:     "persist",
+			Usage:    "whether to read and store authorized keys from and to a config file",
+			Category: PERSISTENCE,
+		},
+		&cli.StringFlag{
+			Name:     "profile",
+			Value:    "default",
+			Usage:    "config file name to use for --persist mode (implies that if provided) -- based on --config-path, i.e. ~/.config/nak/",
+			OnlyOnce: true,
+			Category: PERSISTENCE,
+		},
 		&cli.StringFlag{
 			Name:        "sec",
 			Usage:       "secret key to sign the event, as hex or nsec",
@@ -43,34 +61,165 @@ var bunker = &cli.Command{
 			Aliases: []string{"k"},
 			Usage:   "pubkeys for which we will always respond",
 		},
+		&cli.StringSliceFlag{
+			Name:   "relay",
+			Usage:  "relays to connect to (can also be provided as naked arguments)",
+			Hidden: true,
+		},
+		&cli.BoolFlag{
+			Name:  "qrcode",
+			Usage: "display a QR code for the bunker URI",
+		},
 	},
 	Action: func(ctx context.Context, c *cli.Command) error {
+		// read config from file
+		config := struct {
+			AuthorizedKeys []nostr.PubKey      `json:"authorized-keys"`
+			Secret         plainOrEncryptedKey `json:"sec"`
+			Relays         []string            `json:"relays"`
+		}{
+			AuthorizedKeys: make([]nostr.PubKey, 0, 3),
+		}
+		baseRelaysUrls := appendUnique(c.Args().Slice(), c.StringSlice("relay")...)
+		for i, url := range baseRelaysUrls {
+			baseRelaysUrls[i] = nostr.NormalizeURL(url)
+		}
+		baseAuthorizedKeys := getPubKeySlice(c, "authorized-keys")
+
+		var baseSecret plainOrEncryptedKey
+		{
+			sec := c.String("sec")
+			if c.Bool("prompt-sec") {
+				var err error
+				sec, err = askPassword("type your secret key as ncryptsec, nsec or hex: ", nil)
+				if err != nil {
+					return fmt.Errorf("failed to get secret key: %w", err)
+				}
+			}
+			if strings.HasPrefix(sec, "ncryptsec1") {
+				baseSecret.Encrypted = &sec
+			} else if sec != "" {
+				if prefix, ski, err := nip19.Decode(sec); err == nil && prefix == "nsec" {
+					sk := ski.(nostr.SecretKey)
+					baseSecret.Plain = &sk
+				} else if sk, err := nostr.SecretKeyFromHex(sec); err != nil {
+					return fmt.Errorf("invalid secret key: %w", err)
+				} else {
+					baseSecret.Plain = &sk
+				}
+			}
+		}
+
+		// default case: persist() is nil
+		var persist func()
+
+		if c.Bool("persist") || c.IsSet("profile") {
+			path := filepath.Join(c.String("config-path"), "bunker")
+			if err := os.MkdirAll(path, 0755); err != nil {
+				return err
+			}
+			path = filepath.Join(path, c.String("profile"))
+
+			persist = func() {
+				if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+					log(color.RedString("failed to persist: %w\n"), err)
+					os.Exit(4)
+				}
+				data, err := json.MarshalIndent(config, "", "  ")
+				if err != nil {
+					log(color.RedString("failed to persist: %w\n"), err)
+					os.Exit(4)
+				}
+				if err := os.WriteFile(path, data, 0600); err != nil {
+					log(color.RedString("failed to persist: %w\n"), err)
+					os.Exit(4)
+				}
+			}
+
+			log(color.YellowString("reading config from %s\n"), path)
+			b, err := os.ReadFile(path)
+			if err == nil {
+				if err := json.Unmarshal(b, &config); err != nil {
+					return err
+				}
+			} else if !os.IsNotExist(err) {
+				return err
+			}
+
+			for i, url := range config.Relays {
+				config.Relays[i] = nostr.NormalizeURL(url)
+			}
+			config.Relays = appendUnique(config.Relays, baseRelaysUrls...)
+			config.AuthorizedKeys = appendUnique(config.AuthorizedKeys, baseAuthorizedKeys...)
+
+			if config.Secret.Plain == nil && config.Secret.Encrypted == nil {
+				// we don't have any secret key stored, so just use whatever was given via flags
+				config.Secret = baseSecret
+			} else if baseSecret.Plain == nil && baseSecret.Encrypted == nil {
+				// we didn't provide any keys, so we just use the stored
+			} else {
+				// we have a secret key stored
+				// if we also provided a key we check if they match and fail otherwise
+				if !baseSecret.equals(config.Secret) {
+					return fmt.Errorf("--sec provided conflicts with stored, you should create a new --profile or omit the --sec flag")
+				}
+			}
+		} else {
+			config.Secret = baseSecret
+			config.Relays = baseRelaysUrls
+			config.AuthorizedKeys = baseAuthorizedKeys
+		}
+
+		// if we got here without any keys set (no flags, first time using a profile), use the default
+		if config.Secret.Plain == nil && config.Secret.Encrypted == nil {
+			sec := os.Getenv("NOSTR_SECRET_KEY")
+			if sec == "" {
+				sec = defaultKey
+			}
+			sk, err := nostr.SecretKeyFromHex(sec)
+			if err != nil {
+				return fmt.Errorf("default key is wrong: %w", err)
+			}
+			config.Secret.Plain = &sk
+		}
+
+		if len(config.Relays) == 0 {
+			return fmt.Errorf("no relays given")
+		}
+
+		// decrypt key here if necessary
+		var sec nostr.SecretKey
+		if config.Secret.Plain != nil {
+			sec = *config.Secret.Plain
+		} else {
+			plain, err := promptDecrypt(*config.Secret.Encrypted)
+			if err != nil {
+				return fmt.Errorf("failed to decrypt: %w", err)
+			}
+			sec = plain
+		}
+
+		if persist != nil {
+			persist()
+		}
+
 		// try to connect to the relays here
 		qs := url.Values{}
-		relayURLs := make([]string, 0, c.Args().Len())
-		if relayUrls := c.Args().Slice(); len(relayUrls) > 0 {
-			relays := connectToAllRelays(ctx, c, relayUrls, nil, nostr.PoolOptions{})
-			if len(relays) == 0 {
-				log("failed to connect to any of the given relays.\n")
-				os.Exit(3)
-			}
-			for _, relay := range relays {
-				relayURLs = append(relayURLs, relay.URL)
-				qs.Add("relay", relay.URL)
-			}
+		relayURLs := make([]string, 0, len(config.Relays))
+		relays := connectToAllRelays(ctx, c, config.Relays, nil, nostr.PoolOptions{})
+		if len(relays) == 0 {
+			log("failed to connect to any of the given relays.\n")
+			os.Exit(3)
+		}
+		for _, relay := range relays {
+			relayURLs = append(relayURLs, relay.URL)
+			qs.Add("relay", relay.URL)
 		}
 		if len(relayURLs) == 0 {
 			return fmt.Errorf("not connected to any relays: please specify at least one")
 		}

-		// gather the secret key
-		sec, _, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
-		if err != nil {
-			return err
-		}
-
 		// other arguments
-		authorizedKeys := getPubKeySlice(c, "authorized-keys")
 		authorizedSecrets := c.StringSlice("authorized-secrets")

 		// this will be used to auto-authorize the next person who connects who isn't pre-authorized
@@ -87,9 +236,9 @@ var bunker = &cli.Command{
 			bunkerURI := fmt.Sprintf("bunker://%s?%s", pubkey.Hex(), qs.Encode())

 			authorizedKeysStr := ""
-			if len(authorizedKeys) != 0 {
+			if len(config.AuthorizedKeys) != 0 {
 				authorizedKeysStr = "\n  authorized keys:"
-				for _, pubkey := range authorizedKeys {
+				for _, pubkey := range config.AuthorizedKeys {
 					authorizedKeysStr += "\n    - " + colors.italic(pubkey.Hex())
 				}
 			}
@@ -100,7 +249,7 @@ var bunker = &cli.Command{
 			}

 			preauthorizedFlags := ""
-			for _, k := range authorizedKeys {
+			for _, k := range config.AuthorizedKeys {
 				preauthorizedFlags += " -k " + k.Hex()
 			}
 			for _, s := range authorizedSecrets {
@@ -121,21 +270,41 @@ var bunker = &cli.Command{
 				}
 			}

-			restartCommand := fmt.Sprintf("nak bunker %s%s %s",
-				secretKeyFlag,
-				preauthorizedFlags,
-				strings.Join(relayURLsPossiblyWithoutSchema, " "),
-			)
+			// only print the restart command if not persisting:
+			if persist == nil {
+				restartCommand := fmt.Sprintf("nak bunker %s%s %s",
+					secretKeyFlag,
+					preauthorizedFlags,
+					strings.Join(relayURLsPossiblyWithoutSchema, " "),
+				)

-			log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  to restart: %s\n  bunker: %s\n\n",
-				colors.bold(relayURLs),
-				colors.bold(pubkey.Hex()),
-				colors.bold(npub),
-				authorizedKeysStr,
-				authorizedSecretsStr,
-				color.CyanString(restartCommand),
-				colors.bold(bunkerURI),
-			)
+				log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  to restart: %s\n  bunker: %s\n\n",
+					colors.bold(relayURLs),
+					colors.bold(pubkey.Hex()),
+					colors.bold(npub),
+					authorizedKeysStr,
+					authorizedSecretsStr,
+					color.CyanString(restartCommand),
+					colors.bold(bunkerURI),
+				)
+			} else {
+				// otherwise just print the data
+				log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  bunker: %s\n\n",
+					colors.bold(relayURLs),
+					colors.bold(pubkey.Hex()),
+					colors.bold(npub),
+					authorizedKeysStr,
+					authorizedSecretsStr,
+					colors.bold(bunkerURI),
+				)
+			}
+
+			// print QR code if requested
+			if c.Bool("qrcode") {
+				log("QR Code for bunker URI:\n")
+				qrterminal.Generate(bunkerURI, qrterminal.L, os.Stdout)
+				log("\n\n")
+			}
 		}
 		printBunkerInfo()

@@ -162,7 +331,7 @@ var bunker = &cli.Command{
 		signer.AuthorizeRequest = func(harmless bool, from nostr.PubKey, secret string) bool {
 			if secret == newSecret {
 				// store this key
-				authorizedKeys = append(authorizedKeys, from)
+				config.AuthorizedKeys = appendUnique(config.AuthorizedKeys, from)
 				// discard this and generate a new secret
 				newSecret = randString(12)
 				// print bunker info again after this
@@ -170,9 +339,13 @@ var bunker = &cli.Command{
 					time.Sleep(3 * time.Second)
 					printBunkerInfo()
 				}()
+
+				if persist != nil {
+					persist()
+				}
 			}

-			return slices.Contains(authorizedKeys, from) || slices.Contains(authorizedSecrets, secret)
+			return slices.Contains(config.AuthorizedKeys, from) || slices.Contains(authorizedSecrets, secret)
 		}

 		for ie := range events {
@@ -248,3 +421,71 @@ var bunker = &cli.Command{
 		},
 	},
 }
+
+type plainOrEncryptedKey struct {
+	Plain     *nostr.SecretKey
+	Encrypted *string
+}
+
+func (pe plainOrEncryptedKey) MarshalJSON() ([]byte, error) {
+	if pe.Plain != nil {
+		res := make([]byte, 66)
+		hex.Encode(res[1:], (*pe.Plain)[:])
+		res[0] = '"'
+		res[65] = '"'
+		return res, nil
+	} else if pe.Encrypted != nil {
+		return json.Marshal(*pe.Encrypted)
+	}
+
+	return nil, fmt.Errorf("no key to marshal")
+}
+
+func (pe *plainOrEncryptedKey) UnmarshalJSON(buf []byte) error {
+	if len(buf) == 66 {
+		sk, err := nostr.SecretKeyFromHex(string(buf[1 : 1+64]))
+		if err != nil {
+			return err
+		}
+		pe.Plain = &sk
+		return nil
+	} else if bytes.HasPrefix(buf, []byte("\"nsec")) {
+		_, v, err := nip19.Decode(string(buf[1 : len(buf)-1]))
+		if err != nil {
+			return err
+		}
+		sk := v.(nostr.SecretKey)
+		pe.Plain = &sk
+		return nil
+	} else if bytes.HasPrefix(buf, []byte("\"ncryptsec1")) {
+		ncryptsec := string(buf[1 : len(buf)-1])
+		pe.Encrypted = &ncryptsec
+		return nil
+	}
+
+	return fmt.Errorf("unrecognized key format '%s'", string(buf))
+}
+
+func (a plainOrEncryptedKey) equals(b plainOrEncryptedKey) bool {
+	if a.Plain == nil && b.Plain != nil {
+		return false
+	}
+	if a.Plain != nil && b.Plain == nil {
+		return false
+	}
+	if a.Plain != nil && b.Plain != nil && *a.Plain != *b.Plain {
+		return false
+	}
+
+	if a.Encrypted == nil && b.Encrypted != nil {
+		return false
+	}
+	if a.Encrypted != nil && b.Encrypted == nil {
+		return false
+	}
+	if a.Encrypted != nil && b.Encrypted != nil && *a.Encrypted != *b.Encrypted {
+		return false
+	}
+
+	return true
+}
--- a/cli_test.go
+++ b/cli_test.go
@@ -17,10 +17,9 @@ import (

 func call(t *testing.T, cmd string) string {
 	var output strings.Builder
-	stdout = func(a ...any) (int, error) {
+	stdout = func(a ...any) {
 		output.WriteString(fmt.Sprint(a...))
 		output.WriteString("\n")
-		return 0, nil
 	}
 	err := app.Run(t.Context(), strings.Split(cmd, " "))
 	require.NoError(t, err)
@@ -137,13 +136,13 @@ func TestMultipleFetch(t *testing.T) {

 	require.Len(t, events, 2)

-	// First event validation
+	// first event validation
 	require.Equal(t, nostr.Kind(31923), events[0].Kind)
 	require.Equal(t, "9ae5014573fc75ced00b343868d2cd9343ebcbbae50591c6fa8ae1cd99568f05", events[0].ID.Hex())
 	require.Equal(t, "5b0183ab6c3e322bf4d41c6b3aef98562a144847b7499543727c5539a114563e", events[0].PubKey.Hex())
 	require.Equal(t, nostr.Timestamp(1707764605), events[0].CreatedAt)

-	// Second event validation
+	// second event validation
 	require.Equal(t, nostr.Kind(1), events[1].Kind)
 	require.Equal(t, "3ff0d19493e661faa90ac06b5d8963ef1e48fe780368fe67ed0fd410df8a6dd5", events[1].ID.Hex())
 	require.Equal(t, "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d", events[1].PubKey.Hex())
--- a/count.go
+++ b/count.go
@@ -141,7 +141,9 @@ var count = &cli.Command{
 			}
 			for _, relayUrl := range relayUrls {
 				relay, _ := sys.Pool.EnsureRelay(relayUrl)
-				count, hllRegisters, err := relay.Count(ctx, filter, nostr.SubscriptionOptions{})
+				count, hllRegisters, err := relay.Count(ctx, filter, nostr.SubscriptionOptions{
+					Label: "nak-count",
+				})
 				fmt.Fprintf(os.Stderr, "%s%s: ", strings.Repeat(" ", biggerUrlSize-len(relayUrl)), relayUrl)

 				if err != nil {
--- a/event.go
+++ b/event.go
@@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"slices"
@@ -9,6 +10,7 @@ import (
 	"time"

 	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/keyer"
 	"fiatjaf.com/nostr/nip13"
 	"fiatjaf.com/nostr/nip19"
 	"github.com/fatih/color"
@@ -168,6 +170,7 @@ example:
 			evt.Content = ""

 			kindWasSupplied := strings.Contains(stdinEvent, `"kind"`)
+			contentWasSupplied := strings.Contains(stdinEvent, `"content"`)
 			mustRehashAndResign := false

 			if err := easyjson.Unmarshal([]byte(stdinEvent), &evt); err != nil {
@@ -194,7 +197,7 @@ example:
 					evt.Content = content
 				}
 				mustRehashAndResign = true
-			} else if evt.Content == "" && evt.Kind == 1 {
+			} else if !contentWasSupplied && evt.Content == "" && evt.Kind == 1 {
 				evt.Content = "hello from the nostr army knife"
 				mustRehashAndResign = true
 			}
@@ -287,6 +290,9 @@ example:
 						return nil
 					}
 				} else if err := kr.SignEvent(ctx, &evt); err != nil {
+					if _, isBunker := kr.(keyer.BunkerSigner); isBunker && errors.Is(ctx.Err(), context.DeadlineExceeded) {
+						err = fmt.Errorf("timeout waiting for bunker to respond")
+					}
 					return fmt.Errorf("error signing with provided key: %w", err)
 				}
 			}
--- a/fetch.go
+++ b/fetch.go
@@ -106,7 +106,9 @@ var fetch = &cli.Command{
 				continue
 			}

-			for ie := range sys.Pool.FetchMany(ctx, relays, filter, nostr.SubscriptionOptions{}) {
+			for ie := range sys.Pool.FetchMany(ctx, relays, filter, nostr.SubscriptionOptions{
+				Label: "nak-fetch",
+			}) {
 				stdout(ie.Event)
 			}
 		}
--- a/filter.go
+++ b/filter.go
@@ -0,0 +1,95 @@
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"fiatjaf.com/nostr"
+	"github.com/mailru/easyjson"
+	"github.com/urfave/cli/v3"
+)
+
+var filter = &cli.Command{
+	Name:  "filter",
+	Usage: "applies an event filter to an event to see if it matches.",
+	Description: `
+example:
+		echo '{"kind": 1, "content": "hello"}' | nak filter -k 1
+		nak filter '{"kind": 1, "content": "hello"}' -k 1
+		nak filter '{"kind": 1, "content": "hello"}' '{"kinds": [1]}' -k 0
+`,
+	DisableSliceFlagSeparator: true,
+	Flags:                     reqFilterFlags,
+	ArgsUsage:                 "[event_json] [base_filter_json]",
+	Action: func(ctx context.Context, c *cli.Command) error {
+		args := c.Args().Slice()
+
+		var baseFilter nostr.Filter
+		var baseEvent nostr.Event
+
+		if len(args) == 2 {
+			// two arguments: first is event, second is base filter
+			if err := easyjson.Unmarshal([]byte(args[0]), &baseEvent); err != nil {
+				return fmt.Errorf("invalid base event: %w", err)
+			}
+			if err := easyjson.Unmarshal([]byte(args[1]), &baseFilter); err != nil {
+				return fmt.Errorf("invalid base filter: %w", err)
+			}
+		} else if len(args) == 1 {
+			if isPiped() {
+				// one argument + stdin: argument is base filter
+				if err := easyjson.Unmarshal([]byte(args[0]), &baseFilter); err != nil {
+					return fmt.Errorf("invalid base filter: %w", err)
+				}
+			} else {
+				// one argument, no stdin: argument is event
+				if err := easyjson.Unmarshal([]byte(args[0]), &baseEvent); err != nil {
+					return fmt.Errorf("invalid base event: %w", err)
+				}
+			}
+		}
+
+		// apply flags to filter
+		if err := applyFlagsToFilter(c, &baseFilter); err != nil {
+			return err
+		}
+
+		// if there is no stdin we'll still get an empty object here
+		for evtj := range getJsonsOrBlank() {
+			var evt nostr.Event
+			if err := easyjson.Unmarshal([]byte(evtj), &evt); err != nil {
+				ctx = lineProcessingError(ctx, "invalid event: %s", err)
+				continue
+			}
+
+			// merge that with the base event
+			if evt.ID == nostr.ZeroID {
+				evt.ID = baseEvent.ID
+			}
+			if evt.PubKey == nostr.ZeroPK {
+				evt.PubKey = baseEvent.PubKey
+			}
+			if evt.Sig == [64]byte{} {
+				evt.Sig = baseEvent.Sig
+			}
+			if evt.Content == "" {
+				evt.Content = baseEvent.Content
+			}
+			if len(evt.Tags) == 0 {
+				evt.Tags = baseEvent.Tags
+			}
+			if evt.CreatedAt == 0 {
+				evt.CreatedAt = baseEvent.CreatedAt
+			}
+
+			if baseFilter.Matches(evt) {
+				stdout(evt)
+			} else {
+				logverbose("event %s didn't match %s", evt, baseFilter)
+			}
+		}
+
+		exitIfLineProcessingError(ctx)
+		return nil
+	},
+}
--- a/fs.go
+++ b/fs.go
@@ -1,4 +1,4 @@
-//go:build !windows
+//go:build !windows && !openbsd

 package main

--- a/fs_windows.go
+++ b/fs_windows.go
@@ -1,4 +1,4 @@
-//go:build windows
+//go:build windows || openbsd

 package main

@@ -12,9 +12,9 @@ import (
 var fsCmd = &cli.Command{
 	Name:                      "fs",
 	Usage:                     "mount a FUSE filesystem that exposes Nostr events as files.",
-	Description:               `doesn't work on Windows.`,
+	Description:               `doesn't work on Windows and OpenBSD.`,
 	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
-		return fmt.Errorf("this doesn't work on Windows.")
+		return fmt.Errorf("this doesn't work on Windows and OpenBSD.")
 	},
 }
--- a/go.mod
+++ b/go.mod
@@ -4,9 +4,9 @@ go 1.24.1

 require (
 	fiatjaf.com/lib v0.3.1
-	fiatjaf.com/nostr v0.0.0-20250521022139-d3fb25441ab3
+	fiatjaf.com/nostr v0.0.0-20250818235102-c8d5aa703fab
 	github.com/bep/debounce v1.2.1
-	github.com/btcsuite/btcd/btcec/v2 v2.3.4
+	github.com/btcsuite/btcd/btcec/v2 v2.3.5
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0
 	github.com/fatih/color v1.16.0
@@ -16,11 +16,13 @@ require (
 	github.com/mailru/easyjson v0.9.0
 	github.com/mark3labs/mcp-go v0.8.3
 	github.com/markusmobius/go-dateparser v1.2.3
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-tty v0.0.7
+	github.com/mdp/qrterminal/v3 v3.2.1
 	github.com/stretchr/testify v1.10.0
 	github.com/urfave/cli/v3 v3.0.0-beta1
-	golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6
-	golang.org/x/term v0.30.0
+	golang.org/x/exp v0.0.0-20250813145105-42675adae3e6
+	golang.org/x/term v0.32.0
 )

 require (
@@ -30,12 +32,9 @@ require (
 	github.com/btcsuite/btcd v0.24.2 // indirect
 	github.com/btcsuite/btcd/btcutil v1.1.5 // indirect
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect
-	github.com/bytedance/sonic v1.13.2 // indirect
-	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chzyer/logex v1.1.10 // indirect
 	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
-	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/coder/websocket v1.8.13 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect
@@ -44,7 +43,7 @@ require (
 	github.com/dgraph-io/ristretto/v2 v2.1.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/elliotchance/pie/v2 v2.7.0 // indirect
-	github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3 // indirect
+	github.com/elnosh/gonuts v0.4.2 // indirect
 	github.com/fasthttp/websocket v1.5.12 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
@@ -55,11 +54,9 @@ require (
 	github.com/jalaali/go-jalaali v0.0.0-20210801064154-80525e88d958 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/magefile/mage v1.14.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -71,18 +68,17 @@ require (
 	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.59.0 // indirect
 	github.com/wasilibs/go-re2 v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/arch v0.17.0 // indirect
 	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/net v0.37.0 // indirect
-	golang.org/x/sync v0.14.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	google.golang.org/protobuf v1.36.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	rsc.io/qr v0.2.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 fiatjaf.com/lib v0.3.1 h1:/oFQwNtFRfV+ukmOCxfBEAuayoLwXp4wu2/fz5iHpwA=
 fiatjaf.com/lib v0.3.1/go.mod h1:Ycqq3+mJ9jAWu7XjbQI1cVr+OFgnHn79dQR5oTII47g=
-fiatjaf.com/nostr v0.0.0-20250521022139-d3fb25441ab3 h1:JRtme8g4UQ5KYlxI31wBa8YMWmAxvxdwtNn+PiI/XCs=
-fiatjaf.com/nostr v0.0.0-20250521022139-d3fb25441ab3/go.mod h1:VPs38Fc8J1XAErV750CXAmMUqIq3XEX9VZVj/LuQzzM=
+fiatjaf.com/nostr v0.0.0-20250818235102-c8d5aa703fab h1:zMp+G9Et5Z7ku/WUflZpmQzDIAB/Ah00Ms3cMtX9Pw4=
+fiatjaf.com/nostr v0.0.0-20250818235102-c8d5aa703fab/go.mod h1:j7AfnEAevFuLcpH4Y1RYM27sYJfshL3An6ZSAQNlUlY=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/FastFilter/xorfilter v0.2.1 h1:lbdeLG9BdpquK64ZsleBS8B4xO/QW1IM0gMzF7KaBKc=
 github.com/FastFilter/xorfilter v0.2.1/go.mod h1:aumvdkhscz6YBZF9ZA/6O4fIoNod4YR50kIVGGZ7l9I=
@@ -22,8 +22,8 @@ github.com/btcsuite/btcd v0.24.2 h1:aLmxPguqxza+4ag8R1I2nnJjSu2iFn/kqtHTIImswcY=
 github.com/btcsuite/btcd v0.24.2/go.mod h1:5C8ChTkl5ejr3WHj8tkQSCmydiMEPB0ZhQhehpq7Dgg=
 github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
 github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
+github.com/btcsuite/btcd/btcec/v2 v2.3.5 h1:dpAlnAwmT1yIBm3exhT1/8iUSD98RDJM5vqJVQDQLiU=
+github.com/btcsuite/btcd/btcec/v2 v2.3.5/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ=
 github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A=
 github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE=
 github.com/btcsuite/btcd/btcutil v1.1.5 h1:+wER79R5670vs/ZusMTF1yTcRYE5GUsFbdjdisflzM8=
@@ -41,11 +41,6 @@ github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku
 github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
 github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
-github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
-github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
-github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
@@ -58,9 +53,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
-github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
 github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
@@ -88,8 +80,8 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m
 github.com/dvyukov/go-fuzz v0.0.0-20200318091601-be3528f3a813/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/elliotchance/pie/v2 v2.7.0 h1:FqoIKg4uj0G/CrLGuMS9ejnFKa92lxE1dEgBD3pShXg=
 github.com/elliotchance/pie/v2 v2.7.0/go.mod h1:18t0dgGFH006g4eVdDtWfgFZPQEgl10IoEO8YWEq3Og=
-github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3 h1:k7evIqJ2BtFn191DgY/b03N2bMYA/iQwzr4f/uHYn20=
-github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3/go.mod h1:vgZomh4YQk7R3w4ltZc0sHwCmndfHkuX6V4sga/8oNs=
+github.com/elnosh/gonuts v0.4.2 h1:/WubPAWGxTE+okJ0WPvmtEzTzpi04RGxiTHAF1FYU+M=
+github.com/elnosh/gonuts v0.4.2/go.mod h1:vgZomh4YQk7R3w4ltZc0sHwCmndfHkuX6V4sga/8oNs=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -152,10 +144,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
-github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
-github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/liamg/magic v0.0.1 h1:Ru22ElY+sCh6RvRTWjQzKKCxsEco8hE0co8n1qe7TBM=
@@ -168,13 +156,14 @@ github.com/mark3labs/mcp-go v0.8.3 h1:IzlyN8BaP4YwUMUDqxOGJhGdZXEDQiAPX43dNPgnzr
 github.com/mark3labs/mcp-go v0.8.3/go.mod h1:cjMlBU0cv/cj9kjlgmRhoJ5JREdS7YX83xeIG9Ko/jE=
 github.com/markusmobius/go-dateparser v1.2.3 h1:TvrsIvr5uk+3v6poDjaicnAFJ5IgtFHgLiuMY2Eb7Nw=
 github.com/markusmobius/go-dateparser v1.2.3/go.mod h1:cMwQRrBUQlK1UI5TIFHEcvpsMbkWrQLXuaPNMFzuYLk=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-tty v0.0.7 h1:KJ486B6qI8+wBO7kQxYgmmEFDaFEE96JMBQ7h400N8Q=
 github.com/mattn/go-tty v0.0.7/go.mod h1:f2i5ZOvXBU/tCABmLmOfzLz9azMo5wdAaElRNnJKr+k=
+github.com/mdp/qrterminal/v3 v3.2.1 h1:6+yQjiiOsSuXT5n9/m60E54vdgFsw0zhADHhHLrFet4=
+github.com/mdp/qrterminal/v3 v3.2.1/go.mod h1:jOTmXvnBsMy5xqLniO0R++Jmjs2sTm9dFSuQ5kpz/SU=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -223,8 +212,8 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/tyler-smith/go-bip39 v1.1.0 h1:5eUemwrMargf3BSLRRCalXT93Ns6pQJIjYQN2nyfOP8=
+github.com/tyler-smith/go-bip39 v1.1.0/go.mod h1:gUYDtqQw1JS3ZJ8UWVcGTGqqr6YIN3CWg+kkNaLt55U=
 github.com/urfave/cli/v3 v3.0.0-beta1 h1:6DTaaUarcM0wX7qj5Hcvs+5Dm3dyUTBbEwIWAjcw9Zg=
 github.com/urfave/cli/v3 v3.0.0-beta1/go.mod h1:FnIeEMYu+ko8zP1F9Ypr3xkZMIDqW3DR92yUtY39q1Y=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
@@ -241,16 +230,16 @@ github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZ
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-golang.org/x/arch v0.17.0 h1:4O3dfLzd+lQewptAHqjewQZQDyEdejz3VwgeYwkZneU=
-golang.org/x/arch v0.17.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
-golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
+golang.org/x/exp v0.0.0-20250717185816-542afb5b7346 h1:vuCObX8mQzik1tfEcYxWZBuVsmQtD1IjxCyPKM18Bh4=
+golang.org/x/exp v0.0.0-20250717185816-542afb5b7346/go.mod h1:A+z0yzpGtvnG90cToK5n2tu8UJVP2XUATh+r+sfOOOc=
+golang.org/x/exp v0.0.0-20250813145105-42675adae3e6 h1:SbTAbRFnd5kjQXbczszQ0hdk3ctwYf3qBNH9jIsGclE=
+golang.org/x/exp v0.0.0-20250813145105-42675adae3e6/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -270,8 +259,8 @@ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAG
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -283,12 +272,11 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -336,4 +324,5 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY=
+rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=
--- a/helpers.go
+++ b/helpers.go
@@ -24,6 +24,7 @@ import (
 	"github.com/chzyer/readline"
 	"github.com/fatih/color"
 	jsoniter "github.com/json-iterator/go"
+	"github.com/mattn/go-isatty"
 	"github.com/mattn/go-tty"
 	"github.com/urfave/cli/v3"
 	"golang.org/x/term"
@@ -315,6 +316,10 @@ func supportsDynamicMultilineMagic() bool {
 		return false
 	}

+	if !isatty.IsTerminal(os.Stdout.Fd()) {
+		return false
+	}
+
 	width, _, err := term.GetSize(int(os.Stderr.Fd()))
 	if err != nil {
 		return false
@@ -424,7 +429,7 @@ func askConfirmation(msg string) bool {
 		}
 		defer tty.Close()

-		fmt.Fprintf(os.Stderr, color.YellowString(msg))
+		log(color.YellowString(msg))
 		answer, err := tty.ReadString()
 		if err != nil {
 			return false
--- a/helpers_key.go
+++ b/helpers_key.go
@@ -17,14 +17,16 @@ import (
 	"github.com/urfave/cli/v3"
 )

+var defaultKey = nostr.KeyOne.Hex()
+
 var defaultKeyFlags = []cli.Flag{
 	&cli.StringFlag{
 		Name:        "sec",
 		Usage:       "secret key to sign the event, as nsec, ncryptsec or hex, or a bunker URL",
-		DefaultText: "the key '1'",
+		DefaultText: "the key '01'",
 		Category:    CATEGORY_SIGNER,
 		Sources:     cli.EnvVars("NOSTR_SECRET_KEY"),
-		Value:       nostr.KeyOne.Hex(),
+		Value:       defaultKey,
 		HideDefault: true,
 	},
 	&cli.BoolFlag{
@@ -75,9 +77,14 @@ func gatherSecretKeyOrBunkerFromArguments(ctx context.Context, c *cli.Command) (
 			clientKey = nostr.Generate()
 		}

+		logverbose("[nip46]: connecting to %s with client key %s", bunkerURL, clientKey.Hex())
+
 		bunker, err := nip46.ConnectBunker(ctx, clientKey, bunkerURL, nil, func(s string) {
 			log(color.CyanString("[nip46]: open the following URL: %s"), s)
 		})
+		if err != nil {
+			return nostr.SecretKey{}, nil, fmt.Errorf("failed to connect to %s: %w", bunkerURL, err)
+		}

 		return nostr.SecretKey{}, bunker, err
 	}
@@ -139,7 +146,7 @@ func askPassword(msg string, shouldAskAgain func(answer string) bool) (string, e
 		defer tty.Close()
 		for {
 			// print the prompt to stderr so it's visible to the user
-			fmt.Fprintf(os.Stderr, color.YellowString(msg))
+			log(color.YellowString(msg))

 			// read password from TTY with masking
 			password, err := tty.ReadPassword()
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/textproto"
 	"os"
+	"path/filepath"

 	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/sdk"
@@ -27,6 +28,7 @@ var app = &cli.Command{
 	Commands: []*cli.Command{
 		event,
 		req,
+		filter,
 		fetch,
 		count,
 		decode,
@@ -51,6 +53,13 @@ var app = &cli.Command{
 		&cli.StringFlag{
 			Name:   "config-path",
 			Hidden: true,
+			Value: (func() string {
+				if home, err := os.UserHomeDir(); err == nil {
+					return filepath.Join(home, ".config/nak")
+				} else {
+					return filepath.Join("/dev/null")
+				}
+			})(),
 		},
 		&cli.BoolFlag{
 			Name:    "quiet",
@@ -85,7 +94,7 @@ var app = &cli.Command{
 		sys = sdk.NewSystem()

 		if err := initializeOutboxHintsDB(c, sys); err != nil {
-			return ctx, fmt.Errorf("failed to initialized outbox hints: %w", err)
+			return ctx, fmt.Errorf("failed to initialize outbox hints: %w", err)
 		}

 		sys.Pool = nostr.NewPool(nostr.PoolOptions{
@@ -124,7 +133,7 @@ func main() {

 	if err := app.Run(context.Background(), os.Args); err != nil {
 		if err != nil {
-			log(color.YellowString(err.Error()) + "\n")
+			log("%s\n", color.RedString(err.Error()))
 		}
 		colors.reset()
 		os.Exit(1)
--- a/mcp.go
+++ b/mcp.go
@@ -165,11 +165,13 @@ var mcpServer = &cli.Command{
 			res := strings.Builder{}
 			res.WriteString("Search results: ")
 			l := 0
-			for result := range sys.Pool.FetchMany(ctx, []string{"relay.nostr.band", "nostr.wine"}, filter, nostr.SubscriptionOptions{}) {
+			for result := range sys.Pool.FetchMany(ctx, []string{"relay.nostr.band", "nostr.wine"}, filter, nostr.SubscriptionOptions{
+				Label: "nak-mcp-search",
+			}) {
 				l++
 				pm, _ := sdk.ParseMetadata(result.Event)
 				res.WriteString(fmt.Sprintf("\n\nResult %d\nUser name: \"%s\"\nPublic key: \"%s\"\nDescription: \"%s\"\n",
-					l, pm.ShortName, pm.PubKey.Hex(), pm.About))
+					l, pm.ShortName(), pm.PubKey.Hex(), pm.About))

 				if l >= int(limit) {
 					break
@@ -219,7 +221,9 @@ var mcpServer = &cli.Command{
 				}
 			}

-			events := sys.Pool.FetchMany(ctx, []string{relay}, filter, nostr.SubscriptionOptions{})
+			events := sys.Pool.FetchMany(ctx, []string{relay}, filter, nostr.SubscriptionOptions{
+				Label: "nak-mcp-profile-events",
+			})

 			result := strings.Builder{}
 			for ie := range events {
--- a/nostrfs/eventdir.go
+++ b/nostrfs/eventdir.go
@@ -175,7 +175,7 @@ func (r *NostrRoot) CreateEventDir(

 	if event.Kind == 1 {
 		if pointer := nip10.GetThreadRoot(event.Tags); pointer != nil {
-			nevent := nip19.EncodePointer(*pointer)
+			nevent := nip19.EncodePointer(pointer)
 			h.AddChild("@root", h.NewPersistentInode(
 				r.ctx,
 				&fs.MemSymlink{
@@ -185,7 +185,7 @@ func (r *NostrRoot) CreateEventDir(
 			), true)
 		}
 		if pointer := nip10.GetImmediateParent(event.Tags); pointer != nil {
-			nevent := nip19.EncodePointer(*pointer)
+			nevent := nip19.EncodePointer(pointer)
 			h.AddChild("@parent", h.NewPersistentInode(
 				r.ctx,
 				&fs.MemSymlink{
--- a/outbox.go
+++ b/outbox.go
@@ -20,18 +20,13 @@ var (

 func initializeOutboxHintsDB(c *cli.Command, sys *sdk.System) error {
 	configPath := c.String("config-path")
-	if configPath == "" {
-		if home, err := os.UserHomeDir(); err == nil {
-			configPath = filepath.Join(home, ".config/nak")
-		}
-	}
 	if configPath != "" {
 		hintsFilePath = filepath.Join(configPath, "outbox/hints.bg")
 	}
 	if hintsFilePath != "" {
-		if _, err := os.Stat(hintsFilePath); !os.IsNotExist(err) {
+		if _, err := os.Stat(hintsFilePath); err == nil {
 			hintsFileExists = true
-		} else if err != nil {
+		} else if !os.IsNotExist(err) {
 			return err
 		}
 	}
--- a/req.go
+++ b/req.go
@@ -154,7 +154,9 @@ example:
 						fn = sys.Pool.SubscribeMany
 					}

-					for ie := range fn(ctx, relayUrls, filter, nostr.SubscriptionOptions{}) {
+					for ie := range fn(ctx, relayUrls, filter, nostr.SubscriptionOptions{
+						Label: "nak-req",
+					}) {
 						stdout(ie.Event)
 					}
 				}
@@ -164,7 +166,7 @@ example:
 				if c.Bool("bare") {
 					result = filter.String()
 				} else {
-					j, _ := json.Marshal(nostr.ReqEnvelope{SubscriptionID: "nak", Filter: filter})
+					j, _ := json.Marshal(nostr.ReqEnvelope{SubscriptionID: "nak", Filters: []nostr.Filter{filter}})
 					result = string(j)
 				}

--- a/verify.go
+++ b/verify.go
@@ -9,31 +9,41 @@ import (

 var verify = &cli.Command{
 	Name:  "verify",
-	Usage: "checks the hash and signature of an event given through stdin",
+	Usage: "checks the hash and signature of an event given through stdin or as the first argument",
 	Description: `example:
 		echo '{"id":"a889df6a387419ff204305f4c2d296ee328c3cd4f8b62f205648a541b4554dfb","pubkey":"c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5","created_at":1698623783,"kind":1,"tags":[],"content":"hello from the nostr army knife","sig":"84876e1ee3e726da84e5d195eb79358b2b3eaa4d9bd38456fde3e8a2af3f1cd4cda23f23fda454869975b3688797d4c66e12f4c51c1b43c6d2997c5e61865661"}' | nak verify

 it outputs nothing if the verification is successful.`,
 	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
-		for stdinEvent := range getStdinLinesOrArguments(c.Args()) {
+		for stdinEvent := range getJsonsOrBlank() {
 			evt := nostr.Event{}
-			if stdinEvent != "" {
-				if err := json.Unmarshal([]byte(stdinEvent), &evt); err != nil {
-					ctx = lineProcessingError(ctx, "invalid event: %s", err)
+			if stdinEvent == "" {
+				stdinEvent = c.Args().First()
+				if stdinEvent == "" {
 					continue
 				}
 			}

+			if err := json.Unmarshal([]byte(stdinEvent), &evt); err != nil {
+				ctx = lineProcessingError(ctx, "invalid event: %s", err)
+				logverbose("<>: invalid event.\n", evt.ID.Hex())
+				continue
+			}
+
 			if evt.GetID() != evt.ID {
 				ctx = lineProcessingError(ctx, "invalid .id, expected %s, got %s", evt.GetID(), evt.ID)
+				logverbose("%s: invalid id.\n", evt.ID.Hex())
 				continue
 			}

 			if !evt.VerifySignature() {
 				ctx = lineProcessingError(ctx, "invalid signature")
+				logverbose("%s: invalid signature.\n", evt.ID.Hex())
 				continue
 			}
+
+			logverbose("%s: valid.\n", evt.ID.Hex())
 		}

 		exitIfLineProcessingError(ctx)
Author	SHA1	Message	Date
fiatjaf	b316646821	new release with updated dependencies.	2025-08-18 21:01:52 -03:00
fiatjaf	d3975679e4	add labels to subscriptions for easier debugging.	2025-08-14 13:28:15 -03:00
fiatjaf	23e27da077	use isatty for detecting stuff for the fancy output (it doesn't work).	2025-08-14 13:28:15 -03:00
fiatjaf	1a221a133c	cleanup and fix readme.	2025-08-14 13:28:15 -03:00
George	a698c59b0b	fix build on OpenBSD	2025-07-23 16:11:57 -03:00
fiatjaf	87bf5ef446	fix nak blossom list stupid segfault.	2025-07-17 20:00:03 -03:00
fiatjaf	7c58948924	verify: better handling of stdout and verbose logging output. fixes: https://github.com/fiatjaf/nak/issues/74	2025-07-17 16:14:36 -03:00
fiatjaf	ff02e6890b	adapt to nostr lib websocket refactor commit (which includes the filters thing).	2025-07-11 13:02:06 -03:00
fiatjaf	fb377f4775	reword some things.	2025-07-05 11:14:29 -03:00
Anthony Accioly	b1114766e5	docs(readme): update caution note with encryption guidance - Revise the caution note to include instructions for encrypting private keys using NIP-49.	2025-07-04 14:45:38 -03:00
Anthony Accioly	e0febbf190	docs(readme): remove outdated contributing section - Delete the outdated contributing section referencing NIP-34.	2025-07-04 14:45:38 -03:00
Anthony Accioly	2d2e657778	docs(readme): caution note on plaintext credential storage - Add a warning about credentials being stored in plain text when using `--persist`.	2025-07-04 14:45:38 -03:00
Anthony Accioly	d32654447a	feat(bunker): add QR code generation for bunker URI - Add `--qrcode` flag to display a QR code for the bunker URI. - Update `README.md` with usage instructions for the new flag. - Include `qrterminal` dependency for QR code generation.	2025-07-04 14:45:38 -03:00
mplorentz	fea23aecc3	Add Dockerfile I added this so that I could run a nak bunker on my server alongside my other containers. Thought it might be useful for others.	2025-07-02 23:28:40 -03:00
fiatjaf	cc526acb10	bunker: fix overwriting all keys always with default.	2025-07-01 15:52:44 -03:00
fiatjaf	fd19855543	remove a dangling print statement.	2025-07-01 12:43:04 -03:00
fiatjaf	ecfe3a298e	add persisted bunker and filter examples to readme.	2025-07-01 12:42:57 -03:00
fiatjaf	9c5f68a955	bunker: fix handling of provided and stored secret keys.	2025-07-01 12:36:54 -03:00
fiatjaf	0aef173e8b	nak bunker --persist/--profile	2025-07-01 11:40:34 -03:00
fiatjaf	6e4a546212	release with fixes.	2025-06-27 16:34:59 -03:00
fiatjaf	55c9d4ee45	remove the bunker context timeout because it causes the entire bunker to disconnect.	2025-06-27 16:28:21 -03:00
fiatjaf	550c89d8d7	slightly improve some error messages.	2025-06-27 13:50:28 -03:00
fiatjaf	1e9be3ed84	nak filter	2025-06-27 13:49:40 -03:00
fiatjaf	79cbc57dde	fix main command error handler printing wrongly formatted stuff.	2025-06-27 13:48:07 -03:00
fiatjaf	1e237b4c42	do not fill .Content when "content" is received empty from stdin. fixes https://github.com/fiatjaf/nak/issues/71	2025-06-23 17:57:45 -03:00
fiatjaf	89ec8b9822	simplify README about $NOSTR_CLIENT_KEY.	2025-06-20 21:06:42 -03:00
Anthony Accioly	fba83ea39e	docs(readme): clarify NIP-46 signing with remote bunker - Add example linking to Amber for NIP-46 bunker usage. - Include note on setting `NOSTR_CLIENT_KEY`	2025-06-20 21:02:57 -03:00
Anthony Accioly	bd5569955c	fix(helpers): add timeout and verbose logging for bunker connection - Add a 10-second timeout to the bunker connection process using context - Include detailed verbose logging for debugging.	2025-06-20 21:02:57 -03:00
Rui Chen	35ea2582d8	fix: update go.sum to fix build Signed-off-by: Rui Chen <rui@chenrui.dev>	2025-06-20 16:24:15 -03:00
fiatjaf	fa63dbfea3	release v0.14.3	2025-06-20 11:06:09 -03:00
fiatjaf	a6509909d0	nostrfs: update pointer thing from nostrlib.	2025-06-08 10:50:08 -03:00
fiatjaf	239dd2d42a	add example of recording and publishing a voice note.	2025-05-25 23:34:05 -03:00
fiatjaf	0073c9bdf1	compile tests again.	2025-05-23 07:52:19 -03:00
Chris McCormick	b5bd2aecf6	Run smoke test on release workflow success.	2025-05-23 07:49:54 -03:00
Chris McCormick	f27ac6c0e3	Basic smoke tests.	2025-05-23 07:49:54 -03:00
fiatjaf	6e5441aa18	fix type assertions. closes https://github.com/fiatjaf/nak/issues/67	2025-05-22 09:23:26 -03:00
fiatjaf	61a68f3dca	fix faulty outbox database check logic when it doesn't exist. fixes https://github.com/fiatjaf/nak/issues/66	2025-05-21 14:12:22 -03:00