add nak git demo to README.

add example of compilation with -tags debug to README.
req: fix infinite loop when events channel is exhausted.
2025-12-08 16:48:51 +00:00 · 2025-12-05 22:15:08 -03:00 · 2025-12-05 22:09:22 -03:00 · 2025-12-04 13:21:43 -03:00 · 2025-12-04 09:24:36 -03:00 · 2025-12-04 08:46:20 -03:00
33 changed files with 4265 additions and 472 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,36 @@
+# git files
+.git
+.gitignore
+
+# documentation
+README.md
+LICENSE
+
+# development files
+justfile
+*.md
+
+# test files
+*_test.go
+cli_test.go
+
+# build artifacts
+nak
+*.exe
+mnt
+
+# ide and editor files
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# os generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
--- a/49
+++ b/49
@@ -0,0 +1,49 @@
+# build stage
+FROM golang:1.24-alpine AS builder
+
+# install git and ca-certificates (needed for fetching dependencies)
+RUN apk add --no-cache git ca-certificates
+
+# set working directory
+WORKDIR /app
+
+# copy go mod files first for better caching
+COPY go.mod go.sum ./
+
+# download dependencies
+RUN go mod download
+
+# copy source code
+COPY . .
+
+# build the application
+# use cgo_enabled=0 to create a static binary
+# use -ldflags to strip debug info and reduce binary size
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o nak .
+
+# runtime stage
+FROM alpine:latest
+
+# install ca-certificates for https requests (needed for relay connections)
+RUN apk --no-cache add ca-certificates
+
+# create a non-root user
+RUN adduser -D -s /bin/sh nakuser
+
+# set working directory
+WORKDIR /home/nakuser
+
+# copy the binary from builder stage
+COPY --from=builder /app/nak /usr/local/bin/nak
+
+# make sure the binary is executable
+RUN chmod +x /usr/local/bin/nak
+
+# switch to non-root user
+USER nakuser
+
+# set the entrypoint
+ENTRYPOINT ["nak"]
+
+# default command (show help)
+CMD ["--help"]
--- a/README.md
+++ b/README.md
--- a/admin.go
+++ b/admin.go
@@ -0,0 +1,186 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"net/http"
+
+	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/nip86"
+	"github.com/urfave/cli/v3"
+)
+
+var admin = &cli.Command{
+	Name:  "admin",
+	Usage: "manage relays using the relay management API",
+	Description: `examples:
+		nak admin allowpubkey myrelay.com --pubkey 1234... --reason "good user"
+		nak admin banpubkey myrelay.com --pubkey 1234... --reason "spam"
+		nak admin listallowedpubkeys myrelay.com
+		nak admin changerelayname myrelay.com --name "My Relay"`,
+	ArgsUsage:                 "<relay-url>",
+	DisableSliceFlagSeparator: true,
+	Flags:                     defaultKeyFlags,
+	Commands: (func() []*cli.Command {
+		methods := []struct {
+			method string
+			args   []string
+		}{
+			{"allowpubkey", []string{"pubkey", "reason"}},
+			{"banpubkey", []string{"pubkey", "reason"}},
+			{"listallowedpubkeys", nil},
+			{"listbannedpubkeys", nil},
+			{"listeventsneedingmoderation", nil},
+			{"allowevent", []string{"id", "reason"}},
+			{"banevent", []string{"id", "reason"}},
+			{"listbannedevents", nil},
+			{"changerelayname", []string{"name"}},
+			{"changerelaydescription", []string{"description"}},
+			{"changerelayicon", []string{"icon"}},
+			{"allowkind", []string{"kind"}},
+			{"disallowkind", []string{"kind"}},
+			{"listallowedkinds", nil},
+			{"blockip", []string{"ip", "reason"}},
+			{"unblockip", []string{"ip", "reason"}},
+			{"listblockedips", nil},
+		}
+
+		commands := make([]*cli.Command, 0, len(methods))
+		for _, def := range methods {
+			def := def
+
+			flags := make([]cli.Flag, len(def.args), len(def.args)+4)
+			for i, argName := range def.args {
+				flags[i] = declareFlag(argName)
+			}
+
+			cmd := &cli.Command{
+				Name:  def.method,
+				Usage: fmt.Sprintf(`the "%s" relay management RPC call`, def.method),
+				Description: fmt.Sprintf(
+					`the "%s" management RPC call, see https://nips.nostr.com/86 for more information`, def.method),
+				Flags:                     flags,
+				DisableSliceFlagSeparator: true,
+				Action: func(ctx context.Context, c *cli.Command) error {
+					params := make([]any, len(def.args))
+					for i, argName := range def.args {
+						params[i] = getArgument(c, argName)
+					}
+					req := nip86.Request{Method: def.method, Params: params}
+					reqj, _ := json.Marshal(req)
+
+					relayUrls := c.Args().Slice()
+					if len(relayUrls) == 0 {
+						stdout(string(reqj))
+						return nil
+					}
+
+					kr, _, err := gatherKeyerFromArguments(ctx, c)
+					if err != nil {
+						return err
+					}
+
+					for _, relayUrl := range relayUrls {
+						httpUrl := "http" + nostr.NormalizeURL(relayUrl)[2:]
+						log("calling '%s' on %s... ", def.method, httpUrl)
+						body := bytes.NewBuffer(nil)
+						body.Write(reqj)
+						req, err := http.NewRequestWithContext(ctx, "POST", httpUrl, body)
+						if err != nil {
+							return fmt.Errorf("failed to create request: %w", err)
+						}
+
+						// Authorization
+						payloadHash := sha256.Sum256(reqj)
+						tokenEvent := nostr.Event{
+							Kind:      27235,
+							CreatedAt: nostr.Now(),
+							Tags: nostr.Tags{
+								{"u", httpUrl},
+								{"method", "POST"},
+								{"payload", hex.EncodeToString(payloadHash[:])},
+							},
+						}
+						if err := kr.SignEvent(ctx, &tokenEvent); err != nil {
+							return fmt.Errorf("failed to sign token event: %w", err)
+						}
+						evtj, _ := json.Marshal(tokenEvent)
+						req.Header.Set("Authorization", "Nostr "+base64.StdEncoding.EncodeToString(evtj))
+
+						// Content-Type
+						req.Header.Set("Content-Type", "application/nostr+json+rpc")
+
+						// make request to relay
+						resp, err := http.DefaultClient.Do(req)
+						if err != nil {
+							log("failed: %s\n", err)
+							continue
+						}
+						b, err := io.ReadAll(resp.Body)
+						if err != nil {
+							log("failed to read response: %s\n", err)
+							continue
+						}
+						if resp.StatusCode >= 300 {
+							log("failed with status %d\n", resp.StatusCode)
+							bodyPrintable := string(b)
+							if len(bodyPrintable) > 300 {
+								bodyPrintable = bodyPrintable[0:297] + "..."
+							}
+							log(bodyPrintable)
+							continue
+						}
+						var response nip86.Response
+						if err := json.Unmarshal(b, &response); err != nil {
+							log("bad json response: %s\n", err)
+							bodyPrintable := string(b)
+							if len(bodyPrintable) > 300 {
+								bodyPrintable = bodyPrintable[0:297] + "..."
+							}
+							log(bodyPrintable)
+							continue
+						}
+						resp.Body.Close()
+
+						// print the result
+						log("\n")
+						pretty, _ := json.MarshalIndent(response, "", "  ")
+						stdout(string(pretty))
+					}
+
+					return nil
+				},
+			}
+
+			commands = append(commands, cmd)
+		}
+
+		return commands
+	})(),
+}
+
+func declareFlag(argName string) cli.Flag {
+	usage := "parameter for this management RPC call, see https://nips.nostr.com/86 for more information."
+	switch argName {
+	case "kind":
+		return &cli.IntFlag{Name: argName, Required: true, Usage: usage}
+	case "reason":
+		return &cli.StringFlag{Name: argName, Usage: usage}
+	default:
+		return &cli.StringFlag{Name: argName, Required: true, Usage: usage}
+	}
+}
+
+func getArgument(c *cli.Command, argName string) any {
+	switch argName {
+	case "kind":
+		return c.Int(argName)
+	default:
+		return c.String(argName)
+	}
+}
--- a/blossom.go
+++ b/blossom.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"os"

-	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/keyer"
 	"fiatjaf.com/nostr/nipb0/blossom"
 	"github.com/urfave/cli/v3"
@@ -38,11 +37,11 @@ var blossomCmd = &cli.Command{
 				var client *blossom.Client
 				pubkey := c.Args().First()
 				if pubkey != "" {
-					if pk, err := nostr.PubKeyFromHex(pubkey); err != nil {
+					pk, err := parsePubKey(pubkey)
+					if err != nil {
 						return fmt.Errorf("invalid public key '%s': %w", pubkey, err)
-					} else {
-						client = blossom.NewClient(client.GetMediaServer(), keyer.NewReadOnlySigner(pk))
 					}
+					client = blossom.NewClient(c.String("server"), keyer.NewReadOnlySigner(pk))
 				} else {
 					var err error
 					client, err = getBlossomClient(ctx, c)
--- a/bunker.go
+++ b/bunker.go
@@ -1,10 +1,13 @@
 package main

 import (
+	"bytes"
 	"context"
+	"encoding/hex"
 	"fmt"
 	"net/url"
 	"os"
+	"path/filepath"
 	"slices"
 	"strings"
 	"sync"
@@ -14,9 +17,12 @@ import (
 	"fiatjaf.com/nostr/nip19"
 	"fiatjaf.com/nostr/nip46"
 	"github.com/fatih/color"
+	"github.com/mdp/qrterminal/v3"
 	"github.com/urfave/cli/v3"
 )

+const PERSISTENCE = "PERSISTENCE"
+
 var bunker = &cli.Command{
 	Name:                      "bunker",
 	Usage:                     "starts a nip46 signer daemon with the given --sec key",
@@ -24,6 +30,18 @@ var bunker = &cli.Command{
 	Description:               ``,
 	DisableSliceFlagSeparator: true,
 	Flags: []cli.Flag{
+		&cli.BoolFlag{
+			Name:     "persist",
+			Usage:    "whether to read and store authorized keys from and to a config file",
+			Category: PERSISTENCE,
+		},
+		&cli.StringFlag{
+			Name:     "profile",
+			Value:    "default",
+			Usage:    "config file name to use for --persist mode (implies that if provided) -- based on --config-path, i.e. ~/.config/nak/",
+			OnlyOnce: true,
+			Category: PERSISTENCE,
+		},
 		&cli.StringFlag{
 			Name:        "sec",
 			Usage:       "secret key to sign the event, as hex or nsec",
@@ -43,34 +61,165 @@ var bunker = &cli.Command{
 			Aliases: []string{"k"},
 			Usage:   "pubkeys for which we will always respond",
 		},
+		&cli.StringSliceFlag{
+			Name:   "relay",
+			Usage:  "relays to connect to (can also be provided as naked arguments)",
+			Hidden: true,
+		},
+		&cli.BoolFlag{
+			Name:  "qrcode",
+			Usage: "display a QR code for the bunker URI",
+		},
 	},
 	Action: func(ctx context.Context, c *cli.Command) error {
+		// read config from file
+		config := struct {
+			AuthorizedKeys []nostr.PubKey      `json:"authorized-keys"`
+			Secret         plainOrEncryptedKey `json:"sec"`
+			Relays         []string            `json:"relays"`
+		}{
+			AuthorizedKeys: make([]nostr.PubKey, 0, 3),
+		}
+		baseRelaysUrls := appendUnique(c.Args().Slice(), c.StringSlice("relay")...)
+		for i, url := range baseRelaysUrls {
+			baseRelaysUrls[i] = nostr.NormalizeURL(url)
+		}
+		baseAuthorizedKeys := getPubKeySlice(c, "authorized-keys")
+
+		var baseSecret plainOrEncryptedKey
+		{
+			sec := c.String("sec")
+			if c.Bool("prompt-sec") {
+				var err error
+				sec, err = askPassword("type your secret key as ncryptsec, nsec or hex: ", nil)
+				if err != nil {
+					return fmt.Errorf("failed to get secret key: %w", err)
+				}
+			}
+			if strings.HasPrefix(sec, "ncryptsec1") {
+				baseSecret.Encrypted = &sec
+			} else if sec != "" {
+				if prefix, ski, err := nip19.Decode(sec); err == nil && prefix == "nsec" {
+					sk := ski.(nostr.SecretKey)
+					baseSecret.Plain = &sk
+				} else if sk, err := nostr.SecretKeyFromHex(sec); err != nil {
+					return fmt.Errorf("invalid secret key: %w", err)
+				} else {
+					baseSecret.Plain = &sk
+				}
+			}
+		}
+
+		// default case: persist() is nil
+		var persist func()
+
+		if c.Bool("persist") || c.IsSet("profile") {
+			path := filepath.Join(c.String("config-path"), "bunker")
+			if err := os.MkdirAll(path, 0755); err != nil {
+				return err
+			}
+			path = filepath.Join(path, c.String("profile"))
+
+			persist = func() {
+				if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+					log(color.RedString("failed to persist: %w\n"), err)
+					os.Exit(4)
+				}
+				data, err := json.MarshalIndent(config, "", "  ")
+				if err != nil {
+					log(color.RedString("failed to persist: %w\n"), err)
+					os.Exit(4)
+				}
+				if err := os.WriteFile(path, data, 0600); err != nil {
+					log(color.RedString("failed to persist: %w\n"), err)
+					os.Exit(4)
+				}
+			}
+
+			log(color.YellowString("reading config from %s\n"), path)
+			b, err := os.ReadFile(path)
+			if err == nil {
+				if err := json.Unmarshal(b, &config); err != nil {
+					return err
+				}
+			} else if !os.IsNotExist(err) {
+				return err
+			}
+
+			for i, url := range config.Relays {
+				config.Relays[i] = nostr.NormalizeURL(url)
+			}
+			config.Relays = appendUnique(config.Relays, baseRelaysUrls...)
+			config.AuthorizedKeys = appendUnique(config.AuthorizedKeys, baseAuthorizedKeys...)
+
+			if config.Secret.Plain == nil && config.Secret.Encrypted == nil {
+				// we don't have any secret key stored, so just use whatever was given via flags
+				config.Secret = baseSecret
+			} else if baseSecret.Plain == nil && baseSecret.Encrypted == nil {
+				// we didn't provide any keys, so we just use the stored
+			} else {
+				// we have a secret key stored
+				// if we also provided a key we check if they match and fail otherwise
+				if !baseSecret.equals(config.Secret) {
+					return fmt.Errorf("--sec provided conflicts with stored, you should create a new --profile or omit the --sec flag")
+				}
+			}
+		} else {
+			config.Secret = baseSecret
+			config.Relays = baseRelaysUrls
+			config.AuthorizedKeys = baseAuthorizedKeys
+		}
+
+		// if we got here without any keys set (no flags, first time using a profile), use the default
+		if config.Secret.Plain == nil && config.Secret.Encrypted == nil {
+			sec := os.Getenv("NOSTR_SECRET_KEY")
+			if sec == "" {
+				sec = defaultKey
+			}
+			sk, err := nostr.SecretKeyFromHex(sec)
+			if err != nil {
+				return fmt.Errorf("default key is wrong: %w", err)
+			}
+			config.Secret.Plain = &sk
+		}
+
+		if len(config.Relays) == 0 {
+			return fmt.Errorf("no relays given")
+		}
+
+		// decrypt key here if necessary
+		var sec nostr.SecretKey
+		if config.Secret.Plain != nil {
+			sec = *config.Secret.Plain
+		} else {
+			plain, err := promptDecrypt(*config.Secret.Encrypted)
+			if err != nil {
+				return fmt.Errorf("failed to decrypt: %w", err)
+			}
+			sec = plain
+		}
+
+		if persist != nil {
+			persist()
+		}
+
 		// try to connect to the relays here
 		qs := url.Values{}
-		relayURLs := make([]string, 0, c.Args().Len())
-		if relayUrls := c.Args().Slice(); len(relayUrls) > 0 {
-			relays := connectToAllRelays(ctx, c, relayUrls, nil, nostr.PoolOptions{})
-			if len(relays) == 0 {
-				log("failed to connect to any of the given relays.\n")
-				os.Exit(3)
-			}
-			for _, relay := range relays {
-				relayURLs = append(relayURLs, relay.URL)
-				qs.Add("relay", relay.URL)
-			}
+		relayURLs := make([]string, 0, len(config.Relays))
+		relays := connectToAllRelays(ctx, c, config.Relays, nil, nostr.PoolOptions{})
+		if len(relays) == 0 {
+			log("failed to connect to any of the given relays.\n")
+			os.Exit(3)
+		}
+		for _, relay := range relays {
+			relayURLs = append(relayURLs, relay.URL)
+			qs.Add("relay", relay.URL)
 		}
 		if len(relayURLs) == 0 {
 			return fmt.Errorf("not connected to any relays: please specify at least one")
 		}

-		// gather the secret key
-		sec, _, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
-		if err != nil {
-			return err
-		}
-
 		// other arguments
-		authorizedKeys := getPubKeySlice(c, "authorized-keys")
 		authorizedSecrets := c.StringSlice("authorized-secrets")

 		// this will be used to auto-authorize the next person who connects who isn't pre-authorized
@@ -87,9 +236,9 @@ var bunker = &cli.Command{
 			bunkerURI := fmt.Sprintf("bunker://%s?%s", pubkey.Hex(), qs.Encode())

 			authorizedKeysStr := ""
-			if len(authorizedKeys) != 0 {
+			if len(config.AuthorizedKeys) != 0 {
 				authorizedKeysStr = "\n  authorized keys:"
-				for _, pubkey := range authorizedKeys {
+				for _, pubkey := range config.AuthorizedKeys {
 					authorizedKeysStr += "\n    - " + colors.italic(pubkey.Hex())
 				}
 			}
@@ -100,7 +249,7 @@ var bunker = &cli.Command{
 			}

 			preauthorizedFlags := ""
-			for _, k := range authorizedKeys {
+			for _, k := range config.AuthorizedKeys {
 				preauthorizedFlags += " -k " + k.Hex()
 			}
 			for _, s := range authorizedSecrets {
@@ -121,21 +270,41 @@ var bunker = &cli.Command{
 				}
 			}

-			restartCommand := fmt.Sprintf("nak bunker %s%s %s",
-				secretKeyFlag,
-				preauthorizedFlags,
-				strings.Join(relayURLsPossiblyWithoutSchema, " "),
-			)
+			// only print the restart command if not persisting:
+			if persist == nil {
+				restartCommand := fmt.Sprintf("nak bunker %s%s %s",
+					secretKeyFlag,
+					preauthorizedFlags,
+					strings.Join(relayURLsPossiblyWithoutSchema, " "),
+				)

-			log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  to restart: %s\n  bunker: %s\n\n",
-				colors.bold(relayURLs),
-				colors.bold(pubkey.Hex()),
-				colors.bold(npub),
-				authorizedKeysStr,
-				authorizedSecretsStr,
-				color.CyanString(restartCommand),
-				colors.bold(bunkerURI),
-			)
+				log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  to restart: %s\n  bunker: %s\n\n",
+					colors.bold(relayURLs),
+					colors.bold(pubkey.Hex()),
+					colors.bold(npub),
+					authorizedKeysStr,
+					authorizedSecretsStr,
+					color.CyanString(restartCommand),
+					colors.bold(bunkerURI),
+				)
+			} else {
+				// otherwise just print the data
+				log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  bunker: %s\n\n",
+					colors.bold(relayURLs),
+					colors.bold(pubkey.Hex()),
+					colors.bold(npub),
+					authorizedKeysStr,
+					authorizedSecretsStr,
+					colors.bold(bunkerURI),
+				)
+			}
+
+			// print QR code if requested
+			if c.Bool("qrcode") {
+				log("QR Code for bunker URI:\n")
+				qrterminal.Generate(bunkerURI, qrterminal.L, os.Stdout)
+				log("\n\n")
+			}
 		}
 		printBunkerInfo()

@@ -162,7 +331,7 @@ var bunker = &cli.Command{
 		signer.AuthorizeRequest = func(harmless bool, from nostr.PubKey, secret string) bool {
 			if secret == newSecret {
 				// store this key
-				authorizedKeys = append(authorizedKeys, from)
+				config.AuthorizedKeys = appendUnique(config.AuthorizedKeys, from)
 				// discard this and generate a new secret
 				newSecret = randString(12)
 				// print bunker info again after this
@@ -170,9 +339,13 @@ var bunker = &cli.Command{
 					time.Sleep(3 * time.Second)
 					printBunkerInfo()
 				}()
+
+				if persist != nil {
+					persist()
+				}
 			}

-			return slices.Contains(authorizedKeys, from) || slices.Contains(authorizedSecrets, secret)
+			return slices.Contains(config.AuthorizedKeys, from) || slices.Contains(authorizedSecrets, secret)
 		}

 		for ie := range events {
@@ -248,3 +421,71 @@ var bunker = &cli.Command{
 		},
 	},
 }
+
+type plainOrEncryptedKey struct {
+	Plain     *nostr.SecretKey
+	Encrypted *string
+}
+
+func (pe plainOrEncryptedKey) MarshalJSON() ([]byte, error) {
+	if pe.Plain != nil {
+		res := make([]byte, 66)
+		hex.Encode(res[1:], (*pe.Plain)[:])
+		res[0] = '"'
+		res[65] = '"'
+		return res, nil
+	} else if pe.Encrypted != nil {
+		return json.Marshal(*pe.Encrypted)
+	}
+
+	return nil, fmt.Errorf("no key to marshal")
+}
+
+func (pe *plainOrEncryptedKey) UnmarshalJSON(buf []byte) error {
+	if len(buf) == 66 {
+		sk, err := nostr.SecretKeyFromHex(string(buf[1 : 1+64]))
+		if err != nil {
+			return err
+		}
+		pe.Plain = &sk
+		return nil
+	} else if bytes.HasPrefix(buf, []byte("\"nsec")) {
+		_, v, err := nip19.Decode(string(buf[1 : len(buf)-1]))
+		if err != nil {
+			return err
+		}
+		sk := v.(nostr.SecretKey)
+		pe.Plain = &sk
+		return nil
+	} else if bytes.HasPrefix(buf, []byte("\"ncryptsec1")) {
+		ncryptsec := string(buf[1 : len(buf)-1])
+		pe.Encrypted = &ncryptsec
+		return nil
+	}
+
+	return fmt.Errorf("unrecognized key format '%s'", string(buf))
+}
+
+func (a plainOrEncryptedKey) equals(b plainOrEncryptedKey) bool {
+	if a.Plain == nil && b.Plain != nil {
+		return false
+	}
+	if a.Plain != nil && b.Plain == nil {
+		return false
+	}
+	if a.Plain != nil && b.Plain != nil && *a.Plain != *b.Plain {
+		return false
+	}
+
+	if a.Encrypted == nil && b.Encrypted != nil {
+		return false
+	}
+	if a.Encrypted != nil && b.Encrypted == nil {
+		return false
+	}
+	if a.Encrypted != nil && b.Encrypted != nil && *a.Encrypted != *b.Encrypted {
+		return false
+	}
+
+	return true
+}
--- a/cli_test.go
+++ b/cli_test.go
@@ -136,13 +136,13 @@ func TestMultipleFetch(t *testing.T) {

 	require.Len(t, events, 2)

-	// First event validation
+	// first event validation
 	require.Equal(t, nostr.Kind(31923), events[0].Kind)
 	require.Equal(t, "9ae5014573fc75ced00b343868d2cd9343ebcbbae50591c6fa8ae1cd99568f05", events[0].ID.Hex())
 	require.Equal(t, "5b0183ab6c3e322bf4d41c6b3aef98562a144847b7499543727c5539a114563e", events[0].PubKey.Hex())
 	require.Equal(t, nostr.Timestamp(1707764605), events[0].CreatedAt)

-	// Second event validation
+	// second event validation
 	require.Equal(t, nostr.Kind(1), events[1].Kind)
 	require.Equal(t, "3ff0d19493e661faa90ac06b5d8963ef1e48fe780368fe67ed0fd410df8a6dd5", events[1].ID.Hex())
 	require.Equal(t, "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d", events[1].PubKey.Hex())
--- a/count.go
+++ b/count.go
@@ -21,7 +21,7 @@ var count = &cli.Command{
 		&PubKeySliceFlag{
 			Name:     "author",
 			Aliases:  []string{"a"},
-			Usage:    "only accept events from these authors (pubkey as hex)",
+			Usage:    "only accept events from these authors",
 			Category: CATEGORY_FILTER_ATTRIBUTES,
 		},
 		&cli.IntSliceFlag{
@@ -101,16 +101,16 @@ var count = &cli.Command{
 		for _, tagFlag := range c.StringSlice("tag") {
 			spl := strings.SplitN(tagFlag, "=", 2)
 			if len(spl) == 2 {
-				tags = append(tags, spl)
+				tags = append(tags, []string{spl[0], decodeTagValue(spl[1])})
 			} else {
 				return fmt.Errorf("invalid --tag '%s'", tagFlag)
 			}
 		}
 		for _, etag := range c.StringSlice("e") {
-			tags = append(tags, []string{"e", etag})
+			tags = append(tags, []string{"e", decodeTagValue(etag)})
 		}
 		for _, ptag := range c.StringSlice("p") {
-			tags = append(tags, []string{"p", ptag})
+			tags = append(tags, []string{"p", decodeTagValue(ptag)})
 		}
 		if len(tags) > 0 {
 			filter.Tags = make(nostr.TagMap)
@@ -141,7 +141,9 @@ var count = &cli.Command{
 			}
 			for _, relayUrl := range relayUrls {
 				relay, _ := sys.Pool.EnsureRelay(relayUrl)
-				count, hllRegisters, err := relay.Count(ctx, filter, nostr.SubscriptionOptions{})
+				count, hllRegisters, err := relay.Count(ctx, filter, nostr.SubscriptionOptions{
+					Label: "nak-count",
+				})
 				fmt.Fprintf(os.Stderr, "%s%s: ", strings.Repeat(" ", biggerUrlSize-len(relayUrl)), relayUrl)

 				if err != nil {
--- a/dekey.go
+++ b/dekey.go
@@ -0,0 +1,282 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"slices"
+
+	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/nip44"
+	"github.com/urfave/cli/v3"
+)
+
+var dekey = &cli.Command{
+	Name:                      "dekey",
+	Usage:                     "handles NIP-4E decoupled encryption keys",
+	Description:               "maybe this picture will explain better than I can do here for now: https://cdn.azzamo.net/89c543d261ad0d665c1dea78f91e527c2e39e7fe503b440265a3c47e63c9139f.png",
+	DisableSliceFlagSeparator: true,
+	Flags: append(defaultKeyFlags,
+		&cli.StringFlag{
+			Name:  "device-name",
+			Usage: "name of this device that will be published and displayed on other clients",
+			Value: func() string {
+				if hostname, err := os.Hostname(); err == nil {
+					return "nak@" + hostname
+				}
+				return "nak@unknown"
+			}(),
+		},
+	),
+	Action: func(ctx context.Context, c *cli.Command) error {
+		kr, _, err := gatherKeyerFromArguments(ctx, c)
+		if err != nil {
+			return err
+		}
+
+		userPub, err := kr.GetPublicKey(ctx)
+		if err != nil {
+			return fmt.Errorf("failed to get user public key: %w", err)
+		}
+
+		configPath := c.String("config-path")
+		deviceName := c.String("device-name")
+
+		// check if we already have a local-device secret key
+		deviceKeyPath := filepath.Join(configPath, "dekey", "device-key")
+		var deviceSec nostr.SecretKey
+		if data, err := os.ReadFile(deviceKeyPath); err == nil {
+			deviceSec, err = nostr.SecretKeyFromHex(string(data))
+			if err != nil {
+				return fmt.Errorf("invalid device key in %s: %w", deviceKeyPath, err)
+			}
+		} else {
+			// create one
+			deviceSec = nostr.Generate()
+			os.MkdirAll(filepath.Dir(deviceKeyPath), 0700)
+			if err := os.WriteFile(deviceKeyPath, []byte(deviceSec.Hex()), 0600); err != nil {
+				return fmt.Errorf("failed to write device key: %w", err)
+			}
+		}
+		devicePub := deviceSec.Public()
+
+		// get relays for the user
+		relays := sys.FetchWriteRelays(ctx, userPub)
+		relayList := connectToAllRelays(ctx, c, relays, nil, nostr.PoolOptions{})
+		if len(relayList) == 0 {
+			return fmt.Errorf("no relays to use")
+		}
+
+		// check if kind:4454 is already published
+		events := sys.Pool.FetchMany(ctx, relays, nostr.Filter{
+			Kinds:   []nostr.Kind{4454},
+			Authors: []nostr.PubKey{userPub},
+			Tags: nostr.TagMap{
+				"pubkey": []string{devicePub.Hex()},
+			},
+		}, nostr.SubscriptionOptions{Label: "nak-nip4e"})
+		if len(events) == 0 {
+			// publish kind:4454
+			evt := nostr.Event{
+				Kind:      4454,
+				Content:   "",
+				CreatedAt: nostr.Now(),
+				Tags: nostr.Tags{
+					{"client", deviceName},
+					{"pubkey", devicePub.Hex()},
+				},
+			}
+
+			// sign with main key
+			if err := kr.SignEvent(ctx, &evt); err != nil {
+				return fmt.Errorf("failed to sign device event: %w", err)
+			}
+
+			// publish
+			if err := publishFlow(ctx, c, kr, evt, relayList); err != nil {
+				return err
+			}
+		}
+
+		// check for kind:10044
+		userKeyEventDate := nostr.Now()
+		userKeyResult := sys.Pool.FetchManyReplaceable(ctx, relays, nostr.Filter{
+			Kinds:   []nostr.Kind{10044},
+			Authors: []nostr.PubKey{userPub},
+		}, nostr.SubscriptionOptions{Label: "nak-nip4e"})
+		var eSec nostr.SecretKey
+		var ePub nostr.PubKey
+		if userKeyEvent, ok := userKeyResult.Load(nostr.ReplaceableKey{PubKey: userPub, D: ""}); !ok {
+			// generate main secret key
+			eSec = nostr.Generate()
+			ePub := eSec.Public()
+
+			// store it
+			eKeyPath := filepath.Join(configPath, "dekey", "e", ePub.Hex())
+			os.MkdirAll(filepath.Dir(eKeyPath), 0700)
+			if err := os.WriteFile(eKeyPath, []byte(eSec.Hex()), 0600); err != nil {
+				return fmt.Errorf("failed to write user encryption key: %w", err)
+			}
+
+			// publish kind:10044
+			evt10044 := nostr.Event{
+				Kind:      10044,
+				Content:   "",
+				CreatedAt: userKeyEventDate,
+				Tags: nostr.Tags{
+					{"n", ePub.Hex()},
+				},
+			}
+			if err := kr.SignEvent(ctx, &evt10044); err != nil {
+				return fmt.Errorf("failed to sign kind:10044: %w", err)
+			}
+
+			if err := publishFlow(ctx, c, kr, evt10044, relayList); err != nil {
+				return err
+			}
+		} else {
+			userKeyEventDate = userKeyEvent.CreatedAt
+
+			// get the pub from the tag
+			for _, tag := range userKeyEvent.Tags {
+				if len(tag) >= 2 && tag[0] == "n" {
+					ePub, _ = nostr.PubKeyFromHex(tag[1])
+					break
+				}
+			}
+			if ePub == nostr.ZeroPK {
+				return fmt.Errorf("invalid kind:10044 event, no 'n' tag")
+			}
+
+			// check if we have the key
+			eKeyPath := filepath.Join(configPath, "dekey", "e", ePub.Hex())
+			if data, err := os.ReadFile(eKeyPath); err == nil {
+				eSec, err = nostr.SecretKeyFromHex(string(data))
+				if err != nil {
+					return fmt.Errorf("invalid main key: %w", err)
+				}
+				if eSec.Public() != ePub {
+					return fmt.Errorf("stored user encryption key is corrupted: %w", err)
+				}
+			} else {
+				// try to decrypt from kind:4455
+				for eKeyMsg := range sys.Pool.FetchMany(ctx, relays, nostr.Filter{
+					Kinds: []nostr.Kind{4455},
+					Tags: nostr.TagMap{
+						"p": []string{devicePub.Hex()},
+					},
+				}, nostr.SubscriptionOptions{Label: "nak-nip4e"}) {
+					var senderPub nostr.PubKey
+					for _, tag := range eKeyMsg.Tags {
+						if len(tag) >= 2 && tag[0] == "P" {
+							senderPub, _ = nostr.PubKeyFromHex(tag[1])
+							break
+						}
+					}
+					if senderPub == nostr.ZeroPK {
+						continue
+					}
+					ss, err := nip44.GenerateConversationKey(senderPub, deviceSec)
+					if err != nil {
+						continue
+					}
+					eSecHex, err := nip44.Decrypt(eKeyMsg.Content, ss)
+					if err != nil {
+						continue
+					}
+					eSec, err = nostr.SecretKeyFromHex(eSecHex)
+					if err != nil {
+						continue
+					}
+					// check if it matches mainPub
+					if eSec.Public() == ePub {
+						// store it
+						os.MkdirAll(filepath.Dir(eKeyPath), 0700)
+						os.WriteFile(eKeyPath, []byte(eSecHex), 0600)
+						break
+					}
+				}
+			}
+		}
+
+		if eSec == [32]byte{} {
+			log("main secret key not available, must authorize on another device\n")
+			return nil
+		}
+
+		// now we have mainSec, check for other kind:4454 events newer than the 10044
+		keyMsgs := make([]string, 0, 5)
+		for keyOrDeviceEvt := range sys.Pool.FetchMany(ctx, relays, nostr.Filter{
+			Kinds:   []nostr.Kind{4454, 4455},
+			Authors: []nostr.PubKey{userPub},
+			Since:   userKeyEventDate,
+		}, nostr.SubscriptionOptions{Label: "nak-nip4e"}) {
+			if keyOrDeviceEvt.Kind == 4455 {
+				// key event
+
+				// skip ourselves
+				if keyOrDeviceEvt.Tags.FindWithValue("p", devicePub.Hex()) != nil {
+					continue
+				}
+
+				// assume a key msg will always come before its associated devicemsg
+				// so just store them here:
+				pubkeyTag := keyOrDeviceEvt.Tags.Find("p")
+				if pubkeyTag == nil {
+					continue
+				}
+				keyMsgs = append(keyMsgs, pubkeyTag[1])
+			} else if keyOrDeviceEvt.Kind == 4454 {
+				// device event
+
+				// skip ourselves
+				if keyOrDeviceEvt.Tags.FindWithValue("pubkey", devicePub.Hex()) != nil {
+					continue
+				}
+
+				// if this already has a corresponding keyMsg then skip it
+				pubkeyTag := keyOrDeviceEvt.Tags.Find("pubkey")
+				if pubkeyTag == nil {
+					continue
+				}
+				if slices.Contains(keyMsgs, pubkeyTag[1]) {
+					continue
+				}
+
+				// here we know we're dealing with a deviceMsg without a corresponding keyMsg
+				// so we have to build a keyMsg for them
+				theirDevice, err := nostr.PubKeyFromHex(pubkeyTag[1])
+				if err != nil {
+					continue
+				}
+
+				ss, err := nip44.GenerateConversationKey(theirDevice, deviceSec)
+				if err != nil {
+					continue
+				}
+				ciphertext, err := nip44.Encrypt(eSec.Hex(), ss)
+				if err != nil {
+					continue
+				}
+
+				evt4455 := nostr.Event{
+					Kind:      4455,
+					Content:   ciphertext,
+					CreatedAt: nostr.Now(),
+					Tags: nostr.Tags{
+						{"p", theirDevice.Hex()},
+						{"P", devicePub.Hex()},
+					},
+				}
+				if err := kr.SignEvent(ctx, &evt4455); err != nil {
+					continue
+				}
+
+				publishFlow(ctx, c, kr, evt4455, relayList)
+			}
+		}
+
+		return nil
+	},
+}
--- a/encode.go
+++ b/encode.go
@@ -163,7 +163,7 @@ var encode = &cli.Command{
 			DisableSliceFlagSeparator: true,
 			Action: func(ctx context.Context, c *cli.Command) error {
 				for target := range getStdinLinesOrArguments(c.Args()) {
-					id, err := nostr.IDFromHex(target)
+					id, err := parseEventID(target)
 					if err != nil {
 						ctx = lineProcessingError(ctx, "invalid event id: %s", target)
 						continue
--- a/encrypt_decrypt.go
+++ b/encrypt_decrypt.go
@@ -17,7 +17,7 @@ var encrypt = &cli.Command{
 		defaultKeyFlags,
 		&PubKeyFlag{
 			Name:     "recipient-pubkey",
-			Aliases:  []string{"p", "tgt", "target", "pubkey"},
+			Aliases:  []string{"p", "tgt", "target", "pubkey", "to"},
 			Required: true,
 		},
 		&cli.BoolFlag{
@@ -79,7 +79,7 @@ var decrypt = &cli.Command{
 		defaultKeyFlags,
 		&PubKeyFlag{
 			Name:     "sender-pubkey",
-			Aliases:  []string{"p", "src", "source", "pubkey"},
+			Aliases:  []string{"p", "src", "source", "pubkey", "from"},
 			Required: true,
 		},
 		&cli.BoolFlag{
@@ -111,7 +111,7 @@ var decrypt = &cli.Command{
 				}
 				plaintext, err := nip04.Decrypt(ciphertext, ss)
 				if err != nil {
-					return fmt.Errorf("failed to encrypt as nip04: %w", err)
+					return fmt.Errorf("failed to decrypt as nip04: %w", err)
 				}
 				stdout(plaintext)
 			}
--- a/event.go
+++ b/event.go
@@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"slices"
@@ -9,6 +10,7 @@ import (
 	"time"

 	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/keyer"
 	"fiatjaf.com/nostr/nip13"
 	"fiatjaf.com/nostr/nip19"
 	"github.com/fatih/color"
@@ -168,6 +170,7 @@ example:
 			evt.Content = ""

 			kindWasSupplied := strings.Contains(stdinEvent, `"kind"`)
+			contentWasSupplied := strings.Contains(stdinEvent, `"content"`)
 			mustRehashAndResign := false

 			if err := easyjson.Unmarshal([]byte(stdinEvent), &evt); err != nil {
@@ -194,7 +197,7 @@ example:
 					evt.Content = content
 				}
 				mustRehashAndResign = true
-			} else if evt.Content == "" && evt.Kind == 1 {
+			} else if !contentWasSupplied && evt.Content == "" && evt.Kind == 1 {
 				evt.Content = "hello from the nostr army knife"
 				mustRehashAndResign = true
 			}
@@ -208,24 +211,30 @@ example:
 				if found {
 					// tags may also contain extra elements separated with a ";"
 					tagValues := strings.Split(tagValue, ";")
+					if len(tagValues) >= 1 {
+						tagValues[0] = decodeTagValue(tagValues[0])
+					}
 					tag = append(tag, tagValues...)
 				}
 				tags = append(tags, tag)
 			}

 			for _, etag := range c.StringSlice("e") {
-				if tags.FindWithValue("e", etag) == nil {
-					tags = append(tags, nostr.Tag{"e", etag})
+				decodedEtag := decodeTagValue(etag)
+				if tags.FindWithValue("e", decodedEtag) == nil {
+					tags = append(tags, nostr.Tag{"e", decodedEtag})
 				}
 			}
 			for _, ptag := range c.StringSlice("p") {
-				if tags.FindWithValue("p", ptag) == nil {
-					tags = append(tags, nostr.Tag{"p", ptag})
+				decodedPtag := decodeTagValue(ptag)
+				if tags.FindWithValue("p", decodedPtag) == nil {
+					tags = append(tags, nostr.Tag{"p", decodedPtag})
 				}
 			}
 			for _, dtag := range c.StringSlice("d") {
-				if tags.FindWithValue("d", dtag) == nil {
-					tags = append(tags, nostr.Tag{"d", dtag})
+				decodedDtag := decodeTagValue(dtag)
+				if tags.FindWithValue("d", decodedDtag) == nil {
+					tags = append(tags, nostr.Tag{"d", decodedDtag})
 				}
 			}
 			if len(tags) > 0 {
@@ -287,6 +296,9 @@ example:
 						return nil
 					}
 				} else if err := kr.SignEvent(ctx, &evt); err != nil {
+					if _, isBunker := kr.(keyer.BunkerSigner); isBunker && errors.Is(ctx.Err(), context.DeadlineExceeded) {
+						err = fmt.Errorf("timeout waiting for bunker to respond")
+					}
 					return fmt.Errorf("error signing with provided key: %w", err)
 				}
 			}
@@ -397,13 +409,20 @@ func publishFlow(ctx context.Context, c *cli.Command, kr nostr.Signer, evt nostr
 			}
 		} else {
 			// normal dumb flow
-			for _, relay := range relays {
+			for i, relay := range relays {
 			publish:
 				cleanUrl, _ := strings.CutPrefix(relay.URL, "wss://")
 				log("publishing to %s... ", color.CyanString(cleanUrl))
 				ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
 				defer cancel()

+				if !relay.IsConnected() {
+					if new_, err := sys.Pool.EnsureRelay(relay.URL); err == nil {
+						relays[i] = new_
+						relay = new_
+					}
+				}
+
 				err := relay.Publish(ctx, evt)
 				if err == nil {
 					// published fine
--- a/fetch.go
+++ b/fetch.go
@@ -106,7 +106,9 @@ var fetch = &cli.Command{
 				continue
 			}

-			for ie := range sys.Pool.FetchMany(ctx, relays, filter, nostr.SubscriptionOptions{}) {
+			for ie := range sys.Pool.FetchMany(ctx, relays, filter, nostr.SubscriptionOptions{
+				Label: "nak-fetch",
+			}) {
 				stdout(ie.Event)
 			}
 		}
--- a/filter.go
+++ b/filter.go
@@ -0,0 +1,95 @@
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"fiatjaf.com/nostr"
+	"github.com/mailru/easyjson"
+	"github.com/urfave/cli/v3"
+)
+
+var filter = &cli.Command{
+	Name:  "filter",
+	Usage: "applies an event filter to an event to see if it matches.",
+	Description: `
+example:
+		echo '{"kind": 1, "content": "hello"}' | nak filter -k 1
+		nak filter '{"kind": 1, "content": "hello"}' -k 1
+		nak filter '{"kind": 1, "content": "hello"}' '{"kinds": [1]}' -k 0
+`,
+	DisableSliceFlagSeparator: true,
+	Flags:                     reqFilterFlags,
+	ArgsUsage:                 "[event_json] [base_filter_json]",
+	Action: func(ctx context.Context, c *cli.Command) error {
+		args := c.Args().Slice()
+
+		var baseFilter nostr.Filter
+		var baseEvent nostr.Event
+
+		if len(args) == 2 {
+			// two arguments: first is event, second is base filter
+			if err := easyjson.Unmarshal([]byte(args[0]), &baseEvent); err != nil {
+				return fmt.Errorf("invalid base event: %w", err)
+			}
+			if err := easyjson.Unmarshal([]byte(args[1]), &baseFilter); err != nil {
+				return fmt.Errorf("invalid base filter: %w", err)
+			}
+		} else if len(args) == 1 {
+			if isPiped() {
+				// one argument + stdin: argument is base filter
+				if err := easyjson.Unmarshal([]byte(args[0]), &baseFilter); err != nil {
+					return fmt.Errorf("invalid base filter: %w", err)
+				}
+			} else {
+				// one argument, no stdin: argument is event
+				if err := easyjson.Unmarshal([]byte(args[0]), &baseEvent); err != nil {
+					return fmt.Errorf("invalid base event: %w", err)
+				}
+			}
+		}
+
+		// apply flags to filter
+		if err := applyFlagsToFilter(c, &baseFilter); err != nil {
+			return err
+		}
+
+		// if there is no stdin we'll still get an empty object here
+		for evtj := range getJsonsOrBlank() {
+			var evt nostr.Event
+			if err := easyjson.Unmarshal([]byte(evtj), &evt); err != nil {
+				ctx = lineProcessingError(ctx, "invalid event: %s", err)
+				continue
+			}
+
+			// merge that with the base event
+			if evt.ID == nostr.ZeroID {
+				evt.ID = baseEvent.ID
+			}
+			if evt.PubKey == nostr.ZeroPK {
+				evt.PubKey = baseEvent.PubKey
+			}
+			if evt.Sig == [64]byte{} {
+				evt.Sig = baseEvent.Sig
+			}
+			if evt.Content == "" {
+				evt.Content = baseEvent.Content
+			}
+			if len(evt.Tags) == 0 {
+				evt.Tags = baseEvent.Tags
+			}
+			if evt.CreatedAt == 0 {
+				evt.CreatedAt = baseEvent.CreatedAt
+			}
+
+			if baseFilter.Matches(evt) {
+				stdout(evt)
+			} else {
+				logverbose("event %s didn't match %s", evt, baseFilter)
+			}
+		}
+
+		exitIfLineProcessingError(ctx)
+		return nil
+	},
+}
--- a/flags.go
+++ b/flags.go
@@ -96,8 +96,8 @@ func (t pubkeyValue) Create(val nostr.PubKey, p *nostr.PubKey, c struct{}) cli.V
 func (t pubkeyValue) ToString(b nostr.PubKey) string { return t.pubkey.String() }

 func (t *pubkeyValue) Set(value string) error {
-	pk, err := nostr.PubKeyFromHex(value)
-	t.pubkey = pk
+	pubkey, err := parsePubKey(value)
+	t.pubkey = pubkey
 	t.hasBeenSet = true
 	return err
 }
@@ -147,8 +147,8 @@ func (t idValue) Create(val nostr.ID, p *nostr.ID, c struct{}) cli.Value {
 func (t idValue) ToString(b nostr.ID) string { return t.id.String() }

 func (t *idValue) Set(value string) error {
-	pk, err := nostr.IDFromHex(value)
-	t.id = pk
+	id, err := parseEventID(value)
+	t.id = id
 	t.hasBeenSet = true
 	return err
 }
--- a/fs.go
+++ b/fs.go
@@ -1,4 +1,4 @@
-//go:build !windows
+//go:build !windows && !openbsd

 package main

--- a/fs_windows.go
+++ b/fs_windows.go
@@ -1,4 +1,4 @@
-//go:build windows
+//go:build windows || openbsd

 package main

@@ -12,9 +12,9 @@ import (
 var fsCmd = &cli.Command{
 	Name:                      "fs",
 	Usage:                     "mount a FUSE filesystem that exposes Nostr events as files.",
-	Description:               `doesn't work on Windows.`,
+	Description:               `doesn't work on Windows and OpenBSD.`,
 	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
-		return fmt.Errorf("this doesn't work on Windows.")
+		return fmt.Errorf("this doesn't work on Windows and OpenBSD.")
 	},
 }
--- a/gift.go
+++ b/gift.go
@@ -0,0 +1,192 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"math/rand"
+	"time"
+
+	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/nip44"
+	"github.com/mailru/easyjson"
+	"github.com/urfave/cli/v3"
+)
+
+var gift = &cli.Command{
+	Name:  "gift",
+	Usage: "gift-wraps (or unwraps) an event according to NIP-59",
+	Description: `example:
+  nak event | nak gift wrap --sec <sec-a> -p <sec-b> | nak gift unwrap --sec <sec-b> --from <pub-a>`,
+	DisableSliceFlagSeparator: true,
+	Commands: []*cli.Command{
+		{
+			Name: "wrap",
+			Flags: append(
+				defaultKeyFlags,
+				&PubKeyFlag{
+					Name:     "recipient-pubkey",
+					Aliases:  []string{"p", "tgt", "target", "pubkey", "to"},
+					Required: true,
+				},
+			),
+			Usage: "turns an event into a rumor (unsigned) then gift-wraps it to the recipient",
+			Description: `example:
+  nak event -c 'hello' | nak gift wrap --sec <my-secret-key> -p <target-public-key>`,
+			Action: func(ctx context.Context, c *cli.Command) error {
+				kr, _, err := gatherKeyerFromArguments(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				recipient := getPubKey(c, "recipient-pubkey")
+
+				// get sender pubkey
+				sender, err := kr.GetPublicKey(ctx)
+				if err != nil {
+					return fmt.Errorf("failed to get sender pubkey: %w", err)
+				}
+
+				// read event from stdin
+				for eventJSON := range getJsonsOrBlank() {
+					if eventJSON == "{}" {
+						continue
+					}
+
+					var originalEvent nostr.Event
+					if err := easyjson.Unmarshal([]byte(eventJSON), &originalEvent); err != nil {
+						return fmt.Errorf("invalid event JSON: %w", err)
+					}
+
+					// turn into rumor (unsigned event)
+					rumor := originalEvent
+					rumor.Sig = [64]byte{} // remove signature
+					rumor.PubKey = sender
+					rumor.ID = rumor.GetID() // compute ID
+
+					// create seal
+					rumorJSON, _ := easyjson.Marshal(rumor)
+					encryptedRumor, err := kr.Encrypt(ctx, string(rumorJSON), recipient)
+					if err != nil {
+						return fmt.Errorf("failed to encrypt rumor: %w", err)
+					}
+					seal := &nostr.Event{
+						Kind:      13,
+						Content:   encryptedRumor,
+						PubKey:    sender,
+						CreatedAt: randomNow(),
+						Tags:      nostr.Tags{},
+					}
+					if err := kr.SignEvent(ctx, seal); err != nil {
+						return fmt.Errorf("failed to sign seal: %w", err)
+					}
+
+					// create gift wrap
+					ephemeral := nostr.Generate()
+					sealJSON, _ := easyjson.Marshal(seal)
+					convkey, err := nip44.GenerateConversationKey(recipient, ephemeral)
+					if err != nil {
+						return fmt.Errorf("failed to generate conversation key: %w", err)
+					}
+					encryptedSeal, err := nip44.Encrypt(string(sealJSON), convkey)
+					if err != nil {
+						return fmt.Errorf("failed to encrypt seal: %w", err)
+					}
+					wrap := &nostr.Event{
+						Kind:      1059,
+						Content:   encryptedSeal,
+						CreatedAt: randomNow(),
+						Tags:      nostr.Tags{{"p", recipient.Hex()}},
+					}
+					wrap.Sign(ephemeral)
+
+					// print the gift-wrap
+					wrapJSON, err := easyjson.Marshal(wrap)
+					if err != nil {
+						return fmt.Errorf("failed to marshal gift wrap: %w", err)
+					}
+					stdout(string(wrapJSON))
+				}
+
+				return nil
+			},
+		},
+		{
+			Name:  "unwrap",
+			Usage: "decrypts a gift-wrap event sent by the sender to us and exposes its internal rumor (unsigned event).",
+			Description: `example:
+  nak req -p <my-public-key> -k 1059 dmrelay.com | nak gift unwrap --sec <my-secret-key> --from <sender-public-key>`,
+			Flags: append(
+				defaultKeyFlags,
+				&PubKeyFlag{
+					Name:     "sender-pubkey",
+					Aliases:  []string{"p", "src", "source", "pubkey", "from"},
+					Required: true,
+				},
+			),
+			Action: func(ctx context.Context, c *cli.Command) error {
+				kr, _, err := gatherKeyerFromArguments(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				sender := getPubKey(c, "sender-pubkey")
+
+				// read gift-wrapped event from stdin
+				for wrapJSON := range getJsonsOrBlank() {
+					if wrapJSON == "{}" {
+						continue
+					}
+
+					var wrap nostr.Event
+					if err := easyjson.Unmarshal([]byte(wrapJSON), &wrap); err != nil {
+						return fmt.Errorf("invalid gift wrap JSON: %w", err)
+					}
+
+					if wrap.Kind != 1059 {
+						return fmt.Errorf("not a gift wrap event (kind %d)", wrap.Kind)
+					}
+
+					ephemeralPubkey := wrap.PubKey
+
+					// decrypt seal
+					sealJSON, err := kr.Decrypt(ctx, wrap.Content, ephemeralPubkey)
+					if err != nil {
+						return fmt.Errorf("failed to decrypt seal: %w", err)
+					}
+
+					var seal nostr.Event
+					if err := easyjson.Unmarshal([]byte(sealJSON), &seal); err != nil {
+						return fmt.Errorf("invalid seal JSON: %w", err)
+					}
+
+					if seal.Kind != 13 {
+						return fmt.Errorf("not a seal event (kind %d)", seal.Kind)
+					}
+
+					// decrypt rumor
+					rumorJSON, err := kr.Decrypt(ctx, seal.Content, sender)
+					if err != nil {
+						return fmt.Errorf("failed to decrypt rumor: %w", err)
+					}
+
+					var rumor nostr.Event
+					if err := easyjson.Unmarshal([]byte(rumorJSON), &rumor); err != nil {
+						return fmt.Errorf("invalid rumor JSON: %w", err)
+					}
+
+					// output the unwrapped event (rumor)
+					stdout(rumorJSON)
+				}
+
+				return nil
+			},
+		},
+	},
+}
+
+func randomNow() nostr.Timestamp {
+	const twoDays = 2 * 24 * 60 * 60
+	now := time.Now().Unix()
+	randomOffset := rand.Int63n(twoDays)
+	return nostr.Timestamp(now - randomOffset)
+}
--- a/git.go
+++ b/git.go
--- a/go.mod
+++ b/go.mod
@@ -1,88 +1,106 @@
 module github.com/fiatjaf/nak

-go 1.24.1
+go 1.25

 require (
 	fiatjaf.com/lib v0.3.1
-	fiatjaf.com/nostr v0.0.0-20250610194330-027d016d9706
+	fiatjaf.com/nostr v0.0.0-20251204122254-07061404918d
+	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/bep/debounce v1.2.1
-	github.com/btcsuite/btcd/btcec/v2 v2.3.5
+	github.com/btcsuite/btcd/btcec/v2 v2.3.6
+	github.com/charmbracelet/glamour v0.10.0
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0
 	github.com/fatih/color v1.16.0
 	github.com/hanwen/go-fuse/v2 v2.7.2
 	github.com/json-iterator/go v1.1.12
 	github.com/liamg/magic v0.0.1
-	github.com/mailru/easyjson v0.9.0
+	github.com/mailru/easyjson v0.9.1
 	github.com/mark3labs/mcp-go v0.8.3
 	github.com/markusmobius/go-dateparser v1.2.3
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-tty v0.0.7
+	github.com/mdp/qrterminal/v3 v3.2.1
+	github.com/puzpuzpuz/xsync/v3 v3.5.1
 	github.com/stretchr/testify v1.10.0
 	github.com/urfave/cli/v3 v3.0.0-beta1
-	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
-	golang.org/x/term v0.30.0
+	golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6
+	golang.org/x/sync v0.18.0
+	golang.org/x/term v0.32.0
 )

 require (
 	github.com/FastFilter/xorfilter v0.2.1 // indirect
 	github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3 // indirect
+	github.com/alecthomas/chroma/v2 v2.14.0 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/bluekeyes/go-gitdiff v0.7.1 // indirect
 	github.com/btcsuite/btcd v0.24.2 // indirect
 	github.com/btcsuite/btcd/btcutil v1.1.5 // indirect
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect
-	github.com/bytedance/sonic v1.13.3 // indirect
-	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 // indirect
+	github.com/charmbracelet/x/ansi v0.8.0 // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.13 // indirect
+	github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf // indirect
+	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/chzyer/logex v1.1.10 // indirect
 	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
-	github.com/cloudwego/base64x v0.1.5 // indirect
-	github.com/coder/websocket v1.8.13 // indirect
+	github.com/coder/websocket v1.8.14 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect
-	github.com/dgraph-io/badger/v4 v4.5.0 // indirect
-	github.com/dgraph-io/ristretto v1.0.0 // indirect
-	github.com/dgraph-io/ristretto/v2 v2.1.0 // indirect
+	github.com/dgraph-io/ristretto/v2 v2.3.0 // indirect
+	github.com/dlclark/regexp2 v1.11.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/elliotchance/pie/v2 v2.7.0 // indirect
-	github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3 // indirect
+	github.com/elnosh/gonuts v0.4.2 // indirect
 	github.com/fasthttp/websocket v1.5.12 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
-	github.com/google/flatbuffers v24.12.23+incompatible // indirect
+	github.com/go-git/go-git/v5 v5.16.3 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/css v1.0.1 // indirect
 	github.com/hablullah/go-hijri v1.0.2 // indirect
 	github.com/hablullah/go-juliandays v1.0.0 // indirect
 	github.com/jalaali/go-jalaali v0.0.0-20210801064154-80525e88d958 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magefile/mage v1.14.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/microcosm-cc/bluemonday v1.0.27 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/puzpuzpuz/xsync/v3 v3.5.1 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/cors v1.11.1 // indirect
 	github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38 // indirect
+	github.com/templexxx/cpu v0.0.1 // indirect
+	github.com/templexxx/xhex v0.0.0-20200614015412-aed53437177b // indirect
 	github.com/tetratelabs/wazero v1.8.0 // indirect
 	github.com/tidwall/gjson v1.18.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/match v1.2.0 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
-	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.59.0 // indirect
 	github.com/wasilibs/go-re2 v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/arch v0.18.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.37.0 // indirect
-	golang.org/x/sync v0.15.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	google.golang.org/protobuf v1.36.2 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	github.com/yuin/goldmark v1.7.8 // indirect
+	github.com/yuin/goldmark-emoji v1.0.5 // indirect
+	go.etcd.io/bbolt v1.4.2 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	rsc.io/qr v0.2.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,24 +1,38 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 fiatjaf.com/lib v0.3.1 h1:/oFQwNtFRfV+ukmOCxfBEAuayoLwXp4wu2/fz5iHpwA=
 fiatjaf.com/lib v0.3.1/go.mod h1:Ycqq3+mJ9jAWu7XjbQI1cVr+OFgnHn79dQR5oTII47g=
-fiatjaf.com/nostr v0.0.0-20250521022139-d3fb25441ab3 h1:JRtme8g4UQ5KYlxI31wBa8YMWmAxvxdwtNn+PiI/XCs=
-fiatjaf.com/nostr v0.0.0-20250521022139-d3fb25441ab3/go.mod h1:VPs38Fc8J1XAErV750CXAmMUqIq3XEX9VZVj/LuQzzM=
-fiatjaf.com/nostr v0.0.0-20250522115245-f38ce069a93d h1:sl/BOXW5eK7v+cchMMEZvnzQW+n/jWiHGQn+CRt5m5Q=
-fiatjaf.com/nostr v0.0.0-20250522115245-f38ce069a93d/go.mod h1:VPs38Fc8J1XAErV750CXAmMUqIq3XEX9VZVj/LuQzzM=
-fiatjaf.com/nostr v0.0.0-20250610194330-027d016d9706 h1:G0xS5h9dsbODWh+f8rYvDkY328h79MsNs2dGPGqm8nY=
-fiatjaf.com/nostr v0.0.0-20250610194330-027d016d9706/go.mod h1:VPs38Fc8J1XAErV750CXAmMUqIq3XEX9VZVj/LuQzzM=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+fiatjaf.com/nostr v0.0.0-20251201232830-91548fa0a157 h1:14yLsO2HwpS2CLIKFvLMDp8tVEDahwdC8OeG6NGaL+M=
+fiatjaf.com/nostr v0.0.0-20251201232830-91548fa0a157/go.mod h1:ue7yw0zHfZj23Ml2kVSdBx0ENEaZiuvGxs/8VEN93FU=
+fiatjaf.com/nostr v0.0.0-20251204122254-07061404918d h1:xROmiuT7LrZk+/iGGeTqRI4liqJZrc87AWjsyHtbqDg=
+fiatjaf.com/nostr v0.0.0-20251204122254-07061404918d/go.mod h1:ue7yw0zHfZj23Ml2kVSdBx0ENEaZiuvGxs/8VEN93FU=
+github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
+github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
 github.com/FastFilter/xorfilter v0.2.1 h1:lbdeLG9BdpquK64ZsleBS8B4xO/QW1IM0gMzF7KaBKc=
 github.com/FastFilter/xorfilter v0.2.1/go.mod h1:aumvdkhscz6YBZF9ZA/6O4fIoNod4YR50kIVGGZ7l9I=
 github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3 h1:ClzzXMDDuUbWfNNZqGeYq4PnYOlwlOVIvSyNaIy0ykg=
 github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3/go.mod h1:we0YA5CsBbH5+/NUzC/AlMmxaDtWlXeNsqrwXjTzmzA=
+github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
+github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
 github.com/PowerDNS/lmdb-go v1.9.3 h1:AUMY2pZT8WRpkEv39I9Id3MuoHd+NZbTVpNhruVkPTg=
 github.com/PowerDNS/lmdb-go v1.9.3/go.mod h1:TE0l+EZK8Z1B4dx070ZxkWTlp8RG1mjN0/+FkFRQMtU=
 github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
+github.com/alecthomas/assert/v2 v2.7.0 h1:QtqSACNS3tF7oasA8CU6A6sXZSBDqnm7RfpLl9bZqbE=
+github.com/alecthomas/assert/v2 v2.7.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
+github.com/alecthomas/chroma/v2 v2.14.0 h1:R3+wzpnUArGcQz7fCETQBzO5n9IMNi13iIs46aU4V9E=
+github.com/alecthomas/chroma/v2 v2.14.0/go.mod h1:QolEbTfmUHIMVpBqxeDnNBj2uoeI4EbYP4i6n68SG4I=
+github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
+github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
 github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
+github.com/aymanbagabas/go-udiff v0.2.0 h1:TK0fH4MteXUDspT88n8CKzvK0X9O2xu9yQjWpi6yML8=
+github.com/aymanbagabas/go-udiff v0.2.0/go.mod h1:RE4Ex0qsGkTAJoQdQQCA0uG+nAzJO/pI/QwceO5fgrA=
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/bep/debounce v1.2.1 h1:v67fRdBA9UQu2NhLFXrSg0Brw7CexQekrBwDMM8bzeY=
 github.com/bep/debounce v1.2.1/go.mod h1:H8yggRPQKLUhUoqrJC1bO2xNya7vanpDl7xR3ISbCJ0=
+github.com/bluekeyes/go-gitdiff v0.7.1 h1:graP4ElLRshr8ecu0UtqfNTCHrtSyZd3DABQm/DWesQ=
+github.com/bluekeyes/go-gitdiff v0.7.1/go.mod h1:QpfYYO1E0fTVHVZAZKiRjtSGY9823iCdvGXBcEzHGbM=
 github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
 github.com/btcsuite/btcd v0.22.0-beta.0.20220111032746-97732e52810c/go.mod h1:tjmYdS6MLJ5/s0Fj4DbLgSbDHbEqLJrtnHecBFkdz5M=
 github.com/btcsuite/btcd v0.23.5-0.20231215221805-96c9fd8078fd/go.mod h1:nm3Bko6zh6bWP60UxwoT5LzdGJsQJaPo6HjduXq9p6A=
@@ -26,10 +40,8 @@ github.com/btcsuite/btcd v0.24.2 h1:aLmxPguqxza+4ag8R1I2nnJjSu2iFn/kqtHTIImswcY=
 github.com/btcsuite/btcd v0.24.2/go.mod h1:5C8ChTkl5ejr3WHj8tkQSCmydiMEPB0ZhQhehpq7Dgg=
 github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
 github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
-github.com/btcsuite/btcd/btcec/v2 v2.3.5 h1:dpAlnAwmT1yIBm3exhT1/8iUSD98RDJM5vqJVQDQLiU=
-github.com/btcsuite/btcd/btcec/v2 v2.3.5/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ=
+github.com/btcsuite/btcd/btcec/v2 v2.3.6 h1:IzlsEr9olcSRKB/n7c4351F3xHKxS2lma+1UFGCYd4E=
+github.com/btcsuite/btcd/btcec/v2 v2.3.6/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ=
 github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A=
 github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE=
 github.com/btcsuite/btcd/btcutil v1.1.5 h1:+wER79R5670vs/ZusMTF1yTcRYE5GUsFbdjdisflzM8=
@@ -47,31 +59,36 @@ github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku
 github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
 github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
-github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
-github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
-github.com/bytedance/sonic v1.13.3 h1:MS8gmaH16Gtirygw7jV91pDCN33NyMrPbN7qiYhEsF0=
-github.com/bytedance/sonic v1.13.3/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
-github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs=
+github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk=
+github.com/charmbracelet/glamour v0.10.0 h1:MtZvfwsYCx8jEPFJm3rIBFIMZUfUJ765oX8V6kXldcY=
+github.com/charmbracelet/glamour v0.10.0/go.mod h1:f+uf+I/ChNmqo087elLnVdCiVgjSKWuXa/l6NU2ndYk=
+github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 h1:ZR7e0ro+SZZiIZD7msJyA+NjkCNNavuiPBLgerbOziE=
+github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834/go.mod h1:aKC/t2arECF6rNOnaKaVU6y4t4ZeHQzqfxedE/VkVhA=
+github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE=
+github.com/charmbracelet/x/ansi v0.8.0/go.mod h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q=
+github.com/charmbracelet/x/cellbuf v0.0.13 h1:/KBBKHuVRbq1lYx5BzEHBAFBP8VcQzJejZ/IA3iR28k=
+github.com/charmbracelet/x/cellbuf v0.0.13/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
+github.com/charmbracelet/x/exp/golden v0.0.0-20240806155701-69247e0abc2a h1:G99klV19u0QnhiizODirwVksQB91TJKV/UaTnACcG30=
+github.com/charmbracelet/x/exp/golden v0.0.0-20240806155701-69247e0abc2a/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
+github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf h1:rLG0Yb6MQSDKdB52aGX55JT1oi0P0Kuaj7wi1bLUpnI=
+github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf/go.mod h1:B3UgsnsBZS/eX42BlaNiJkD1pPOUa+oF1IYC6Yd2CEU=
+github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
+github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
 github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
-github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
-github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
-github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
+github.com/coder/websocket v1.8.14 h1:9L0p0iKiNOibykf283eHkKUHHrpG7f65OE3BhhO7v9g=
+github.com/coder/websocket v1.8.14/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg=
+github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
+github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -83,25 +100,19 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeC
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
 github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
-github.com/dgraph-io/badger/v4 v4.5.0 h1:TeJE3I1pIWLBjYhIYCA1+uxrjWEoJXImFBMEBVSm16g=
-github.com/dgraph-io/badger/v4 v4.5.0/go.mod h1:ysgYmIeG8dS/E8kwxT7xHyc7MkmwNYLRoYnFbr7387A=
-github.com/dgraph-io/ristretto v1.0.0 h1:SYG07bONKMlFDUYu5pEu3DGAh8c2OFNzKm6G9J4Si84=
-github.com/dgraph-io/ristretto v1.0.0/go.mod h1:jTi2FiYEhQ1NsMmA7DeBykizjOuY88NhKBkepyu1jPc=
-github.com/dgraph-io/ristretto/v2 v2.1.0 h1:59LjpOJLNDULHh8MC4UaegN52lC4JnO2dITsie/Pa8I=
-github.com/dgraph-io/ristretto/v2 v2.1.0/go.mod h1:uejeqfYXpUomfse0+lO+13ATz4TypQYLJZzBSAemuB4=
-github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
-github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgraph-io/ristretto/v2 v2.3.0 h1:qTQ38m7oIyd4GAed/QkUZyPFNMnvVWyazGXRwvOt5zk=
+github.com/dgraph-io/ristretto/v2 v2.3.0/go.mod h1:gpoRV3VzrEY1a9dWAYV6T1U7YzfgttXdd/ZzL1s9OZM=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da h1:aIftn67I1fkbMa512G+w+Pxci9hJPB8oMnkcP3iZF38=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
+github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/dvyukov/go-fuzz v0.0.0-20200318091601-be3528f3a813/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/elliotchance/pie/v2 v2.7.0 h1:FqoIKg4uj0G/CrLGuMS9ejnFKa92lxE1dEgBD3pShXg=
 github.com/elliotchance/pie/v2 v2.7.0/go.mod h1:18t0dgGFH006g4eVdDtWfgFZPQEgl10IoEO8YWEq3Og=
-github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3 h1:k7evIqJ2BtFn191DgY/b03N2bMYA/iQwzr4f/uHYn20=
-github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3/go.mod h1:vgZomh4YQk7R3w4ltZc0sHwCmndfHkuX6V4sga/8oNs=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/elnosh/gonuts v0.4.2 h1:/WubPAWGxTE+okJ0WPvmtEzTzpi04RGxiTHAF1FYU+M=
+github.com/elnosh/gonuts v0.4.2/go.mod h1:vgZomh4YQk7R3w4ltZc0sHwCmndfHkuX6V4sga/8oNs=
 github.com/fasthttp/websocket v1.5.12 h1:e4RGPpWW2HTbL3zV0Y/t7g0ub294LkiuXXUuTOUInlE=
 github.com/fasthttp/websocket v1.5.12/go.mod h1:I+liyL7/4moHojiOgUOIKEWm9EIxHqxZChS+aMFltyg=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
@@ -110,36 +121,26 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8=
+github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/flatbuffers v24.12.23+incompatible h1:ubBKR94NR4pXUCY/MUsRVzd9umNW7ht7EG9hHfS9FX8=
-github.com/google/flatbuffers v24.12.23+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
+github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hablullah/go-hijri v1.0.2 h1:drT/MZpSZJQXo7jftf5fthArShcaMtsal0Zf/dnmp6k=
 github.com/hablullah/go-hijri v1.0.2/go.mod h1:OS5qyYLDjORXzK4O1adFw9Q5WfhOcMdAKglDkcTxgWQ=
@@ -147,6 +148,10 @@ github.com/hablullah/go-juliandays v1.0.0 h1:A8YM7wIj16SzlKT0SRJc9CD29iiaUzpBLzh
 github.com/hablullah/go-juliandays v1.0.0/go.mod h1:0JOYq4oFOuDja+oospuc61YoX+uNEn7Z6uHYTbBzdGc=
 github.com/hanwen/go-fuse/v2 v2.7.2 h1:SbJP1sUP+n1UF8NXBA14BuojmTez+mDgOk0bC057HQw=
 github.com/hanwen/go-fuse/v2 v2.7.2/go.mod h1:ugNaD/iv5JYyS1Rcvi57Wz7/vrLQJo10mmketmoef48=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=
+github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/jalaali/go-jalaali v0.0.0-20210801064154-80525e88d958 h1:qxLoi6CAcXVzjfvu+KXIXJOAsQB62LXjsfbOaErsVzE=
 github.com/jalaali/go-jalaali v0.0.0-20210801064154-80525e88d958/go.mod h1:Wqfu7mjUHj9WDzSSPI5KfBclTTEnLveRUFr/ujWnTgE=
@@ -157,32 +162,46 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF
 github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
-github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
-github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/liamg/magic v0.0.1 h1:Ru22ElY+sCh6RvRTWjQzKKCxsEco8hE0co8n1qe7TBM=
 github.com/liamg/magic v0.0.1/go.mod h1:yQkOmZZI52EA+SQ2xyHpVw8fNvTBruF873Y+Vt6S+fk=
+github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
 github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8=
+github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/mark3labs/mcp-go v0.8.3 h1:IzlyN8BaP4YwUMUDqxOGJhGdZXEDQiAPX43dNPgnzrg=
 github.com/mark3labs/mcp-go v0.8.3/go.mod h1:cjMlBU0cv/cj9kjlgmRhoJ5JREdS7YX83xeIG9Ko/jE=
 github.com/markusmobius/go-dateparser v1.2.3 h1:TvrsIvr5uk+3v6poDjaicnAFJ5IgtFHgLiuMY2Eb7Nw=
 github.com/markusmobius/go-dateparser v1.2.3/go.mod h1:cMwQRrBUQlK1UI5TIFHEcvpsMbkWrQLXuaPNMFzuYLk=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-tty v0.0.7 h1:KJ486B6qI8+wBO7kQxYgmmEFDaFEE96JMBQ7h400N8Q=
 github.com/mattn/go-tty v0.0.7/go.mod h1:f2i5ZOvXBU/tCABmLmOfzLz9azMo5wdAaElRNnJKr+k=
+github.com/mdp/qrterminal/v3 v3.2.1 h1:6+yQjiiOsSuXT5n9/m60E54vdgFsw0zhADHhHLrFet4=
+github.com/mdp/qrterminal/v3 v3.2.1/go.mod h1:jOTmXvnBsMy5xqLniO0R++Jmjs2sTm9dFSuQ5kpz/SU=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
+github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -190,6 +209,10 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
+github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
+github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
+github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -203,36 +226,41 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++5Fg=
 github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
+github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
 github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38 h1:D0vL7YNisV2yqE55+q0lFuGse6U8lxlg7fYTctlT5Gc=
 github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38/go.mod h1:sM7Mt7uEoCeFSCBM+qBrqvEo+/9vdmj19wzp3yzUhmg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
+github.com/templexxx/cpu v0.0.1 h1:hY4WdLOgKdc8y13EYklu9OUTXik80BkxHoWvTO6MQQY=
+github.com/templexxx/cpu v0.0.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
+github.com/templexxx/xhex v0.0.0-20200614015412-aed53437177b h1:XeDLE6c9mzHpdv3Wb1+pWBaWv/BlHK0ZYIu/KaL6eHg=
+github.com/templexxx/xhex v0.0.0-20200614015412-aed53437177b/go.mod h1:7rwmCH0wC2fQvNEvPZ3sKXukhyCTyiaZ5VTZMQYpZKQ=
 github.com/tetratelabs/wazero v1.8.0 h1:iEKu0d4c2Pd+QSRieYbnQC9yiFlMS9D+Jr0LsRmcF4g=
 github.com/tetratelabs/wazero v1.8.0/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
 github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
 github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/match v1.2.0 h1:0pt8FlkOwjN2fPt4bIl4BoNxb98gGHN2ObFEDkrfZnM=
+github.com/tidwall/match v1.2.0/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
-github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/tyler-smith/go-bip39 v1.1.0 h1:5eUemwrMargf3BSLRRCalXT93Ns6pQJIjYQN2nyfOP8=
+github.com/tyler-smith/go-bip39 v1.1.0/go.mod h1:gUYDtqQw1JS3ZJ8UWVcGTGqqr6YIN3CWg+kkNaLt55U=
 github.com/urfave/cli/v3 v3.0.0-beta1 h1:6DTaaUarcM0wX7qj5Hcvs+5Dm3dyUTBbEwIWAjcw9Zg=
 github.com/urfave/cli/v3 v3.0.0-beta1/go.mod h1:FnIeEMYu+ko8zP1F9Ypr3xkZMIDqW3DR92yUtY39q1Y=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
@@ -245,49 +273,45 @@ github.com/wasilibs/nottinygc v0.4.0 h1:h1TJMihMC4neN6Zq+WKpLxgd9xCFMw7O9ETLwY2e
 github.com/wasilibs/nottinygc v0.4.0/go.mod h1:oDcIotskuYNMpqMF23l7Z8uzD4TC0WXHK8jetlB3HIo=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-golang.org/x/arch v0.17.0 h1:4O3dfLzd+lQewptAHqjewQZQDyEdejz3VwgeYwkZneU=
-golang.org/x/arch v0.17.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
-golang.org/x/arch v0.18.0 h1:WN9poc33zL4AzGxqf8VtpKUnGvMi8O9lhNyBMF/85qc=
-golang.org/x/arch v0.18.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
+github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark-emoji v1.0.5 h1:EMVWyCGPlXJfUXBXpuMu+ii3TIaxbVBnEX9uaDC4cIk=
+github.com/yuin/goldmark-emoji v1.0.5/go.mod h1:tTkZEbwu5wkPmgTcitqddVxY9osFZiavD+r4AzQrh1U=
+go.etcd.io/bbolt v1.4.2 h1:IrUHp260R8c+zYx/Tm8QZr04CX+qWS5PGfPdevhdm1I=
+go.etcd.io/bbolt v1.4.2/go.mod h1:Is8rSHO/b4f3XigBC0lL0+4FwAQv3HXEEIgFMuKHceM=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI=
-golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ=
-golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
-golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 h1:zfMcR1Cs4KNuomFFgGefv5N0czO2XZpUbxGUy8i8ug0=
+golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -295,48 +319,39 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU=
-google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -347,6 +362,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY=
+rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=
--- a/helpers.go
+++ b/helpers.go
@@ -18,12 +18,14 @@ import (
 	"time"

 	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/nip05"
 	"fiatjaf.com/nostr/nip19"
 	"fiatjaf.com/nostr/nip42"
 	"fiatjaf.com/nostr/sdk"
 	"github.com/chzyer/readline"
 	"github.com/fatih/color"
 	jsoniter "github.com/json-iterator/go"
+	"github.com/mattn/go-isatty"
 	"github.com/mattn/go-tty"
 	"github.com/urfave/cli/v3"
 	"golang.org/x/term"
@@ -74,7 +76,7 @@ func getJsonsOrBlank() iter.Seq[string] {
 			return true
 		})

-		if !hasStdin {
+		if !hasStdin && !isPiped() {
 			yield("{}")
 		}

@@ -315,6 +317,10 @@ func supportsDynamicMultilineMagic() bool {
 		return false
 	}

+	if !isatty.IsTerminal(os.Stdout.Fd()) {
+		return false
+	}
+
 	width, _, err := term.GetSize(int(os.Stderr.Fd()))
 	if err != nil {
 		return false
@@ -459,6 +465,70 @@ func askConfirmation(msg string) bool {
 	}
 }

+func parsePubKey(value string) (nostr.PubKey, error) {
+	// try nip05 first
+	if nip05.IsValidIdentifier(value) {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Second*3)
+		pp, err := nip05.QueryIdentifier(ctx, value)
+		cancel()
+		if err == nil {
+			return pp.PublicKey, nil
+		}
+		// if nip05 fails, fall through to try as pubkey
+	}
+
+	pk, err := nostr.PubKeyFromHex(value)
+	if err == nil {
+		return pk, nil
+	}
+
+	if prefix, decoded, err := nip19.Decode(value); err == nil {
+		switch prefix {
+		case "npub":
+			if pk, ok := decoded.(nostr.PubKey); ok {
+				return pk, nil
+			}
+		case "nprofile":
+			if profile, ok := decoded.(nostr.ProfilePointer); ok {
+				return profile.PublicKey, nil
+			}
+		}
+	}
+
+	return nostr.PubKey{}, fmt.Errorf("invalid pubkey (\"%s\"): expected hex, npub, or nprofile", value)
+}
+
+func parseEventID(value string) (nostr.ID, error) {
+	id, err := nostr.IDFromHex(value)
+	if err == nil {
+		return id, nil
+	}
+
+	if prefix, decoded, err := nip19.Decode(value); err == nil {
+		switch prefix {
+		case "note":
+			if id, ok := decoded.(nostr.ID); ok {
+				return id, nil
+			}
+		case "nevent":
+			if event, ok := decoded.(nostr.EventPointer); ok {
+				return event.ID, nil
+			}
+		}
+	}
+
+	return nostr.ID{}, fmt.Errorf("invalid event id (\"%s\"): expected hex, note, or nevent", value)
+}
+
+func decodeTagValue(value string) string {
+	if strings.HasPrefix(value, "npub1") || strings.HasPrefix(value, "nevent1") || strings.HasPrefix(value, "note1") || strings.HasPrefix(value, "nprofile1") || strings.HasPrefix(value, "naddr1") {
+		if ptr, err := nip19.ToPointer(value); err == nil {
+			return ptr.AsTagReference()
+		}
+	}
+	return value
+}
+
 var colors = struct {
 	reset    func(...any) (int, error)
 	italic   func(...any) string
--- a/helpers_key.go
+++ b/helpers_key.go
@@ -17,14 +17,16 @@ import (
 	"github.com/urfave/cli/v3"
 )

+var defaultKey = nostr.KeyOne.Hex()
+
 var defaultKeyFlags = []cli.Flag{
 	&cli.StringFlag{
 		Name:        "sec",
 		Usage:       "secret key to sign the event, as nsec, ncryptsec or hex, or a bunker URL",
-		DefaultText: "the key '1'",
+		DefaultText: "the key '01'",
 		Category:    CATEGORY_SIGNER,
 		Sources:     cli.EnvVars("NOSTR_SECRET_KEY"),
-		Value:       nostr.KeyOne.Hex(),
+		Value:       defaultKey,
 		HideDefault: true,
 	},
 	&cli.BoolFlag{
@@ -75,9 +77,14 @@ func gatherSecretKeyOrBunkerFromArguments(ctx context.Context, c *cli.Command) (
 			clientKey = nostr.Generate()
 		}

+		logverbose("[nip46]: connecting to %s with client key %s\n", bunkerURL, clientKey.Hex())
+
 		bunker, err := nip46.ConnectBunker(ctx, clientKey, bunkerURL, nil, func(s string) {
 			log(color.CyanString("[nip46]: open the following URL: %s"), s)
 		})
+		if err != nil {
+			return nostr.SecretKey{}, nil, fmt.Errorf("failed to connect to %s: %w", bunkerURL, err)
+		}

 		return nostr.SecretKey{}, bunker, err
 	}
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/textproto"
 	"os"
+	"path/filepath"

 	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/sdk"
@@ -27,6 +28,7 @@ var app = &cli.Command{
 	Commands: []*cli.Command{
 		event,
 		req,
+		filter,
 		fetch,
 		count,
 		decode,
@@ -34,23 +36,36 @@ var app = &cli.Command{
 		key,
 		verify,
 		relay,
+		admin,
 		bunker,
 		serve,
 		blossomCmd,
+		dekey,
 		encrypt,
 		decrypt,
+		gift,
 		outbox,
 		wallet,
 		mcpServer,
 		curl,
 		fsCmd,
 		publish,
+		git,
+		nip,
+		syncCmd,
 	},
 	Version: version,
 	Flags: []cli.Flag{
 		&cli.StringFlag{
 			Name:   "config-path",
 			Hidden: true,
+			Value: (func() string {
+				if home, err := os.UserHomeDir(); err == nil {
+					return filepath.Join(home, ".config/nak")
+				} else {
+					return filepath.Join("/dev/null")
+				}
+			})(),
 		},
 		&cli.BoolFlag{
 			Name:    "quiet",
@@ -124,7 +139,7 @@ func main() {

 	if err := app.Run(context.Background(), os.Args); err != nil {
 		if err != nil {
-			log(color.YellowString(err.Error()) + "\n")
+			log("%s\n", color.RedString(err.Error()))
 		}
 		colors.reset()
 		os.Exit(1)
--- a/mcp.go
+++ b/mcp.go
@@ -165,7 +165,9 @@ var mcpServer = &cli.Command{
 			res := strings.Builder{}
 			res.WriteString("Search results: ")
 			l := 0
-			for result := range sys.Pool.FetchMany(ctx, []string{"relay.nostr.band", "nostr.wine"}, filter, nostr.SubscriptionOptions{}) {
+			for result := range sys.Pool.FetchMany(ctx, []string{"relay.nostr.band", "nostr.wine"}, filter, nostr.SubscriptionOptions{
+				Label: "nak-mcp-search",
+			}) {
 				l++
 				pm, _ := sdk.ParseMetadata(result.Event)
 				res.WriteString(fmt.Sprintf("\n\nResult %d\nUser name: \"%s\"\nPublic key: \"%s\"\nDescription: \"%s\"\n",
@@ -219,7 +221,9 @@ var mcpServer = &cli.Command{
 				}
 			}

-			events := sys.Pool.FetchMany(ctx, []string{relay}, filter, nostr.SubscriptionOptions{})
+			events := sys.Pool.FetchMany(ctx, []string{relay}, filter, nostr.SubscriptionOptions{
+				Label: "nak-mcp-profile-events",
+			})

 			result := strings.Builder{}
 			for ie := range events {
--- a/nip.go
+++ b/nip.go
@@ -0,0 +1,201 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"os/exec"
+	"runtime"
+	"strings"
+
+	"github.com/charmbracelet/glamour"
+	"github.com/urfave/cli/v3"
+)
+
+type nipInfo struct {
+	nip, desc, link string
+}
+
+var nip = &cli.Command{
+	Name:  "nip",
+	Usage: "list NIPs or get the description of a NIP from its number",
+	Description: `lists NIPs, fetches and displays NIP text, or opens a NIP page in the browser.
+
+examples:
+  nak nip          # list all NIPs
+  nak nip 29       # shows nip29 details
+  nak nip open 29  # opens nip29 in browser`,
+	ArgsUsage: "[NIP number]",
+	Commands: []*cli.Command{
+		{
+			Name:  "open",
+			Usage: "open the NIP page in the browser",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				reqNum := c.Args().First()
+				if reqNum == "" {
+					return fmt.Errorf("missing NIP number")
+				}
+
+				normalize := func(s string) string {
+					s = strings.ToLower(s)
+					s = strings.TrimPrefix(s, "nip-")
+					s = strings.TrimLeft(s, "0")
+					if s == "" {
+						s = "0"
+					}
+					return s
+				}
+
+				reqNum = normalize(reqNum)
+
+				foundLink := ""
+				for info := range listnips() {
+					nipNum := normalize(info.nip)
+					if nipNum == reqNum {
+						foundLink = info.link
+						break
+					}
+				}
+
+				if foundLink == "" {
+					return fmt.Errorf("NIP-%s not found", strings.ToUpper(reqNum))
+				}
+
+				url := "https://github.com/nostr-protocol/nips/blob/master/" + foundLink
+				fmt.Println("Opening " + url)
+
+				var cmd *exec.Cmd
+				switch runtime.GOOS {
+				case "darwin":
+					cmd = exec.Command("open", url)
+				case "windows":
+					cmd = exec.Command("cmd", "/c", "start", url)
+				default:
+					cmd = exec.Command("xdg-open", url)
+				}
+
+				return cmd.Start()
+			},
+		},
+	},
+	Action: func(ctx context.Context, c *cli.Command) error {
+		reqNum := c.Args().First()
+		if reqNum == "" {
+			// list all NIPs
+			for info := range listnips() {
+				stdout(info.nip + ": " + info.desc)
+			}
+			return nil
+		}
+
+		normalize := func(s string) string {
+			s = strings.ToLower(s)
+			s = strings.TrimPrefix(s, "nip-")
+			s = strings.TrimLeft(s, "0")
+			if s == "" {
+				s = "0"
+			}
+			return s
+		}
+
+		reqNum = normalize(reqNum)
+
+		var foundLink string
+		for info := range listnips() {
+			nipNum := normalize(info.nip)
+
+			if nipNum == reqNum {
+				foundLink = info.link
+				break
+			}
+		}
+
+		if foundLink == "" {
+			return fmt.Errorf("NIP-%s not found", strings.ToUpper(reqNum))
+		}
+
+		// fetch the NIP markdown
+		url := "https://raw.githubusercontent.com/nostr-protocol/nips/master/" + foundLink
+		resp, err := http.Get(url)
+		if err != nil {
+			return fmt.Errorf("failed to fetch NIP: %w", err)
+		}
+		defer resp.Body.Close()
+
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return fmt.Errorf("failed to read NIP: %w", err)
+		}
+
+		// render markdown
+		rendered, err := glamour.Render(string(body), "auto")
+		if err != nil {
+			return fmt.Errorf("failed to render markdown: %w", err)
+		}
+
+		fmt.Print(rendered)
+		return nil
+	},
+}
+
+func listnips() <-chan nipInfo {
+	ch := make(chan nipInfo)
+	go func() {
+		defer close(ch)
+		resp, err := http.Get("https://raw.githubusercontent.com/nostr-protocol/nips/master/README.md")
+		if err != nil {
+			// TODO: handle error? but since chan, maybe send error somehow, but for now, just close
+			return
+		}
+		defer resp.Body.Close()
+
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return
+		}
+		bodyStr := string(body)
+		epoch := strings.Index(bodyStr, "## List")
+		if epoch == -1 {
+			return
+		}
+
+		lines := strings.SplitSeq(bodyStr[epoch+8:], "\n")
+		for line := range lines {
+			line = strings.TrimSpace(line)
+			if strings.HasPrefix(line, "##") {
+				break
+			}
+			if !strings.HasPrefix(line, "- [NIP-") {
+				continue
+			}
+
+			start := strings.Index(line, "[")
+			end := strings.Index(line, "]")
+			if start == -1 || end == -1 || end < start {
+				continue
+			}
+
+			content := line[start+1 : end]
+
+			parts := strings.SplitN(content, ":", 2)
+			if len(parts) != 2 {
+				continue
+			}
+
+			nipPart := parts[0]
+			descPart := parts[1]
+
+			rest := line[end+1:]
+			linkStart := strings.Index(rest, "(")
+			linkEnd := strings.Index(rest, ")")
+			link := ""
+			if linkStart != -1 && linkEnd != -1 && linkEnd > linkStart {
+				link = rest[linkStart+1 : linkEnd]
+			}
+
+			ch <- nipInfo{nipPart, strings.TrimSpace(descPart), link}
+		}
+	}()
+	return ch
+}
--- a/outbox.go
+++ b/outbox.go
@@ -6,9 +6,8 @@ import (
 	"os"
 	"path/filepath"

-	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/sdk"
-	"fiatjaf.com/nostr/sdk/hints/badgerh"
+	"fiatjaf.com/nostr/sdk/hints/bbolth"
 	"github.com/fatih/color"
 	"github.com/urfave/cli/v3"
 )
@@ -20,13 +19,8 @@ var (

 func initializeOutboxHintsDB(c *cli.Command, sys *sdk.System) error {
 	configPath := c.String("config-path")
-	if configPath == "" {
-		if home, err := os.UserHomeDir(); err == nil {
-			configPath = filepath.Join(home, ".config/nak")
-		}
-	}
 	if configPath != "" {
-		hintsFilePath = filepath.Join(configPath, "outbox/hints.bg")
+		hintsFilePath = filepath.Join(configPath, "outbox/hints.db")
 	}
 	if hintsFilePath != "" {
 		if _, err := os.Stat(hintsFilePath); err == nil {
@@ -36,7 +30,7 @@ func initializeOutboxHintsDB(c *cli.Command, sys *sdk.System) error {
 		}
 	}
 	if hintsFileExists && hintsFilePath != "" {
-		hintsdb, err := badgerh.NewBadgerHints(hintsFilePath)
+		hintsdb, err := bbolth.NewBoltHints(hintsFilePath)
 		if err == nil {
 			sys.Hints = hintsdb
 		}
@@ -63,9 +57,9 @@ var outbox = &cli.Command{
 				}

 				os.MkdirAll(hintsFilePath, 0755)
-				_, err := badgerh.NewBadgerHints(hintsFilePath)
+				_, err := bbolth.NewBoltHints(hintsFilePath)
 				if err != nil {
-					return fmt.Errorf("failed to create badger hints db at '%s': %w", hintsFilePath, err)
+					return fmt.Errorf("failed to create bolt hints db at '%s': %w", hintsFilePath, err)
 				}

 				log("initialized hints database at %s\n", hintsFilePath)
@@ -87,7 +81,7 @@ var outbox = &cli.Command{
 					return fmt.Errorf("expected exactly one argument (pubkey)")
 				}

-				pk, err := nostr.PubKeyFromHex(c.Args().First())
+				pk, err := parsePubKey(c.Args().First())
 				if err != nil {
 					return fmt.Errorf("invalid public key '%s': %w", c.Args().First(), err)
 				}
--- a/relay.go
+++ b/relay.go
@@ -1,30 +1,19 @@
 package main

 import (
-	"bytes"
 	"context"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/hex"
 	"fmt"
-	"io"
-	"net/http"

-	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/nip11"
-	"fiatjaf.com/nostr/nip86"
 	"github.com/urfave/cli/v3"
 )

 var relay = &cli.Command{
 	Name:  "relay",
-	Usage: "gets the relay information document for the given relay, as JSON -- or allows usage of the relay management API.",
-	Description: `examples:
-	fetching relay information:
+	Usage: "gets the relay information document for the given relay, as JSON",
+	Description: `
 		nak relay nostr.wine
-
-	managing a relay
-		nak relay nostr.wine banevent --sec 1234 --id 037eb3751073770ff17483b1b1ff125866cd5147668271975ef0a8a8e7ee184a --reason "I don't like it"`,
+`,
 	ArgsUsage:                 "<relay-url>",
 	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
@@ -44,164 +33,4 @@ var relay = &cli.Command{
 		}
 		return nil
 	},
-	Commands: (func() []*cli.Command {
-		methods := []struct {
-			method string
-			args   []string
-		}{
-			{"allowpubkey", []string{"pubkey", "reason"}},
-			{"banpubkey", []string{"pubkey", "reason"}},
-			{"listallowedpubkeys", nil},
-			{"allowpubkey", []string{"pubkey", "reason"}},
-			{"listallowedpubkeys", nil},
-			{"listeventsneedingmoderation", nil},
-			{"allowevent", []string{"id", "reason"}},
-			{"banevent", []string{"id", "reason"}},
-			{"listbannedevents", nil},
-			{"changerelayname", []string{"name"}},
-			{"changerelaydescription", []string{"description"}},
-			{"changerelayicon", []string{"icon"}},
-			{"allowkind", []string{"kind"}},
-			{"disallowkind", []string{"kind"}},
-			{"listallowedkinds", nil},
-			{"blockip", []string{"ip", "reason"}},
-			{"unblockip", []string{"ip", "reason"}},
-			{"listblockedips", nil},
-		}
-
-		commands := make([]*cli.Command, 0, len(methods))
-		for _, def := range methods {
-			def := def
-
-			flags := make([]cli.Flag, len(def.args), len(def.args)+4)
-			for i, argName := range def.args {
-				flags[i] = declareFlag(argName)
-			}
-
-			flags = append(flags, defaultKeyFlags...)
-
-			cmd := &cli.Command{
-				Name:  def.method,
-				Usage: fmt.Sprintf(`the "%s" relay management RPC call`, def.method),
-				Description: fmt.Sprintf(
-					`the "%s" management RPC call, see https://nips.nostr.com/86 for more information`, def.method),
-				Flags:                     flags,
-				DisableSliceFlagSeparator: true,
-				Action: func(ctx context.Context, c *cli.Command) error {
-					params := make([]any, len(def.args))
-					for i, argName := range def.args {
-						params[i] = getArgument(c, argName)
-					}
-					req := nip86.Request{Method: def.method, Params: params}
-					reqj, _ := json.Marshal(req)
-
-					relayUrls := c.Args().Slice()
-					if len(relayUrls) == 0 {
-						stdout(string(reqj))
-						return nil
-					}
-
-					kr, _, err := gatherKeyerFromArguments(ctx, c)
-					if err != nil {
-						return err
-					}
-
-					for _, relayUrl := range relayUrls {
-						httpUrl := "http" + nostr.NormalizeURL(relayUrl)[2:]
-						log("calling '%s' on %s... ", def.method, httpUrl)
-						body := bytes.NewBuffer(nil)
-						body.Write(reqj)
-						req, err := http.NewRequestWithContext(ctx, "POST", httpUrl, body)
-						if err != nil {
-							return fmt.Errorf("failed to create request: %w", err)
-						}
-
-						// Authorization
-						payloadHash := sha256.Sum256(reqj)
-						tokenEvent := nostr.Event{
-							Kind:      27235,
-							CreatedAt: nostr.Now(),
-							Tags: nostr.Tags{
-								{"u", httpUrl},
-								{"method", "POST"},
-								{"payload", hex.EncodeToString(payloadHash[:])},
-							},
-						}
-						if err := kr.SignEvent(ctx, &tokenEvent); err != nil {
-							return fmt.Errorf("failed to sign token event: %w", err)
-						}
-						evtj, _ := json.Marshal(tokenEvent)
-						req.Header.Set("Authorization", "Nostr "+base64.StdEncoding.EncodeToString(evtj))
-
-						// Content-Type
-						req.Header.Set("Content-Type", "application/nostr+json+rpc")
-
-						// make request to relay
-						resp, err := http.DefaultClient.Do(req)
-						if err != nil {
-							log("failed: %s\n", err)
-							continue
-						}
-						b, err := io.ReadAll(resp.Body)
-						if err != nil {
-							log("failed to read response: %s\n", err)
-							continue
-						}
-						if resp.StatusCode >= 300 {
-							log("failed with status %d\n", resp.StatusCode)
-							bodyPrintable := string(b)
-							if len(bodyPrintable) > 300 {
-								bodyPrintable = bodyPrintable[0:297] + "..."
-							}
-							log(bodyPrintable)
-							continue
-						}
-						var response nip86.Response
-						if err := json.Unmarshal(b, &response); err != nil {
-							log("bad json response: %s\n", err)
-							bodyPrintable := string(b)
-							if len(bodyPrintable) > 300 {
-								bodyPrintable = bodyPrintable[0:297] + "..."
-							}
-							log(bodyPrintable)
-							continue
-						}
-						resp.Body.Close()
-
-						// print the result
-						log("\n")
-						pretty, _ := json.MarshalIndent(response, "", "  ")
-						stdout(string(pretty))
-					}
-
-					return nil
-				},
-			}
-
-			commands = append(commands, cmd)
-		}
-
-		return commands
-	})(),
-}
-
-func declareFlag(argName string) cli.Flag {
-	usage := "parameter for this management RPC call, see https://nips.nostr.com/86 for more information."
-	switch argName {
-	case "kind":
-		return &cli.IntFlag{Name: argName, Required: true, Usage: usage}
-	case "reason":
-		return &cli.StringFlag{Name: argName, Usage: usage}
-	default:
-		return &cli.StringFlag{Name: argName, Required: true, Usage: usage}
-	}
-}
-
-func getArgument(c *cli.Command, argName string) any {
-	switch argName {
-	case "kind":
-		return c.Int(argName)
-	default:
-		return c.String(argName)
-	}
 }
--- a/req.go
+++ b/req.go
@@ -1,17 +1,25 @@
 package main

 import (
+	"bufio"
 	"context"
 	"fmt"
+	"math"
 	"os"
+	"slices"
 	"strings"
+	"sync"

 	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/eventstore"
+	"fiatjaf.com/nostr/eventstore/slicestore"
+	"fiatjaf.com/nostr/eventstore/wrappers"
 	"fiatjaf.com/nostr/nip42"
 	"fiatjaf.com/nostr/nip77"
 	"github.com/fatih/color"
 	"github.com/mailru/easyjson"
 	"github.com/urfave/cli/v3"
+	"golang.org/x/sync/errgroup"
 )

 const (
@@ -35,6 +43,11 @@ example:
 	DisableSliceFlagSeparator: true,
 	Flags: append(defaultKeyFlags,
 		append(reqFilterFlags,
+			&cli.StringFlag{
+				Name:      "only-missing",
+				Usage:     "use nip77 negentropy to only fetch events that aren't present in the given jsonl file",
+				TakesFile: true,
+			},
 			&cli.BoolFlag{
 				Name:  "ids-only",
 				Usage: "use nip77 to fetch just a list of ids",
@@ -44,6 +57,17 @@ example:
 				Usage:       "keep the subscription open, printing all events as they are returned",
 				DefaultText: "false, will close on EOSE",
 			},
+			&cli.BoolFlag{
+				Name:        "outbox",
+				Usage:       "use outbox relays from specified public keys",
+				DefaultText: "false, will only use manually-specified relays",
+			},
+			&cli.UintFlag{
+				Name:    "outbox-relays-per-pubkey",
+				Aliases: []string{"n"},
+				Usage:   "number of outbox relays to use for each pubkey",
+				Value:   3,
+			},
 			&cli.BoolFlag{
 				Name:        "paginate",
 				Usage:       "make multiple REQs to the relay decreasing the value of 'until' until 'limit' or 'since' conditions are met",
@@ -76,8 +100,23 @@ example:
 	),
 	ArgsUsage: "[relay...]",
 	Action: func(ctx context.Context, c *cli.Command) error {
+		negentropy := c.Bool("ids-only") || c.IsSet("only-missing")
+		if negentropy {
+			if c.Bool("paginate") || c.Bool("stream") || c.Bool("outbox") {
+				return fmt.Errorf("negentropy is incompatible with --stream, --outbox or --paginate")
+			}
+		}
+
+		if c.Bool("paginate") && c.Bool("stream") {
+			return fmt.Errorf("incompatible flags --paginate and --stream")
+		}
+
+		if c.Bool("paginate") && c.Bool("outbox") {
+			return fmt.Errorf("incompatible flags --paginate and --outbox")
+		}
+
 		relayUrls := c.Args().Slice()
-		if len(relayUrls) > 0 {
+		if len(relayUrls) > 0 && !negentropy {
 			// this is used both for the normal AUTH (after "auth-required:" is received) or forced pre-auth
 			// connect to all relays we expect to use in this call in parallel
 			forcePreAuthSigner := authSigner
@@ -129,33 +168,163 @@ example:
 				return err
 			}

-			if len(relayUrls) > 0 {
-				if c.Bool("ids-only") {
-					seen := make(map[nostr.ID]struct{}, max(500, filter.Limit))
-					for _, url := range relayUrls {
-						ch, err := nip77.FetchIDsOnly(ctx, url, filter)
+			if len(relayUrls) > 0 || c.Bool("outbox") {
+				if negentropy {
+					store := &slicestore.SliceStore{}
+					store.Init()
+
+					if syncFile := c.String("only-missing"); syncFile != "" {
+						file, err := os.Open(syncFile)
 						if err != nil {
-							log("negentropy call to %s failed: %s", url, err)
-							continue
+							return fmt.Errorf("failed to open sync file: %w", err)
 						}
-						for id := range ch {
-							if _, ok := seen[id]; ok {
+						defer file.Close()
+						scanner := bufio.NewScanner(file)
+						scanner.Buffer(make([]byte, 16*1024*1024), 256*1024*1024)
+						for scanner.Scan() {
+							var evt nostr.Event
+							if err := easyjson.Unmarshal([]byte(scanner.Text()), &evt); err != nil {
 								continue
 							}
-							seen[id] = struct{}{}
-							stdout(id)
+							if err := store.SaveEvent(evt); err != nil || err == eventstore.ErrDupEvent {
+								continue
+							}
+						}
+						if err := scanner.Err(); err != nil {
+							return fmt.Errorf("failed to read sync file: %w", err)
+						}
+					}
+
+					target := PrintingQuerierPublisher{
+						QuerierPublisher: wrappers.StorePublisher{Store: store, MaxLimit: math.MaxInt},
+					}
+
+					var source nostr.Querier = nil
+					if c.IsSet("only-missing") {
+						source = target
+					}
+
+					handle := nip77.SyncEventsFromIDs
+
+					if c.Bool("ids-only") {
+						seen := make(map[nostr.ID]struct{}, max(500, filter.Limit))
+						handle = func(ctx context.Context, dir nip77.Direction) {
+							for id := range dir.Items {
+								if _, ok := seen[id]; ok {
+									continue
+								}
+								seen[id] = struct{}{}
+								stdout(id.Hex())
+							}
+						}
+					}
+
+					for _, url := range relayUrls {
+						err := nip77.NegentropySync(ctx, url, filter, source, target, handle)
+						if err != nil {
+							log("negentropy sync from %s failed: %s", url, err)
 						}
 					}
 				} else {
-					fn := sys.Pool.FetchMany
-					if c.Bool("paginate") {
-						fn = sys.Pool.PaginatorWithInterval(c.Duration("paginate-interval"))
-					} else if c.Bool("stream") {
-						fn = sys.Pool.SubscribeMany
+					var results chan nostr.RelayEvent
+					var closeds chan nostr.RelayClosed
+
+					opts := nostr.SubscriptionOptions{
+						Label: "nak-req",
 					}

-					for ie := range fn(ctx, relayUrls, filter, nostr.SubscriptionOptions{}) {
-						stdout(ie.Event)
+					if c.Bool("paginate") {
+						paginator := sys.Pool.PaginatorWithInterval(c.Duration("paginate-interval"))
+						results = paginator(ctx, relayUrls, filter, opts)
+					} else if c.Bool("outbox") {
+						defs := make([]nostr.DirectedFilter, 0, len(filter.Authors)*2)
+
+						// hardcoded relays, if any
+						for _, relayUrl := range relayUrls {
+							defs = append(defs, nostr.DirectedFilter{
+								Filter: filter,
+								Relay:  relayUrl,
+							})
+						}
+
+						// relays for each pubkey
+						errg := errgroup.Group{}
+						errg.SetLimit(16)
+						mu := sync.Mutex{}
+						for _, pubkey := range filter.Authors {
+							errg.Go(func() error {
+								n := int(c.Uint("outbox-relays-per-pubkey"))
+								for _, url := range sys.FetchOutboxRelays(ctx, pubkey, n) {
+									if slices.Contains(relayUrls, url) {
+										// already hardcoded, ignore
+										continue
+									}
+									if !nostr.IsValidRelayURL(url) {
+										continue
+									}
+
+									matchUrl := func(def nostr.DirectedFilter) bool { return def.Relay == url }
+									idx := slices.IndexFunc(defs, matchUrl)
+									if idx == -1 {
+										// new relay, add it
+										mu.Lock()
+										// check again after locking to prevent races
+										idx = slices.IndexFunc(defs, matchUrl)
+										if idx == -1 {
+											// then add it
+											filter := filter.Clone()
+											filter.Authors = []nostr.PubKey{pubkey}
+											defs = append(defs, nostr.DirectedFilter{
+												Filter: filter,
+												Relay:  url,
+											})
+											mu.Unlock()
+											continue // done with this relay url
+										}
+
+										// otherwise we'll just use the idx
+										mu.Unlock()
+									}
+
+									// existing relay, add this pubkey
+									defs[idx].Authors = append(defs[idx].Authors, pubkey)
+								}
+
+								return nil
+							})
+						}
+						errg.Wait()
+
+						if c.Bool("stream") {
+							results, closeds = sys.Pool.BatchedSubscribeManyNotifyClosed(ctx, defs, opts)
+						} else {
+							results, closeds = sys.Pool.BatchedQueryManyNotifyClosed(ctx, defs, opts)
+						}
+					} else {
+						if c.Bool("stream") {
+							results, closeds = sys.Pool.SubscribeManyNotifyClosed(ctx, relayUrls, filter, opts)
+						} else {
+							results, closeds = sys.Pool.FetchManyNotifyClosed(ctx, relayUrls, filter, opts)
+						}
+					}
+
+				readevents:
+					for {
+						select {
+						case ie, ok := <-results:
+							if !ok {
+								break readevents
+							}
+							stdout(ie.Event)
+						case closed := <-closeds:
+							if closed.HandledAuth {
+								logverbose("%s CLOSED: %s\n", closed.Relay.URL, closed.Reason)
+							} else {
+								log("%s CLOSED: %s\n", closed.Relay.URL, closed.Reason)
+							}
+						case <-ctx.Done():
+							break readevents
+						}
 					}
 				}
 			} else {
@@ -164,7 +333,7 @@ example:
 				if c.Bool("bare") {
 					result = filter.String()
 				} else {
-					j, _ := json.Marshal(nostr.ReqEnvelope{SubscriptionID: "nak", Filter: filter})
+					j, _ := json.Marshal(nostr.ReqEnvelope{SubscriptionID: "nak", Filters: []nostr.Filter{filter}})
 					result = string(j)
 				}

@@ -181,13 +350,13 @@ var reqFilterFlags = []cli.Flag{
 	&PubKeySliceFlag{
 		Name:     "author",
 		Aliases:  []string{"a"},
-		Usage:    "only accept events from these authors (pubkey as hex)",
+		Usage:    "only accept events from these authors",
 		Category: CATEGORY_FILTER_ATTRIBUTES,
 	},
 	&IDSliceFlag{
 		Name:     "id",
 		Aliases:  []string{"i"},
-		Usage:    "only accept events with these ids (hex)",
+		Usage:    "only accept events with these ids",
 		Category: CATEGORY_FILTER_ATTRIBUTES,
 	},
 	&cli.IntSliceFlag{
@@ -259,19 +428,19 @@ func applyFlagsToFilter(c *cli.Command, filter *nostr.Filter) error {
 	for _, tagFlag := range c.StringSlice("tag") {
 		spl := strings.SplitN(tagFlag, "=", 2)
 		if len(spl) == 2 {
-			tags = append(tags, spl)
+			tags = append(tags, []string{spl[0], decodeTagValue(spl[1])})
 		} else {
 			return fmt.Errorf("invalid --tag '%s'", tagFlag)
 		}
 	}
 	for _, etag := range c.StringSlice("e") {
-		tags = append(tags, []string{"e", etag})
+		tags = append(tags, []string{"e", decodeTagValue(etag)})
 	}
 	for _, ptag := range c.StringSlice("p") {
-		tags = append(tags, []string{"p", ptag})
+		tags = append(tags, []string{"p", decodeTagValue(ptag)})
 	}
 	for _, dtag := range c.StringSlice("d") {
-		tags = append(tags, []string{"d", dtag})
+		tags = append(tags, []string{"d", decodeTagValue(dtag)})
 	}

 	if len(tags) > 0 && filter.Tags == nil {
@@ -300,3 +469,18 @@ func applyFlagsToFilter(c *cli.Command, filter *nostr.Filter) error {

 	return nil
 }
+
+type PrintingQuerierPublisher struct {
+	nostr.QuerierPublisher
+}
+
+func (p PrintingQuerierPublisher) Publish(ctx context.Context, evt nostr.Event) error {
+	if err := p.QuerierPublisher.Publish(ctx, evt); err == nil {
+		stdout(evt)
+		return nil
+	} else if err == eventstore.ErrDupEvent {
+		return nil
+	} else {
+		return err
+	}
+}
--- a/serve.go
+++ b/serve.go
@@ -2,17 +2,24 @@ package main

 import (
 	"bufio"
+	"bytes"
 	"context"
 	"fmt"
+	"io"
+	"net/url"
 	"os"
+	"path/filepath"
 	"sync/atomic"
 	"time"

 	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/eventstore/slicestore"
 	"fiatjaf.com/nostr/khatru"
+	"fiatjaf.com/nostr/khatru/blossom"
+	"fiatjaf.com/nostr/khatru/grasp"
 	"github.com/bep/debounce"
 	"github.com/fatih/color"
+	"github.com/puzpuzpuz/xsync/v3"
 	"github.com/urfave/cli/v3"
 )

@@ -36,10 +43,31 @@ var serve = &cli.Command{
 			Usage:       "file containing the initial batch of events that will be served by the relay as newline-separated JSON (jsonl)",
 			DefaultText: "the relay will start empty",
 		},
+		&cli.BoolFlag{
+			Name:  "negentropy",
+			Usage: "enable negentropy syncing",
+		},
+		&cli.BoolFlag{
+			Name:  "grasp",
+			Usage: "enable grasp server",
+		},
+		&cli.StringFlag{
+			Name:      "grasp-path",
+			Usage:     "where to store the repositories",
+			TakesFile: true,
+			Hidden:    true,
+		},
+		&cli.BoolFlag{
+			Name:  "blossom",
+			Usage: "enable blossom server",
+		},
 	},
 	Action: func(ctx context.Context, c *cli.Command) error {
 		db := &slicestore.SliceStore{}

+		var blobStore *xsync.MapOf[string, []byte]
+		var repoDir string
+
 		var scanner *bufio.Scanner
 		if path := c.String("events"); path != "" {
 			f, err := os.Open(path)
@@ -71,7 +99,11 @@ var serve = &cli.Command{
 		rl.Info.Software = "https://github.com/fiatjaf/nak"
 		rl.Info.Version = version

-		rl.UseEventstore(db, 1_000_000)
+		rl.UseEventstore(db, 500)
+
+		if c.Bool("negentropy") {
+			rl.Negentropy = true
+		}

 		started := make(chan bool)
 		exited := make(chan error)
@@ -79,16 +111,70 @@ var serve = &cli.Command{
 		hostname := c.String("hostname")
 		port := int(c.Uint("port"))

+		var printStatus func()
+
+		if c.Bool("blossom") {
+			bs := blossom.New(rl, fmt.Sprintf("http://%s:%d", hostname, port))
+			bs.Store = blossom.NewMemoryBlobIndex()
+
+			blobStore = xsync.NewMapOf[string, []byte]()
+			bs.StoreBlob = func(ctx context.Context, sha256 string, ext string, body []byte) error {
+				blobStore.Store(sha256+ext, body)
+				log("    got %s %s\n", color.GreenString("blob stored"), sha256+ext)
+				printStatus()
+				return nil
+			}
+			bs.LoadBlob = func(ctx context.Context, sha256 string, ext string) (io.ReadSeeker, *url.URL, error) {
+				if body, ok := blobStore.Load(sha256 + ext); ok {
+					log("    got %s %s\n", color.BlueString("blob downloaded"), sha256+ext)
+					printStatus()
+					return bytes.NewReader(body), nil, nil
+				}
+				return nil, nil, nil
+			}
+			bs.DeleteBlob = func(ctx context.Context, sha256 string, ext string) error {
+				blobStore.Delete(sha256 + ext)
+				log("    got %s %s\n", color.RedString("blob deleted"), sha256+ext)
+				printStatus()
+				return nil
+			}
+		}
+
+		if c.Bool("grasp") {
+			repoDir = c.String("grasp-path")
+			if repoDir == "" {
+				var err error
+				repoDir, err = os.MkdirTemp("", "nak-serve-grasp-repos-")
+				if err != nil {
+					return fmt.Errorf("failed to create grasp repos directory: %w", err)
+				}
+			}
+			g := grasp.New(rl, repoDir)
+			g.OnRead = func(ctx context.Context, pubkey nostr.PubKey, repo string) (reject bool, reason string) {
+				log("    got %s %s %s\n", color.CyanString("git read"), pubkey.Hex(), repo)
+				printStatus()
+				return false, ""
+			}
+			g.OnWrite = func(ctx context.Context, pubkey nostr.PubKey, repo string) (reject bool, reason string) {
+				log("    got %s %s %s\n", color.YellowString("git write"), pubkey.Hex(), repo)
+				printStatus()
+				return false, ""
+			}
+		}
+
 		go func() {
 			err := rl.Start(hostname, port, started)
 			exited <- err
 		}()

-		var printStatus func()
-
 		// relay logging
 		rl.OnRequest = func(ctx context.Context, filter nostr.Filter) (reject bool, msg string) {
-			log("    got %s %v\n", color.HiYellowString("request"), colors.italic(filter))
+			negentropy := ""
+			if khatru.IsNegentropySession(ctx) {
+				negentropy = color.HiBlueString("negentropy ")
+			}
+
+			log("    got %s%s %v\n", negentropy, color.HiYellowString("request"), colors.italic(filter))
 			printStatus()
 			return false, ""
 		}
@@ -123,9 +209,36 @@ var serve = &cli.Command{
 				}
 				subs := rl.GetListeningFilters()

-				log("  %s events: %s, connections: %s, subscriptions: %s\n",
+				blossomMsg := ""
+				if c.Bool("blossom") {
+					blobsStored := blobStore.Size()
+					blossomMsg = fmt.Sprintf("blobs: %s, ",
+						color.HiMagentaString("%d", blobsStored),
+					)
+				}
+
+				graspMsg := ""
+				if c.Bool("grasp") {
+					gitAnnounced := 0
+					gitStored := 0
+					for evt := range db.QueryEvents(nostr.Filter{Kinds: []nostr.Kind{nostr.Kind(30617)}}, 500) {
+						gitAnnounced++
+						identifier := evt.Tags.GetD()
+						if info, err := os.Stat(filepath.Join(repoDir, identifier)); err == nil && info.IsDir() {
+							gitStored++
+						}
+					}
+					graspMsg = fmt.Sprintf("git announced: %s, git stored: %s, ",
+						color.HiMagentaString("%d", gitAnnounced),
+						color.HiMagentaString("%d", gitStored),
+					)
+				}
+
+				log("  %s events: %s, %s%sconnections: %s, subscriptions: %s\n",
 					color.HiMagentaString("•"),
 					color.HiMagentaString("%d", totalEvents),
+					blossomMsg,
+					graspMsg,
 					color.HiMagentaString("%d", totalConnections.Load()),
 					color.HiMagentaString("%d", len(subs)),
 				)
@@ -133,7 +246,11 @@ var serve = &cli.Command{
 		}

 		<-started
-		log("%s relay running at %s\n", color.HiRedString(">"), colors.boldf("ws://%s:%d", hostname, port))
+		log("%s relay running at %s", color.HiRedString(">"), colors.boldf("ws://%s:%d", hostname, port))
+		if c.Bool("grasp") {
+			log(" (grasp repos at %s)", repoDir)
+		}
+		log("\n")

 		return <-exited
 	},
--- a/sync.go
+++ b/sync.go
@@ -0,0 +1,464 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"sync"
+
+	"fiatjaf.com/nostr"
+	"fiatjaf.com/nostr/nip77"
+	"fiatjaf.com/nostr/nip77/negentropy"
+	"fiatjaf.com/nostr/nip77/negentropy/storage"
+	"github.com/urfave/cli/v3"
+)
+
+var syncCmd = &cli.Command{
+	Name:        "sync",
+	Usage:       "sync events between two relays using negentropy",
+	Description: `uses nip77 negentropy to sync events between two relays`,
+	ArgsUsage:   "<relay1> <relay2>",
+	Flags:       reqFilterFlags,
+	Action: func(ctx context.Context, c *cli.Command) error {
+		args := c.Args().Slice()
+		if len(args) != 2 {
+			return fmt.Errorf("need exactly two relay URLs: source and target")
+		}
+
+		filter := nostr.Filter{}
+		if err := applyFlagsToFilter(c, &filter); err != nil {
+			return err
+		}
+
+		peerA, err := NewRelayThirdPartyRemote(ctx, args[0])
+		if err != nil {
+			return fmt.Errorf("error setting up %s: %w", args[0], err)
+		}
+
+		peerB, err := NewRelayThirdPartyRemote(ctx, args[1])
+		if err != nil {
+			return fmt.Errorf("error setting up %s: %w", args[1], err)
+		}
+
+		tpn := NewThirdPartyNegentropy(
+			peerA,
+			peerB,
+			filter,
+		)
+
+		wg := sync.WaitGroup{}
+
+		wg.Go(func() {
+			err = tpn.Run(ctx)
+		})
+
+		wg.Go(func() {
+			type op struct {
+				src *nostr.Relay
+				dst *nostr.Relay
+				ids []nostr.ID
+			}
+
+			pending := []op{
+				{peerA.relay, peerB.relay, make([]nostr.ID, 0, 30)},
+				{peerB.relay, peerA.relay, make([]nostr.ID, 0, 30)},
+			}
+
+			for delta := range tpn.Deltas {
+				have := delta.Have.relay
+				havenot := delta.HaveNot.relay
+				logverbose("%s has %s, %s doesn't.\n", have.URL, delta.ID.Hex(), havenot.URL)
+
+				idx := 0 // peerA
+				if have == peerB.relay {
+					idx = 1 // peerB
+				}
+				pending[idx].ids = append(pending[idx].ids, delta.ID)
+
+				// every 30 ids do a fetch-and-publish
+				if len(pending[idx].ids) == 30 {
+					for evt := range pending[idx].src.QueryEvents(nostr.Filter{IDs: pending[idx].ids}) {
+						pending[idx].dst.Publish(ctx, evt)
+					}
+					pending[idx].ids = pending[idx].ids[:0]
+				}
+			}
+
+			// do it for the remaining ids
+			for _, op := range pending {
+				if len(op.ids) > 0 {
+					for evt := range op.src.QueryEvents(nostr.Filter{IDs: op.ids}) {
+						op.dst.Publish(ctx, evt)
+					}
+				}
+			}
+		})
+
+		wg.Wait()
+
+		return err
+	},
+}
+
+type ThirdPartyNegentropy struct {
+	PeerA  *RelayThirdPartyRemote
+	PeerB  *RelayThirdPartyRemote
+	Filter nostr.Filter
+
+	Deltas chan Delta
+}
+
+type Delta struct {
+	ID      nostr.ID
+	Have    *RelayThirdPartyRemote
+	HaveNot *RelayThirdPartyRemote
+}
+
+type boundKey string
+
+func getBoundKey(b negentropy.Bound) boundKey {
+	return boundKey(fmt.Sprintf("%d:%x", b.Timestamp, b.IDPrefix))
+}
+
+type RelayThirdPartyRemote struct {
+	relay    *nostr.Relay
+	messages chan string
+	err      error
+}
+
+func NewRelayThirdPartyRemote(ctx context.Context, url string) (*RelayThirdPartyRemote, error) {
+	rtpr := &RelayThirdPartyRemote{
+		messages: make(chan string, 3),
+	}
+
+	var err error
+	rtpr.relay, err = nostr.RelayConnect(ctx, url, nostr.RelayOptions{
+		CustomHandler: func(data string) {
+			envelope := nip77.ParseNegMessage(data)
+			if envelope == nil {
+				return
+			}
+			switch env := envelope.(type) {
+			case *nip77.OpenEnvelope, *nip77.CloseEnvelope:
+				rtpr.err = fmt.Errorf("unexpected %s received from relay", env.Label())
+				return
+			case *nip77.ErrorEnvelope:
+				rtpr.err = fmt.Errorf("relay returned a %s: %s", env.Label(), env.Reason)
+				return
+			case *nip77.MessageEnvelope:
+				rtpr.messages <- env.Message
+			}
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return rtpr, nil
+}
+
+func (rtpr *RelayThirdPartyRemote) SendInitialMessage(filter nostr.Filter, msg string) error {
+	msgj, _ := json.Marshal(nip77.OpenEnvelope{
+		SubscriptionID: "sync3",
+		Filter:         filter,
+		Message:        msg,
+	})
+	return rtpr.relay.WriteWithError(msgj)
+}
+
+func (rtpr *RelayThirdPartyRemote) SendMessage(msg string) error {
+	msgj, _ := json.Marshal(nip77.MessageEnvelope{
+		SubscriptionID: "sync3",
+		Message:        msg,
+	})
+	return rtpr.relay.WriteWithError(msgj)
+}
+
+func (rtpr *RelayThirdPartyRemote) SendClose() error {
+	msgj, _ := json.Marshal(nip77.CloseEnvelope{
+		SubscriptionID: "sync3",
+	})
+	return rtpr.relay.WriteWithError(msgj)
+}
+
+var thirdPartyRemoteEndOfMessages = errors.New("the-end")
+
+func (rtpr *RelayThirdPartyRemote) Receive() (string, error) {
+	if rtpr.err != nil {
+		return "", rtpr.err
+	}
+	if msg, ok := <-rtpr.messages; ok {
+		return msg, nil
+	}
+	return "", thirdPartyRemoteEndOfMessages
+}
+
+func NewThirdPartyNegentropy(peerA, peerB *RelayThirdPartyRemote, filter nostr.Filter) *ThirdPartyNegentropy {
+	return &ThirdPartyNegentropy{
+		PeerA:  peerA,
+		PeerB:  peerB,
+		Filter: filter,
+		Deltas: make(chan Delta, 100),
+	}
+}
+
+func (n *ThirdPartyNegentropy) Run(ctx context.Context) error {
+	peerAIds := make(map[nostr.ID]struct{})
+	peerBIds := make(map[nostr.ID]struct{})
+	peerASkippedBounds := make(map[boundKey]struct{})
+	peerBSkippedBounds := make(map[boundKey]struct{})
+
+	// send an empty message to A to start things up
+	initialMsg := createInitialMessage()
+	err := n.PeerA.SendInitialMessage(n.Filter, initialMsg)
+	if err != nil {
+		return err
+	}
+
+	hasSentInitialMessageToB := false
+
+	for {
+		// receive message from A
+		msgA, err := n.PeerA.Receive()
+		if err != nil {
+			return err
+		}
+		msgAb, _ := nostr.HexDecodeString(msgA)
+		if len(msgAb) == 1 {
+			break
+		}
+
+		msgToB, err := parseMessageBuildNext(
+			msgA,
+			peerBSkippedBounds,
+			func(id nostr.ID) {
+				if _, exists := peerBIds[id]; exists {
+					delete(peerBIds, id)
+				} else {
+					peerAIds[id] = struct{}{}
+				}
+			},
+			func(boundKey boundKey) {
+				peerASkippedBounds[boundKey] = struct{}{}
+			},
+		)
+		if err != nil {
+			return err
+		}
+
+		// emit deltas from B after receiving message from A
+		for id := range peerBIds {
+			select {
+			case n.Deltas <- Delta{ID: id, Have: n.PeerB, HaveNot: n.PeerA}:
+			case <-ctx.Done():
+				return context.Cause(ctx)
+			}
+			delete(peerBIds, id)
+		}
+
+		if len(msgToB) == 2 {
+			// exit condition (no more messages to send)
+			break
+		}
+
+		// send message to B
+		if hasSentInitialMessageToB {
+			err = n.PeerB.SendMessage(msgToB)
+		} else {
+			err = n.PeerB.SendInitialMessage(n.Filter, msgToB)
+			hasSentInitialMessageToB = true
+		}
+		if err != nil {
+			return err
+		}
+
+		// receive message from B
+		msgB, err := n.PeerB.Receive()
+		if err != nil {
+			return err
+		}
+		msgBb, _ := nostr.HexDecodeString(msgB)
+		if len(msgBb) == 1 {
+			break
+		}
+
+		msgToA, err := parseMessageBuildNext(
+			msgB,
+			peerASkippedBounds,
+			func(id nostr.ID) {
+				if _, exists := peerAIds[id]; exists {
+					delete(peerAIds, id)
+				} else {
+					peerBIds[id] = struct{}{}
+				}
+			},
+			func(boundKey boundKey) {
+				peerBSkippedBounds[boundKey] = struct{}{}
+			},
+		)
+		if err != nil {
+			return err
+		}
+
+		// emit deltas from A after receiving message from B
+		for id := range peerAIds {
+			select {
+			case n.Deltas <- Delta{ID: id, Have: n.PeerA, HaveNot: n.PeerB}:
+			case <-ctx.Done():
+				return context.Cause(ctx)
+			}
+			delete(peerAIds, id)
+		}
+
+		if len(msgToA) == 2 {
+			// exit condition (no more messages to send)
+			break
+		}
+
+		// send message to A
+		err = n.PeerA.SendMessage(msgToA)
+		if err != nil {
+			return err
+		}
+	}
+
+	// emit remaining deltas before exit
+	for id := range peerAIds {
+		select {
+		case n.Deltas <- Delta{ID: id, Have: n.PeerA, HaveNot: n.PeerB}:
+		case <-ctx.Done():
+			return context.Cause(ctx)
+		}
+	}
+	for id := range peerBIds {
+		select {
+		case n.Deltas <- Delta{ID: id, Have: n.PeerB, HaveNot: n.PeerA}:
+		case <-ctx.Done():
+			return context.Cause(ctx)
+		}
+	}
+
+	n.PeerA.SendClose()
+	n.PeerB.SendClose()
+	close(n.Deltas)
+
+	return nil
+}
+
+func createInitialMessage() string {
+	output := bytes.NewBuffer(make([]byte, 0, 64))
+	output.WriteByte(negentropy.ProtocolVersion)
+
+	dummy := negentropy.BoundWriter{}
+	dummy.WriteBound(output, negentropy.InfiniteBound)
+	output.WriteByte(byte(negentropy.FingerprintMode))
+
+	// hardcoded random fingerprint
+	fingerprint := [negentropy.FingerprintSize]byte{
+		0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+		0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+	}
+	output.Write(fingerprint[:])
+
+	return nostr.HexEncodeToString(output.Bytes())
+}
+
+func parseMessageBuildNext(
+	msg string,
+	skippedBounds map[boundKey]struct{},
+	idCallback func(id nostr.ID),
+	skipCallback func(boundKey boundKey),
+) (string, error) {
+	msgb, err := nostr.HexDecodeString(msg)
+	if err != nil {
+		return "", err
+	}
+
+	br := &negentropy.BoundReader{}
+	bw := &negentropy.BoundWriter{}
+
+	nextMsg := bytes.NewBuffer(make([]byte, 0, len(msgb)))
+	acc := &storage.Accumulator{} // this will be used for building our own fingerprints and also as a placeholder
+
+	reader := bytes.NewReader(msgb)
+	pv, err := reader.ReadByte()
+	if err != nil {
+		return "", err
+	}
+	if pv != negentropy.ProtocolVersion {
+		return "", fmt.Errorf("unsupported protocol version %v", pv)
+	}
+
+	nextMsg.WriteByte(pv)
+
+	for reader.Len() > 0 {
+		bound, err := br.ReadBound(reader)
+		if err != nil {
+			return "", err
+		}
+
+		modeVal, err := negentropy.ReadVarInt(reader)
+		if err != nil {
+			return "", err
+		}
+		mode := negentropy.Mode(modeVal)
+
+		switch mode {
+		case negentropy.SkipMode:
+			skipCallback(getBoundKey(bound))
+			if _, skipped := skippedBounds[getBoundKey(bound)]; !skipped {
+				bw.WriteBound(nextMsg, bound)
+				negentropy.WriteVarInt(nextMsg, int(negentropy.SkipMode))
+			}
+
+		case negentropy.FingerprintMode:
+			_, err = reader.Read(acc.Buf[0:negentropy.FingerprintSize] /* use this buffer as a dummy */)
+			if err != nil {
+				return "", err
+			}
+
+			if _, skipped := skippedBounds[getBoundKey(bound)]; !skipped {
+				bw.WriteBound(nextMsg, bound)
+				negentropy.WriteVarInt(nextMsg, int(negentropy.FingerprintMode))
+				nextMsg.Write(acc.Buf[0:negentropy.FingerprintSize] /* idem */)
+			}
+		case negentropy.IdListMode:
+			// when receiving an idlist we will never send this bound again to this peer
+			skipCallback(getBoundKey(bound))
+
+			// and instead of sending these ids to the other peer we'll send a fingerprint
+			acc.Reset()
+
+			numIds, err := negentropy.ReadVarInt(reader)
+			if err != nil {
+				return "", err
+			}
+
+			for range numIds {
+				id := nostr.ID{}
+
+				_, err = reader.Read(id[:])
+				if err != nil {
+					return "", err
+				}
+
+				idCallback(id)
+
+				acc.AddBytes(id[:])
+			}
+
+			if _, skipped := skippedBounds[getBoundKey(bound)]; !skipped {
+				fingerprint := acc.GetFingerprint(numIds)
+
+				bw.WriteBound(nextMsg, bound)
+				negentropy.WriteVarInt(nextMsg, int(negentropy.FingerprintMode))
+				nextMsg.Write(fingerprint[:])
+			}
+		default:
+			return "", fmt.Errorf("unknown mode %v", mode)
+		}
+	}
+
+	return nostr.HexEncodeToString(nextMsg.Bytes()), nil
+}
--- a/verify.go
+++ b/verify.go
@@ -9,31 +9,41 @@ import (

 var verify = &cli.Command{
 	Name:  "verify",
-	Usage: "checks the hash and signature of an event given through stdin",
+	Usage: "checks the hash and signature of an event given through stdin or as the first argument",
 	Description: `example:
 		echo '{"id":"a889df6a387419ff204305f4c2d296ee328c3cd4f8b62f205648a541b4554dfb","pubkey":"c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5","created_at":1698623783,"kind":1,"tags":[],"content":"hello from the nostr army knife","sig":"84876e1ee3e726da84e5d195eb79358b2b3eaa4d9bd38456fde3e8a2af3f1cd4cda23f23fda454869975b3688797d4c66e12f4c51c1b43c6d2997c5e61865661"}' | nak verify

 it outputs nothing if the verification is successful.`,
 	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
-		for stdinEvent := range getStdinLinesOrArguments(c.Args()) {
+		for stdinEvent := range getJsonsOrBlank() {
 			evt := nostr.Event{}
-			if stdinEvent != "" {
-				if err := json.Unmarshal([]byte(stdinEvent), &evt); err != nil {
-					ctx = lineProcessingError(ctx, "invalid event: %s", err)
+			if stdinEvent == "" {
+				stdinEvent = c.Args().First()
+				if stdinEvent == "" {
 					continue
 				}
 			}

+			if err := json.Unmarshal([]byte(stdinEvent), &evt); err != nil {
+				ctx = lineProcessingError(ctx, "invalid event: %s", err)
+				logverbose("<>: invalid event.\n", evt.ID.Hex())
+				continue
+			}
+
 			if evt.GetID() != evt.ID {
 				ctx = lineProcessingError(ctx, "invalid .id, expected %s, got %s", evt.GetID(), evt.ID)
+				logverbose("%s: invalid id.\n", evt.ID.Hex())
 				continue
 			}

 			if !evt.VerifySignature() {
 				ctx = lineProcessingError(ctx, "invalid signature")
+				logverbose("%s: invalid signature.\n", evt.ID.Hex())
 				continue
 			}
+
+			logverbose("%s: valid.\n", evt.ID.Hex())
 		}

 		exitIfLineProcessingError(ctx)
--- a/wallet.go
+++ b/wallet.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strconv"
 	"strings"

@@ -33,6 +34,24 @@ func prepareWallet(ctx context.Context, c *cli.Command) (*nip60.Wallet, func(),
 	w.Processed = func(evt nostr.Event, err error) {
 		if err == nil {
 			logverbose("processed event %s\n", evt)
+
+			if c.Bool("stream") {
+				// after EOSE log updates and the new balance
+				select {
+				case <-w.Stable:
+					switch evt.Kind {
+					case 5:
+						log("- token deleted\n")
+					case 7375:
+						log("- token added\n")
+					default:
+						return
+					}
+
+					log("  balance: %d\n", w.Balance())
+				default:
+				}
+			}
 		} else {
 			log("error processing event %s: %s\n", evt, err)
 		}
@@ -86,15 +105,25 @@ var wallet = &cli.Command{
 	Usage:                     "displays the current wallet balance",
 	Description:               "all wallet data is stored on Nostr relays, signed and encrypted with the given key, and reloaded again from relays on every call.\n\nthe same data can be accessed by other compatible nip60 clients.",
 	DisableSliceFlagSeparator: true,
-	Flags:                     defaultKeyFlags,
+	Flags: append(defaultKeyFlags,
+		&cli.BoolFlag{
+			Name:  "stream",
+			Usage: "keep listening for wallet-related events and logging them",
+		},
+	),
 	Action: func(ctx context.Context, c *cli.Command) error {
 		w, closew, err := prepareWallet(ctx, c)
 		if err != nil {
 			return err
 		}

+		log("balance: ")
 		stdout(w.Balance())

+		if c.Bool("stream") {
+			<-ctx.Done() // this will hang forever
+		}
+
 		closew()
 		return nil
 	},
@@ -172,6 +201,35 @@ var wallet = &cli.Command{
 				closew()
 				return nil
 			},
+			Commands: []*cli.Command{
+				{
+					Name:                      "drop",
+					Usage:                     "deletes a token from the wallet",
+					DisableSliceFlagSeparator: true,
+					ArgsUsage:                 "<id>...",
+					Action: func(ctx context.Context, c *cli.Command) error {
+						ids := c.Args().Slice()
+						if len(ids) == 0 {
+							return fmt.Errorf("no token ids specified")
+						}
+
+						w, closew, err := prepareWallet(ctx, c)
+						if err != nil {
+							return err
+						}
+
+						for _, token := range w.Tokens {
+							if slices.Contains(ids, token.ID()) {
+								w.DropToken(ctx, token.ID())
+								log("dropped %s %d %s\n", token.ID(), token.Proofs.Amount(), strings.Split(token.Mint, "://")[1])
+							}
+						}
+
+						closew()
+						return nil
+					},
+				},
+			},
 		},
 		{
 			Name:                      "receive",
Author	SHA1	Message	Date
fiatjaf	a83b23d76b	add nak git demo to README.	2025-12-05 22:15:08 -03:00
fiatjaf	a288cc47a4	add example of compilation with `-tags debug` to README.	2025-12-05 22:09:22 -03:00
fiatjaf	5ee7670ba8	req: fix infinite loop when events channel is exhausted.	2025-12-04 13:21:43 -03:00
fiatjaf	b973b476bc	req: print CLOSED messages.	2025-12-04 09:24:36 -03:00
fiatjaf	252612b12f	add pee trick.	2025-12-04 08:46:20 -03:00
fiatjaf	4b8b6bb3de	dekey: nip4e (untested).	2025-12-03 23:08:59 -03:00
fiatjaf	df491be232	serve: --grasp-path (hidden).	2025-12-02 15:53:18 -03:00
fiatjaf	1dab81f77c	add examples to README.	2025-12-01 21:16:01 -03:00
fiatjaf	11228d7082	gift-wrap.	2025-12-01 21:02:20 -03:00
fiatjaf	a422b5f708	sync command for using a negentropy hack to sync two relays with each other. closes https://github.com/fiatjaf/nak/issues/84	2025-12-01 20:33:18 -03:00
fiatjaf	852fe6bdfb	git: more resiliency when updating nip34.json	2025-11-30 22:21:56 -03:00
fiatjaf	210cf66d5f	git: fix a bunch of small bugs.	2025-11-30 08:57:27 -03:00
fiatjaf	f9335b0ab4	git: fetch repo from owner+identifier on init, and other things.	2025-11-27 23:59:46 -03:00
fiatjaf	16916d7d95	nip: display markdown directly, default to list.	2025-11-27 12:14:02 -03:00
fiatjaf	3ff4dbe196	force update golang version. fixes nostr:nevent1qvzqqqqqqypzqwlsccluhy6xxsr6l9a9uhhxf75g85g8a709tprjcn4e42h053vaqydhwumn8ghj7un9d3shjtnhv4ehgetjde38gcewvdhk6tcprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsqgzdaekrxfhwrex49f6htd7rvmnfxs40ypga9mx7hvssaz347mxees2gpdzr	2025-11-27 07:06:53 -03:00
reis	2de3ff78ee	Add `nip` command (#83 )	2025-11-26 09:02:47 -03:00
fiatjaf	03c1bf832e	fix README misformatting.	2025-11-25 22:44:03 -03:00
fiatjaf	8df130a822	git: handle "pull" modes correctly and stop deleting and recreating remotes all the time.	2025-11-25 14:51:24 -03:00
fiatjaf	e04861fcee	git: allow gitSync to not fail if the state is broken.	2025-11-25 14:51:24 -03:00
Yasuhiro Matsumoto	73d80203a0	fix error message	2025-11-25 14:35:16 -03:00
fiatjaf	c3cb59a94a	git: move things around, allow for nil state as a possible value, fix syncing when repository is not announced yet.	2025-11-24 23:33:07 -03:00
fiatjaf	59edaba5b8	git: much nicer prompts on "init".	2025-11-24 15:46:44 -03:00
fiatjaf	11a690b1c6	git: fix sync publishing wrong repo event and always being mismatched.	2025-11-24 06:37:42 -03:00
fiatjaf	9f8679591e	git: remove unused gitAnnounce.	2025-11-23 21:33:32 -03:00
fiatjaf	75c1a88333	git: push needed to update refs from the state after pushing.	2025-11-23 21:33:19 -03:00
fiatjaf	26fc7c338a	git: nip34.json into repository object helpers.	2025-11-23 21:32:33 -03:00
fiatjaf	ddc009a391	git: rework it to be more git-native and expose the internals more in a cool way.	2025-11-23 18:01:25 -03:00
fiatjaf	68e49fa6e5	git: fix the local/remote madness finally I think.	2025-11-23 14:50:19 -03:00
fiatjaf	79c1a70683	git: cleanup.	2025-11-21 23:25:23 -03:00
fiatjaf	77afab780b	git: fetch and pull (wip).	2025-11-21 20:01:55 -03:00
fiatjaf	a4f53021f0	add examples for newer use cases.	2025-11-21 20:01:55 -03:00
fiatjaf	afa31a58fc	serve: --negentropy	2025-11-21 20:01:55 -03:00
fiatjaf	26f9b33d53	git clone	2025-11-20 23:51:45 -03:00
fiatjaf	51876f89c4	git: nicer logs and fix announce to update only and all outdated relays.	2025-11-19 00:29:30 -03:00
fiatjaf	ae3cb7c108	serve: blossom and grasp support.	2025-11-19 00:29:30 -03:00
fiatjaf	bec821d3c0	build with latest nostrlib. we had to do this git thing just so we could publish nostrlib to grasp servers and make it downloadable as a dependency, now finally.	2025-11-18 11:57:16 -03:00
fiatjaf	5d7240b112	git betterments with remote and branch determination, force-push and fast-forward check.	2025-11-18 08:14:12 -03:00
Lez	bbe1661096	Don't emit hello event if no events were received from stdin When running `nak req ... relay.one \| nak event relay.two`, if the first req doesn't return any events, the second nak should not publish a "hello from nostr army knife" note to the second relay as it is clearly not the intention. `nak event relay.two` behavior is unchanged, it will publish the hello.	2025-11-18 08:13:47 -03:00
fiatjaf	ea4ad84aa0	"nak git" command with "init", "announce" and "push".	2025-11-17 13:05:47 -03:00
fiatjaf	85a04aa7ce	req --only-missing for negentropy downloading.	2025-11-13 16:16:34 -03:00
fiatjaf	e0ca768695	also parse npub/nevent/naddr when used as tag values, turn them into their corresponding hex or address format.	2025-11-11 16:32:14 -03:00
fiatjaf	bef3739a67	accept npub/nprofile/nevent instead of just hex in flags.	2025-11-11 15:58:53 -03:00
fiatjaf	210c0aa282	update nostrlib again, mostly for the blossom client timeout issue.	2025-11-04 09:18:21 -03:00
fiatjaf	2758285d51	update nostrlib.	2025-09-08 11:11:07 -03:00
fiatjaf	ecb7f8f195	event: renew relay connection before publishing if necessary.	2025-09-07 18:56:51 -03:00
fiatjaf	9251702460	query batching on nak req --outbox.	2025-09-06 22:21:11 -03:00
fiatjaf	13452e6916	fix nostrlib dependency.	2025-09-06 07:39:25 -03:00
fiatjaf	cdd64e340f	nak req --outbox	2025-09-05 17:12:21 -03:00
fiatjaf	3b4d6046cf	nak admin: for nip86 management (the previous command was broken).	2025-09-04 13:04:13 -03:00
fiatjaf	bf1690a041	get rid of badger, replace with bolt, following nostrlib.	2025-09-03 21:37:03 -03:00
fiatjaf	88031c888b	wallet --stream	2025-08-29 16:25:41 -03:00
fiatjaf	6f0e777324	wallet tokens drop	2025-08-29 16:25:38 -03:00
fiatjaf	b316646821	new release with updated dependencies.	2025-08-18 21:01:52 -03:00
fiatjaf	d3975679e4	add labels to subscriptions for easier debugging.	2025-08-14 13:28:15 -03:00
fiatjaf	23e27da077	use isatty for detecting stuff for the fancy output (it doesn't work).	2025-08-14 13:28:15 -03:00
fiatjaf	1a221a133c	cleanup and fix readme.	2025-08-14 13:28:15 -03:00
George	a698c59b0b	fix build on OpenBSD	2025-07-23 16:11:57 -03:00
fiatjaf	87bf5ef446	fix nak blossom list stupid segfault.	2025-07-17 20:00:03 -03:00
fiatjaf	7c58948924	verify: better handling of stdout and verbose logging output. fixes: https://github.com/fiatjaf/nak/issues/74	2025-07-17 16:14:36 -03:00
fiatjaf	ff02e6890b	adapt to nostr lib websocket refactor commit (which includes the filters thing).	2025-07-11 13:02:06 -03:00
fiatjaf	fb377f4775	reword some things.	2025-07-05 11:14:29 -03:00
Anthony Accioly	b1114766e5	docs(readme): update caution note with encryption guidance - Revise the caution note to include instructions for encrypting private keys using NIP-49.	2025-07-04 14:45:38 -03:00
Anthony Accioly	e0febbf190	docs(readme): remove outdated contributing section - Delete the outdated contributing section referencing NIP-34.	2025-07-04 14:45:38 -03:00
Anthony Accioly	2d2e657778	docs(readme): caution note on plaintext credential storage - Add a warning about credentials being stored in plain text when using `--persist`.	2025-07-04 14:45:38 -03:00
Anthony Accioly	d32654447a	feat(bunker): add QR code generation for bunker URI - Add `--qrcode` flag to display a QR code for the bunker URI. - Update `README.md` with usage instructions for the new flag. - Include `qrterminal` dependency for QR code generation.	2025-07-04 14:45:38 -03:00
mplorentz	fea23aecc3	Add Dockerfile I added this so that I could run a nak bunker on my server alongside my other containers. Thought it might be useful for others.	2025-07-02 23:28:40 -03:00
fiatjaf	cc526acb10	bunker: fix overwriting all keys always with default.	2025-07-01 15:52:44 -03:00
fiatjaf	fd19855543	remove a dangling print statement.	2025-07-01 12:43:04 -03:00
fiatjaf	ecfe3a298e	add persisted bunker and filter examples to readme.	2025-07-01 12:42:57 -03:00
fiatjaf	9c5f68a955	bunker: fix handling of provided and stored secret keys.	2025-07-01 12:36:54 -03:00
fiatjaf	0aef173e8b	nak bunker --persist/--profile	2025-07-01 11:40:34 -03:00
fiatjaf	6e4a546212	release with fixes.	2025-06-27 16:34:59 -03:00
fiatjaf	55c9d4ee45	remove the bunker context timeout because it causes the entire bunker to disconnect.	2025-06-27 16:28:21 -03:00
fiatjaf	550c89d8d7	slightly improve some error messages.	2025-06-27 13:50:28 -03:00
fiatjaf	1e9be3ed84	nak filter	2025-06-27 13:49:40 -03:00
fiatjaf	79cbc57dde	fix main command error handler printing wrongly formatted stuff.	2025-06-27 13:48:07 -03:00
fiatjaf	1e237b4c42	do not fill .Content when "content" is received empty from stdin. fixes https://github.com/fiatjaf/nak/issues/71	2025-06-23 17:57:45 -03:00
fiatjaf	89ec8b9822	simplify README about $NOSTR_CLIENT_KEY.	2025-06-20 21:06:42 -03:00
Anthony Accioly	fba83ea39e	docs(readme): clarify NIP-46 signing with remote bunker - Add example linking to Amber for NIP-46 bunker usage. - Include note on setting `NOSTR_CLIENT_KEY`	2025-06-20 21:02:57 -03:00
Anthony Accioly	bd5569955c	fix(helpers): add timeout and verbose logging for bunker connection - Add a 10-second timeout to the bunker connection process using context - Include detailed verbose logging for debugging.	2025-06-20 21:02:57 -03:00
Rui Chen	35ea2582d8	fix: update go.sum to fix build Signed-off-by: Rui Chen <rui@chenrui.dev>	2025-06-20 16:24:15 -03:00