update dependencies, includes authenticated blossom blob uploads.

small fixes on dvm flags and stuff.
preliminary (broken) dvm support.
2025-12-08 16:48:51 +00:00 · 2025-03-07 10:23:52 -03:00 · 2025-03-06 08:06:27 -03:00 · 2025-03-05 22:01:24 -03:00 · 2025-03-05 00:37:42 -03:00 · 2025-03-03 16:29:20 -03:00
29 changed files with 2861 additions and 732 deletions
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@@ -25,10 +25,20 @@ jobs:
    strategy:
      matrix:
        goos: [linux, freebsd, darwin, windows]
-        goarch: [amd64, arm64]
+        goarch: [arm, amd64, arm64, riscv64]
        exclude:
          - goarch: arm64
            goos: windows
+          - goarch: riscv64
+            goos: windows
+          - goarch: riscv64
+            goos: darwin
+          - goarch: arm
+            goos: windows
+          - goarch: arm
+            goos: darwin
+          - goarch: arm
+            goos: freebsd
    steps:
      - uses: actions/checkout@v3
      - uses: wangyoucao577/go-release-action@v1.40
@@ -36,6 +46,7 @@ jobs:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          goos: ${{ matrix.goos }}
          goarch: ${{ matrix.goarch }}
+          ldflags: -X main.version=${{ github.ref_name }}
          overwrite: true
          md5sum: false
          sha256sum: false
--- a/README.md
+++ b/README.md
@@ -173,6 +173,62 @@ listening at [wss://relay.damus.io wss://nos.lol wss://relay.nsecbunker.com]:
 {"kind":1,"id":"f030fccd90c783858dfcee204af94826cf0f1c85d6fc85a0087e9e5172419393","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1719677535,"tags":[["-"],["e","f59911b561c37c90b01e9e5c2557307380835c83399756f4d62d8167227e420a","wss://relay.whatever.com","root","a9e0f110f636f3191644110c19a33448daf09d7cda9708a769e91b7e91340208"],["p","a9e0f110f636f3191644110c19a33448daf09d7cda9708a769e91b7e91340208","wss://p-relay.com"]],"content":"I know the future","sig":"8b36a74e29df8bc12bed66896820da6940d4d9409721b3ed2e910c838833a178cb45fd5bb1c6eb6adc66ab2808bfac9f6644a2c55a6570bb2ad90f221c9c7551"}
 ```

+### download the latest 50000 notes from a relay, regardless of their natural query limits, by paginating requests
+```shell
+~> nak req -k 1 --limit 50000 --paginate --paginate-interval 2s nos.lol > events.jsonl
+~> wc -l events.jsonl
+50000 events.jsonl
+```
+
+### run a somewhat verbose local relay for test purposes
+```shell
+~> nak serve
+> relay running at ws://localhost:10547
+    got request {"kinds":[1],"authors":["79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"],"since":1724082362}
+    got event {"kind":1,"id":"e3c6bf630d6deea74c0ee2f7f7ba6da55a627498a32f1e72029229bb1810bce3","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1724082366,"tags":[],"content":"two","sig":"34261cf226c3fee2df24e55a89f43f5349c98a64bce46bdc46807b0329f334cea93e9e8bc285c1259a5684cf23f5e507c8e6dad47a31a6615d706b1130d09e69"}
+    got event {"kind":1,"id":"0bbb397c8f87ae557650b9d6ee847292df8e530c458ffea1b24bdcb7bed0ec5e","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1724082369,"tags":[],"content":"three","sig":"aa1cb7d5f0f03f358fc4c0a4351a4f1c66e3a7627021b618601c56ba598b825b6d95d9c8720a4c60666a7eb21e17018cf326222f9f574a9396f2f2da7f007546"}
+  • events stored: 2, subscriptions opened: 1
+    got event {"kind":1,"id":"029ebff759dd54dbd01b929f879fea5802de297e1c3768ca16d9b97cc8bca38f","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1724082371,"tags":[],"content":"four","sig":"9816de517d87d4c3ede57c1c50e3c237486794241afadcd891e1acbba2c5e672286090e6ad3402b047d69bae8095bc4e20e57ac70d92386dfa26db216379330f"}
+    got event {"kind":1,"id":"fe6489fa6fbb925be839377b9b7049d73be755dc2bdad97ff6dd9eecbf8b3a32","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1724082383,"tags":[],"content":"five","sig":"865ce5e32eead5bdb950ac1fbc55bc92dde26818ee3136634538ec42914de179a51e672c2d4269d4362176e5e8cd5e08e69b35b91c6c2af867e129b93d607635"}
+    got request {"kinds":[30818]}
+  • events stored: 4, subscriptions opened: 1
+```
+
+### make an event with a PoW target
+```shell
+~> nak event -c 'hello getwired.app and labour.fiatjaf.com' --pow 24
+{"kind":1,"id":"0000009dcc7c62056eafdb41fac817379ec2becf0ce27c5fbe98d0735d968147","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1724160828,"tags":[["nonce","515504","24"]],"content":"hello getwired.app and labour.fiatjaf.com","sig":"7edb988065ccc12779fe99270945b212f3723838f315d76d5e90e9ffa27198f13fa556614295f518d968d55bab81878167d4162b3a7cf81a6b423c6761bd504c"}
+```
+
+### make a nostr event signed with a key given as an environment variable
+
+```shell
+~> export NOSTR_SECRET_KEY=ncryptsec1qggyy9vw0nclmw8ly9caz6aa7f85a4ufhsct64uva337pulsdw00n6twa2lzhzk2znzsyu60urx9s08lx00ke6ual3lszyn5an9zarm6s70lw5lj6dv3mj3f9p4tvp0we6qyz4gp420mapfmvqheuttv
+~> nak event -c 'it supports keys as hex, nsec or ncryptsec'
+type the password to decrypt your secret key: ********
+{"kind":1,"id":"5cbf3feb9a7d99c3ee2a88693a591caca1a8348fea427b3652c27f7a8a76af48","pubkey":"b00bcab55375d8c7b731dd9841f6d805ff1cf6fdc945e7326786deb5ddac6ce4","created_at":1724247924,"tags":[],"content":"it supports keys as hex, nsec or ncryptsec","sig":"fb3fd170bc10e5042322c7a05dd4bbd8ac9947b39026b8a7afd1ee02524e8e3aa1d9554e9c7b6181ca1b45cab01cd06643bdffa5ce678b475e6b185e1c14b085"}
+```
+
+### download some helpful `jq` functions for dealing with nostr events
+```shell
+~> nak req -i 412f2d3e73acc312942c055ac2a695dc60bf58ff97e06689a8a79e97796c4cdb relay.westernbtc.com | jq -r .content > ~/.jq
+```
+
+### watch a NIP-53 livestream (zap.stream etc)
+```shell
+~> # this requires the jq utils from the step above
+~> mpv $(nak fetch naddr1qqjxvvm9xscnsdtx95cxvcfk956rsvtx943rje3k95mx2dp389jnwwrp8ymxgqg4waehxw309aex2mrp0yhxgctdw4eju6t09upzpn6956apxcad0mfp8grcuugdysg44eepex68h50t73zcathmfs49qvzqqqrkvu7ed38k | jq -r 'tag_value("streaming")')
+~>
+~> # or without the utils
+~> mpv $(nak fetch naddr1qqjxvvm9xscnsdtx95cxvcfk956rsvtx943rje3k95mx2dp389jnwwrp8ymxgqg4waehxw309aex2mrp0yhxgctdw4eju6t09upzpn6956apxcad0mfp8grcuugdysg44eepex68h50t73zcathmfs49qvzqqqrkvu7ed38k | jq -r '.tags | map(select(.[0] == "streaming") | .[1])[0]')
+```
+
+### download a NIP-35 torrent from an `nevent`
+```shell
+~> # this requires the jq utils from two steps above
+~> aria2c $(nak fetch nevent1qqsdsg6x7uujekac4ga7k7qa9q9sx8gqj7xzjf5w9us0dm0ghvf4ugspp4mhxue69uhkummn9ekx7mq6dw9y4 | jq -r '"magnet:?xt=urn:btih:\(tag_value("x"))&dn=\(tag_value("title"))&tr=http%3A%2F%2Ftracker.loadpeers.org%3A8080%2FxvRKfvAlnfuf5EfxTT5T0KIVPtbqAHnX%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A6969%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=\(tags("tracker") | map(.[1] | @uri) | join("&tr="))"')
+```
+
 ## contributing to this repository

 Use NIP-34 to send your patches to `naddr1qqpkucttqy28wumn8ghj7un9d3shjtnwdaehgu3wvfnsz9nhwden5te0wfjkccte9ehx7um5wghxyctwvsq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7q3q80cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsxpqqqpmej2wctpn`.
--- a/blossom.go
+++ b/blossom.go
@@ -0,0 +1,222 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/nbd-wtf/go-nostr/keyer"
+	"github.com/nbd-wtf/go-nostr/nipb0/blossom"
+	"github.com/urfave/cli/v3"
+)
+
+var blossomCmd = &cli.Command{
+	Name:                      "blossom",
+	Suggest:                   true,
+	UseShortOptionHandling:    true,
+	Usage:                     "an army knife for blossom things",
+	DisableSliceFlagSeparator: true,
+	Flags: append(defaultKeyFlags,
+		&cli.StringFlag{
+			Name:     "server",
+			Aliases:  []string{"s"},
+			Usage:    "the hostname of the target mediaserver",
+			Required: true,
+		},
+	),
+	Commands: []*cli.Command{
+		{
+			Name:                      "list",
+			Usage:                     "lists blobs from a pubkey",
+			Description:               `takes one pubkey passed as an argument or derives one from the --sec supplied. if that is given then it will also pre-authorize the list, which some servers may require.`,
+			DisableSliceFlagSeparator: true,
+			ArgsUsage:                 "[pubkey]",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				var client *blossom.Client
+				pubkey := c.Args().First()
+				if pubkey != "" {
+					client = blossom.NewClient(client.GetMediaServer(), keyer.NewReadOnlySigner(pubkey))
+				} else {
+					var err error
+					client, err = getBlossomClient(ctx, c)
+					if err != nil {
+						return err
+					}
+				}
+
+				bds, err := client.List(ctx)
+				if err != nil {
+					return err
+				}
+
+				for _, bd := range bds {
+					stdout(bd)
+				}
+
+				return nil
+			},
+		},
+		{
+			Name:                      "upload",
+			Usage:                     "uploads a file to a specific mediaserver.",
+			Description:               `takes any number of local file paths and uploads them to a mediaserver, printing the resulting blob descriptions when successful.`,
+			DisableSliceFlagSeparator: true,
+			ArgsUsage:                 "[files...]",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				client, err := getBlossomClient(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				hasError := false
+				for _, fpath := range c.Args().Slice() {
+					bd, err := client.UploadFile(ctx, fpath)
+					if err != nil {
+						fmt.Fprintf(os.Stderr, "%s\n", err)
+						hasError = true
+						continue
+					}
+
+					j, _ := json.Marshal(bd)
+					stdout(string(j))
+				}
+
+				if hasError {
+					os.Exit(3)
+				}
+				return nil
+			},
+		},
+		{
+			Name:                      "download",
+			Usage:                     "downloads files from mediaservers",
+			Description:               `takes any number of sha256 hashes as hex, downloads them and prints them to stdout (unless --output is specified).`,
+			DisableSliceFlagSeparator: true,
+			ArgsUsage:                 "[sha256...]",
+			Flags: []cli.Flag{
+				&cli.StringSliceFlag{
+					Name:    "output",
+					Aliases: []string{"o"},
+					Usage:   "file name to save downloaded file to, can be passed multiple times when downloading multiple hashes",
+				},
+			},
+			Action: func(ctx context.Context, c *cli.Command) error {
+				client, err := getBlossomClient(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				outputs := c.StringSlice("output")
+
+				hasError := false
+				for i, hash := range c.Args().Slice() {
+					if len(outputs)-1 >= i && outputs[i] != "--" {
+						// save to this file
+						err := client.DownloadToFile(ctx, hash, outputs[i])
+						if err != nil {
+							fmt.Fprintf(os.Stderr, "%s\n", err)
+							hasError = true
+						}
+					} else {
+						// if output wasn't specified, print to stdout
+						data, err := client.Download(ctx, hash)
+						if err != nil {
+							fmt.Fprintf(os.Stderr, "%s\n", err)
+							hasError = true
+							continue
+						}
+						os.Stdout.Write(data)
+					}
+				}
+
+				if hasError {
+					os.Exit(2)
+				}
+				return nil
+			},
+		},
+		{
+			Name:    "del",
+			Aliases: []string{"delete"},
+			Usage:   "deletes a file from a mediaserver",
+			Description: `takes any number of sha256 hashes, signs authorizations and deletes them from the current mediaserver.
+
+if any of the files are not deleted command will fail, otherwise it will succeed. it will also print error messages to stderr and the hashes it successfully deletes to stdout.`,
+			DisableSliceFlagSeparator: true,
+			ArgsUsage:                 "[sha256...]",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				client, err := getBlossomClient(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				hasError := false
+				for _, hash := range c.Args().Slice() {
+					err := client.Delete(ctx, hash)
+					if err != nil {
+						fmt.Fprintf(os.Stderr, "%s\n", err)
+						hasError = true
+						continue
+					}
+
+					stdout(hash)
+				}
+
+				if hasError {
+					os.Exit(3)
+				}
+				return nil
+			},
+		},
+		{
+			Name:  "check",
+			Usage: "asks the mediaserver if it has the specified hashes.",
+			Description: `uses the HEAD request to succintly check if the server has the specified sha256 hash.
+
+if any of the files are not found the command will fail, otherwise it will succeed. it will also print error messages to stderr and the hashes it finds to stdout.`,
+			DisableSliceFlagSeparator: true,
+			ArgsUsage:                 "[sha256...]",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				client, err := getBlossomClient(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				hasError := false
+				for _, hash := range c.Args().Slice() {
+					err := client.Check(ctx, hash)
+					if err != nil {
+						hasError = true
+						fmt.Fprintf(os.Stderr, "%s\n", err)
+						continue
+					}
+
+					stdout(hash)
+				}
+
+				if hasError {
+					os.Exit(2)
+				}
+				return nil
+			},
+		},
+		{
+			Name:                      "mirror",
+			Usage:                     "",
+			Description:               ``,
+			DisableSliceFlagSeparator: true,
+			ArgsUsage:                 "",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				return nil
+			},
+		},
+	},
+}
+
+func getBlossomClient(ctx context.Context, c *cli.Command) (*blossom.Client, error) {
+	keyer, _, err := gatherKeyerFromArguments(ctx, c)
+	if err != nil {
+		return nil, err
+	}
+	return blossom.NewClient(c.String("server"), keyer), nil
+}
--- a/bunker.go
+++ b/bunker.go
@@ -2,33 +2,32 @@ package main

 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"net/url"
 	"os"
+	"slices"
 	"strings"
 	"sync"
 	"time"

 	"github.com/fatih/color"
+	"github.com/urfave/cli/v3"
 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip19"
 	"github.com/nbd-wtf/go-nostr/nip46"
-	"github.com/fiatjaf/cli/v3"
-	"golang.org/x/exp/slices"
 )

 var bunker = &cli.Command{
 	Name:                      "bunker",
-	Usage:       "starts a NIP-46 signer daemon with the given --sec key",
+	Usage:                     "starts a nip46 signer daemon with the given --sec key",
 	ArgsUsage:                 "[relay...]",
 	Description:               ``,
+	DisableSliceFlagSeparator: true,
 	Flags: []cli.Flag{
 		&cli.StringFlag{
 			Name:        "sec",
 			Usage:       "secret key to sign the event, as hex or nsec",
 			DefaultText: "the key '1'",
-			Value:       "0000000000000000000000000000000000000000000000000000000000000001",
 		},
 		&cli.BoolFlag{
 			Name:  "prompt-sec",
@@ -50,7 +49,7 @@ var bunker = &cli.Command{
 		qs := url.Values{}
 		relayURLs := make([]string, 0, c.Args().Len())
 		if relayUrls := c.Args().Slice(); len(relayUrls) > 0 {
-			_, relays := connectToAllRelays(ctx, relayUrls, false)
+			relays := connectToAllRelays(ctx, relayUrls, false)
 			if len(relays) == 0 {
 				log("failed to connect to any of the given relays.\n")
 				os.Exit(3)
@@ -84,8 +83,6 @@ var bunker = &cli.Command{
 			return err
 		}
 		npub, _ := nip19.EncodePublicKey(pubkey)
-		bold := color.New(color.Bold).Sprint
-		italic := color.New(color.Italic).Sprint

 		// this function will be called every now and then
 		printBunkerInfo := func() {
@@ -94,12 +91,12 @@ var bunker = &cli.Command{

 			authorizedKeysStr := ""
 			if len(authorizedKeys) != 0 {
-				authorizedKeysStr = "\n  authorized keys:\n    - " + italic(strings.Join(authorizedKeys, "\n    - "))
+				authorizedKeysStr = "\n  authorized keys:\n    - " + colors.italic(strings.Join(authorizedKeys, "\n    - "))
 			}

 			authorizedSecretsStr := ""
 			if len(authorizedSecrets) != 0 {
-				authorizedSecretsStr = "\n  authorized secrets:\n    - " + italic(strings.Join(authorizedSecrets, "\n    - "))
+				authorizedSecretsStr = "\n  authorized secrets:\n    - " + colors.italic(strings.Join(authorizedSecrets, "\n    - "))
 			}

 			preauthorizedFlags := ""
@@ -131,27 +128,24 @@ var bunker = &cli.Command{
 			)

 			log("listening at %v:\n  pubkey: %s \n  npub: %s%s%s\n  to restart: %s\n  bunker: %s\n\n",
-				bold(relayURLs),
-				bold(pubkey),
-				bold(npub),
+				colors.bold(relayURLs),
+				colors.bold(pubkey),
+				colors.bold(npub),
 				authorizedKeysStr,
 				authorizedSecretsStr,
 				color.CyanString(restartCommand),
-				bold(bunkerURI),
+				colors.bold(bunkerURI),
 			)
 		}
 		printBunkerInfo()

 		// subscribe to relays
-		pool := nostr.NewSimplePool(ctx)
 		now := nostr.Now()
-		events := pool.SubMany(ctx, relayURLs, nostr.Filters{
-			{
+		events := sys.Pool.SubscribeMany(ctx, relayURLs, nostr.Filter{
 			Kinds:     []int{nostr.KindNostrConnect},
 			Tags:      nostr.TagMap{"p": []string{pubkey}},
 			Since:     &now,
 			LimitZero: true,
-			},
 		})

 		signer := nip46.NewStaticKeySigner(sec)
@@ -177,14 +171,14 @@ var bunker = &cli.Command{
 				}()
 			}

-			return harmless || slices.Contains(authorizedKeys, from) || slices.Contains(authorizedSecrets, secret)
+			return slices.Contains(authorizedKeys, from) || slices.Contains(authorizedSecrets, secret)
 		}

 		for ie := range events {
 			cancelPreviousBunkerInfoPrint() // this prevents us from printing a million bunker info blocks

 			// handle the NIP-46 request event
-			req, resp, eventResponse, err := signer.HandleRequest(ie.Event)
+			req, resp, eventResponse, err := signer.HandleRequest(ctx, ie.Event)
 			if err != nil {
 				log("< failed to handle request from %s: %s\n", ie.Event.PubKey, err.Error())
 				continue
@@ -198,7 +192,7 @@ var bunker = &cli.Command{
 			handlerWg.Add(len(relayURLs))
 			for _, relayURL := range relayURLs {
 				go func(relayURL string) {
-					if relay, _ := pool.EnsureRelay(relayURL); relay != nil {
+					if relay, _ := sys.Pool.EnsureRelay(relayURL); relay != nil {
 						err := relay.Publish(ctx, eventResponse)
 						printLock.Lock()
 						if err == nil {
@@ -223,7 +217,7 @@ var bunker = &cli.Command{
 				select {
 				case <-ctx.Done():
 				case <-time.After(time.Minute * 5):
-					fmt.Fprintf(os.Stderr, "\n")
+					log("\n")
 					printBunkerInfo()
 				}
 			}()
@@ -231,4 +225,23 @@ var bunker = &cli.Command{

 		return nil
 	},
+	Commands: []*cli.Command{
+		{
+			Name:      "connect",
+			Usage:     "use the client-initiated NostrConnect flow of NIP46",
+			ArgsUsage: "<nostrconnect-uri>",
+			Action: func(ctx context.Context, c *cli.Command) error {
+				if c.Args().Len() != 1 {
+					return fmt.Errorf("must be called with a nostrconnect://... uri")
+				}
+
+				uri, err := url.Parse(c.Args().First())
+				if err != nil || uri.Scheme != "nostrconnect" || !nostr.IsValidPublicKey(uri.Host) {
+					return fmt.Errorf("invalid uri")
+				}
+
+				return nil
+			},
+		},
+	},
 }
--- a/count.go
+++ b/count.go
@@ -2,19 +2,21 @@ package main

 import (
 	"context"
-	"encoding/json"
-	"errors"
 	"fmt"
+	"os"
 	"strings"

+	"github.com/urfave/cli/v3"
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/nbd-wtf/go-nostr/nip45"
+	"github.com/nbd-wtf/go-nostr/nip45/hyperloglog"
 )

 var count = &cli.Command{
 	Name:                      "count",
 	Usage:                     "generates encoded COUNT messages and optionally use them to talk to relays",
-	Description: `outputs a NIP-45 request (the flags are mostly the same as 'nak req').`,
+	Description:               `outputs a nip45 request (the flags are mostly the same as 'nak req').`,
+	DisableSliceFlagSeparator: true,
 	Flags: []cli.Flag{
 		&cli.StringSliceFlag{
 			Name:     "author",
@@ -65,6 +67,32 @@ var count = &cli.Command{
 	},
 	ArgsUsage: "[relay...]",
 	Action: func(ctx context.Context, c *cli.Command) error {
+		biggerUrlSize := 0
+		relayUrls := c.Args().Slice()
+		if len(relayUrls) > 0 {
+			relays := connectToAllRelays(ctx,
+				relayUrls,
+				false,
+			)
+			if len(relays) == 0 {
+				log("failed to connect to any of the given relays.\n")
+				os.Exit(3)
+			}
+			relayUrls = make([]string, len(relays))
+			for i, relay := range relays {
+				relayUrls[i] = relay.URL
+				if len(relay.URL) > biggerUrlSize {
+					biggerUrlSize = len(relay.URL)
+				}
+			}
+
+			defer func() {
+				for _, relay := range relays {
+					relay.Close()
+				}
+			}()
+		}
+
 		filter := nostr.Filter{}

 		if authors := c.StringSlice("author"); len(authors) > 0 {
@@ -84,7 +112,7 @@ var count = &cli.Command{
 		tags := make([][]string, 0, 5)
 		for _, tagFlag := range c.StringSlice("tag") {
 			spl := strings.SplitN(tagFlag, "=", 2)
-			if len(spl) == 2 && len(spl[0]) == 1 {
+			if len(spl) == 2 {
 				tags = append(tags, spl)
 			} else {
 				return fmt.Errorf("invalid --tag '%s'", tagFlag)
@@ -118,26 +146,35 @@ var count = &cli.Command{
 			filter.Limit = int(limit)
 		}

-		relays := c.Args().Slice()
 		successes := 0
-		failures := make([]error, 0, len(relays))
-		if len(relays) > 0 {
-			for _, relayUrl := range relays {
-				relay, err := nostr.RelayConnect(ctx, relayUrl)
+		if len(relayUrls) > 0 {
+			var hll *hyperloglog.HyperLogLog
+			if offset := nip45.HyperLogLogEventPubkeyOffsetForFilter(filter); offset != -1 && len(relayUrls) > 1 {
+				hll = hyperloglog.New(offset)
+			}
+			for _, relayUrl := range relayUrls {
+				relay, _ := sys.Pool.EnsureRelay(relayUrl)
+				count, hllRegisters, err := relay.Count(ctx, nostr.Filters{filter})
+				fmt.Fprintf(os.Stderr, "%s%s: ", strings.Repeat(" ", biggerUrlSize-len(relayUrl)), relayUrl)
+
 				if err != nil {
-					failures = append(failures, err)
+					fmt.Fprintf(os.Stderr, "❌ %s\n", err)
 					continue
 				}
-				count, err := relay.Count(ctx, nostr.Filters{filter})
-				if err != nil {
-					failures = append(failures, err)
-					continue
+
+				var hasHLLStr string
+				if hll != nil && len(hllRegisters) == 256 {
+					hll.MergeRegisters(hllRegisters)
+					hasHLLStr = " 📋"
 				}
-				fmt.Printf("%s: %d\n", relay.URL, count)
+
+				fmt.Fprintf(os.Stderr, "%d%s\n", count, hasHLLStr)
 				successes++
 			}
 			if successes == 0 {
-				return errors.Join(failures...)
+				return fmt.Errorf("all relays have failed")
+			} else if hll != nil {
+				fmt.Fprintf(os.Stderr, "📋 HyperLogLog sum: %d\n", hll.Count())
 			}
 		} else {
 			// no relays given, will just print the filter
--- a/curl.go
+++ b/curl.go
@@ -0,0 +1,132 @@
+package main
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/urfave/cli/v3"
+	"golang.org/x/exp/slices"
+)
+
+var curlFlags []string
+
+var curl = &cli.Command{
+	Name:                      "curl",
+	Usage:                     "calls curl but with a nip98 header",
+	Description:               "accepts all flags and arguments exactly as they would be passed to curl.",
+	Flags:                     defaultKeyFlags,
+	DisableSliceFlagSeparator: true,
+	Action: func(ctx context.Context, c *cli.Command) error {
+		kr, _, err := gatherKeyerFromArguments(ctx, c)
+		if err != nil {
+			return err
+		}
+
+		// cowboy parsing of curl flags to get the data we need for nip98
+		var url string
+		var method string
+		var presumedMethod string
+
+		curlBodyBuildingFlags := []string{
+			"-d",
+			"--data",
+			"--data-binary",
+			"--data-ascii",
+			"--data-raw",
+			"--data-urlencode",
+			"-F",
+			"--form",
+			"--form-string",
+			"--form-escape",
+			"--upload-file",
+		}
+
+		nextIsMethod := false
+		for _, f := range curlFlags {
+			if nextIsMethod {
+				method = f
+				method, _ = strings.CutPrefix(method, `"`)
+				method, _ = strings.CutSuffix(method, `"`)
+				method = strings.ToUpper(method)
+			} else if strings.HasPrefix(f, "https://") || strings.HasPrefix(f, "http://") {
+				url = f
+			} else if f == "--request" || f == "-X" {
+				nextIsMethod = true
+				continue
+			} else if slices.Contains(curlBodyBuildingFlags, f) ||
+				slices.ContainsFunc(curlBodyBuildingFlags, func(s string) bool {
+					return strings.HasPrefix(f, s)
+				}) {
+				presumedMethod = "POST"
+			}
+			nextIsMethod = false
+		}
+
+		if url == "" {
+			return fmt.Errorf("can't create nip98 event: target url is empty")
+		}
+
+		if method == "" {
+			if presumedMethod != "" {
+				method = presumedMethod
+			} else {
+				method = "GET"
+			}
+		}
+
+		// make and sign event
+		evt := nostr.Event{
+			Kind:      27235,
+			CreatedAt: nostr.Now(),
+			Tags: nostr.Tags{
+				{"u", url},
+				{"method", method},
+			},
+		}
+		if err := kr.SignEvent(ctx, &evt); err != nil {
+			return err
+		}
+
+		// the first 2 indexes of curlFlags were reserved for this
+		curlFlags[0] = "-H"
+		curlFlags[1] = fmt.Sprintf("Authorization: Nostr %s", base64.StdEncoding.EncodeToString([]byte(evt.String())))
+
+		// call curl
+		cmd := exec.Command("curl", curlFlags...)
+		cmd.Stderr = os.Stderr
+		cmd.Stdin = os.Stdin
+		cmd.Stdout = os.Stdout
+		cmd.Run()
+		return nil
+	},
+}
+
+func realCurl() error {
+	curlFlags = make([]string, 2, max(len(os.Args)-4, 2))
+	keyFlags := make([]string, 0, 5)
+
+	for i := 0; i < len(os.Args[2:]); i++ {
+		arg := os.Args[i+2]
+		if slices.ContainsFunc(defaultKeyFlags, func(f cli.Flag) bool {
+			bareArg, _ := strings.CutPrefix(arg, "-")
+			bareArg, _ = strings.CutPrefix(bareArg, "-")
+			return slices.Contains(f.Names(), bareArg)
+		}) {
+			keyFlags = append(keyFlags, arg)
+			if arg != "--prompt-sec" {
+				i++
+				val := os.Args[i+2]
+				keyFlags = append(keyFlags, val)
+			}
+		} else {
+			curlFlags = append(curlFlags, arg)
+		}
+	}
+
+	return curl.Run(context.Background(), keyFlags)
+}
--- a/decode.go
+++ b/decode.go
@@ -3,13 +3,12 @@ package main
 import (
 	"context"
 	"encoding/hex"
-	"encoding/json"
 	"strings"

+	"github.com/urfave/cli/v3"
 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip19"
-	sdk "github.com/nbd-wtf/nostr-sdk"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/nbd-wtf/go-nostr/sdk"
 )

 var decode = &cli.Command{
@@ -20,6 +19,7 @@ var decode = &cli.Command{
 		nak decode nevent1qqs29yet5tp0qq5xu5qgkeehkzqh5qu46739axzezcxpj4tjlkx9j7gpr4mhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet5sh59ud
 		nak decode nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz8thwden5te0dehhxarj94c82c3wwajkcmr0wfjx2u3wdejhgqgcwaehxw309aex2mrp0yhxummnw3exzarf9e3k7mgnp0sh5
 		nak decode nsec1jrmyhtjhgd9yqalps8hf9mayvd58852gtz66m7tqpacjedkp6kxq4dyxsr`,
+	DisableSliceFlagSeparator: true,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
 			Name:    "id",
@@ -55,11 +55,22 @@ var decode = &cli.Command{
 				}
 			} else if evp := sdk.InputToEventPointer(input); evp != nil {
 				decodeResult = DecodeResult{EventPointer: evp}
+				if c.Bool("id") {
+					stdout(evp.ID)
+					continue
+				}
 			} else if pp := sdk.InputToProfile(ctx, input); pp != nil {
 				decodeResult = DecodeResult{ProfilePointer: pp}
+				if c.Bool("pubkey") {
+					stdout(pp.PublicKey)
+					continue
+				}
 			} else if prefix, value, err := nip19.Decode(input); err == nil && prefix == "naddr" {
-				ep := value.(nostr.EntityPointer)
+				if ep, ok := value.(nostr.EntityPointer); ok {
 					decodeResult = DecodeResult{EntityPointer: &ep}
+				} else {
+					ctx = lineProcessingError(ctx, "couldn't decode naddr: %s", err)
+				}
 			} else if prefix, value, err := nip19.Decode(input); err == nil && prefix == "nsec" {
 				decodeResult.PrivateKey.PrivateKey = value.(string)
 				decodeResult.PrivateKey.PublicKey, _ = nostr.GetPublicKey(value.(string))
@@ -68,6 +79,10 @@ var decode = &cli.Command{
 				continue
 			}

+			if c.Bool("pubkey") || c.Bool("id") {
+				return nil
+			}
+
 			stdout(decodeResult.JSON())

 		}
--- a/dvm.go
+++ b/dvm.go
@@ -0,0 +1,137 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/fatih/color"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip90"
+	"github.com/urfave/cli/v3"
+)
+
+var dvm = &cli.Command{
+	Name:                      "dvm",
+	Usage:                     "deal with nip90 data-vending-machine things (experimental)",
+	DisableSliceFlagSeparator: true,
+	Flags: append(defaultKeyFlags,
+		&cli.StringSliceFlag{
+			Name:    "relay",
+			Aliases: []string{"r"},
+		},
+	),
+	Commands: append([]*cli.Command{
+		{
+			Name:                      "list",
+			Usage:                     "find DVMs that have announced themselves for a specific kind",
+			DisableSliceFlagSeparator: true,
+			Action: func(ctx context.Context, c *cli.Command) error {
+				return fmt.Errorf("we don't know how to do this yet")
+			},
+		},
+	}, (func() []*cli.Command {
+		commands := make([]*cli.Command, len(nip90.Jobs))
+		for i, job := range nip90.Jobs {
+			flags := make([]cli.Flag, 0, 2+len(job.Params))
+
+			if job.InputType != "" {
+				flags = append(flags, &cli.StringSliceFlag{
+					Name:     "input",
+					Aliases:  []string{"i"},
+					Category: "INPUT",
+				})
+			}
+
+			for _, param := range job.Params {
+				flags = append(flags, &cli.StringSliceFlag{
+					Name:     param,
+					Category: "PARAMETER",
+				})
+			}
+
+			commands[i] = &cli.Command{
+				Name:                      strconv.Itoa(job.InputKind),
+				Usage:                     job.Name,
+				Description:               job.Description,
+				DisableSliceFlagSeparator: true,
+				Flags:                     flags,
+				Action: func(ctx context.Context, c *cli.Command) error {
+					relayUrls := c.StringSlice("relay")
+					relays := connectToAllRelays(ctx, relayUrls, false)
+					if len(relays) == 0 {
+						log("failed to connect to any of the given relays.\n")
+						os.Exit(3)
+					}
+					defer func() {
+						for _, relay := range relays {
+							relay.Close()
+						}
+					}()
+
+					evt := nostr.Event{
+						Kind:      job.InputKind,
+						Tags:      make(nostr.Tags, 0, 2+len(job.Params)),
+						CreatedAt: nostr.Now(),
+					}
+
+					for _, input := range c.StringSlice("input") {
+						evt.Tags = append(evt.Tags, nostr.Tag{"i", input, job.InputType})
+					}
+					for _, paramN := range job.Params {
+						for _, paramV := range c.StringSlice(paramN) {
+							tag := nostr.Tag{"param", paramN, "", ""}[0:2]
+							for _, v := range strings.Split(paramV, ";") {
+								tag = append(tag, v)
+							}
+							evt.Tags = append(evt.Tags, tag)
+						}
+					}
+
+					kr, _, err := gatherKeyerFromArguments(ctx, c)
+					if err != nil {
+						return err
+					}
+					if err := kr.SignEvent(ctx, &evt); err != nil {
+						return err
+					}
+
+					logverbose("%s", evt)
+
+					log("- publishing job request... ")
+					first := true
+					for res := range sys.Pool.PublishMany(ctx, relayUrls, evt) {
+						cleanUrl, ok := strings.CutPrefix(res.RelayURL, "wss://")
+						if !ok {
+							cleanUrl = res.RelayURL
+						}
+
+						if !first {
+							log(", ")
+						}
+						first = false
+
+						if res.Error != nil {
+							log("%s: %s", color.RedString(cleanUrl), res.Error)
+						} else {
+							log("%s: ok", color.GreenString(cleanUrl))
+						}
+					}
+
+					log("\n- waiting for response...\n")
+					for ie := range sys.Pool.SubscribeMany(ctx, relayUrls, nostr.Filter{
+						Kinds: []int{7000, job.OutputKind},
+						Tags:  nostr.TagMap{"e": []string{evt.ID}},
+					}) {
+						stdout(ie.Event)
+					}
+
+					return nil
+				},
+			}
+		}
+		return commands
+	})()...),
+}
--- a/encode.go
+++ b/encode.go
@@ -6,7 +6,7 @@ import (

 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip19"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/urfave/cli/v3"
 )

 var encode = &cli.Command{
@@ -19,16 +19,18 @@ var encode = &cli.Command{
 		nak encode nevent <event-id>
 		nak encode nevent --author <pubkey-hex> --relay <relay-url> --relay <other-relay> <event-id>
 		nak encode nsec <privkey-hex>`,
-	Before: func(ctx context.Context, c *cli.Command) error {
+	Before: func(ctx context.Context, c *cli.Command) (context.Context, error) {
 		if c.Args().Len() < 1 {
-			return fmt.Errorf("expected more than 1 argument.")
+			return ctx, fmt.Errorf("expected more than 1 argument.")
 		}
-		return nil
+		return ctx, nil
 	},
+	DisableSliceFlagSeparator: true,
 	Commands: []*cli.Command{
 		{
 			Name:                      "npub",
 			Usage:                     "encode a hex public key into bech32 'npub' format",
+			DisableSliceFlagSeparator: true,
 			Action: func(ctx context.Context, c *cli.Command) error {
 				for target := range getStdinLinesOrArguments(c.Args()) {
 					if ok := nostr.IsValidPublicKey(target); !ok {
@@ -50,6 +52,7 @@ var encode = &cli.Command{
 		{
 			Name:                      "nsec",
 			Usage:                     "encode a hex private key into bech32 'nsec' format",
+			DisableSliceFlagSeparator: true,
 			Action: func(ctx context.Context, c *cli.Command) error {
 				for target := range getStdinLinesOrArguments(c.Args()) {
 					if ok := nostr.IsValid32ByteHex(target); !ok {
@@ -78,6 +81,7 @@ var encode = &cli.Command{
 					Usage:   "attach relay hints to nprofile code",
 				},
 			},
+			DisableSliceFlagSeparator: true,
 			Action: func(ctx context.Context, c *cli.Command) error {
 				for target := range getStdinLinesOrArguments(c.Args()) {
 					if ok := nostr.IsValid32ByteHex(target); !ok {
@@ -116,6 +120,7 @@ var encode = &cli.Command{
 					Usage:   "attach an author pubkey as a hint to the nevent code",
 				},
 			},
+			DisableSliceFlagSeparator: true,
 			Action: func(ctx context.Context, c *cli.Command) error {
 				for target := range getStdinLinesOrArguments(c.Args()) {
 					if ok := nostr.IsValid32ByteHex(target); !ok {
@@ -148,7 +153,7 @@ var encode = &cli.Command{
 		},
 		{
 			Name:  "naddr",
-			Usage: "generate codes for NIP-33 parameterized replaceable events",
+			Usage: "generate codes for addressable events",
 			Flags: []cli.Flag{
 				&cli.StringFlag{
 					Name:     "identifier",
@@ -174,6 +179,7 @@ var encode = &cli.Command{
 					Usage:   "attach relay hints to naddr code",
 				},
 			},
+			DisableSliceFlagSeparator: true,
 			Action: func(ctx context.Context, c *cli.Command) error {
 				for d := range getStdinLinesOrBlank() {
 					pubkey := c.String("pubkey")
@@ -183,7 +189,7 @@ var encode = &cli.Command{

 					kind := c.Int("kind")
 					if kind < 30000 || kind >= 40000 {
-						return fmt.Errorf("kind must be between 30000 and 39999, as per NIP-16, got %d", kind)
+						return fmt.Errorf("kind must be between 30000 and 39999, got %d", kind)
 					}

 					if d == "" {
@@ -206,27 +212,6 @@ var encode = &cli.Command{
 					}
 				}

-				exitIfLineProcessingError(ctx)
-				return nil
-			},
-		},
-		{
-			Name:  "note",
-			Usage: "generate note1 event codes (not recommended)",
-			Action: func(ctx context.Context, c *cli.Command) error {
-				for target := range getStdinLinesOrArguments(c.Args()) {
-					if ok := nostr.IsValid32ByteHex(target); !ok {
-						ctx = lineProcessingError(ctx, "invalid event id: %s", target)
-						continue
-					}
-
-					if note, err := nip19.EncodeNote(target); err == nil {
-						stdout(note)
-					} else {
-						return err
-					}
-				}
-
 				exitIfLineProcessingError(ctx)
 				return nil
 			},
--- a/encrypt_decrypt.go
+++ b/encrypt_decrypt.go
@@ -0,0 +1,140 @@
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/urfave/cli/v3"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip04"
+)
+
+var encrypt = &cli.Command{
+	Name:                      "encrypt",
+	Usage:                     "encrypts a string with nip44 (or nip04 if specified using a flag) and returns the resulting ciphertext as base64",
+	ArgsUsage:                 "[plaintext string]",
+	DisableSliceFlagSeparator: true,
+	Flags: append(
+		defaultKeyFlags,
+		&cli.StringFlag{
+			Name:     "recipient-pubkey",
+			Aliases:  []string{"p", "tgt", "target", "pubkey"},
+			Required: true,
+		},
+		&cli.BoolFlag{
+			Name:  "nip04",
+			Usage: "use nip04 encryption instead of nip44",
+		},
+	),
+	Action: func(ctx context.Context, c *cli.Command) error {
+		target := c.String("recipient-pubkey")
+		if !nostr.IsValidPublicKey(target) {
+			return fmt.Errorf("target %s is not a valid public key", target)
+		}
+
+		plaintext := c.Args().First()
+
+		if c.Bool("nip04") {
+			sec, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
+			if err != nil {
+				return err
+			}
+
+			if bunker != nil {
+				ciphertext, err := bunker.NIP04Encrypt(ctx, target, plaintext)
+				if err != nil {
+					return err
+				}
+				stdout(ciphertext)
+			} else {
+				ss, err := nip04.ComputeSharedSecret(target, sec)
+				if err != nil {
+					return fmt.Errorf("failed to compute nip04 shared secret: %w", err)
+				}
+				ciphertext, err := nip04.Encrypt(plaintext, ss)
+				if err != nil {
+					return fmt.Errorf("failed to encrypt as nip04: %w", err)
+				}
+				stdout(ciphertext)
+			}
+		} else {
+			kr, _, err := gatherKeyerFromArguments(ctx, c)
+			if err != nil {
+				return err
+			}
+
+			res, err := kr.Encrypt(ctx, plaintext, target)
+			if err != nil {
+				return fmt.Errorf("failed to encrypt: %w", err)
+			}
+			stdout(res)
+		}
+
+		return nil
+	},
+}
+
+var decrypt = &cli.Command{
+	Name:                      "decrypt",
+	Usage:                     "decrypts a base64 nip44 ciphertext (or nip04 if specified using a flag) and returns the resulting plaintext",
+	ArgsUsage:                 "[ciphertext base64]",
+	DisableSliceFlagSeparator: true,
+	Flags: append(
+		defaultKeyFlags,
+		&cli.StringFlag{
+			Name:     "sender-pubkey",
+			Aliases:  []string{"p", "src", "source", "pubkey"},
+			Required: true,
+		},
+		&cli.BoolFlag{
+			Name:  "nip04",
+			Usage: "use nip04 encryption instead of nip44",
+		},
+	),
+	Action: func(ctx context.Context, c *cli.Command) error {
+		source := c.String("sender-pubkey")
+		if !nostr.IsValidPublicKey(source) {
+			return fmt.Errorf("source %s is not a valid public key", source)
+		}
+
+		ciphertext := c.Args().First()
+
+		if c.Bool("nip04") {
+			sec, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
+			if err != nil {
+				return err
+			}
+
+			if bunker != nil {
+				plaintext, err := bunker.NIP04Decrypt(ctx, source, ciphertext)
+				if err != nil {
+					return err
+				}
+				stdout(plaintext)
+			} else {
+				ss, err := nip04.ComputeSharedSecret(source, sec)
+				if err != nil {
+					return fmt.Errorf("failed to compute nip04 shared secret: %w", err)
+				}
+				plaintext, err := nip04.Decrypt(ciphertext, ss)
+				if err != nil {
+					return fmt.Errorf("failed to encrypt as nip04: %w", err)
+				}
+				stdout(plaintext)
+			}
+		} else {
+			kr, _, err := gatherKeyerFromArguments(ctx, c)
+			if err != nil {
+				return err
+			}
+
+			res, err := kr.Decrypt(ctx, ciphertext, source)
+			if err != nil {
+				return fmt.Errorf("failed to encrypt: %w", err)
+			}
+			stdout(res)
+		}
+
+		return nil
+	},
+}
--- a/event.go
+++ b/event.go
@@ -2,20 +2,24 @@ package main

 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"os"
+	"slices"
 	"strings"
 	"time"

 	"github.com/mailru/easyjson"
 	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip13"
 	"github.com/nbd-wtf/go-nostr/nip19"
-	"github.com/fiatjaf/cli/v3"
-	"golang.org/x/exp/slices"
+	"github.com/urfave/cli/v3"
 )

-const CATEGORY_EVENT_FIELDS = "EVENT FIELDS"
+const (
+	CATEGORY_EVENT_FIELDS = "EVENT FIELDS"
+	CATEGORY_SIGNER       = "SIGNER OPTIONS"
+	CATEGORY_EXTRAS       = "EXTRAS"
+)

 var event = &cli.Command{
 	Name:  "event",
@@ -31,26 +35,8 @@ if an event -- or a partial event -- is given on stdin, the flags can be used to
 example:
 		echo '{"id":"a889df6a387419ff204305f4c2d296ee328c3cd4f8b62f205648a541b4554dfb","pubkey":"c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5","created_at":1698623783,"kind":1,"tags":[],"content":"hello from the nostr army knife","sig":"84876e1ee3e726da84e5d195eb79358b2b3eaa4d9bd38456fde3e8a2af3f1cd4cda23f23fda454869975b3688797d4c66e12f4c51c1b43c6d2997c5e61865661"}' | nak event wss://offchain.pub
 		echo '{"tags": [["t", "spam"]]}' | nak event -c 'this is spam'`,
-	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:        "sec",
-			Usage:       "secret key to sign the event, as nsec, ncryptsec or hex",
-			DefaultText: "the key '1'",
-			Value:       "0000000000000000000000000000000000000000000000000000000000000001",
-		},
-		&cli.BoolFlag{
-			Name:  "prompt-sec",
-			Usage: "prompt the user to paste a hex or nsec with which to sign the event",
-		},
-		&cli.StringFlag{
-			Name:  "connect",
-			Usage: "sign event using NIP-46, expects a bunker://... URL",
-		},
-		&cli.StringFlag{
-			Name:        "connect-as",
-			Usage:       "private key to when communicating with the bunker given on --connect",
-			DefaultText: "a random key",
-		},
+	DisableSliceFlagSeparator: true,
+	Flags: append(defaultKeyFlags,
 		// ~ these args are only for the convoluted musig2 signing process
 		// they will be generally copy-shared-pasted across some manual coordination method between participants
 		&cli.UintFlag{
@@ -58,6 +44,7 @@ example:
 			Usage:       "number of signers to use for musig2",
 			Value:       1,
 			DefaultText: "1 -- i.e. do not use musig2 at all",
+			Category:    CATEGORY_SIGNER,
 		},
 		&cli.StringSliceFlag{
 			Name:   "musig-pubkey",
@@ -76,17 +63,25 @@ example:
 			Hidden: true,
 		},
 		// ~~~
+		&cli.UintFlag{
+			Name:     "pow",
+			Usage:    "nip13 difficulty to target when doing hash work on the event id",
+			Category: CATEGORY_EXTRAS,
+		},
 		&cli.BoolFlag{
 			Name:     "envelope",
 			Usage:    "print the event enveloped in a [\"EVENT\", ...] message ready to be sent to a relay",
+			Category: CATEGORY_EXTRAS,
 		},
 		&cli.BoolFlag{
 			Name:     "auth",
-			Usage: "always perform NIP-42 \"AUTH\" when facing an \"auth-required: \" rejection and try again",
+			Usage:    "always perform nip42 \"AUTH\" when facing an \"auth-required: \" rejection and try again",
+			Category: CATEGORY_EXTRAS,
 		},
 		&cli.BoolFlag{
 			Name:     "nevent",
 			Usage:    "print the nevent code (to stderr) after the event is published",
+			Category: CATEGORY_EXTRAS,
 		},
 		&cli.UintFlag{
 			Name:        "kind",
@@ -99,7 +94,7 @@ example:
 		&cli.StringFlag{
 			Name:        "content",
 			Aliases:     []string{"c"},
-			Usage:       "event content",
+			Usage:       "event content (if it starts with an '@' will read from a file)",
 			DefaultText: "hello from the nostr army knife",
 			Value:       "",
 			Category:    CATEGORY_EVENT_FIELDS,
@@ -107,7 +102,7 @@ example:
 		&cli.StringSliceFlag{
 			Name:     "tag",
 			Aliases:  []string{"t"},
-			Usage:    "sets a tag field on the event, takes a value like -t e=<id>",
+			Usage:    "sets a tag field on the event, takes a value like -t e=<id> or -t sometag=\"value one;value two;value three\"",
 			Category: CATEGORY_EVENT_FIELDS,
 		},
 		&cli.StringSliceFlag{
@@ -133,47 +128,45 @@ example:
 			Value:       nostr.Now(),
 			Category:    CATEGORY_EVENT_FIELDS,
 		},
-	},
+	),
 	ArgsUsage: "[relay...]",
 	Action: func(ctx context.Context, c *cli.Command) error {
 		// try to connect to the relays here
 		var relays []*nostr.Relay
 		if relayUrls := c.Args().Slice(); len(relayUrls) > 0 {
-			_, relays = connectToAllRelays(ctx, relayUrls, false)
+			relays = connectToAllRelays(ctx, relayUrls, false)
 			if len(relays) == 0 {
 				log("failed to connect to any of the given relays.\n")
 				os.Exit(3)
 			}
 		}
-
 		defer func() {
 			for _, relay := range relays {
 				relay.Close()
 			}
 		}()

-		sec, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
+		kr, sec, err := gatherKeyerFromArguments(ctx, c)
 		if err != nil {
 			return err
 		}

 		doAuth := c.Bool("auth")

-		// then process input and generate events
-		for stdinEvent := range getStdinLinesOrBlank() {
-			evt := nostr.Event{
-				Tags: make(nostr.Tags, 0, 3),
-			}
+		// then process input and generate events:

-			kindWasSupplied := false
+		// will reuse this
+		var evt nostr.Event
+
+		// this is called when we have a valid json from stdin
+		handleEvent := func(stdinEvent string) error {
+			evt.Content = ""
+
+			kindWasSupplied := strings.Contains(stdinEvent, `"kind"`)
 			mustRehashAndResign := false

-			if stdinEvent != "" {
 			if err := easyjson.Unmarshal([]byte(stdinEvent), &evt); err != nil {
-					ctx = lineProcessingError(ctx, "invalid event received from stdin: %s", err)
-					continue
-				}
-				kindWasSupplied = strings.Contains(stdinEvent, `"kind"`)
+				return fmt.Errorf("invalid event received from stdin: %s", err)
 			}

 			if kind := c.Uint("kind"); slices.Contains(c.FlagNames(), "kind") {
@@ -184,16 +177,26 @@ example:
 				mustRehashAndResign = true
 			}

-			if content := c.String("content"); content != "" {
+			if c.IsSet("content") {
+				content := c.String("content")
+				if strings.HasPrefix(content, "@") {
+					filedata, err := os.ReadFile(content[1:])
+					if err != nil {
+						return fmt.Errorf("failed to read file '%s' for content: %w", content[1:], err)
+					}
+					evt.Content = string(filedata)
+				} else {
 					evt.Content = content
+				}
 				mustRehashAndResign = true
 			} else if evt.Content == "" && evt.Kind == 1 {
 				evt.Content = "hello from the nostr army knife"
 				mustRehashAndResign = true
 			}

-			tags := make(nostr.Tags, 0, 5)
-			for _, tagFlag := range c.StringSlice("tag") {
+			tagFlags := c.StringSlice("tag")
+			tags := make(nostr.Tags, 0, len(tagFlags)+2)
+			for _, tagFlag := range tagFlags {
 				// tags are in the format key=value
 				tagName, tagValue, found := strings.Cut(tagFlag, "=")
 				tag := []string{tagName}
@@ -202,20 +205,17 @@ example:
 					tagValues := strings.Split(tagValue, ";")
 					tag = append(tag, tagValues...)
 				}
-				tags = tags.AppendUnique(tag)
+				tags = append(tags, tag)
 			}

 			for _, etag := range c.StringSlice("e") {
 				tags = tags.AppendUnique([]string{"e", etag})
-				mustRehashAndResign = true
 			}
 			for _, ptag := range c.StringSlice("p") {
 				tags = tags.AppendUnique([]string{"p", ptag})
-				mustRehashAndResign = true
 			}
 			for _, dtag := range c.StringSlice("d") {
 				tags = tags.AppendUnique([]string{"d", dtag})
-				mustRehashAndResign = true
 			}
 			if len(tags) > 0 {
 				for _, tag := range tags {
@@ -232,12 +232,35 @@ example:
 				mustRehashAndResign = true
 			}

-			if evt.Sig == "" || mustRehashAndResign {
-				if bunker != nil {
-					if err := bunker.SignEvent(ctx, &evt); err != nil {
-						return fmt.Errorf("failed to sign with bunker: %w", err)
+			if c.IsSet("musig") || c.IsSet("sec") || c.IsSet("prompt-sec") {
+				mustRehashAndResign = true
 			}
-				} else if numSigners := c.Uint("musig"); numSigners > 1 && sec != "" {
+
+			if difficulty := c.Uint("pow"); difficulty > 0 {
+				// before doing pow we need the pubkey
+				if numSigners := c.Uint("musig"); numSigners > 1 {
+					pubkeys := c.StringSlice("musig-pubkey")
+					if int(numSigners) != len(pubkeys) {
+						return fmt.Errorf("when doing a pow with musig we must know all signer pubkeys upfront")
+					}
+					evt.PubKey, err = getMusigAggregatedKey(ctx, pubkeys)
+					if err != nil {
+						return err
+					}
+				} else {
+					evt.PubKey, _ = kr.GetPublicKey(ctx)
+				}
+
+				// try to generate work with this difficulty -- runs forever
+				nonceTag, _ := nip13.DoWork(ctx, evt, int(difficulty))
+				evt.Tags = append(evt.Tags, nonceTag)
+
+				mustRehashAndResign = true
+			}
+
+			if evt.Sig == "" || mustRehashAndResign {
+				if numSigners := c.Uint("musig"); numSigners > 1 {
+					// must do musig
 					pubkeys := c.StringSlice("musig-pubkey")
 					secNonce := c.String("musig-nonce-secret")
 					pubNonces := c.StringSlice("musig-nonce")
@@ -252,7 +275,7 @@ example:
 						// instructions for what to do should have been printed by the performMusig() function
 						return nil
 					}
-				} else if err := evt.Sign(sec); err != nil {
+				} else if err := kr.SignEvent(ctx, &evt); err != nil {
 					return fmt.Errorf("error signing with provided key: %w", err)
 				}
 			}
@@ -287,23 +310,12 @@ example:
 					}

 					// error publishing
-					if strings.HasPrefix(err.Error(), "msg: auth-required:") && (sec != "" || bunker != nil) && doAuth {
+					if strings.HasPrefix(err.Error(), "msg: auth-required:") && kr != nil && doAuth {
 						// if the relay is requesting auth and we can auth, let's do it
-						var pk string
-						if bunker != nil {
-							pk, err = bunker.GetPublicKey(ctx)
-							if err != nil {
-								return fmt.Errorf("failed to get public key from bunker: %w", err)
-							}
-						} else {
-							pk, _ = nostr.GetPublicKey(sec)
-						}
+						pk, _ := kr.GetPublicKey(ctx)
 						log("performing auth as %s... ", pk)
-						if err := relay.Auth(ctx, func(evt *nostr.Event) error {
-							if bunker != nil {
-								return bunker.SignEvent(ctx, evt)
-							}
-							return evt.Sign(sec)
+						if err := relay.Auth(ctx, func(authEvent *nostr.Event) error {
+							return kr.SignEvent(ctx, authEvent)
 						}); err == nil {
 							// try to publish again, but this time don't try to auth again
 							doAuth = false
@@ -319,6 +331,14 @@ example:
 					log(nevent + "\n")
 				}
 			}
+
+			return nil
+		}
+
+		for stdinEvent := range getJsonsOrBlank() {
+			if err := handleEvent(stdinEvent); err != nil {
+				ctx = lineProcessingError(ctx, err.Error())
+			}
 		}

 		exitIfLineProcessingError(ctx)
--- a/example_test.go
+++ b/example_test.go
@@ -67,6 +67,20 @@ func ExampleDecode() {
 	// }
 }

+func ExampleDecodePubkey() {
+	app.Run(ctx, []string{"nak", "decode", "-p", "npub10xlxvlhemja6c4dqv22uapctqupfhlxm9h8z3k2e72q4k9hcz7vqpkge6d", "npub1ccz8l9zpa47k6vz9gphftsrumpw80rjt3nhnefat4symjhrsnmjs38mnyd"})
+	// Output:
+	// 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+	// c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
+}
+
+func ExampleDecodeEventId() {
+	app.Run(ctx, []string{"nak", "decode", "-e", "nevent1qyd8wumn8ghj7urewfsk66ty9enxjct5dfskvtnrdakj7qgmwaehxw309aex2mrp0yh8wetnw3jhymnzw33jucm0d5hszxthwden5te0wfjkccte9eekummjwsh8xmmrd9skctcpzamhxue69uhkzarvv9ejumn0wd68ytnvv9hxgtcqyqllp5v5j0nxr74fptqxkhvfv0h3uj870qpk3ln8a58agyxl3fka296ewr8", "nevent1qqswh48lurxs8u0pll9qj2rzctvjncwhstpzlstq59rdtzlty79awns5hl5uf"})
+	// Output:
+	// 3ff0d19493e661faa90ac06b5d8963ef1e48fe780368fe67ed0fd410df8a6dd5
+	// ebd4ffe0cd03f1e1ffca092862c2d929e1d782c22fc160a146d58beb278bd74e
+}
+
 func ExampleReq() {
 	app.Run(ctx, []string{"nak", "req", "-k", "1", "-l", "18", "-a", "2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f", "-e", "aec4de6d051a7c2b6ca2d087903d42051a31e07fb742f1240970084822de10a6"})
 	// Output:
@@ -116,3 +130,9 @@ func ExampleReqWithFlagsAfter3() {
 	// Output:
 	// {"kind":1,"id":"101572c80ebdc963dab8440f6307387a3023b6d90f7e495d6c5ee1ef77045a67","pubkey":"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24","created_at":1720987305,"tags":[["e","ceacdc29fa7a0b51640b30d2424e188215460617db5ba5bb52d3fbf0094eebb3","","root"],["e","9f3c1121c96edf17d84b9194f74d66d012b28c4e25b3ef190582c76b8546a188","","reply"],["p","3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"],["p","6b96c3eb36c6cd457d906bbaafe7b36cacfb8bcc4ab235be6eab3b71c6669251"]],"content":"Nope. I grew up playing in the woods. Never once saw a bear in the woods. If I did, I'd probably shiy my pants, then scream at it like I was a crazy person with my arms above my head to make me seem huge.","sig":"b098820b4a5635865cada9f9a5813be2bc6dd7180e16e590cf30e07916d8ed6ed98ab38b64f3bfba12d88d37335f229f7ef8c084bc48132e936c664a54d3e650"}
 }
+
+func ExampleNaturalTimestamps() {
+	app.Run(ctx, []string{"nak", "event", "-t", "plu=pla", "-e", "3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24", "--ts", "May 19 2018 03:37:19", "-c", "nn"})
+	// Output:
+	// {"kind":0,"id":"b10da0095f96aa2accd99fa3d93bf29a76f51d2594cf5a0a52f8e961aecd0b67","pubkey":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","created_at":1526711839,"tags":[["plu","pla"],["e","3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"]],"content":"nn","sig":"988442c97064a041ba5e2bfbd64e84d3f819b2169e865511d9d53e74667949ff165325942acaa2ca233c8b529adedf12cf44088cf04081b56d098c5f4d52dd8f"}
+}
--- a/fetch.go
+++ b/fetch.go
@@ -2,32 +2,33 @@ package main

 import (
 	"context"
+	"fmt"

+	"github.com/urfave/cli/v3"
 	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip05"
 	"github.com/nbd-wtf/go-nostr/nip19"
-	sdk "github.com/nbd-wtf/nostr-sdk"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/nbd-wtf/go-nostr/sdk/hints"
 )

 var fetch = &cli.Command{
 	Name:  "fetch",
-	Usage: "fetches events related to the given nip19 code from the included relay hints or the author's NIP-65 relays.",
+	Usage: "fetches events related to the given nip19 or nip05 code from the included relay hints or the author's outbox relays.",
 	Description: `example usage:
        nak fetch nevent1qqsxrwm0hd3s3fddh4jc2574z3xzufq6qwuyz2rvv3n087zvym3dpaqprpmhxue69uhhqatzd35kxtnjv4kxz7tfdenju6t0xpnej4
        echo npub1h8spmtw9m2huyv6v2j2qd5zv956z2zdugl6mgx02f2upffwpm3nqv0j4ps | nak fetch --relay wss://relay.nostr.band`,
-	Flags: []cli.Flag{
+	DisableSliceFlagSeparator: true,
+	Flags: append(reqFilterFlags,
 		&cli.StringSliceFlag{
 			Name:    "relay",
 			Aliases: []string{"r"},
 			Usage:   "also use these relays to fetch from",
 		},
-	},
-	ArgsUsage: "[nip19code]",
+	),
+	ArgsUsage: "[nip05_or_nip19_code]",
 	Action: func(ctx context.Context, c *cli.Command) error {
-		pool := nostr.NewSimplePool(ctx)
-
 		defer func() {
-			pool.Relays.Range(func(_ string, relay *nostr.Relay) bool {
+			sys.Pool.Relays.Range(func(_ string, relay *nostr.Relay) bool {
 				relay.Close()
 				return true
 			})
@@ -35,18 +36,28 @@ var fetch = &cli.Command{

 		for code := range getStdinLinesOrArguments(c.Args()) {
 			filter := nostr.Filter{}
+			var authorHint string
+			relays := c.StringSlice("relay")

+			if nip05.IsValidIdentifier(code) {
+				pp, err := nip05.QueryIdentifier(ctx, code)
+				if err != nil {
+					ctx = lineProcessingError(ctx, "failed to fetch nip05: %s", err)
+					continue
+				}
+				authorHint = pp.PublicKey
+				relays = append(relays, pp.Relays...)
+				filter.Authors = append(filter.Authors, pp.PublicKey)
+			} else {
 				prefix, value, err := nip19.Decode(code)
 				if err != nil {
 					ctx = lineProcessingError(ctx, "failed to decode: %s", err)
 					continue
 				}

-			relays := c.StringSlice("relay")
 				if err := normalizeAndValidateRelayURLs(relays); err != nil {
 					return err
 				}
-			var authorHint string

 				switch prefix {
 				case "nevent":
@@ -56,35 +67,45 @@ var fetch = &cli.Command{
 						authorHint = v.Author
 					}
 					relays = append(relays, v.Relays...)
+				case "note":
+					filter.IDs = append(filter.IDs, value.(string))
 				case "naddr":
 					v := value.(nostr.EntityPointer)
+					filter.Kinds = []int{v.Kind}
 					filter.Tags = nostr.TagMap{"d": []string{v.Identifier}}
-				filter.Kinds = append(filter.Kinds, v.Kind)
 					filter.Authors = append(filter.Authors, v.PublicKey)
 					authorHint = v.PublicKey
 					relays = append(relays, v.Relays...)
 				case "nprofile":
 					v := value.(nostr.ProfilePointer)
 					filter.Authors = append(filter.Authors, v.PublicKey)
-				filter.Kinds = append(filter.Kinds, 0)
 					authorHint = v.PublicKey
 					relays = append(relays, v.Relays...)
 				case "npub":
 					v := value.(string)
 					filter.Authors = append(filter.Authors, v)
-				filter.Kinds = append(filter.Kinds, 0)
 					authorHint = v
+				default:
+					return fmt.Errorf("unexpected prefix %s", prefix)
+				}
 			}

 			if authorHint != "" {
-				relayList := sdk.FetchRelaysForPubkey(ctx, pool, authorHint,
-					"wss://purplepag.es", "wss://relay.damus.io", "wss://relay.noswhere.com",
-					"wss://nos.lol", "wss://public.relaying.io", "wss://relay.nostr.band")
-				for _, relayListItem := range relayList {
-					if relayListItem.Outbox {
-						relays = append(relays, relayListItem.URL)
+				for _, url := range relays {
+					sys.Hints.Save(authorHint, nostr.NormalizeURL(url), hints.LastInHint, nostr.Now())
+				}
+
+				for _, url := range sys.FetchOutboxRelays(ctx, authorHint, 3) {
+					relays = append(relays, url)
 				}
 			}
+
+			if err := applyFlagsToFilter(c, &filter); err != nil {
+				return err
+			}
+
+			if len(filter.Authors) > 0 && len(filter.Kinds) == 0 {
+				filter.Kinds = append(filter.Kinds, 0)
 			}

 			if len(relays) == 0 {
@@ -92,7 +113,7 @@ var fetch = &cli.Command{
 				continue
 			}

-			for ie := range pool.SubManyEose(ctx, relays, nostr.Filters{filter}) {
+			for ie := range sys.Pool.FetchMany(ctx, relays, filter) {
 				stdout(ie.Event)
 			}
 		}
--- a/flags.go
+++ b/flags.go
@@ -6,9 +6,9 @@ import (
 	"strconv"
 	"time"

+	"github.com/urfave/cli/v3"
 	"github.com/markusmobius/go-dateparser"
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/fiatjaf/cli/v3"
 )

 type NaturalTimeFlag = cli.FlagBase[nostr.Timestamp, struct{}, naturalTimeValue]
--- a/go.mod
+++ b/go.mod
@@ -1,47 +1,77 @@
 module github.com/fiatjaf/nak

-go 1.22
+go 1.23.3

-toolchain go1.22.4
+toolchain go1.23.4

 require (
-	github.com/btcsuite/btcd/btcec/v2 v2.3.3
+	github.com/bep/debounce v1.2.1
+	github.com/btcsuite/btcd/btcec/v2 v2.3.4
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0
 	github.com/fatih/color v1.16.0
-	github.com/mailru/easyjson v0.7.7
+	github.com/fiatjaf/eventstore v0.15.0
+	github.com/fiatjaf/khatru v0.16.0
+	github.com/json-iterator/go v1.1.12
+	github.com/mailru/easyjson v0.9.0
+	github.com/mark3labs/mcp-go v0.8.3
 	github.com/markusmobius/go-dateparser v1.2.3
-	github.com/nbd-wtf/go-nostr v0.34.2
-	github.com/nbd-wtf/nostr-sdk v0.0.5
-	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
+	github.com/nbd-wtf/go-nostr v0.50.3
+	github.com/urfave/cli/v3 v3.0.0-beta1
+	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac
 )

 require (
-	github.com/btcsuite/btcd/btcutil v1.1.3 // indirect
+	fiatjaf.com/lib v0.2.0 // indirect
+	github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3 // indirect
+	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/btcsuite/btcd v0.24.2 // indirect
+	github.com/btcsuite/btcd/btcutil v1.1.5 // indirect
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect
+	github.com/bytedance/sonic v1.12.10 // indirect
+	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chzyer/logex v1.1.10 // indirect
 	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
-	github.com/decred/dcrd/crypto/blake256 v1.0.1 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/coder/websocket v1.8.12 // indirect
+	github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect
+	github.com/dgraph-io/ristretto v1.0.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/elliotchance/pie/v2 v2.7.0 // indirect
-	github.com/fiatjaf/cli/v3 v3.0.0-20240723181502-e7dd498b16ae // indirect
-	github.com/fiatjaf/eventstore v0.2.16 // indirect
-	github.com/gobwas/httphead v0.1.0 // indirect
-	github.com/gobwas/pool v0.2.1 // indirect
-	github.com/gobwas/ws v1.4.0 // indirect
+	github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3 // indirect
+	github.com/fasthttp/websocket v1.5.12 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/graph-gophers/dataloader/v7 v7.1.0 // indirect
 	github.com/hablullah/go-hijri v1.0.2 // indirect
 	github.com/hablullah/go-juliandays v1.0.0 // indirect
 	github.com/jalaali/go-jalaali v0.0.0-20210801064154-80525e88d958 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/magefile/mage v1.14.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/puzpuzpuz/xsync/v3 v3.1.0 // indirect
-	github.com/tetratelabs/wazero v1.2.1 // indirect
-	github.com/tidwall/gjson v1.17.1 // indirect
+	github.com/minio/simdjson-go v0.4.5 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/puzpuzpuz/xsync/v3 v3.5.0 // indirect
+	github.com/rs/cors v1.11.1 // indirect
+	github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38 // indirect
+	github.com/tetratelabs/wazero v1.8.0 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasthttp v1.58.0 // indirect
 	github.com/wasilibs/go-re2 v1.3.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/arch v0.15.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,15 +1,25 @@
+fiatjaf.com/lib v0.2.0 h1:TgIJESbbND6GjOgGHxF5jsO6EMjuAxIzZHPo5DXYexs=
+fiatjaf.com/lib v0.2.0/go.mod h1:Ycqq3+mJ9jAWu7XjbQI1cVr+OFgnHn79dQR5oTII47g=
+github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3 h1:ClzzXMDDuUbWfNNZqGeYq4PnYOlwlOVIvSyNaIy0ykg=
+github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3/go.mod h1:we0YA5CsBbH5+/NUzC/AlMmxaDtWlXeNsqrwXjTzmzA=
 github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
+github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
+github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
+github.com/bep/debounce v1.2.1 h1:v67fRdBA9UQu2NhLFXrSg0Brw7CexQekrBwDMM8bzeY=
+github.com/bep/debounce v1.2.1/go.mod h1:H8yggRPQKLUhUoqrJC1bO2xNya7vanpDl7xR3ISbCJ0=
 github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
 github.com/btcsuite/btcd v0.22.0-beta.0.20220111032746-97732e52810c/go.mod h1:tjmYdS6MLJ5/s0Fj4DbLgSbDHbEqLJrtnHecBFkdz5M=
-github.com/btcsuite/btcd v0.23.0/go.mod h1:0QJIIN1wwIXF/3G/m87gIwGniDMDQqjVn4SZgnFpsYY=
+github.com/btcsuite/btcd v0.23.5-0.20231215221805-96c9fd8078fd/go.mod h1:nm3Bko6zh6bWP60UxwoT5LzdGJsQJaPo6HjduXq9p6A=
+github.com/btcsuite/btcd v0.24.2 h1:aLmxPguqxza+4ag8R1I2nnJjSu2iFn/kqtHTIImswcY=
+github.com/btcsuite/btcd v0.24.2/go.mod h1:5C8ChTkl5ejr3WHj8tkQSCmydiMEPB0ZhQhehpq7Dgg=
 github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
 github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
-github.com/btcsuite/btcd/btcec/v2 v2.3.3 h1:6+iXlDKE8RMtKsvK0gshlXIuPbyWM/h84Ensb7o3sC0=
-github.com/btcsuite/btcd/btcec/v2 v2.3.3/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
+github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
+github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
 github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A=
 github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE=
-github.com/btcsuite/btcd/btcutil v1.1.3 h1:xfbtw8lwpp0G6NwSHb+UE67ryTFHJAiNuipusjXSohQ=
-github.com/btcsuite/btcd/btcutil v1.1.3/go.mod h1:UR7dsSJzJUfMmFiiLlIrMq1lS9jh9EdCV7FStZSnpi0=
+github.com/btcsuite/btcd/btcutil v1.1.5 h1:+wER79R5670vs/ZusMTF1yTcRYE5GUsFbdjdisflzM8=
+github.com/btcsuite/btcd/btcutil v1.1.5/go.mod h1:PSZZ4UitpLBWzxGd5VGOrLnmOjtPP/a6HaFo12zMs00=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
 github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ=
@@ -23,41 +33,58 @@ github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku
 github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
 github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
+github.com/bytedance/sonic v1.12.10 h1:uVCQr6oS5669E9ZVW0HyksTLfNS7Q/9hV6IVS4nEMsI=
+github.com/bytedance/sonic v1.12.10/go.mod h1:uVvFidNmlt9+wa31S1urfwwthTWteBgG0hWuoKAXTx8=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/bytedance/sonic/loader v0.2.3 h1:yctD0Q3v2NOGfSWPLPvG2ggA2kV6TS6s4wioyEqssH0=
+github.com/bytedance/sonic/loader v0.2.3/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
+github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
+github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
-github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y=
-github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
+github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8=
+github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
+github.com/dgraph-io/ristretto v1.0.0 h1:SYG07bONKMlFDUYu5pEu3DGAh8c2OFNzKm6G9J4Si84=
+github.com/dgraph-io/ristretto v1.0.0/go.mod h1:jTi2FiYEhQ1NsMmA7DeBykizjOuY88NhKBkepyu1jPc=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/dvyukov/go-fuzz v0.0.0-20200318091601-be3528f3a813/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/elliotchance/pie/v2 v2.7.0 h1:FqoIKg4uj0G/CrLGuMS9ejnFKa92lxE1dEgBD3pShXg=
 github.com/elliotchance/pie/v2 v2.7.0/go.mod h1:18t0dgGFH006g4eVdDtWfgFZPQEgl10IoEO8YWEq3Og=
+github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3 h1:k7evIqJ2BtFn191DgY/b03N2bMYA/iQwzr4f/uHYn20=
+github.com/elnosh/gonuts v0.3.1-0.20250123162555-7c0381a585e3/go.mod h1:vgZomh4YQk7R3w4ltZc0sHwCmndfHkuX6V4sga/8oNs=
+github.com/fasthttp/websocket v1.5.12 h1:e4RGPpWW2HTbL3zV0Y/t7g0ub294LkiuXXUuTOUInlE=
+github.com/fasthttp/websocket v1.5.12/go.mod h1:I+liyL7/4moHojiOgUOIKEWm9EIxHqxZChS+aMFltyg=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
-github.com/fiatjaf/cli/v3 v3.0.0-20240714232133-bb036558919f h1:SQ5W4q4HfpAPA8e8uPADqs4dhI6VvVwUq00DtlpHIt0=
-github.com/fiatjaf/cli/v3 v3.0.0-20240714232133-bb036558919f/go.mod h1:Z1ItyMma7t6I7zHG9OpbExhHQOSkFf/96n+mAZ9MtVI=
-github.com/fiatjaf/cli/v3 v3.0.0-20240723181502-e7dd498b16ae h1:0B/1dU3YECIbPoBIRTQ4c0scZCNz9TVHtQpiODGrTTo=
-github.com/fiatjaf/cli/v3 v3.0.0-20240723181502-e7dd498b16ae/go.mod h1:aAWPO4bixZZxPtOnH6K3q4GbQ0jftUNDW9Oa861IRew=
-github.com/fiatjaf/eventstore v0.2.16 h1:NR64mnyUT5nJR8Sj2AwJTd1Hqs5kKJcCFO21ggUkvWg=
-github.com/fiatjaf/eventstore v0.2.16/go.mod h1:rUc1KhVufVmC+HUOiuPweGAcvG6lEOQCkRCn2Xn5VRA=
+github.com/fiatjaf/eventstore v0.15.0 h1:5UXe0+vIb30/cYcOWipks8nR3g+X8W224TFy5yPzivk=
+github.com/fiatjaf/eventstore v0.15.0/go.mod h1:KAsld5BhkmSck48aF11Txu8X+OGNmoabw4TlYVWqInc=
+github.com/fiatjaf/khatru v0.16.0 h1:xgGwnnOqE3989wEWm7c/z6Y6g4X92BFe/Xp1UWQ3Zmc=
+github.com/fiatjaf/khatru v0.16.0/go.mod h1:TLcMgPy3IAPh40VGYq6m+gxEMpDKHj+sumqcuvbSogc=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=
-github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
-github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=
-github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
-github.com/gobwas/ws v1.4.0 h1:CTaoG1tojrh4ucGPcoJFiAQUAsEWekEWvLy7GsVNqGs=
-github.com/gobwas/ws v1.4.0/go.mod h1:G3gNqMNtPppf5XUz7O4shetPpcZ1VJ7zt18dlUeakrc=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@@ -69,6 +96,12 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/graph-gophers/dataloader/v7 v7.1.0 h1:Wn8HGF/q7MNXcvfaBnLEPEFJttVHR8zuEqP1obys/oc=
+github.com/graph-gophers/dataloader/v7 v7.1.0/go.mod h1:1bKE0Dm6OUcTB/OAuYVOZctgIz7Q3d0XrYtlIzTgg6Q=
 github.com/hablullah/go-hijri v1.0.2 h1:drT/MZpSZJQXo7jftf5fthArShcaMtsal0Zf/dnmp6k=
 github.com/hablullah/go-hijri v1.0.2/go.mod h1:OS5qyYLDjORXzK4O1adFw9Q5WfhOcMdAKglDkcTxgWQ=
 github.com/hablullah/go-juliandays v1.0.0 h1:A8YM7wIj16SzlKT0SRJc9CD29iiaUzpBLzh5hr0/5p0=
@@ -81,11 +114,21 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
+github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/magefile/mage v1.14.0 h1:6QDX3g6z1YvJ4olPhT1wksUcSa/V0a1B+pJb73fBjyo=
 github.com/magefile/mage v1.14.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mark3labs/mcp-go v0.8.3 h1:IzlyN8BaP4YwUMUDqxOGJhGdZXEDQiAPX43dNPgnzrg=
+github.com/mark3labs/mcp-go v0.8.3/go.mod h1:cjMlBU0cv/cj9kjlgmRhoJ5JREdS7YX83xeIG9Ko/jE=
 github.com/markusmobius/go-dateparser v1.2.3 h1:TvrsIvr5uk+3v6poDjaicnAFJ5IgtFHgLiuMY2Eb7Nw=
 github.com/markusmobius/go-dateparser v1.2.3/go.mod h1:cMwQRrBUQlK1UI5TIFHEcvpsMbkWrQLXuaPNMFzuYLk=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
@@ -93,10 +136,15 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/nbd-wtf/go-nostr v0.34.2 h1:9b4qZ29DhQf9xEWN8/7zfDD868r1jFbpjrR3c+BHc+E=
-github.com/nbd-wtf/go-nostr v0.34.2/go.mod h1:NZQkxl96ggbO8rvDpVjcsojJqKTPwqhP4i82O7K5DJs=
-github.com/nbd-wtf/nostr-sdk v0.0.5 h1:rec+FcDizDVO0W25PX0lgYMXvP7zNNOgI3Fu9UCm4BY=
-github.com/nbd-wtf/nostr-sdk v0.0.5/go.mod h1:iJJsikesCGLNFZ9dLqhLPDzdt924EagUmdQxT3w2Lmk=
+github.com/minio/simdjson-go v0.4.5 h1:r4IQwjRGmWCQ2VeMc7fGiilu1z5du0gJ/I/FsKwgo5A=
+github.com/minio/simdjson-go v0.4.5/go.mod h1:eoNz0DcLQRyEDeaPr4Ru6JpjlZPzbA0IodxVJk8lO8E=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/nbd-wtf/go-nostr v0.50.3 h1:mRUJLOkCqnNTAwvjtSRogJyN3SUv1lze1UgnmqUBN0Q=
+github.com/nbd-wtf/go-nostr v0.50.3/go.mod h1:XJyV09CfSZCtuf1ApdQFc+3RuEYzt4E/pbXn+doA8tQ=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -106,42 +154,69 @@ github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/puzpuzpuz/xsync/v3 v3.1.0 h1:EewKT7/LNac5SLiEblJeUu8z5eERHrmRLnMQL2d7qX4=
-github.com/puzpuzpuz/xsync/v3 v3.1.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
+github.com/puzpuzpuz/xsync/v3 v3.5.0 h1:i+cMcpEDY1BkNm7lPDkCtE4oElsYLn+EKF8kAu2vXT4=
+github.com/puzpuzpuz/xsync/v3 v3.5.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
+github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
+github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38 h1:D0vL7YNisV2yqE55+q0lFuGse6U8lxlg7fYTctlT5Gc=
+github.com/savsgio/gotils v0.0.0-20240704082632-aef3928b8a38/go.mod h1:sM7Mt7uEoCeFSCBM+qBrqvEo+/9vdmj19wzp3yzUhmg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
-github.com/tetratelabs/wazero v1.2.1 h1:J4X2hrGzJvt+wqltuvcSjHQ7ujQxA9gb6PeMs4qlUWs=
-github.com/tetratelabs/wazero v1.2.1/go.mod h1:wYx2gNRg8/WihJfSDxA1TIL8H+GkfLYm+bIfbblu9VQ=
-github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
-github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tetratelabs/wazero v1.8.0 h1:iEKu0d4c2Pd+QSRieYbnQC9yiFlMS9D+Jr0LsRmcF4g=
+github.com/tetratelabs/wazero v1.8.0/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
+github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
+github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/urfave/cli/v3 v3.0.0-beta1 h1:6DTaaUarcM0wX7qj5Hcvs+5Dm3dyUTBbEwIWAjcw9Zg=
+github.com/urfave/cli/v3 v3.0.0-beta1/go.mod h1:FnIeEMYu+ko8zP1F9Ypr3xkZMIDqW3DR92yUtY39q1Y=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.58.0 h1:GGB2dWxSbEprU9j0iMJHgdKYJVDyjrOwF9RE59PbRuE=
+github.com/valyala/fasthttp v1.58.0/go.mod h1:SYXvHHaFp7QZHGKSHmoMipInhrI5StHrhDTYVEjK/Kw=
 github.com/wasilibs/go-re2 v1.3.0 h1:LFhBNzoStM3wMie6rN2slD1cuYH2CGiHpvNL3UtcsMw=
 github.com/wasilibs/go-re2 v1.3.0/go.mod h1:AafrCXVvGRJJOImMajgJ2M7rVmWyisVK7sFshbxnVrg=
 github.com/wasilibs/nottinygc v0.4.0 h1:h1TJMihMC4neN6Zq+WKpLxgd9xCFMw7O9ETLwY2exJQ=
 github.com/wasilibs/nottinygc v0.4.0/go.mod h1:oDcIotskuYNMpqMF23l7Z8uzD4TC0WXHK8jetlB3HIo=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
+github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
+golang.org/x/arch v0.15.0 h1:QtOrQd0bTUnhNVNndMpLHNWrDmYzZ2KDqSrEymqInZw=
+golang.org/x/arch v0.15.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w=
-golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac h1:l5+whBCLH3iH2ZNHYLbAe58bo7yrN4mVcnkHDYz5vvs=
+golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac/go.mod h1:hH+7mtFmImwwcMvScyxUhjuVHR3HGaDPMn9rMSUUbxo=
 golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -154,13 +229,13 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -179,3 +254,4 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
--- a/helpers.go
+++ b/helpers.go
@@ -3,90 +3,121 @@ package main
 import (
 	"bufio"
 	"context"
-	"encoding/hex"
 	"fmt"
+	"iter"
 	"math/rand"
+	"net/http"
+	"net/textproto"
 	"net/url"
 	"os"
+	"slices"
 	"strings"
 	"time"

-	"github.com/chzyer/readline"
 	"github.com/fatih/color"
+	"github.com/urfave/cli/v3"
+	jsoniter "github.com/json-iterator/go"
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/nbd-wtf/go-nostr/nip19"
-	"github.com/nbd-wtf/go-nostr/nip46"
-	"github.com/nbd-wtf/go-nostr/nip49"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/nbd-wtf/go-nostr/sdk"
 )

+var sys *sdk.System
+
+var (
+	hintsFilePath   string
+	hintsFileExists bool
+)
+
+var json = jsoniter.ConfigFastest
+
 const (
 	LINE_PROCESSING_ERROR = iota
 )

-var log = func(msg string, args ...any) {
-	fmt.Fprintf(color.Error, msg, args...)
-}
-
-var stdout = fmt.Println
+var (
+	log        = func(msg string, args ...any) { fmt.Fprintf(color.Error, msg, args...) }
+	logverbose = func(msg string, args ...any) {} // by default do nothing
+	stdout     = fmt.Println
+)

 func isPiped() bool {
 	stat, _ := os.Stdin.Stat()
 	return stat.Mode()&os.ModeCharDevice == 0
 }

-func getStdinLinesOrBlank() chan string {
-	multi := make(chan string)
-	if hasStdinLines := writeStdinLinesOrNothing(multi); !hasStdinLines {
-		single := make(chan string, 1)
-		single <- ""
-		close(single)
-		return single
-	} else {
-		return multi
+func getJsonsOrBlank() iter.Seq[string] {
+	var curr strings.Builder
+
+	return func(yield func(string) bool) {
+		hasStdin := writeStdinLinesOrNothing(func(stdinLine string) bool {
+			// we're look for an event, but it may be in multiple lines, so if json parsing fails
+			// we'll try the next line until we're successful
+			curr.WriteString(stdinLine)
+			stdinEvent := curr.String()
+
+			var dummy any
+			if err := json.Unmarshal([]byte(stdinEvent), &dummy); err != nil {
+				return true
+			}
+
+			if !yield(stdinEvent) {
+				return false
+			}
+
+			curr.Reset()
+			return true
+		})
+
+		if !hasStdin {
+			yield("{}")
+		}
 	}
 }

-func getStdinLinesOrArguments(args cli.Args) chan string {
+func getStdinLinesOrBlank() iter.Seq[string] {
+	return func(yield func(string) bool) {
+		hasStdin := writeStdinLinesOrNothing(func(stdinLine string) bool {
+			if !yield(stdinLine) {
+				return false
+			}
+			return true
+		})
+
+		if !hasStdin {
+			yield("")
+		}
+	}
+}
+
+func getStdinLinesOrArguments(args cli.Args) iter.Seq[string] {
 	return getStdinLinesOrArgumentsFromSlice(args.Slice())
 }

-func getStdinLinesOrArgumentsFromSlice(args []string) chan string {
+func getStdinLinesOrArgumentsFromSlice(args []string) iter.Seq[string] {
 	// try the first argument
 	if len(args) > 0 {
-		argsCh := make(chan string, 1)
-		go func() {
-			for _, arg := range args {
-				argsCh <- arg
-			}
-			close(argsCh)
-		}()
-		return argsCh
+		return slices.Values(args)
 	}

 	// try the stdin
-	multi := make(chan string)
-	writeStdinLinesOrNothing(multi)
-	return multi
+	return func(yield func(string) bool) {
+		writeStdinLinesOrNothing(yield)
+	}
 }

-func writeStdinLinesOrNothing(ch chan string) (hasStdinLines bool) {
+func writeStdinLinesOrNothing(yield func(string) bool) (hasStdinLines bool) {
 	if isPiped() {
 		// piped
-		go func() {
 		scanner := bufio.NewScanner(os.Stdin)
 		scanner.Buffer(make([]byte, 16*1024*1024), 256*1024*1024)
 		hasEmittedAtLeastOne := false
 		for scanner.Scan() {
-				ch <- strings.TrimSpace(scanner.Text())
+			if !yield(strings.TrimSpace(scanner.Text())) {
+				return
+			}
 			hasEmittedAtLeastOne = true
 		}
-			if !hasEmittedAtLeastOne {
-				ch <- ""
-			}
-			close(ch)
-		}()
-		return true
+		return hasEmittedAtLeastOne
 	} else {
 		// not piped
 		return false
@@ -120,13 +151,22 @@ func connectToAllRelays(
 	relayUrls []string,
 	forcePreAuth bool,
 	opts ...nostr.PoolOption,
-) (*nostr.SimplePool, []*nostr.Relay) {
+) []*nostr.Relay {
+	sys.Pool = nostr.NewSimplePool(context.Background(),
+		append(opts,
+			nostr.WithEventMiddleware(sys.TrackEventHints),
+			nostr.WithPenaltyBox(),
+			nostr.WithRelayOptions(
+				nostr.WithRequestHeader(http.Header{textproto.CanonicalMIMEHeaderKey("user-agent"): {"nak/s"}}),
+			),
+		)...,
+	)
+
 	relays := make([]*nostr.Relay, 0, len(relayUrls))
-	pool := nostr.NewSimplePool(ctx, opts...)
 relayLoop:
 	for _, url := range relayUrls {
 		log("connecting to %s... ", url)
-		if relay, err := pool.EnsureRelay(url); err == nil {
+		if relay, err := sys.Pool.EnsureRelay(url); err == nil {
 			if forcePreAuth {
 				log("waiting for auth challenge... ")
 				signer := opts[0].(nostr.WithAuthHandler)
@@ -140,7 +180,7 @@ relayLoop:
 						if (*challengeTag)[1] == "" {
 							return fmt.Errorf("auth not received yet *****")
 						}
-						return signer(authEvent)
+						return signer(ctx, nostr.RelayEvent{Event: authEvent, Relay: relay})
 					}); err == nil {
 						// auth succeeded
 						break challengeWaitLoop
@@ -166,7 +206,7 @@ relayLoop:
 			log(err.Error() + "\n")
 		}
 	}
-	return pool, relays
+	return relays
 }

 func lineProcessingError(ctx context.Context, msg string, args ...any) context.Context {
@@ -180,110 +220,6 @@ func exitIfLineProcessingError(ctx context.Context) {
 	}
 }

-func gatherSecretKeyOrBunkerFromArguments(ctx context.Context, c *cli.Command) (string, *nip46.BunkerClient, error) {
-	var err error
-
-	if bunkerURL := c.String("connect"); bunkerURL != "" {
-		clientKey := c.String("connect-as")
-		if clientKey != "" {
-			clientKey = strings.Repeat("0", 64-len(clientKey)) + clientKey
-		} else {
-			clientKey = nostr.GeneratePrivateKey()
-		}
-		bunker, err := nip46.ConnectBunker(ctx, clientKey, bunkerURL, nil, func(s string) {
-			fmt.Fprintf(color.Error, color.CyanString("[nip46]: open the following URL: %s"), s)
-		})
-		return "", bunker, err
-	}
-
-	sec := c.String("sec")
-
-	// check in the environment for the secret key
-	if sec == "" {
-		if key, ok := os.LookupEnv("NOSTR_PRIVATE_KEY"); ok {
-			sec = key
-		}
-	}
-
-	if c.Bool("prompt-sec") {
-		if isPiped() {
-			return "", nil, fmt.Errorf("can't prompt for a secret key when processing data from a pipe, try again without --prompt-sec")
-		}
-		sec, err = askPassword("type your secret key as ncryptsec, nsec or hex: ", nil)
-		if err != nil {
-			return "", nil, fmt.Errorf("failed to get secret key: %w", err)
-		}
-	}
-	if strings.HasPrefix(sec, "ncryptsec1") {
-		sec, err = promptDecrypt(sec)
-		if err != nil {
-			return "", nil, fmt.Errorf("failed to decrypt: %w", err)
-		}
-	} else if bsec, err := hex.DecodeString(leftPadKey(sec)); err == nil {
-		sec = hex.EncodeToString(bsec)
-	} else if prefix, hexvalue, err := nip19.Decode(sec); err != nil {
-		return "", nil, fmt.Errorf("invalid nsec: %w", err)
-	} else if prefix == "nsec" {
-		sec = hexvalue.(string)
-	}
-
-	if ok := nostr.IsValid32ByteHex(sec); !ok {
-		return "", nil, fmt.Errorf("invalid secret key")
-	}
-	return sec, nil, nil
-}
-
-func promptDecrypt(ncryptsec string) (string, error) {
-	for i := 1; i < 4; i++ {
-		var attemptStr string
-		if i > 1 {
-			attemptStr = fmt.Sprintf(" [%d/3]", i)
-		}
-		password, err := askPassword("type the password to decrypt your secret key"+attemptStr+": ", nil)
-		if err != nil {
-			return "", err
-		}
-		sec, err := nip49.Decrypt(ncryptsec, password)
-		if err != nil {
-			continue
-		}
-		return sec, nil
-	}
-	return "", fmt.Errorf("couldn't decrypt private key")
-}
-
-func askPassword(msg string, shouldAskAgain func(answer string) bool) (string, error) {
-	config := &readline.Config{
-		Stdout:                 color.Error,
-		Prompt:                 color.YellowString(msg),
-		InterruptPrompt:        "^C",
-		DisableAutoSaveHistory: true,
-		EnableMask:             true,
-		MaskRune:               '*',
-	}
-	return _ask(config, msg, "", shouldAskAgain)
-}
-
-func _ask(config *readline.Config, msg string, defaultValue string, shouldAskAgain func(answer string) bool) (string, error) {
-	rl, err := readline.NewEx(config)
-	if err != nil {
-		return "", err
-	}
-
-	rl.WriteStdin([]byte(defaultValue))
-	for {
-		answer, err := rl.Readline()
-		if err != nil {
-			return "", err
-		}
-		answer = strings.TrimSpace(strings.ToLower(answer))
-		if shouldAskAgain != nil && shouldAskAgain(answer) {
-			continue
-		}
-		return answer, err
-	}
-}
-
 const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"

 func randString(n int) string {
@@ -297,3 +233,17 @@ func randString(n int) string {
 func leftPadKey(k string) string {
 	return strings.Repeat("0", 64-len(k)) + k
 }
+
+var colors = struct {
+	reset   func(...any) (int, error)
+	italic  func(...any) string
+	italicf func(string, ...any) string
+	bold    func(...any) string
+	boldf   func(string, ...any) string
+}{
+	color.New(color.Reset).Print,
+	color.New(color.Italic).Sprint,
+	color.New(color.Italic).Sprintf,
+	color.New(color.Bold).Sprint,
+	color.New(color.Bold).Sprintf,
+}
--- a/helpers_key.go
+++ b/helpers_key.go
@@ -0,0 +1,161 @@
+package main
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/chzyer/readline"
+	"github.com/fatih/color"
+	"github.com/urfave/cli/v3"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/keyer"
+	"github.com/nbd-wtf/go-nostr/nip19"
+	"github.com/nbd-wtf/go-nostr/nip46"
+	"github.com/nbd-wtf/go-nostr/nip49"
+)
+
+var defaultKeyFlags = []cli.Flag{
+	&cli.StringFlag{
+		Name:        "sec",
+		Usage:       "secret key to sign the event, as nsec, ncryptsec or hex, or a bunker URL, it is more secure to use the environment variable NOSTR_SECRET_KEY than this flag",
+		DefaultText: "the key '1'",
+		Aliases:     []string{"connect"},
+		Category:    CATEGORY_SIGNER,
+	},
+	&cli.BoolFlag{
+		Name:     "prompt-sec",
+		Usage:    "prompt the user to paste a hex or nsec with which to sign the event",
+		Category: CATEGORY_SIGNER,
+	},
+	&cli.StringFlag{
+		Name:        "connect-as",
+		Usage:       "private key to use when communicating with nip46 bunkers",
+		DefaultText: "a random key",
+		Category:    CATEGORY_SIGNER,
+		Sources:     cli.EnvVars("NOSTR_CLIENT_KEY"),
+	},
+}
+
+func gatherKeyerFromArguments(ctx context.Context, c *cli.Command) (nostr.Keyer, string, error) {
+	key, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
+	if err != nil {
+		return nil, "", err
+	}
+
+	var kr nostr.Keyer
+	if bunker != nil {
+		kr = keyer.NewBunkerSignerFromBunkerClient(bunker)
+	} else {
+		kr, err = keyer.NewPlainKeySigner(key)
+	}
+
+	return kr, key, err
+}
+
+func gatherSecretKeyOrBunkerFromArguments(ctx context.Context, c *cli.Command) (string, *nip46.BunkerClient, error) {
+	var err error
+
+	sec := c.String("sec")
+	if strings.HasPrefix(sec, "bunker://") {
+		// it's a bunker
+		bunkerURL := sec
+		clientKey := c.String("connect-as")
+		if clientKey != "" {
+			clientKey = strings.Repeat("0", 64-len(clientKey)) + clientKey
+		} else {
+			clientKey = nostr.GeneratePrivateKey()
+		}
+		bunker, err := nip46.ConnectBunker(ctx, clientKey, bunkerURL, nil, func(s string) {
+			log(color.CyanString("[nip46]: open the following URL: %s"), s)
+		})
+		return "", bunker, err
+	}
+
+	// take private from flags, environment variable or default to 1
+	if sec == "" {
+		if key, ok := os.LookupEnv("NOSTR_SECRET_KEY"); ok {
+			sec = key
+		} else {
+			sec = "0000000000000000000000000000000000000000000000000000000000000001"
+		}
+	}
+
+	if c.Bool("prompt-sec") {
+		if isPiped() {
+			return "", nil, fmt.Errorf("can't prompt for a secret key when processing data from a pipe, try again without --prompt-sec")
+		}
+		sec, err = askPassword("type your secret key as ncryptsec, nsec or hex: ", nil)
+		if err != nil {
+			return "", nil, fmt.Errorf("failed to get secret key: %w", err)
+		}
+	}
+
+	if strings.HasPrefix(sec, "ncryptsec1") {
+		sec, err = promptDecrypt(sec)
+		if err != nil {
+			return "", nil, fmt.Errorf("failed to decrypt: %w", err)
+		}
+	} else if bsec, err := hex.DecodeString(leftPadKey(sec)); err == nil {
+		sec = hex.EncodeToString(bsec)
+	} else if prefix, hexvalue, err := nip19.Decode(sec); err != nil {
+		return "", nil, fmt.Errorf("invalid nsec: %w", err)
+	} else if prefix == "nsec" {
+		sec = hexvalue.(string)
+	}
+
+	if ok := nostr.IsValid32ByteHex(sec); !ok {
+		return "", nil, fmt.Errorf("invalid secret key")
+	}
+
+	return sec, nil, nil
+}
+
+func promptDecrypt(ncryptsec string) (string, error) {
+	for i := 1; i < 4; i++ {
+		var attemptStr string
+		if i > 1 {
+			attemptStr = fmt.Sprintf(" [%d/3]", i)
+		}
+		password, err := askPassword("type the password to decrypt your secret key"+attemptStr+": ", nil)
+		if err != nil {
+			return "", err
+		}
+		sec, err := nip49.Decrypt(ncryptsec, password)
+		if err != nil {
+			continue
+		}
+		return sec, nil
+	}
+	return "", fmt.Errorf("couldn't decrypt private key")
+}
+
+func askPassword(msg string, shouldAskAgain func(answer string) bool) (string, error) {
+	config := &readline.Config{
+		Stdout:                 color.Error,
+		Prompt:                 color.YellowString(msg),
+		InterruptPrompt:        "^C",
+		DisableAutoSaveHistory: true,
+		EnableMask:             true,
+		MaskRune:               '*',
+	}
+
+	rl, err := readline.NewEx(config)
+	if err != nil {
+		return "", err
+	}
+
+	for {
+		answer, err := rl.Readline()
+		if err != nil {
+			return "", err
+		}
+		answer = strings.TrimSpace(answer)
+		if shouldAskAgain != nil && shouldAskAgain(answer) {
+			continue
+		}
+		return answer, err
+	}
+}
--- a/key.go
+++ b/key.go
@@ -3,29 +3,28 @@ package main
 import (
 	"context"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
-	"os"
 	"strings"

 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcec/v2/schnorr/musig2"
 	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+	"github.com/urfave/cli/v3"
 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip19"
 	"github.com/nbd-wtf/go-nostr/nip49"
-	"github.com/fiatjaf/cli/v3"
 )

 var key = &cli.Command{
 	Name:                      "key",
-	Usage:       "operations on secret keys: generate, derive, encrypt, decrypt.",
+	Usage:                     "operations on secret keys: generate, derive, encrypt, decrypt",
 	Description:               ``,
+	DisableSliceFlagSeparator: true,
 	Commands: []*cli.Command{
 		generate,
 		public,
-		encrypt,
-		decrypt,
+		encryptKey,
+		decryptKey,
 		combine,
 	},
 }
@@ -34,6 +33,7 @@ var generate = &cli.Command{
 	Name:                      "generate",
 	Usage:                     "generates a secret key",
 	Description:               ``,
+	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
 		sec := nostr.GeneratePrivateKey()
 		stdout(sec)
@@ -46,24 +46,34 @@ var public = &cli.Command{
 	Usage:                     "computes a public key from a secret key",
 	Description:               ``,
 	ArgsUsage:                 "[secret]",
+	DisableSliceFlagSeparator: true,
+	Flags: []cli.Flag{
+		&cli.BoolFlag{
+			Name:  "with-parity",
+			Usage: "output 33 bytes instead of 32, the first one being either '02' or '03', a prefix indicating whether this pubkey is even or odd.",
+		},
+	},
 	Action: func(ctx context.Context, c *cli.Command) error {
 		for sec := range getSecretKeysFromStdinLinesOrSlice(ctx, c, c.Args().Slice()) {
-			pubkey, err := nostr.GetPublicKey(sec)
-			if err != nil {
-				ctx = lineProcessingError(ctx, "failed to derive public key: %s", err)
-				continue
+			b, _ := hex.DecodeString(sec)
+			_, pk := btcec.PrivKeyFromBytes(b)
+
+			if c.Bool("with-parity") {
+				stdout(hex.EncodeToString(pk.SerializeCompressed()))
+			} else {
+				stdout(hex.EncodeToString(pk.SerializeCompressed()[1:]))
 			}
-			stdout(pubkey)
 		}
 		return nil
 	},
 }

-var encrypt = &cli.Command{
+var encryptKey = &cli.Command{
 	Name:                      "encrypt",
 	Usage:                     "encrypts a secret key and prints an ncryptsec code",
-	Description: `uses the NIP-49 standard.`,
+	Description:               `uses the nip49 standard.`,
 	ArgsUsage:                 "<secret> <password>",
+	DisableSliceFlagSeparator: true,
 	Flags: []cli.Flag{
 		&cli.IntFlag{
 			Name:        "logn",
@@ -97,11 +107,12 @@ var encrypt = &cli.Command{
 	},
 }

-var decrypt = &cli.Command{
+var decryptKey = &cli.Command{
 	Name:                      "decrypt",
 	Usage:                     "takes an ncrypsec and a password and decrypts it into an nsec",
-	Description: `uses the NIP-49 standard.`,
+	Description:               `uses the nip49 standard.`,
 	ArgsUsage:                 "<ncryptsec-code> <password>",
+	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
 		var ncryptsec string
 		var password string
@@ -152,6 +163,7 @@ var combine = &cli.Command{

 However, if the intent is to check if two existing Nostr pubkeys match a given combined pubkey, then it might be sufficient to calculate the combined key for all the possible combinations of pubkeys in the input.`,
 	ArgsUsage:                 "[pubkey...]",
+	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
 		type Combination struct {
 			Variants []string `json:"input_variants"`
@@ -182,7 +194,7 @@ However, if the intent is to check if two existing Nostr pubkeys match a given c
 				for i, prefix := range []byte{0x02, 0x03} {
 					pubk, err := btcec.ParsePubKey(append([]byte{prefix}, keyb...))
 					if err != nil {
-						fmt.Fprintf(os.Stderr, "error parsing key %s: %s", keyhex, err)
+						log("error parsing key %s: %s", keyhex, err)
 						continue
 					}
 					group[i] = pubk
@@ -223,7 +235,7 @@ However, if the intent is to check if two existing Nostr pubkeys match a given c

 				agg, _, _, err := musig2.AggregateKeys(combining, true)
 				if err != nil {
-					fmt.Fprintf(os.Stderr, "error aggregating: %s", err)
+					log("error aggregating: %s", err)
 					return
 				}

@@ -246,13 +258,13 @@ However, if the intent is to check if two existing Nostr pubkeys match a given c
 		}

 		res, _ := json.MarshalIndent(result, "", "  ")
-		fmt.Println(string(res))
+		stdout(string(res))

 		return nil
 	},
 }

-func getSecretKeysFromStdinLinesOrSlice(ctx context.Context, c *cli.Command, keys []string) chan string {
+func getSecretKeysFromStdinLinesOrSlice(ctx context.Context, _ *cli.Command, keys []string) chan string {
 	ch := make(chan string)
 	go func() {
 		for sec := range getStdinLinesOrArgumentsFromSlice(keys) {
--- a/main.go
+++ b/main.go
@@ -2,52 +2,156 @@ package main

 import (
 	"context"
+	"net/http"
+	"net/textproto"
 	"os"
+	"path/filepath"

-	"github.com/fiatjaf/cli/v3"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/sdk"
+	"github.com/nbd-wtf/go-nostr/sdk/hints/memoryh"
+	"github.com/urfave/cli/v3"
 )

+var version string = "debug"
+
 var app = &cli.Command{
 	Name:                      "nak",
 	Suggest:                   true,
 	UseShortOptionHandling:    true,
-	AllowFlagsAfterArguments: true,
 	Usage:                     "the nostr army knife command-line tool",
+	DisableSliceFlagSeparator: true,
 	Commands: []*cli.Command{
-		req,
-		count,
-		fetch,
 		event,
+		req,
+		fetch,
+		count,
 		decode,
 		encode,
 		key,
 		verify,
 		relay,
 		bunker,
+		serve,
+		blossomCmd,
+		encrypt,
+		decrypt,
+		outbox,
+		wallet,
+		mcpServer,
+		curl,
+		dvm,
 	},
+	Version: version,
 	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:   "config-path",
+			Hidden: true,
+		},
 		&cli.BoolFlag{
 			Name:    "quiet",
 			Usage:   "do not print logs and info messages to stderr, use -qq to also not print anything to stdout",
 			Aliases: []string{"q"},
-			Persistent: true,
 			Action: func(ctx context.Context, c *cli.Command, b bool) error {
 				q := c.Count("quiet")
 				if q >= 1 {
 					log = func(msg string, args ...any) {}
 					if q >= 2 {
-						stdout = func(a ...any) (int, error) { return 0, nil }
+						stdout = func(_ ...any) (int, error) { return 0, nil }
 					}
 				}
 				return nil
 			},
 		},
+		&cli.BoolFlag{
+			Name:    "verbose",
+			Usage:   "print more stuff than normally",
+			Aliases: []string{"v"},
+			Action: func(ctx context.Context, c *cli.Command, b bool) error {
+				v := c.Count("verbose")
+				if v >= 1 {
+					logverbose = log
+				}
+				return nil
+			},
+		},
+	},
+	Before: func(ctx context.Context, c *cli.Command) (context.Context, error) {
+		configPath := c.String("config-path")
+		if configPath == "" {
+			if home, err := os.UserHomeDir(); err == nil {
+				configPath = filepath.Join(home, ".config/nak")
+			}
+		}
+		if configPath != "" {
+			hintsFilePath = filepath.Join(configPath, "outbox/hints.db")
+		}
+		if hintsFilePath != "" {
+			if _, err := os.Stat(hintsFilePath); !os.IsNotExist(err) {
+				hintsFileExists = true
+			}
+		}
+
+		if hintsFilePath != "" {
+			if data, err := os.ReadFile(hintsFilePath); err == nil {
+				hintsdb := memoryh.NewHintDB()
+				if err := json.Unmarshal(data, &hintsdb); err == nil {
+					sys = sdk.NewSystem(
+						sdk.WithHintsDB(hintsdb),
+					)
+					goto systemOperational
+				}
+			}
+		}
+
+		sys = sdk.NewSystem()
+
+	systemOperational:
+		sys.Pool = nostr.NewSimplePool(context.Background(),
+			nostr.WithAuthorKindQueryMiddleware(sys.TrackQueryAttempts),
+			nostr.WithEventMiddleware(sys.TrackEventHints),
+			nostr.WithRelayOptions(
+				nostr.WithRequestHeader(http.Header{textproto.CanonicalMIMEHeaderKey("user-agent"): {"nak/b"}}),
+			),
+		)
+
+		return ctx, nil
+	},
+	After: func(ctx context.Context, c *cli.Command) error {
+		// save hints database on exit
+		if hintsFileExists {
+			data, err := json.Marshal(sys.Hints)
+			if err != nil {
+				return err
+			}
+			return os.WriteFile(hintsFilePath, data, 0644)
+		}
+
+		return nil
 	},
 }

 func main() {
+	defer colors.reset()
+
+	cli.VersionFlag = &cli.BoolFlag{
+		Name:  "version",
+		Usage: "prints the version",
+	}
+
+	// a megahack to enable this curl command proxy
+	if len(os.Args) > 2 && os.Args[1] == "curl" {
+		if err := realCurl(); err != nil {
+			stdout(err)
+			colors.reset()
+			os.Exit(1)
+		}
+		return
+	}
+
 	if err := app.Run(context.Background(), os.Args); err != nil {
 		stdout(err)
+		colors.reset()
 		os.Exit(1)
 	}
 }
--- a/mcp.go
+++ b/mcp.go
@@ -0,0 +1,244 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip19"
+	"github.com/nbd-wtf/go-nostr/sdk"
+	"github.com/urfave/cli/v3"
+)
+
+var mcpServer = &cli.Command{
+	Name:                      "mcp",
+	Usage:                     "pander to the AI gods",
+	Description:               ``,
+	DisableSliceFlagSeparator: true,
+	Flags:                     []cli.Flag{},
+	Action: func(ctx context.Context, c *cli.Command) error {
+		s := server.NewMCPServer(
+			"nak",
+			version,
+		)
+
+		s.AddTool(mcp.NewTool("publish_note",
+			mcp.WithDescription("Publish a short note event to Nostr with the given text content"),
+			mcp.WithString("relay",
+				mcp.Description("Relay to publish the note to"),
+			),
+			mcp.WithString("content",
+				mcp.Required(),
+				mcp.Description("Arbitrary string to be published"),
+			),
+			mcp.WithString("mention",
+				mcp.Required(),
+				mcp.Description("Nostr user's public key to be mentioned"),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			content, _ := request.Params.Arguments["content"].(string)
+			mention, _ := request.Params.Arguments["mention"].(string)
+			relayI, ok := request.Params.Arguments["relay"]
+			var relay string
+			if ok {
+				relay, _ = relayI.(string)
+			}
+
+			if mention != "" && !nostr.IsValidPublicKey(mention) {
+				return mcp.NewToolResultError("the given mention isn't a valid public key, it must be 32 bytes hex, like the ones returned by search_profile"), nil
+			}
+
+			sk := os.Getenv("NOSTR_SECRET_KEY")
+			if sk == "" {
+				sk = "0000000000000000000000000000000000000000000000000000000000000001"
+			}
+			var relays []string
+
+			evt := nostr.Event{
+				Kind:      1,
+				Tags:      nostr.Tags{{"client", "goose/nak"}},
+				Content:   content,
+				CreatedAt: nostr.Now(),
+			}
+
+			if mention != "" {
+				evt.Tags = append(evt.Tags, nostr.Tag{"p", mention})
+				// their inbox relays
+				relays = sys.FetchInboxRelays(ctx, mention, 3)
+			}
+
+			evt.Sign(sk)
+
+			// our write relays
+			relays = append(relays, sys.FetchOutboxRelays(ctx, evt.PubKey, 3)...)
+
+			if len(relays) == 0 {
+				relays = []string{"nos.lol", "relay.damus.io"}
+			}
+
+			// extra relay specified
+			relays = append(relays, relay)
+
+			result := strings.Builder{}
+			result.WriteString(
+				fmt.Sprintf("the event we generated has id '%s', kind '%d' and is signed by pubkey '%s'. ",
+					evt.ID,
+					evt.Kind,
+					evt.PubKey,
+				),
+			)
+
+			for res := range sys.Pool.PublishMany(ctx, relays, evt) {
+				if res.Error != nil {
+					result.WriteString(
+						fmt.Sprintf("there was an error publishing the event to the relay %s. ",
+							res.RelayURL),
+					)
+				} else {
+					result.WriteString(
+						fmt.Sprintf("the event was successfully published to the relay %s. ",
+							res.RelayURL),
+					)
+				}
+			}
+
+			return mcp.NewToolResultText(result.String()), nil
+		})
+
+		s.AddTool(mcp.NewTool("resolve_nostr_uri",
+			mcp.WithDescription("Resolve URIs prefixed with nostr:, including nostr:nevent1..., nostr:npub1..., nostr:nprofile1... and nostr:naddr1..."),
+			mcp.WithString("uri",
+				mcp.Required(),
+				mcp.Description("URI to be resolved"),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			uri, _ := request.Params.Arguments["uri"].(string)
+			if strings.HasPrefix(uri, "nostr:") {
+				uri = uri[6:]
+			}
+
+			prefix, data, err := nip19.Decode(uri)
+			if err != nil {
+				return mcp.NewToolResultError("this Nostr uri is invalid"), nil
+			}
+
+			switch prefix {
+			case "npub":
+				pm := sys.FetchProfileMetadata(ctx, data.(string))
+				return mcp.NewToolResultText(
+					fmt.Sprintf("this is a Nostr profile named '%s', their public key is '%s'",
+						pm.ShortName(), pm.PubKey),
+				), nil
+			case "nprofile":
+				pm, _ := sys.FetchProfileFromInput(ctx, uri)
+				return mcp.NewToolResultText(
+					fmt.Sprintf("this is a Nostr profile named '%s', their public key is '%s'",
+						pm.ShortName(), pm.PubKey),
+				), nil
+			case "nevent":
+				event, _, err := sys.FetchSpecificEventFromInput(ctx, uri, sdk.FetchSpecificEventParameters{
+					WithRelays: false,
+				})
+				if err != nil {
+					return mcp.NewToolResultError("Couldn't find this event anywhere"), nil
+				}
+
+				return mcp.NewToolResultText(
+					fmt.Sprintf("this is a Nostr event: %s", event),
+				), nil
+			case "naddr":
+				return mcp.NewToolResultError("For now we can't handle this kind of Nostr uri"), nil
+			default:
+				return mcp.NewToolResultError("We don't know how to handle this Nostr uri"), nil
+			}
+		})
+
+		s.AddTool(mcp.NewTool("search_profile",
+			mcp.WithDescription("Search for the public key of a Nostr user given their name"),
+			mcp.WithString("name",
+				mcp.Required(),
+				mcp.Description("Name to be searched"),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			name, _ := request.Params.Arguments["name"].(string)
+			re := sys.Pool.QuerySingle(ctx, []string{"relay.nostr.band", "nostr.wine"}, nostr.Filter{Search: name, Kinds: []int{0}})
+			if re == nil {
+				return mcp.NewToolResultError("couldn't find anyone with that name"), nil
+			}
+
+			return mcp.NewToolResultText(re.PubKey), nil
+		})
+
+		s.AddTool(mcp.NewTool("get_outbox_relay_for_pubkey",
+			mcp.WithDescription("Get the best relay from where to read notes from a specific Nostr user"),
+			mcp.WithString("pubkey",
+				mcp.Required(),
+				mcp.Description("Public key of Nostr user we want to know the relay from where to read"),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			pubkey, _ := request.Params.Arguments["pubkey"].(string)
+			res := sys.FetchOutboxRelays(ctx, pubkey, 1)
+			return mcp.NewToolResultText(res[0]), nil
+		})
+
+		s.AddTool(mcp.NewTool("read_events_from_relay",
+			mcp.WithDescription("Makes a REQ query to one relay using the specified parameters, this can be used to fetch notes from a profile"),
+			mcp.WithNumber("kind",
+				mcp.Required(),
+				mcp.Description("event kind number to include in the 'kinds' field"),
+			),
+			mcp.WithString("pubkey",
+				mcp.Description("pubkey to include in the 'authors' field"),
+			),
+			mcp.WithNumber("limit",
+				mcp.Required(),
+				mcp.Description("maximum number of events to query"),
+			),
+			mcp.WithString("relay",
+				mcp.Required(),
+				mcp.Description("relay URL to send the query to"),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			relay, _ := request.Params.Arguments["relay"].(string)
+			limit, _ := request.Params.Arguments["limit"].(int)
+			kind, _ := request.Params.Arguments["kind"].(int)
+			pubkeyI, ok := request.Params.Arguments["pubkey"]
+			var pubkey string
+			if ok {
+				pubkey, _ = pubkeyI.(string)
+			}
+
+			if pubkey != "" && !nostr.IsValidPublicKey(pubkey) {
+				return mcp.NewToolResultError("the given pubkey isn't a valid public key, it must be 32 bytes hex, like the ones returned by search_profile"), nil
+			}
+
+			filter := nostr.Filter{
+				Limit: limit,
+				Kinds: []int{kind},
+			}
+			if pubkey != "" {
+				filter.Authors = []string{pubkey}
+			}
+
+			events := sys.Pool.FetchMany(ctx, []string{relay}, filter)
+
+			result := strings.Builder{}
+			for ie := range events {
+				result.WriteString("author public key: ")
+				result.WriteString(ie.PubKey)
+				result.WriteString("content: '")
+				result.WriteString(ie.Content)
+				result.WriteString("'")
+				result.WriteString("\n---\n")
+			}
+
+			return mcp.NewToolResultText(result.String()), nil
+		})
+
+		return server.ServeStdio(s)
+	},
+}
--- a/musig2.go
+++ b/musig2.go
@@ -6,7 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
-	"os"
 	"strconv"
 	"strings"

@@ -15,8 +14,33 @@ import (
 	"github.com/nbd-wtf/go-nostr"
 )

+func getMusigAggregatedKey(_ context.Context, keys []string) (string, error) {
+	knownSigners := make([]*btcec.PublicKey, len(keys))
+	for i, spk := range keys {
+		bpk, err := hex.DecodeString(spk)
+		if err != nil {
+			return "", fmt.Errorf("'%s' is invalid hex: %w", spk, err)
+		}
+		if len(bpk) == 32 {
+			return "", fmt.Errorf("'%s' is missing the leading parity byte", spk)
+		}
+		pk, err := btcec.ParsePubKey(bpk)
+		if err != nil {
+			return "", fmt.Errorf("'%s' is not a valid pubkey: %w", spk, err)
+		}
+		knownSigners[i] = pk
+	}
+
+	aggpk, _, _, err := musig2.AggregateKeys(knownSigners, true)
+	if err != nil {
+		return "", fmt.Errorf("aggregation failed: %w", err)
+	}
+
+	return hex.EncodeToString(aggpk.FinalKey.SerializeCompressed()[1:]), nil
+}
+
 func performMusig(
-	ctx context.Context,
+	_ context.Context,
 	sec string,
 	evt *nostr.Event,
 	numSigners int,
@@ -110,8 +134,8 @@ func performMusig(
 		if err != nil {
 			return false, err
 		}
-		fmt.Fprintf(os.Stderr, "the following code should be saved secretly until the next step an included with --musig-nonce-secret:\n")
-		fmt.Fprintf(os.Stderr, "%s\n\n", base64.StdEncoding.EncodeToString(nonce.SecNonce[:]))
+		log("the following code should be saved secretly until the next step an included with --musig-nonce-secret:\n")
+		log("%s\n\n", base64.StdEncoding.EncodeToString(nonce.SecNonce[:]))

 		knownNonces = append(knownNonces, nonce.PubNonce)
 		printPublicCommandForNextPeer(evt, numSigners, knownSigners, knownNonces, nil, false)
@@ -124,7 +148,7 @@ func performMusig(
 	} else {
 		evt.PubKey = hex.EncodeToString(comb.SerializeCompressed()[1:])
 		evt.ID = evt.GetID()
-		fmt.Fprintf(os.Stderr, "combined key: %x\n\n", comb.SerializeCompressed())
+		log("combined key: %x\n\n", comb.SerializeCompressed())
 	}

 	// we have all the signers, which means we must also have all the nonces
@@ -219,7 +243,7 @@ func printPublicCommandForNextPeer(
 		maybeNonceSecret = " --musig-nonce-secret '<insert-nonce-secret>'"
 	}

-	fmt.Fprintf(os.Stderr, "the next signer and they should call this on their side:\nnak event --sec <insert-secret-key> --musig %d %s%s%s%s%s\n",
+	log("the next signer and they should call this on their side:\nnak event --sec <insert-secret-key> --musig %d %s%s%s%s%s\n",
 		numSigners,
 		eventToCliArgs(evt),
 		signersToCliArgs(knownSigners),
--- a/outbox.go
+++ b/outbox.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/urfave/cli/v3"
+	"github.com/nbd-wtf/go-nostr"
+)
+
+var outbox = &cli.Command{
+	Name:                      "outbox",
+	Usage:                     "manage outbox relay hints database",
+	DisableSliceFlagSeparator: true,
+	Commands: []*cli.Command{
+		{
+			Name:                      "init",
+			Usage:                     "initialize the outbox hints database",
+			DisableSliceFlagSeparator: true,
+			Action: func(ctx context.Context, c *cli.Command) error {
+				if hintsFileExists {
+					return nil
+				}
+				if hintsFilePath == "" {
+					return fmt.Errorf("couldn't find a place to store the hints, pass --config-path to fix.")
+				}
+
+				if err := os.MkdirAll(filepath.Dir(hintsFilePath), 0777); err == nil {
+					if err := os.WriteFile(hintsFilePath, []byte("{}"), 0644); err != nil {
+						return fmt.Errorf("failed to create hints database: %w", err)
+					}
+				}
+
+				log("initialized hints database at %s\n", hintsFilePath)
+				return nil
+			},
+		},
+		{
+			Name:                      "list",
+			Usage:                     "list outbox relays for a given pubkey",
+			ArgsUsage:                 "<pubkey>",
+			DisableSliceFlagSeparator: true,
+			Action: func(ctx context.Context, c *cli.Command) error {
+				if !hintsFileExists {
+					log("running with temporary fragile data.\n")
+					log("call `nak outbox init` to setup persistence.\n")
+				}
+
+				if c.Args().Len() != 1 {
+					return fmt.Errorf("expected exactly one argument (pubkey)")
+				}
+
+				pubkey := c.Args().First()
+				if !nostr.IsValidPublicKey(pubkey) {
+					return fmt.Errorf("invalid public key: %s", pubkey)
+				}
+
+				for _, relay := range sys.FetchOutboxRelays(ctx, pubkey, 6) {
+					stdout(relay)
+				}
+
+				return nil
+			},
+		},
+	},
+}
--- a/relay.go
+++ b/relay.go
@@ -6,7 +6,6 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -14,15 +13,20 @@ import (
 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip11"
 	"github.com/nbd-wtf/go-nostr/nip86"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/urfave/cli/v3"
 )

 var relay = &cli.Command{
 	Name:  "relay",
-	Usage: "gets the relay information document for the given relay, as JSON",
-	Description: `example:
-		nak relay nostr.wine`,
+	Usage: "gets the relay information document for the given relay, as JSON -- or allows usage of the relay management API.",
+	Description: `examples:
+	fetching relay information:
+		nak relay nostr.wine
+
+	managing a relay
+		nak relay nostr.wine banevent --sec 1234 --id 037eb3751073770ff17483b1b1ff125866cd5147668271975ef0a8a8e7ee184a --reason "I don't like it"`,
 	ArgsUsage:                 "<relay-url>",
+	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
 		for url := range getStdinLinesOrArguments(c.Args()) {
 			if url == "" {
@@ -41,9 +45,7 @@ var relay = &cli.Command{
 		return nil
 	},
 	Commands: (func() []*cli.Command {
-		commands := make([]*cli.Command, 0, 12)
-
-		for _, def := range []struct {
+		methods := []struct {
 			method string
 			args   []string
 		}{
@@ -65,7 +67,10 @@ var relay = &cli.Command{
 			{"blockip", []string{"ip", "reason"}},
 			{"unblockip", []string{"ip", "reason"}},
 			{"listblockedips", nil},
-		} {
+		}
+
+		commands := make([]*cli.Command, 0, len(methods))
+		for _, def := range methods {
 			def := def

 			flags := make([]cli.Flag, len(def.args), len(def.args)+4)
@@ -73,33 +78,15 @@ var relay = &cli.Command{
 				flags[i] = declareFlag(argName)
 			}

-			flags = append(flags,
-				&cli.StringFlag{
-					Name:        "sec",
-					Usage:       "secret key to sign the event, as nsec, ncryptsec or hex",
-					DefaultText: "the key '1'",
-					Value:       "0000000000000000000000000000000000000000000000000000000000000001",
-				},
-				&cli.BoolFlag{
-					Name:  "prompt-sec",
-					Usage: "prompt the user to paste a hex or nsec with which to sign the event",
-				},
-				&cli.StringFlag{
-					Name:  "connect",
-					Usage: "sign event using NIP-46, expects a bunker://... URL",
-				},
-				&cli.StringFlag{
-					Name:        "connect-as",
-					Usage:       "private key to when communicating with the bunker given on --connect",
-					DefaultText: "a random key",
-				},
-			)
+			flags = append(flags, defaultKeyFlags...)

 			cmd := &cli.Command{
 				Name:  def.method,
 				Usage: fmt.Sprintf(`the "%s" relay management RPC call`, def.method),
 				Description: fmt.Sprintf(
 					`the "%s" management RPC call, see https://nips.nostr.com/86 for more information`, def.method),
+				Flags:                     flags,
+				DisableSliceFlagSeparator: true,
 				Action: func(ctx context.Context, c *cli.Command) error {
 					params := make([]any, len(def.args))
 					for i, argName := range def.args {
@@ -114,7 +101,7 @@ var relay = &cli.Command{
 						return nil
 					}

-					sec, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
+					kr, _, err := gatherKeyerFromArguments(ctx, c)
 					if err != nil {
 						return err
 					}
@@ -131,7 +118,7 @@ var relay = &cli.Command{

 						// Authorization
 						payloadHash := sha256.Sum256(reqj)
-						authEvent := nostr.Event{
+						tokenEvent := nostr.Event{
 							Kind:      27235,
 							CreatedAt: nostr.Now(),
 							Tags: nostr.Tags{
@@ -140,14 +127,10 @@ var relay = &cli.Command{
 								{"payload", hex.EncodeToString(payloadHash[:])},
 							},
 						}
-						if bunker != nil {
-							if err := bunker.SignEvent(ctx, &authEvent); err != nil {
-								return fmt.Errorf("failed to sign with bunker: %w", err)
+						if err := kr.SignEvent(ctx, &tokenEvent); err != nil {
+							return fmt.Errorf("failed to sign token event: %w", err)
 						}
-						} else if err := authEvent.Sign(sec); err != nil {
-							return fmt.Errorf("error signing with provided key: %w", err)
-						}
-						evtj, _ := json.Marshal(authEvent)
+						evtj, _ := json.Marshal(tokenEvent)
 						req.Header.Set("Authorization", "Nostr "+base64.StdEncoding.EncodeToString(evtj))

 						// Content-Type
@@ -193,7 +176,6 @@ var relay = &cli.Command{

 					return nil
 				},
-				Flags: flags,
 			}

 			commands = append(commands, cmd)
--- a/req.go
+++ b/req.go
@@ -2,22 +2,25 @@ package main

 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"os"
 	"strings"

 	"github.com/mailru/easyjson"
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/fiatjaf/cli/v3"
+	"github.com/nbd-wtf/go-nostr/nip77"
+	"github.com/urfave/cli/v3"
 )

-const CATEGORY_FILTER_ATTRIBUTES = "FILTER ATTRIBUTES"
+const (
+	CATEGORY_FILTER_ATTRIBUTES = "FILTER ATTRIBUTES"
+	// CATEGORY_SIGNER            = "SIGNER OPTIONS" -- defined at event.go as the same (yes, I know)
+)

 var req = &cli.Command{
 	Name:  "req",
 	Usage: "generates encoded REQ messages and optionally use them to talk to relays",
-	Description: `outputs a NIP-01 Nostr filter. when a relay is not given, will print the filter, otherwise will connect to the given relay and send the filter.
+	Description: `outputs a nip01 Nostr filter. when a relay is not given, will print the filter, otherwise will connect to the given relay and send the filter.

 example:
 		nak req -k 1 -l 15 wss://nostr.wine wss://nostr-pub.wellorder.net
@@ -27,7 +30,159 @@ it can also take a filter from stdin, optionally modify it with flags and send i

 example:
 		echo '{"kinds": [1], "#t": ["test"]}' | nak req -l 5 -k 4549 --tag t=spam wss://nostr-pub.wellorder.net`,
-	Flags: []cli.Flag{
+	DisableSliceFlagSeparator: true,
+	Flags: append(defaultKeyFlags,
+		append(reqFilterFlags,
+			&cli.BoolFlag{
+				Name:  "ids-only",
+				Usage: "use nip77 to fetch just a list of ids",
+			},
+			&cli.BoolFlag{
+				Name:        "stream",
+				Usage:       "keep the subscription open, printing all events as they are returned",
+				DefaultText: "false, will close on EOSE",
+			},
+			&cli.BoolFlag{
+				Name:        "paginate",
+				Usage:       "make multiple REQs to the relay decreasing the value of 'until' until 'limit' or 'since' conditions are met",
+				DefaultText: "false",
+			},
+			&cli.DurationFlag{
+				Name:  "paginate-interval",
+				Usage: "time between queries when using --paginate",
+			},
+			&cli.UintFlag{
+				Name:        "paginate-global-limit",
+				Usage:       "global limit at which --paginate should stop",
+				DefaultText: "uses the value given by --limit/-l or infinite",
+			},
+			&cli.BoolFlag{
+				Name:  "bare",
+				Usage: "when printing the filter, print just the filter, not enveloped in a [\"REQ\", ...] array",
+			},
+			&cli.BoolFlag{
+				Name:  "auth",
+				Usage: "always perform nip42 \"AUTH\" when facing an \"auth-required: \" rejection and try again",
+			},
+			&cli.BoolFlag{
+				Name:     "force-pre-auth",
+				Aliases:  []string{"fpa"},
+				Usage:    "after connecting, for a nip42 \"AUTH\" message to be received, act on it and only then send the \"REQ\"",
+				Category: CATEGORY_SIGNER,
+			},
+		)...,
+	),
+	ArgsUsage: "[relay...]",
+	Action: func(ctx context.Context, c *cli.Command) error {
+		relayUrls := c.Args().Slice()
+		if len(relayUrls) > 0 {
+			relays := connectToAllRelays(ctx,
+				relayUrls,
+				c.Bool("force-pre-auth"),
+				nostr.WithAuthHandler(
+					func(ctx context.Context, authEvent nostr.RelayEvent) (err error) {
+						defer func() {
+							if err != nil {
+								log("auth to %s failed: %s\n",
+									(*authEvent.Tags.GetFirst([]string{"relay", ""}))[1],
+									err,
+								)
+							}
+						}()
+
+						if !c.Bool("auth") && !c.Bool("force-pre-auth") {
+							return fmt.Errorf("auth not authorized")
+						}
+						kr, _, err := gatherKeyerFromArguments(ctx, c)
+						if err != nil {
+							return err
+						}
+
+						pk, _ := kr.GetPublicKey(ctx)
+						log("performing auth as %s... ", pk)
+
+						return kr.SignEvent(ctx, authEvent.Event)
+					},
+				),
+			)
+			if len(relays) == 0 {
+				log("failed to connect to any of the given relays.\n")
+				os.Exit(3)
+			}
+			relayUrls = make([]string, len(relays))
+			for i, relay := range relays {
+				relayUrls[i] = relay.URL
+			}
+
+			defer func() {
+				for _, relay := range relays {
+					relay.Close()
+				}
+			}()
+		}
+
+		for stdinFilter := range getJsonsOrBlank() {
+			filter := nostr.Filter{}
+			if stdinFilter != "" {
+				if err := easyjson.Unmarshal([]byte(stdinFilter), &filter); err != nil {
+					ctx = lineProcessingError(ctx, "invalid filter '%s' received from stdin: %s", stdinFilter, err)
+					continue
+				}
+			}
+
+			if err := applyFlagsToFilter(c, &filter); err != nil {
+				return err
+			}
+
+			if len(relayUrls) > 0 {
+				if c.Bool("ids-only") {
+					seen := make(map[string]struct{}, max(500, filter.Limit))
+					for _, url := range relayUrls {
+						ch, err := nip77.FetchIDsOnly(ctx, url, filter)
+						if err != nil {
+							log("negentropy call to %s failed: %s", url, err)
+							continue
+						}
+						for id := range ch {
+							if _, ok := seen[id]; ok {
+								continue
+							}
+							seen[id] = struct{}{}
+							stdout(id)
+						}
+					}
+				} else {
+					fn := sys.Pool.FetchMany
+					if c.Bool("paginate") {
+						fn = sys.Pool.PaginatorWithInterval(c.Duration("paginate-interval"))
+					} else if c.Bool("stream") {
+						fn = sys.Pool.SubscribeMany
+					}
+
+					for ie := range fn(ctx, relayUrls, filter) {
+						stdout(ie.Event)
+					}
+				}
+			} else {
+				// no relays given, will just print the filter
+				var result string
+				if c.Bool("bare") {
+					result = filter.String()
+				} else {
+					j, _ := json.Marshal(nostr.ReqEnvelope{SubscriptionID: "nak", Filters: nostr.Filters{filter}})
+					result = string(j)
+				}
+
+				stdout(result)
+			}
+		}
+
+		exitIfLineProcessingError(ctx)
+		return nil
+	},
+}
+
+var reqFilterFlags = []cli.Flag{
 	&cli.StringSliceFlag{
 		Name:     "author",
 		Aliases:  []string{"a"},
@@ -87,105 +242,12 @@ example:
 	},
 	&cli.StringFlag{
 		Name:     "search",
-			Usage:    "a NIP-50 search query, use it only with relays that explicitly support it",
+		Usage:    "a nip50 search query, use it only with relays that explicitly support it",
 		Category: CATEGORY_FILTER_ATTRIBUTES,
 	},
-		&cli.BoolFlag{
-			Name:        "stream",
-			Usage:       "keep the subscription open, printing all events as they are returned",
-			DefaultText: "false, will close on EOSE",
-		},
-		&cli.BoolFlag{
-			Name:  "bare",
-			Usage: "when printing the filter, print just the filter, not enveloped in a [\"REQ\", ...] array",
-		},
-		&cli.BoolFlag{
-			Name:  "auth",
-			Usage: "always perform NIP-42 \"AUTH\" when facing an \"auth-required: \" rejection and try again",
-		},
-		&cli.BoolFlag{
-			Name:    "force-pre-auth",
-			Aliases: []string{"fpa"},
-			Usage:   "after connecting, for a NIP-42 \"AUTH\" message to be received, act on it and only then send the \"REQ\"",
-		},
-		&cli.StringFlag{
-			Name:        "sec",
-			Usage:       "secret key to sign the AUTH challenge, as hex or nsec",
-			DefaultText: "the key '1'",
-			Value:       "0000000000000000000000000000000000000000000000000000000000000001",
-		},
-		&cli.BoolFlag{
-			Name:  "prompt-sec",
-			Usage: "prompt the user to paste a hex or nsec with which to sign the AUTH challenge",
-		},
-		&cli.StringFlag{
-			Name:  "connect",
-			Usage: "sign AUTH using NIP-46, expects a bunker://... URL",
-		},
-		&cli.StringFlag{
-			Name:        "connect-as",
-			Usage:       "private key to when communicating with the bunker given on --connect",
-			DefaultText: "a random key",
-		},
-	},
-	ArgsUsage: "[relay...]",
-	Action: func(ctx context.Context, c *cli.Command) error {
-		var pool *nostr.SimplePool
-
-		relayUrls := c.Args().Slice()
-		if len(relayUrls) > 0 {
-			var relays []*nostr.Relay
-			pool, relays = connectToAllRelays(ctx, relayUrls, c.Bool("force-pre-auth"), nostr.WithAuthHandler(func(evt *nostr.Event) error {
-				if !c.Bool("auth") && !c.Bool("force-pre-auth") {
-					return fmt.Errorf("auth not authorized")
-				}
-				sec, bunker, err := gatherSecretKeyOrBunkerFromArguments(ctx, c)
-				if err != nil {
-					return err
-				}
-
-				var pk string
-				if bunker != nil {
-					pk, err = bunker.GetPublicKey(ctx)
-					if err != nil {
-						return fmt.Errorf("failed to get public key from bunker: %w", err)
-					}
-				} else {
-					pk, _ = nostr.GetPublicKey(sec)
-				}
-				log("performing auth as %s... ", pk)
-
-				if bunker != nil {
-					return bunker.SignEvent(ctx, evt)
-				} else {
-					return evt.Sign(sec)
-				}
-			}))
-			if len(relays) == 0 {
-				log("failed to connect to any of the given relays.\n")
-				os.Exit(3)
-			}
-			relayUrls = make([]string, len(relays))
-			for i, relay := range relays {
-				relayUrls[i] = relay.URL
-			}
-
-			defer func() {
-				for _, relay := range relays {
-					relay.Close()
-				}
-			}()
-		}
-
-		for stdinFilter := range getStdinLinesOrBlank() {
-			filter := nostr.Filter{}
-			if stdinFilter != "" {
-				if err := easyjson.Unmarshal([]byte(stdinFilter), &filter); err != nil {
-					ctx = lineProcessingError(ctx, "invalid filter '%s' received from stdin: %s", stdinFilter, err)
-					continue
-				}
 }

+func applyFlagsToFilter(c *cli.Command, filter *nostr.Filter) error {
 	if authors := c.StringSlice("author"); len(authors) > 0 {
 		filter.Authors = append(filter.Authors, authors...)
 	}
@@ -200,8 +262,8 @@ example:
 	}
 	tags := make([][]string, 0, 5)
 	for _, tagFlag := range c.StringSlice("tag") {
-				spl := strings.Split(tagFlag, "=")
-				if len(spl) == 2 && len(spl[0]) == 1 {
+		spl := strings.SplitN(tagFlag, "=", 2)
+		if len(spl) == 2 {
 			tags = append(tags, spl)
 		} else {
 			return fmt.Errorf("invalid --tag '%s'", tagFlag)
@@ -240,34 +302,9 @@ example:

 	if limit := c.Uint("limit"); limit != 0 {
 		filter.Limit = int(limit)
-			} else if c.IsSet("limit") || c.Bool("stream") {
+	} else if c.IsSet("limit") {
 		filter.LimitZero = true
 	}

-			if len(relayUrls) > 0 {
-				fn := pool.SubManyEose
-				if c.Bool("stream") {
-					fn = pool.SubMany
-				}
-
-				for ie := range fn(ctx, relayUrls, nostr.Filters{filter}) {
-					stdout(ie.Event)
-				}
-			} else {
-				// no relays given, will just print the filter
-				var result string
-				if c.Bool("bare") {
-					result = filter.String()
-				} else {
-					j, _ := json.Marshal(nostr.ReqEnvelope{SubscriptionID: "nak", Filters: nostr.Filters{filter}})
-					result = string(j)
-				}
-
-				stdout(result)
-			}
-		}
-
-		exitIfLineProcessingError(ctx)
 	return nil
-	},
 }
--- a/serve.go
+++ b/serve.go
@@ -0,0 +1,128 @@
+package main
+
+import (
+	"bufio"
+	"context"
+	"fmt"
+	"math"
+	"os"
+	"time"
+
+	"github.com/bep/debounce"
+	"github.com/fatih/color"
+	"github.com/fiatjaf/eventstore/slicestore"
+	"github.com/fiatjaf/khatru"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/urfave/cli/v3"
+)
+
+var serve = &cli.Command{
+	Name:                      "serve",
+	Usage:                     "starts an in-memory relay for testing purposes",
+	DisableSliceFlagSeparator: true,
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:  "hostname",
+			Usage: "hostname where to listen for connections",
+			Value: "localhost",
+		},
+		&cli.UintFlag{
+			Name:  "port",
+			Usage: "port where to listen for connections",
+			Value: 10547,
+		},
+		&cli.StringFlag{
+			Name:        "events",
+			Usage:       "file containing the initial batch of events that will be served by the relay as newline-separated JSON (jsonl)",
+			DefaultText: "the relay will start empty",
+		},
+	},
+	Action: func(ctx context.Context, c *cli.Command) error {
+		db := slicestore.SliceStore{MaxLimit: math.MaxInt}
+
+		var scanner *bufio.Scanner
+		if path := c.String("events"); path != "" {
+			f, err := os.Open(path)
+			if err != nil {
+				return fmt.Errorf("failed to file at '%s': %w", path, err)
+			}
+			scanner = bufio.NewScanner(f)
+		} else if isPiped() {
+			scanner = bufio.NewScanner(os.Stdin)
+		}
+
+		if scanner != nil {
+			scanner.Buffer(make([]byte, 16*1024*1024), 256*1024*1024)
+			i := 0
+			for scanner.Scan() {
+				var evt nostr.Event
+				if err := json.Unmarshal(scanner.Bytes(), &evt); err != nil {
+					return fmt.Errorf("invalid event received at line %d: %s (`%s`)", i, err, scanner.Text())
+				}
+				db.SaveEvent(ctx, &evt)
+				i++
+			}
+		}
+
+		rl := khatru.NewRelay()
+
+		rl.Info.Name = "nak serve"
+		rl.Info.Description = "a local relay for testing, debugging and development."
+		rl.Info.Software = "https://github.com/fiatjaf/nak"
+		rl.Info.Version = version
+
+		rl.QueryEvents = append(rl.QueryEvents, db.QueryEvents)
+		rl.CountEvents = append(rl.CountEvents, db.CountEvents)
+		rl.DeleteEvent = append(rl.DeleteEvent, db.DeleteEvent)
+		rl.StoreEvent = append(rl.StoreEvent, db.SaveEvent)
+
+		started := make(chan bool)
+		exited := make(chan error)
+
+		hostname := c.String("hostname")
+		port := int(c.Uint("port"))
+
+		go func() {
+			err := rl.Start(hostname, port, started)
+			exited <- err
+		}()
+
+		var printStatus func()
+
+		// relay logging
+		rl.RejectFilter = append(rl.RejectFilter, func(ctx context.Context, filter nostr.Filter) (reject bool, msg string) {
+			log("    got %s %v\n", color.HiYellowString("request"), colors.italic(filter))
+			printStatus()
+			return false, ""
+		})
+		rl.RejectCountFilter = append(rl.RejectCountFilter, func(ctx context.Context, filter nostr.Filter) (reject bool, msg string) {
+			log("    got %s %v\n", color.HiCyanString("count request"), colors.italic(filter))
+			printStatus()
+			return false, ""
+		})
+		rl.RejectEvent = append(rl.RejectEvent, func(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
+			log("    got %s %v\n", color.BlueString("event"), colors.italic(event))
+			printStatus()
+			return false, ""
+		})
+
+		d := debounce.New(time.Second * 2)
+		printStatus = func() {
+			d(func() {
+				totalEvents := 0
+				ch, _ := db.QueryEvents(ctx, nostr.Filter{})
+				for range ch {
+					totalEvents++
+				}
+				subs := rl.GetListeningFilters()
+
+				log("  %s events stored: %s, subscriptions opened: %s\n", color.HiMagentaString("•"), color.HiMagentaString("%d", totalEvents), color.HiMagentaString("%d", len(subs)))
+			})
+		}
+
+		<-started
+		log("%s relay running at %s\n", color.HiRedString(">"), colors.boldf("ws://%s:%d", hostname, port))
+
+		return <-exited
+	},
+}
--- a/verify.go
+++ b/verify.go
@@ -2,10 +2,9 @@ package main

 import (
 	"context"
-	"encoding/json"

+	"github.com/urfave/cli/v3"
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/fiatjaf/cli/v3"
 )

 var verify = &cli.Command{
@@ -15,6 +14,7 @@ var verify = &cli.Command{
 		echo '{"id":"a889df6a387419ff204305f4c2d296ee328c3cd4f8b62f205648a541b4554dfb","pubkey":"c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5","created_at":1698623783,"kind":1,"tags":[],"content":"hello from the nostr army knife","sig":"84876e1ee3e726da84e5d195eb79358b2b3eaa4d9bd38456fde3e8a2af3f1cd4cda23f23fda454869975b3688797d4c66e12f4c51c1b43c6d2997c5e61865661"}' | nak verify

 it outputs nothing if the verification is successful.`,
+	DisableSliceFlagSeparator: true,
 	Action: func(ctx context.Context, c *cli.Command) error {
 		for stdinEvent := range getStdinLinesOrArguments(c.Args()) {
 			evt := nostr.Event{}
@@ -31,7 +31,7 @@ it outputs nothing if the verification is successful.`,
 			}

 			if ok, err := evt.CheckSignature(); !ok {
-				ctx = lineProcessingError(ctx, "invalid signature: %s", err)
+				ctx = lineProcessingError(ctx, "invalid signature: %v", err)
 				continue
 			}
 		}
--- a/wallet.go
+++ b/wallet.go
@@ -0,0 +1,490 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/fatih/color"
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip60"
+	"github.com/nbd-wtf/go-nostr/nip61"
+	"github.com/nbd-wtf/go-nostr/sdk"
+	"github.com/urfave/cli/v3"
+)
+
+func prepareWallet(ctx context.Context, c *cli.Command) (*nip60.Wallet, func(), error) {
+	kr, _, err := gatherKeyerFromArguments(ctx, c)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pk, err := kr.GetPublicKey(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	relays := sys.FetchOutboxRelays(ctx, pk, 3)
+	w := nip60.LoadWallet(ctx, kr, sys.Pool, relays)
+	if w == nil {
+		return nil, nil, fmt.Errorf("error loading walle")
+	}
+
+	w.Processed = func(evt *nostr.Event, err error) {
+		if err == nil {
+			logverbose("processed event %s\n", evt)
+		} else {
+			log("error processing event %s: %s\n", evt, err)
+		}
+	}
+
+	w.PublishUpdate = func(event nostr.Event, deleted, received, change *nip60.Token, isHistory bool) {
+		desc := "wallet"
+		if received != nil {
+			mint, _ := strings.CutPrefix(received.Mint, "https://")
+			desc = fmt.Sprintf("received from %s with %d proofs totalling %d",
+				mint, len(received.Proofs), received.Proofs.Amount())
+		} else if change != nil {
+			mint, _ := strings.CutPrefix(change.Mint, "https://")
+			desc = fmt.Sprintf("change from %s with %d proofs totalling %d",
+				mint, len(change.Proofs), change.Proofs.Amount())
+		} else if deleted != nil {
+			mint, _ := strings.CutPrefix(deleted.Mint, "https://")
+			desc = fmt.Sprintf("deleting a used token from %s with %d proofs totalling %d",
+				mint, len(deleted.Proofs), deleted.Proofs.Amount())
+		} else if isHistory {
+			desc = "history entry"
+		}
+
+		log("- saving kind:%d event (%s)... ", event.Kind, desc)
+		first := true
+		for res := range sys.Pool.PublishMany(ctx, relays, event) {
+			cleanUrl, ok := strings.CutPrefix(res.RelayURL, "wss://")
+			if !ok {
+				cleanUrl = res.RelayURL
+			}
+
+			if !first {
+				log(", ")
+			}
+			first = false
+
+			if res.Error != nil {
+				log("%s: %s", color.RedString(cleanUrl), res.Error)
+			} else {
+				log("%s: ok", color.GreenString(cleanUrl))
+			}
+		}
+		log("\n")
+	}
+
+	<-w.Stable
+
+	return w, func() {
+		w.Close()
+	}, nil
+}
+
+var wallet = &cli.Command{
+	Name:                      "wallet",
+	Usage:                     "displays the current wallet balance",
+	Description:               "all wallet data is stored on Nostr relays, signed and encrypted with the given key, and reloaded again from relays on every call.\n\nthe same data can be accessed by other compatible nip60 clients.",
+	DisableSliceFlagSeparator: true,
+	Flags:                     defaultKeyFlags,
+	Action: func(ctx context.Context, c *cli.Command) error {
+		w, closew, err := prepareWallet(ctx, c)
+		if err != nil {
+			return err
+		}
+
+		stdout(w.Balance())
+
+		closew()
+		return nil
+	},
+	Commands: []*cli.Command{
+		{
+			Name:                      "mints",
+			Usage:                     "lists, adds or remove default mints from the wallet",
+			DisableSliceFlagSeparator: true,
+			Action: func(ctx context.Context, c *cli.Command) error {
+				w, closew, err := prepareWallet(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				for _, url := range w.Mints {
+					stdout(strings.Split(url, "://")[1])
+				}
+
+				closew()
+				return nil
+			},
+			Commands: []*cli.Command{
+				{
+					Name:                      "add",
+					DisableSliceFlagSeparator: true,
+					ArgsUsage:                 "<mint>...",
+					Action: func(ctx context.Context, c *cli.Command) error {
+						w, closew, err := prepareWallet(ctx, c)
+						if err != nil {
+							return err
+						}
+
+						if err := w.AddMint(ctx, c.Args().Slice()...); err != nil {
+							return err
+						}
+
+						closew()
+						return nil
+					},
+				},
+				{
+					Name:                      "remove",
+					DisableSliceFlagSeparator: true,
+					ArgsUsage:                 "<mint>...",
+					Action: func(ctx context.Context, c *cli.Command) error {
+						w, closew, err := prepareWallet(ctx, c)
+						if err != nil {
+							return err
+						}
+
+						if err := w.RemoveMint(ctx, c.Args().Slice()...); err != nil {
+							return err
+						}
+
+						closew()
+						return nil
+					},
+				},
+			},
+		},
+		{
+			Name:                      "tokens",
+			Usage:                     "lists existing tokens with their mints and aggregated amounts",
+			DisableSliceFlagSeparator: true,
+			Action: func(ctx context.Context, c *cli.Command) error {
+				w, closew, err := prepareWallet(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				for _, token := range w.Tokens {
+					stdout(token.ID(), token.Proofs.Amount(), strings.Split(token.Mint, "://")[1])
+				}
+
+				closew()
+				return nil
+			},
+		},
+		{
+			Name:                      "receive",
+			Usage:                     "takes a cashu token string as an argument and adds it to the wallet",
+			ArgsUsage:                 "<token>",
+			DisableSliceFlagSeparator: true,
+			Flags: []cli.Flag{
+				&cli.StringSliceFlag{
+					Name:  "mint",
+					Usage: "mint to swap the token into",
+				},
+			},
+			Action: func(ctx context.Context, c *cli.Command) error {
+				args := c.Args().Slice()
+				if len(args) != 1 {
+					return fmt.Errorf("must be called as `nak wallet receive <token>")
+				}
+
+				w, closew, err := prepareWallet(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				proofs, mint, err := nip60.GetProofsAndMint(args[0])
+				if err != nil {
+					return err
+				}
+
+				opts := make([]nip60.ReceiveOption, 0, 1)
+				for _, url := range c.StringSlice("mint") {
+					opts = append(opts, nip60.WithMintDestination(url))
+				}
+
+				if err := w.Receive(ctx, proofs, mint, opts...); err != nil {
+					return err
+				}
+
+				closew()
+				return nil
+			},
+		},
+		{
+			Name:                      "send",
+			Usage:                     "prints a cashu token with the given amount for sending to someone else",
+			ArgsUsage:                 "<amount>",
+			DisableSliceFlagSeparator: true,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:  "mint",
+					Usage: "send from a specific mint",
+				},
+			},
+			Action: func(ctx context.Context, c *cli.Command) error {
+				args := c.Args().Slice()
+				if len(args) != 1 {
+					return fmt.Errorf("must be called as `nak wallet send <amount>")
+				}
+				amount, err := strconv.ParseUint(args[0], 10, 64)
+				if err != nil {
+					return fmt.Errorf("amount '%s' is invalid", args[0])
+				}
+
+				w, closew, err := prepareWallet(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				opts := make([]nip60.SendOption, 0, 1)
+				if mint := c.String("mint"); mint != "" {
+					mint = "http" + nostr.NormalizeURL(mint)[2:]
+					opts = append(opts, nip60.WithMint(mint))
+				}
+				proofs, mint, err := w.Send(ctx, amount, opts...)
+				if err != nil {
+					return err
+				}
+
+				stdout(nip60.MakeTokenString(proofs, mint))
+
+				closew()
+				return nil
+			},
+		},
+		{
+			Name:                      "pay",
+			Usage:                     "pays a bolt11 lightning invoice and outputs the preimage",
+			ArgsUsage:                 "<invoice>",
+			DisableSliceFlagSeparator: true,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:  "mint",
+					Usage: "pay from a specific mint",
+				},
+			},
+			Action: func(ctx context.Context, c *cli.Command) error {
+				args := c.Args().Slice()
+				if len(args) != 1 {
+					return fmt.Errorf("must be called as `nak wallet pay <invoice>")
+				}
+
+				w, closew, err := prepareWallet(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				opts := make([]nip60.SendOption, 0, 1)
+				if mint := c.String("mint"); mint != "" {
+					mint = "http" + nostr.NormalizeURL(mint)[2:]
+					opts = append(opts, nip60.WithMint(mint))
+				}
+
+				preimage, err := w.PayBolt11(ctx, args[0], opts...)
+				if err != nil {
+					return err
+				}
+
+				stdout(preimage)
+
+				closew()
+				return nil
+			},
+		},
+		{
+			Name:                      "nutzap",
+			Usage:                     "sends a nip61 nutzap to one or more Nostr profiles and/or events",
+			ArgsUsage:                 "<amount> <target>",
+			Description:               "<amount> is in satoshis, <target> can be an npub, nprofile, nevent or hex pubkey.",
+			DisableSliceFlagSeparator: true,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:  "mint",
+					Usage: "send from a specific mint",
+				},
+				&cli.StringFlag{
+					Name:  "message",
+					Usage: "attach a message to the nutzap",
+				},
+			},
+			Action: func(ctx context.Context, c *cli.Command) error {
+				args := c.Args().Slice()
+				if len(args) < 2 {
+					return fmt.Errorf("must be called as `nak wallet nutzap <amount> <target>...")
+				}
+
+				w, closew, err := prepareWallet(ctx, c)
+				if err != nil {
+					return err
+				}
+
+				amount := c.Uint("amount")
+				target := c.String("target")
+
+				var evt *nostr.Event
+				var eventId string
+
+				if strings.HasPrefix(target, "nevent1") {
+					evt, _, err = sys.FetchSpecificEventFromInput(ctx, target, sdk.FetchSpecificEventParameters{
+						WithRelays: false,
+					})
+					if err != nil {
+						return err
+					}
+					eventId = evt.ID
+					target = evt.PubKey
+				}
+
+				pm, err := sys.FetchProfileFromInput(ctx, target)
+				if err != nil {
+					return err
+				}
+
+				log("sending %d sat to '%s' (%s)", amount, pm.ShortName(), pm.Npub())
+
+				opts := make([]nip60.SendOption, 0, 1)
+				if mint := c.String("mint"); mint != "" {
+					mint = "http" + nostr.NormalizeURL(mint)[2:]
+					opts = append(opts, nip60.WithMint(mint))
+				}
+
+				kr, _, _ := gatherKeyerFromArguments(ctx, c)
+				results, err := nip61.SendNutzap(
+					ctx,
+					kr,
+					w,
+					sys.Pool,
+					pm.PubKey,
+					sys.FetchInboxRelays,
+					sys.FetchOutboxRelays(ctx, pm.PubKey, 3),
+					eventId,
+					amount,
+					c.String("message"),
+				)
+				if err != nil {
+					return err
+				}
+
+				log("- publishing nutzap... ")
+				first := true
+				for res := range results {
+					cleanUrl, ok := strings.CutPrefix(res.RelayURL, "wss://")
+					if !ok {
+						cleanUrl = res.RelayURL
+					}
+
+					if !first {
+						log(", ")
+					}
+					first = false
+					if res.Error != nil {
+						log("%s: %s", color.RedString(cleanUrl), res.Error)
+					} else {
+						log("%s: ok", color.GreenString(cleanUrl))
+					}
+				}
+
+				closew()
+				return nil
+			},
+			Commands: []*cli.Command{
+				{
+					Name:                      "setup",
+					Usage:                     "setup your wallet private key and kind:10019 event for receiving nutzaps",
+					DisableSliceFlagSeparator: true,
+					Flags: []cli.Flag{
+						&cli.StringSliceFlag{
+							Name:  "mint",
+							Usage: "mints to receive nutzaps in",
+						},
+						&cli.StringFlag{
+							Name:  "private-key",
+							Usage: "private key used for receiving nutzaps",
+						},
+						&cli.BoolFlag{
+							Name:    "force",
+							Aliases: []string{"f"},
+							Usage:   "forces replacement of private-key",
+						},
+					},
+					Action: func(ctx context.Context, c *cli.Command) error {
+						w, closew, err := prepareWallet(ctx, c)
+						if err != nil {
+							return err
+						}
+
+						if w.PrivateKey == nil {
+							if sk := c.String("private-key"); sk != "" {
+								if err := w.SetPrivateKey(ctx, sk); err != nil {
+									return err
+								}
+							} else {
+								return fmt.Errorf("missing --private-key")
+							}
+						} else if sk := c.String("private-key"); sk != "" && !c.Bool("force") {
+							return fmt.Errorf("refusing to replace existing private key, use the --force flag")
+						}
+
+						kr, _, _ := gatherKeyerFromArguments(ctx, c)
+						pk, _ := kr.GetPublicKey(ctx)
+						relays := sys.FetchWriteRelays(ctx, pk, 6)
+
+						info := nip61.Info{}
+						ie := sys.Pool.QuerySingle(ctx, relays, nostr.Filter{
+							Kinds:   []int{10019},
+							Authors: []string{pk},
+							Limit:   1,
+						})
+						if ie != nil {
+							info.ParseEvent(ie.Event)
+						}
+
+						if mints := c.StringSlice("mints"); len(mints) == 0 && len(info.Mints) == 0 {
+							info.Mints = w.Mints
+						}
+						if len(info.Mints) == 0 {
+							return fmt.Errorf("missing --mint")
+						}
+
+						evt := nostr.Event{}
+						if err := info.ToEvent(ctx, kr, &evt); err != nil {
+							return err
+						}
+
+						stdout(evt)
+						log("- saving kind:10019 event... ")
+						first := true
+						for res := range sys.Pool.PublishMany(ctx, relays, evt) {
+							cleanUrl, ok := strings.CutPrefix(res.RelayURL, "wss://")
+							if !ok {
+								cleanUrl = res.RelayURL
+							}
+
+							if !first {
+								log(", ")
+							}
+							first = false
+
+							if res.Error != nil {
+								log("%s: %s", color.RedString(cleanUrl), res.Error)
+							} else {
+								log("%s: ok", color.GreenString(cleanUrl))
+							}
+						}
+
+						closew()
+						return nil
+					},
+				},
+			},
+		},
+	},
+}
--- a/zapstore.yaml
+++ b/zapstore.yaml
@@ -0,0 +1,14 @@
+nak:
+  cli:
+    name: nak
+    summary: a command line tool for doing all things nostr
+    repository: https://github.com/fiatjaf/nak
+    artifacts:
+      nak-v%v-darwin-arm64:
+        platforms: [darwin-arm64]
+      nak-v%v-darwin-amd64:
+        platforms: [darwin-x86_64]
+      nak-v%v-linux-arm64:
+        platforms: [linux-aarch64]
+      nak-v%v-linux-amd64:
+        platforms: [linux-x86_64]
Author	SHA1	Message	Date
fiatjaf	c1248eb37b	update dependencies, includes authenticated blossom blob uploads.	2025-03-07 10:23:52 -03:00
fiatjaf	c60bb82be8	small fixes on dvm flags and stuff.	2025-03-06 08:06:27 -03:00
fiatjaf	f5316a0f35	preliminary (broken) dvm support.	2025-03-05 22:01:24 -03:00
fiatjaf	e6448debf2	blossom command moved into here.	2025-03-05 00:37:42 -03:00
fiatjaf	7bb7543ef7	serve: setup relay info.	2025-03-03 16:29:20 -03:00
fiatjaf	43a3e5f40d	event: support reading --content from a file if the name starts with @.	2025-02-18 18:19:36 -03:00
fiatjaf	707e5b3918	req: print at least something when auth fails.	2025-02-17 17:01:29 -03:00
fiatjaf	faca2e50f0	adapt to FetchSpecificEvent() changes.	2025-02-17 16:54:31 -03:00
fiatjaf	26930d40bc	migrate to urfave/cli/v3 again now that they have flags after arguments.	2025-02-16 13:02:04 -03:00
fiatjaf	17920d8aef	adapt to go-nostr's new methods that take just one filter (and paginator).	2025-02-13 23:10:18 -03:00
fiatjaf	95bed5d5a8	nak req --ids-only	2025-02-12 16:37:17 -03:00
fiatjaf	2e30dfe2eb	wallet: fix nutzap error message.	2025-02-12 15:51:00 -03:00
fiatjaf	55c6f75b8a	mcp: fix a bunch of stupid bugs.	2025-02-07 16:54:23 -03:00
fiatjaf	1f2492c9b1	fix multiline handler thing for when we're don't have any stdin.	2025-02-05 20:42:55 -03:00
fiatjaf	d00976a669	curl: assume POST when there is data and no method is specified.	2025-02-05 10:39:30 -03:00
fiatjaf	4392293ed6	curl method and negative make fixes.	2025-02-05 10:22:04 -03:00
fiatjaf	60d1292f80	parse multiline json from input on nak event and nak req, use iterators instead of channels for more efficient stdin parsing.	2025-02-05 09:44:16 -03:00
fiatjaf	6c634d8081	nak curl	2025-02-04 23:20:35 -03:00
fiatjaf	1e353680bc	wallet: adapt to single-wallet nip60 mode and implement nutzapping.	2025-02-04 22:38:40 -03:00
fiatjaf	ff8701a3b0	fetch: stop adding kind:0 to all requests when they already have a kind specified.	2025-02-03 15:54:12 -03:00
fiatjaf	ad6b8c4ba5	more mcp stuff.	2025-02-02 00:21:25 -03:00
fiatjaf	dba3f648ad	experimental mcp server.	2025-01-31 23:44:03 -03:00
fiatjaf	12a1f1563e	wallet pay and fix missing tokens because the program was exiting before they were saved.	2025-01-30 19:59:54 -03:00
fiatjaf	e2dd3ca544	fix -v verbose flag (it was being used by the default --version flag).	2025-01-30 19:58:17 -03:00
fiatjaf	df5ebd3f56	global verbose flag.	2025-01-30 16:06:16 -03:00
fiatjaf	81571c6952	global bold/italic helpers.	2025-01-30 16:05:51 -03:00
fiatjaf	6e43a6b733	reword NIP-XX to nipXX everywhere.	2025-01-29 19:13:30 -03:00
fiatjaf	943e8835f9	nak wallet	2025-01-28 23:50:09 -03:00
fiatjaf	6b659c1552	fix @mleku unnecessary newlines.	2025-01-28 23:50:09 -03:00
mleku	aa53f2cd60	show env var in help, reset terminal mode correctly	2025-01-21 16:14:59 -03:00
fiatjaf	5509095277	nak outbox	2025-01-18 18:40:19 -03:00
fiatjaf	a3ef9b45de	update go-nostr to solve some websocket things like a stupid limit to the websocket message.	2025-01-18 15:45:08 -03:00
fiatjaf	df20a3241a	update go-nostr to fix url path normalization (@pablof7z's @primalhq NWC bug).	2025-01-16 21:46:43 -03:00
fiatjaf	53a2451303	update go-nostr and adjust user-agent stuff. this changes the websocket library we were using.	2025-01-16 16:02:08 -03:00
fiatjaf	2d992f235e	bunker: fix MarshalIndent() is not allowed to have a prefix on json-iterator.	2024-12-13 23:27:08 -03:00
franzap	7675929056	Add zapstore.yaml	2024-12-11 19:02:56 -03:00
fiatjaf	7f608588a2	improve count and support hyperloglog aggregation.	2024-12-10 23:28:36 -03:00
fiatjaf	fd5cd55f6f	replace encoding/json with json-iterator everywhere so we get rid of HTML encoding and maybe be faster.	2024-12-03 00:43:52 -03:00
redraw	932361fe8f	fix(decode): handle event id flag	2024-12-02 10:25:38 -03:00
redraw	11ae7bc4d3	add test ExampleDecodePubkey	2024-12-02 09:11:19 -03:00
redraw	7033bfee19	fix(decode): handle pubkey flag	2024-12-02 09:11:19 -03:00
fiatjaf	f425097c5a	allow filters with long tags (the 1-char restriction is only a convention, not a rule). fixes https://github.com/fiatjaf/nak/issues/44	2024-11-26 12:05:40 -03:00
fiatjaf	dd0ef2ca64	relay management examples on help.	2024-11-25 12:50:47 -03:00
Yasuhiro Matsumoto	491a094e07	close ch	2024-11-23 08:14:13 -03:00
fiatjaf	9d619ddf00	remove note1 encoding.	2024-11-19 07:47:11 -03:00
fiatjaf	5d32739573	update go-nostr again, apparently this was necessary.	2024-11-12 18:46:38 -03:00
fiatjaf	a187e448f2	get rid of some of the HTML escaping that plagues golang json.	2024-11-11 23:09:15 -03:00
fiatjaf	9a9e96a829	support $NOSTR_CLIENT_KEY environment variable for --connect-as	2024-11-11 22:33:17 -03:00
fiatjaf	4c6181d649	update go-nostr so all bunkers are nip44 maximalists.	2024-11-01 08:44:15 -03:00
fiatjaf	71b106fd45	update go-nostr so we always encrypt nip46 messages with nip44.	2024-10-30 10:39:09 -03:00
Yasuhiro Matsumoto	40892c1228	build arm binary for Raspberry Pi 32bit	2024-10-30 10:33:31 -03:00
fiatjaf	847f8aaa69	remove duplicated password decryption prompts by returning the bare key together with the Keyer when it is given.	2024-10-29 21:11:15 -03:00
fiatjaf	134d1225d6	nak event: presence of key flags indicates the need to resign a given event. fixes https://github.com/fiatjaf/nak/issues/41	2024-10-29 13:33:35 -03:00
fiatjaf	464766a836	allow "=" in tag value. fixes https://github.com/fiatjaf/nak/issues/40	2024-10-27 11:01:30 -03:00
fiatjaf	ea53eca74f	update go-nostr for nip44-on-nip46 fixes.	2024-10-27 09:56:49 -03:00
fiatjaf	38ed370c59	slightly improve verify error message.	2024-10-11 17:59:08 -03:00
fiatjaf	5b04bc4859	nak key public --with-parity	2024-10-08 09:08:50 -03:00
fiatjaf	2988c71ccb	nak/b and nak/s user-agents.	2024-09-26 22:17:31 -03:00
fiatjaf	d7c0ff2bb7	update go-nostr keyer interface and make req --auth work again.	2024-09-22 19:21:41 -03:00
fiatjaf	43fe41df5d	use log() function instead of fmt.Fprintf(os.Stderr) in some places.	2024-09-22 19:04:21 -03:00
fiatjaf	3215726417	use stdout() function instead of fmt.Println() in some places.	2024-09-21 12:02:09 -03:00
fiatjaf	a4886dc445	nak encrypt and nak decrypt: nip44 with option to do nip04. closes https://github.com/fiatjaf/nak/issues/36	2024-09-17 11:33:02 -03:00
fiatjaf	dae7eba8ca	use keyer.Keyer in most places instead of raw bunkers and plaintext keys, simplifies the code a little at the cost of some abstraction but I think it's strictly good this time.	2024-09-17 11:33:02 -03:00
fiatjaf	2b5f3355bc	use a single global sdk.System and its Pool.	2024-09-17 11:33:02 -03:00
fiatjaf	bd5ca27661	github.ref->github.ref_name as version variable.	2024-09-15 09:04:52 -03:00
fiatjaf	9d02301b2d	support --version using -X	2024-09-15 08:57:53 -03:00
arkinox	9bbc87b27a	specify how ; can separate multiple tag values	2024-09-10 19:13:25 -03:00
fiatjaf	88a07a3504	update go-nostr and nostr-sdk to fix bad nevent/naddr parsing bug.	2024-09-05 14:43:34 -03:00
fiatjaf	8a934cc76b	fix fetch naddr missing kind.	2024-08-28 16:13:19 -03:00
fiatjaf	e0c967efa9	fix natural timestamps test.	2024-08-26 15:59:48 -03:00
fiatjaf	36c32ae308	make it possible to have empty content on kind 1. fixes https://github.com/fiatjaf/nak/issues/32	2024-08-26 15:49:13 -03:00
fiatjaf	6d23509d8c	fetch: handle note1 case.	2024-08-25 17:10:06 -03:00
fiatjaf	29b6ecbafe	readme: how to download torrents.	2024-08-25 08:35:25 -03:00
fiatjaf	11f37afa5b	readme: how to watch livestreams from your terminal.	2024-08-24 21:40:08 -03:00
fiatjaf	cf1694704e	bunker: fix printing bunker uri.	2024-08-23 16:17:17 -03:00
fiatjaf	b3ef2c1289	update go-nostr because parallel work generation was broken.	2024-08-21 17:09:15 -03:00
fiatjaf	cfdea699bc	fix using NOSTR_SECRET_KEY environment variable.	2024-08-21 10:46:29 -03:00
fiatjaf	014c6bc11d	--pow: parallel work.	2024-08-20 23:06:14 -03:00
fiatjaf	0240866fa1	fix fetch for non-pubkey cases.	2024-08-20 18:39:17 -03:00
fiatjaf	a4d9ceecfa	do it again because blergh.	2024-08-20 17:13:01 -03:00
fiatjaf	56657d8aa9	update go-nostr.	2024-08-20 15:10:18 -03:00
fiatjaf	ea7b88cfd7	fix `fetch` with nip05 filter and make `req` filter options generalize to `fetch`. related: https://github.com/fiatjaf/nak/issues/19	2024-08-20 10:59:38 -03:00
fiatjaf	2042b14578	nak fetch: support nip05 codes. addresses https://github.com/fiatjaf/nak/issues/19	2024-08-20 10:48:09 -03:00
fiatjaf	9d43e66fac	nak event --pow closes https://github.com/fiatjaf/nak/issues/29	2024-08-20 10:34:47 -03:00
fiatjaf	85e9610265	test natural timestamps.	2024-08-20 10:29:00 -03:00
fiatjaf	2edfa5cbea	nak serve	2024-08-19 12:49:52 -03:00
fiatjaf	9690dc70cb	nak req --paginate	2024-08-18 23:38:03 -03:00
fiatjaf	c90e61dbec	set .DisableSliceFlagSeparator to true. fixes nostr:nevent1qqs9qwgwnr2rzguzrgt99hhhyv8e84mcdr4mnk86uvm6ndjvzl4rjxqpzpmhxue69uhkztnwdaejumr0dshsz9mhwden5te0vf5hgcm0d9hx2u3wwdhkx6tpdshszxnhwden5te0vfhhxarj9ekx2cm5w4exjene9ehx2ap0j8u0fj	2024-08-07 11:46:08 -03:00
fiatjaf	d226cd6ce4	fix password input lowercasing characters. fixes https://github.com/fiatjaf/nak/issues/28	2024-08-06 11:05:08 -03:00
fiatjaf	3d78e91f62	bunker: deny getPublicKey() even though it's harmless. fixes https://github.com/fiatjaf/nak/issues/27	2024-08-06 10:56:08 -03:00
fiatjaf	84965f2253	don't set limit to zero on --stream	2024-08-03 10:52:46 -03:00
fiatjaf	928c73513c	just move imports around.	2024-07-30 11:43:14 -03:00
fiatjaf	a36142604d	compile to riscv64.	2024-07-27 10:32:32 -03:00