docs(nip46-compatibility): add stacker.news + NDK 2.x/3.x bunker:// findings#47
Open
DocNR wants to merge 1 commit into
Open
docs(nip46-compatibility): add stacker.news + NDK 2.x/3.x bunker:// findings#47DocNR wants to merge 1 commit into
DocNR wants to merge 1 commit into
Conversation
…indings - New compatibility-matrix row for stacker.news (⚠️ Partial — bunker login hangs with Clave URI; fix at stackernews/stacker.news#2947) - New per-client notes section explaining the symptom + fix - New library-family entry: "NDK (@nostr-dev-kit/ndk) — bunker:// path" documents the two NIP-46 spec violations in NDK 2.x–3.0.3 on the bunker:// flow: 1. connect([userPubkey ?? "", secret]) — sends empty first param for bunker URIs without ?pubkey=, contrary to spec which says first param is the remote-signer-pubkey 2. only accepts response.result === "ack", rejecting the spec-allowed alternative (URI secret echoed back) with undefined Same bug class as rust-nostr ≤ 0.44.2. Upstream fix at nostr-dev-kit/ndk#390. - Renamed existing NDK library-family entry to "NDK (...) — nostrconnect:// path" to disambiguate (the nostrconnect flow is unaffected by these bugs and works correctly on NDK 3.0.3). - Added both PRs to the "Open upstream issues / PRs" table. - Changelog entry + bumped Last-updated date. Verification chain: - Reproduced the hang against unpatched @nostr-dev-kit/ndk@2.12.2 with a Clave-emulating mock NIP-46 bunker (returns secret echo per LightSigner.swift:564-568) on a local nak relay -> rejects in 39ms with undefined. - Patched override resolves in 112ms. - Live test against a real Clave bunker URI on relay.powr.build (TestFlight build) -> resolves in ~2s.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documents the NIP-46 bunker
connecthandshake bug class found while debugging stacker.news's bunker login against a Clave URI. Same bug class as the existing rust-nostr ≤ 0.44.2 entry.@nostr-dev-kit/ndk) —bunker://path" documenting two NIP-46 spec violations in NDK 2.x–3.0.3 on the bunker:// flow\"ack\"accepted (NIP-46 also allows the URI secret echoed back; Clave returns the latter perLightSigner.swift:564-568)nostrconnect://path" to disambiguate; the nostrconnect flow is unaffectedLast updateddateCompanion PRs
NDKNip46SignerURLPatch)Test plan
@nostr-dev-kit/ndk@2.12.2with a Clave-emulating mock NIP-46 bunker on a localnak serverelay → rejects in 39ms withundefined(the bug)relay.powr.build(TestFlight build) → resolves in ~2s🤖 Generated with Claude Code