ESP32 USB/NIP-46 Signer
Daily-use connected ESP32-S3 signer with USB/display review and bridged NIP-46 inputs.
Boundaries
- The companion handles NIP-46 bridge decisions via
nsealr nip46 decide; the device receives already-decrypted, validated signing requests. - USB transport uses bounded frames with request-bound capture checks. Bring-up is covered by
nsealr serial-line exchange. - Smoke evidence: companion-to-device serial smoke, sign-event-disabled smoke, firmware protocol evidence, Unicode fallback tracking.
signing_disableduntil hardening gates pass; approvals are bound toapproval_digest.
| Feature | Target | Current | Contract |
|---|---|---|---|
request_validation_v0 | required | implemented | signing-request-v0+implementation-limits-v0+invalid-vectors |
nostr_event_review_universal | required | implemented | trusted-review-v0+review-detail-pages-v0 |
review_detail_pages | optional | implemented | review-detail-pages-v0 |
approval_digest_binding | required | implemented | approval-digest-v0 |
physical_approval | required | partial | physical-approval-v0 |
sign_event_bip340 | required | disabled_until_gates_pass | nostr-sign-event-bip340-v0 |
serial_usb_transport | required | implemented | serial-usb-transport-v0 |
nip46_decrypted_bridge | required | partial | nip46-decrypted-bridge-v0 |
scoped_policy_automation | required | planned | scoped-policy-automation-v0 |
persistent_secret_custody | required | planned | persistent-secret-custody-v0 |
secure_boot_hardening | required | planned | firmware-boot-hardening-v0 |
response_verification | required | implemented | signed-response-verification-v0 |
stateless_session_custody | forbidden | forbidden | — |