Skip to content

Releases: nostr-wot/nostr-wot-extension

v0.3.4

Choose a tag to compare

@leonacostaok leonacostaok released this 14 Mar 21:16

Fixed

  • WebLN zaps broken in Coracle and other clientswebln_getInfo was missing the supports: ['lightning'] field that clients check to verify Lightning capability; webln_enable now adds the requesting domain to the allowed domains list (the standard WebLN connection handshake)

v0.3.3

Choose a tag to compare

@leonacostaok leonacostaok released this 13 Mar 12:25

v0.3.3 — Comprehensive Code Review & Security Hardening

Changed

  • Comprehensive code review (Round 2) — 10 parallel Opus agents audited the full codebase; 70 new findings documented in docs/code-review.md
  • Misc-handlers splitmisc-handlers.ts (507 lines) split into activity-handlers.ts, profile-handlers.ts, publish-handlers.ts
  • Graph module hardened — underscore-prefixed methods replaced with private modifier
  • NIP-07 input validation — added event.tags and event.created_at validation
  • signEvent zeroing contract — comprehensive JSDoc documenting caller responsibility for key zeroing
  • LNbits HTTP warning — console.warn when admin key sent over non-localhost HTTP

Fixed

  • Permission cache test failures (added storage.onChanged to browser mock)
  • Wallet balance assertions (msats-to-sats conversion in NWC test mocks)
  • Import extensions standardized (17 test files from .js to .ts)
  • nostr-tools/pure removal (replaced with own crypto; only nostr-tools/nip46 remains)
  • IDB upgrade deduplication (extracted shared upgradeDatabase() helper)
  • NODE_ENV changed from 'development' to 'production'

Added

  • lib/constants.ts — centralized magic numbers
  • lib/utils/async-lock.ts — shared async mutex
  • lib/bg/activity-handlers.ts — activity log handlers with write buffering
  • lib/bg/profile-handlers.ts — profile metadata and mute list handlers
  • lib/bg/publish-handlers.ts — event signing, broadcasting, and NIP-46 session handlers
  • docs/code-review.md — comprehensive Round 2 audit with 70 findings and prioritized roadmap

v0.3.2

Choose a tag to compare

@leonacostaok leonacostaok released this 10 Mar 21:47

What's Changed

Improved

  • Modularized background service worker — split the monolithic background.ts (~2800 lines) into 8 focused handler modules under lib/bg/; background.ts is now a ~300-line orchestrator with Map-based dispatch
  • Code quality — eliminated duplicate types, extracted shared helpers, removed dead code and unnecessary exports

Fixed

  • Sats display shows whole numbers — wallet balance, transaction amounts, invoice previews, and payment prompts no longer show decimal fractions
  • Wallet setup banner persists after setup — the "Set up wallet" banner on the home screen now disappears immediately after configuring a wallet

Assets

  • nostr-wot-chrome.zip — Chrome Web Store package (unminified)
  • nostr-wot-firefox.zip — Firefox Add-ons package (unminified)
  • nostr-wot-source.zip — Full source code for store review

Full Changelog: v0.3.1...v0.3.2

v0.2.2

Choose a tag to compare

@leonacostaok leonacostaok released this 03 Mar 00:50

What's Changed since v0.2.1

NIP-46 Remote Signer UX

  • Cancellable pending requests — NIP-46 in-flight requests now show a cancel button (×) on the approval card and in the detail modal, so users can dismiss stuck remote signer operations instead of waiting indefinitely
  • Abort infrastructure — All 5 NIP-46 call sites (signEvent, nip04/nip44 encrypt/decrypt) race against an AbortController for immediate cancellation
  • Hide permissions for NIP-46 accounts — Since the remote signer handles approval, "Manage permissions" is replaced with a "Managed by your signer app" banner on the Home tab and in Settings > Permissions
  • Filtered permission keys — NIP-46 accounts only show getPublicKey in the permissions editor (same as read-only), since signing permissions are meaningless locally

Fixes

  • CI workflow updated to use .ts extensions and tsx loader

v0.2.1

Choose a tag to compare

@leonacostaok leonacostaok released this 02 Mar 19:48

What's New

Nostr WoT is now a full identity provider and NIP-07 signer with Web of Trust verification. This release is a complete rewrite from the ground up.

Identity & Key Management

  • NIP-07 signer — Sign events directly from the extension when websites request it, without exposing your private keys
  • Multi-account encrypted vault — AES-256-GCM encrypted vault stores multiple Nostr identities with configurable auto-lock timer
  • HD sub-account derivation — Derive child accounts from your seed phrase (NIP-06)
  • Import seed, nsec, or encrypted nsec — Flexible key import options for existing Nostr users
  • Seed import/export — Import 12/24-word seed phrases; export with copy, download, or encrypted download
  • NIP-46 remote signer — Connect to bunker-based remote signers as an alternative to local keys
  • Read-only accounts — Import npub for watch-only access with clear "read-only" badges

Auto-Lock & Security

  • Auto-lock with timer — Configurable auto-lock (5 min, 15 min, 1 hour, or never) protects your keys when idle
  • Password-protected vault — Minimum 8-character password with PBKDF2 key derivation (210k iterations)

Permissions & Activity

  • Manage permissions per account and per site — Grant, deny, or prompt for each event kind on each domain
  • Check recent activity — View signing history per account and per domain
  • Approval drawer — Bottom drawer with reject-all, expand/group toggle, and individual request detail
  • Permission copy — Copy permissions from an existing account when adding a new one

Web of Trust

  • Sync modes for Web of Trust — Local database sync, remote oracle, or hybrid mode
  • Customizable badge injection experience — Trust distance badges on Nostr profiles across supported websites, with per-site enable/disable
  • Local blocks — Block accounts locally without publishing
  • Import mute lists — Import existing Nostr mute lists into your local filters
  • Trust sensitivity controls — Adjustable scoring parameters for WoT distance calculation

Onboarding

  • Follow suggestions — Curated follow suggestions with streaming profile data from relays
  • Smart step skipping — Wizard auto-skips steps that aren't needed for your setup
  • Wizard persistence — Wizard state survives popup close/reopen

Multi-Language

  • English, Spanish, Portuguese, German, French, Italian

Technical

  • Full TypeScript migration
  • Comprehensive test suite (crypto, vault, signer, permissions, communication, relay)
  • Chrome & Firefox packaging with automated build scripts

v0.1.1: Firefox Support & npub Input

Choose a tag to compare

@leonacostaok leonacostaok released this 17 Feb 12:43

What's New

Firefox Support

  • Now compatible with Firefox 128+ (MV3)
  • Cross-browser compatibility layer for seamless operation on both Chrome and Firefox

npub Format Support

  • Pubkey inputs now accept both hex and npub formats
  • Automatically converts npub to hex when saving

Improved Validation

  • Shows alert popup when trying to sync without a valid pubkey

Other Changes

  • Fixed data_collection_permissions format for Firefox Add-ons
  • Replaced unsafe innerHTML with safe DOM methods
  • Added deployment documentation (DEPLOY.md)

Installation

Chrome

Chrome Web Store

Firefox

Firefox Add-ons link coming soon

Manual Install

Download nostr-wot-extension.zip below and load as unpacked extension.


See CHANGELOG.md for full details.