signet-login 0.9.15 → 0.10.0

package/README.md

@@ -1,14 +1,19 @@
-# signet-login
+# Signet Access
 
 [![GitHub Sponsors](https://img.shields.io/github/sponsors/TheCryptoDonkey?logo=githubsponsors&color=ea4aaa&label=Sponsor)](https://github.com/sponsors/TheCryptoDonkey)
 
-**Sign in with Signet** for Nostr-aware websites. One picker, three backends:
+Published as `signet-login`.
 
-- **Browser extension** (NIP-07 — bark, Alby, nos2x, Flamingo, …)
-- **Sign in with Signet** (cross-device QR via NIP-17 gift-wrap)
-- **Paste bunker URI** (NIP-46 remote signer — Heartwood, nsecBunker, Amber)
+**Signet Access** is a drop-in auth and signer-access SDK for Nostr-aware websites. One picker, one session shape, multiple ways to prove identity and, when available, keep a live signer:
 
-Returns a unified `SignetSigner` your code can use to sign Nostr events going forward.
+- **Sign in with Signet** on this device or by cross-device QR
+- **Browser extension** via NIP-07 (bark, Alby, nos2x, Flamingo, ...)
+- **Connect a Nostr signer** via app-initiated NIP-46 / NostrConnect
+- **Paste or scan bunker URI** for Heartwood, nsecBunker, Amber, or compatible signers
+- **Sign in with Amber** via Android NIP-55
+- **Paste private key** as an in-memory, advanced fallback only
+
+Returns a unified `SignetSigner` plus a signed kind-21236 auth proof your server can verify before granting privileges.
 
 ## Install
 
@@ -58,20 +63,34 @@ Show the picker, return a `SignetSession` on success or `null` on cancel/timeout
 
 ```ts
 interface LoginOptions {
-  appName: string;                                      // shown in modal
-  challenge?: string;                                   // 64 hex; auto if omitted
-  preferredMethod?: 'nip07' | 'redirect' | 'bunker';    // skip the picker
-  relayUrl?: string;                                    // default wss://relay.damus.io
-  theme?: 'light' | 'dark' | 'auto';                    // default 'auto'
-  timeout?: number;                                     // default 120_000ms; clamped to [5k, 600k]
-  signetAppOrigin?: string;                             // default https://mysignet.app
-  redirectCallback?: string;                            // for same-device redirect (future)
-  persist?: boolean;                                    // default true (localStorage)
+  appName: string;                              // shown in modal
+  challenge?: string;                           // 64 hex; auto if omitted
+  preferredMethod?: LoginPickerMethod;          // skip the picker
+  methods?: LoginPickerMethod[];                // picker methods, in order
+  advancedMethods?: LoginPickerMethod[];        // grouped behind Advanced; [] = flat list
+  relayUrl?: string;                            // default wss://relay.damus.io
+  relayUrls?: string[];                         // repeated relay= params for NostrConnect
+  nostrConnectPerms?: string[];                 // default sign_event + NIP-44
+  theme?: 'light' | 'dark' | 'auto';            // default 'auto'
+  timeout?: number;                             // default 120_000ms; clamped to [5k, 600k]
+  signetAppOrigin?: string;                     // default https://mysignet.app
+  redirectCallback?: string;                    // for same-device redirect / Amber return
+  mode?: 'relay' | 'redirect';                  // Signet delivery mode
+  persist?: boolean;                            // default true (localStorage)
 }
 
+type LoginPickerMethod =
+  | 'nip07'
+  | 'redirect'      // same-device Signet, relay delivery
+  | 'qr'            // cross-device Signet QR
+  | 'bunker'        // paste bunker://
+  | 'nostrconnect'  // show nostrconnect:// QR
+  | 'amber'         // Android NIP-55
+  | 'nsec';         // in-memory private key fallback
+
 interface SignetSession {
   pubkey: string;                  // hex
-  method: 'nip07' | 'redirect' | 'bunker';
+  method: 'nip07' | 'redirect' | 'bunker' | 'nsec' | 'amber';
   signer: SignetSigner;
   authEvent: SignetAuthEvent;      // signed kind-21236 challenge proof
   expiresAt?: number;
@@ -79,6 +98,56 @@ interface SignetSession {
 }
 ```
 
+By default, the picker shows ordinary user-facing methods first and groups `bunker`, `nostrconnect`, and `nsec` behind **Advanced**. Control the surface per app:
+
+```js
+await Signet.login({
+  appName: 'My Game',
+  methods: ['redirect', 'qr', 'nip07'],
+});
+
+await Signet.login({
+  appName: 'Power User Tool',
+  methods: ['nip07', 'bunker', 'nostrconnect', 'nsec'],
+  advancedMethods: [], // flat picker
+  relayUrls: ['wss://relay.nsec.app', 'wss://relay.damus.io'],
+});
+```
+
+When camera APIs are available, the bunker URI screen can scan `bunker://` QR codes directly. Paste remains the fallback.
+
+### Headless/custom UI
+
+Use the exported signer constructors and proof helpers when your app owns the UI:
+
+```ts
+import {
+  createBunkerSigner,
+  createLoginAuthEvent,
+  createSessionFromSigner,
+  createLocalSignerFromNsec,
+} from 'signet-login';
+
+const signer = await createBunkerSigner({
+  uri: bunkerUri,
+  timeoutMs: 30_000,
+});
+
+const session = await createSessionFromSigner(signer, {
+  appName: 'My App',
+  challenge: challengeFromServer,
+  origin: 'https://my-app.example',
+});
+
+await fetch('/api/login', {
+  method: 'POST',
+  body: JSON.stringify({ authEvent: session.authEvent }),
+});
+```
+
+Headless exports include `hasNip07`, `createNip07Signer`, `createBunkerSigner`, `createBunkerSignerFromNostrConnect`, `buildNostrConnectUri`, `createLocalSignerFromNsec`, `createLoginAuthEvent`, `createSessionFromSigner`, and `generateSecretKey`.
+The IIFE bundle attaches the same helpers to `window.Signet`.
+
 ### `Signet.restoreSession(opts?)`
 
 Restore a session from localStorage. For bunker sessions this attempts to reconnect to the stored bunker. Returns `null` if no session is stored, the session is malformed, or reconnection fails.
@@ -98,14 +167,14 @@ Clear stored session and close the active signer.
 
 Run on your callback page when using the same-device redirect flow. Parses URL params and posts them to `window.opener` (if popup-opened), then closes the popup.
 
-## The three signers
+## Signers and capabilities
 
-All three implement `SignetSigner`:
+All session signers implement `SignetSigner`:
 
 ```ts
 interface SignetSigner {
   readonly pubkey: string;
-  readonly method: 'nip07' | 'redirect' | 'bunker';
+  readonly method: 'nip07' | 'redirect' | 'bunker' | 'nsec' | 'amber';
   readonly capabilities: { canSignEvents: boolean; hasNip44: boolean };
   signEvent(template: EventTemplate): Promise<NostrEvent>;
   nip44?: { encrypt, decrypt };
@@ -117,9 +186,10 @@ interface SignetSigner {
 |---|---|---|
 | `Nip07Signer` | true | `window.nostr` (any NIP-07 extension) |
 | `BunkerSignerImpl` | true | `nostr-tools` BunkerSigner over NIP-46 relay |
-| `EphemeralSigner` | **false** | Auth-only — redirect returned only `authEvent` |
+| `LocalSigner` | true | In-memory nsec fallback; never persisted |
+| `EphemeralSigner` | **false** | Auth-only Signet redirect / QR / Amber callback |
 
-`EphemeralSigner` exists because the v0.1 redirect flow returns a single signed challenge but no ongoing-signing channel. Use `signer.capabilities.canSignEvents` to gate UI:
+`EphemeralSigner` exists because some redirect-style flows return a signed challenge but no ongoing signing channel. Use `signer.capabilities.canSignEvents` to gate UI:
 
 ```js
 if (session.signer.capabilities.canSignEvents) {
@@ -129,7 +199,7 @@ if (session.signer.capabilities.canSignEvents) {
 }
 ```
 
-A future Option-B upgrade to signet-app will spawn a session-bunker per origin during the redirect approval, at which point redirect sessions will be full signers transparently. The SDK API does not change.
+When Signet or a signer app returns a `bunker://` handoff, the SDK upgrades the auth-only proof into a live `BunkerSignerImpl` if the handoff connects and matches the authenticated pubkey.
 
 ## Server-side verification
 
@@ -161,7 +231,7 @@ Session data is stored in localStorage under `signet:login.*`:
 | Key | Purpose |
 |---|---|
 | `signet:login.pubkey` | Authenticated pubkey |
-| `signet:login.method` | `nip07` / `redirect` / `bunker` |
+| `signet:login.method` | `nip07` / `redirect` / `bunker` / `amber` |
 | `signet:login.authEvent` | Serialised kind-21236 auth event |
 | `signet:login.bunkerUri` | Bunker URI for reconnect (bunker only) |
 | `signet:login.bunkerClientSk` | Client secret key hex (bunker only) |
@@ -190,7 +260,7 @@ Each SDK manages its own slice of `window.Signet` and `localStorage` namespaces.
 
 ## Bundle size
 
-Approx **48.5 KB gzipped** (135 KB unminified). The bulk is `nostr-tools` `BunkerSigner` for NIP-46 + `signet-verify` for the cross-device QR primitive. A future split-bundle could lazy-load the bunker path to halve the initial size.
+The ESM entry is approx **5.9 KB gzipped** before bundling dependencies. The standalone IIFE is approx **114.7 KB gzipped** because it includes NIP-46, Signet QR/relay support, and camera QR decoding. A future split-bundle could lazy-load advanced signer paths for smaller first-load pages.
 
 ## Browser support
 
@@ -207,9 +277,12 @@ npm test            # vitest in jsdom
 
 Examples in `examples/`:
 - `basic.html` — full demo with login / sign / logout / restore
+- `headless.html` — custom UI demo using signer constructors and proof helpers
 - `callback.html` — redirect-back receiver page
 
-Build the IIFE bundle first, then serve the repo root with any static server and open `examples/basic.html`.
+Build the IIFE bundle first, then serve the repo root with any static server and open `examples/basic.html` or `examples/headless.html`.
+
+See [docs/competitive-audit.md](docs/competitive-audit.md) for the current competitor comparison and roadmap priorities.
 
 ## Out of scope
 

package/dist/modal.js

@@ -12,7 +12,11 @@ import { waitForAuthResponse } from 'signet-verify';
 import { schnorr } from '@noble/curves/secp256k1';
 import { bytesToHex } from '@noble/hashes/utils';
 import QRCode from 'qrcode';
+import jsQR from 'jsqr';
 const QR_BUNKER_CONNECT_TIMEOUT_MS = 8000;
+const DEFAULT_PICKER_METHODS = ['nip07', 'amber', 'redirect', 'qr', 'bunker', 'nostrconnect', 'nsec'];
+const DEFAULT_ADVANCED_METHODS = ['bunker', 'nostrconnect', 'nsec'];
+const DEFAULT_NOSTR_CONNECT_PERMS = ['sign_event', 'nip44_encrypt', 'nip44_decrypt'];
 function escapeHtml(str) {
     return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
 }
@@ -144,33 +148,176 @@ function buttonStyle(dark, primary = false) {
     const fg = dark ? '#e0e0e0' : '#1a1a2e';
     return `background:transparent;color:${fg};border:1px solid ${border};padding:12px 16px;border-radius:8px;cursor:pointer;font-size:0.95rem;width:100%;margin-bottom:8px;text-align:left;display:flex;align-items:center;gap:12px;`;
 }
+function canUseCameraQrScanner() {
+    return typeof navigator !== 'undefined'
+        && !!navigator.mediaDevices
+        && typeof navigator.mediaDevices.getUserMedia === 'function'
+        && typeof document !== 'undefined';
+}
+function isAcceptedPairingQr(value, acceptedPrefixes) {
+    const lower = value.trim().toLowerCase();
+    return acceptedPrefixes.some(prefix => lower.startsWith(prefix));
+}
+async function startCameraQrScanner(input) {
+    const { container, status, acceptedPrefixes, onValue } = input;
+    if (!canUseCameraQrScanner())
+        throw new Error('camera-unavailable');
+    let stopped = false;
+    let frame = 0;
+    let stream = null;
+    const video = document.createElement('video');
+    const canvas = document.createElement('canvas');
+    const stopBtn = document.createElement('button');
+    video.muted = true;
+    video.playsInline = true;
+    video.style.cssText = 'display:block;width:100%;max-height:240px;object-fit:cover;border-radius:8px;background:#000;margin:0 0 8px;';
+    canvas.style.display = 'none';
+    stopBtn.type = 'button';
+    stopBtn.dataset.action = 'stop-scan';
+    stopBtn.textContent = 'Stop scan';
+    stopBtn.style.cssText = 'display:block;margin:0 auto 8px;background:transparent;border:1px solid currentColor;border-radius:8px;padding:8px 12px;cursor:pointer;color:inherit;';
+    const stop = () => {
+        if (stopped)
+            return;
+        stopped = true;
+        if (frame)
+            cancelAnimationFrame(frame);
+        if (stream) {
+            for (const track of stream.getTracks())
+                track.stop();
+        }
+        container.hidden = true;
+        container.replaceChildren();
+    };
+    stopBtn.addEventListener('click', () => {
+        stop();
+        if (status) {
+            status.textContent = 'QR scan stopped.';
+            status.style.color = '';
+        }
+    });
+    container.hidden = false;
+    container.replaceChildren(video, canvas, stopBtn);
+    if (status) {
+        status.textContent = 'Point your camera at a QR code...';
+        status.style.color = '';
+    }
+    try {
+        stream = await navigator.mediaDevices.getUserMedia({
+            audio: false,
+            video: { facingMode: { ideal: 'environment' } },
+        });
+        video.srcObject = stream;
+        await video.play();
+    }
+    catch (err) {
+        stop();
+        throw err;
+    }
+    const ctx = canvas.getContext('2d', { willReadFrequently: true });
+    if (!ctx) {
+        stop();
+        throw new Error('canvas-unavailable');
+    }
+    const tick = () => {
+        if (stopped)
+            return;
+        if (video.readyState >= HTMLMediaElement.HAVE_CURRENT_DATA && video.videoWidth > 0 && video.videoHeight > 0) {
+            canvas.width = video.videoWidth;
+            canvas.height = video.videoHeight;
+            ctx.drawImage(video, 0, 0, canvas.width, canvas.height);
+            const image = ctx.getImageData(0, 0, canvas.width, canvas.height);
+            const code = jsQR(image.data, image.width, image.height, { inversionAttempts: 'attemptBoth' });
+            const scanned = code?.data?.trim();
+            if (scanned) {
+                if (isAcceptedPairingQr(scanned, acceptedPrefixes)) {
+                    onValue(scanned);
+                    if (status) {
+                        status.textContent = 'QR code scanned.';
+                        status.style.color = '';
+                    }
+                    stop();
+                    return;
+                }
+                if (status) {
+                    status.textContent = 'That QR is not a supported pairing URI.';
+                    status.style.color = '#d04848';
+                }
+            }
+        }
+        frame = requestAnimationFrame(tick);
+    };
+    frame = requestAnimationFrame(tick);
+    return { stop };
+}
 // ── Picker ────────────────────────────────────────────────────────────────────
-function renderPicker(refs, appName, theme) {
-    const dark = isDarkMode(theme);
+const METHOD_META = {
+    nip07: { icon: '🌐', title: 'Browser extension', hint: 'bark, Alby, nos2x' },
+    amber: { icon: '🤖', title: 'Sign in with Amber', hint: 'Android signer (NIP-55)' },
+    redirect: { icon: '🪪', title: 'Sign in with Signet', hint: 'Open Signet on this device' },
+    qr: { icon: '📱', title: 'Signet on another device', hint: 'Scan QR with your phone' },
+    bunker: { icon: '🔑', title: 'Paste bunker URI', hint: 'For NIP-46 power users' },
+    nostrconnect: { icon: '📡', title: 'Connect a Nostr signer', hint: 'Scan with nsec.app, Amber, Keychat...' },
+    nsec: { icon: '⚠️', title: 'Paste private key', hint: 'In-memory only - risky, last resort' },
+};
+function isMethodAvailable(method) {
+    if (method === 'nip07')
+        return hasNip07();
+    if (method === 'amber')
+        return isAndroid();
+    return true;
+}
+function methodButtonHtml(method, dark, muted, primary) {
+    const meta = METHOD_META[method];
+    return `<button data-choice="${method}" style="${buttonStyle(dark, primary)}"><span style="font-size:1.2rem;">${meta.icon}</span><span><strong>${meta.title}</strong><br><span style="font-size:0.8rem;color:${primary ? 'rgba(255,255,255,0.8)' : muted};">${meta.hint}</span></span></button>`;
+}
+function renderPicker(refs, opts) {
+    const dark = isDarkMode(opts.theme);
     const muted = dark ? '#888' : '#666';
-    const showNip07 = hasNip07();
-    const showAmber = isAndroid();
-    refs.dialog.innerHTML = `
-    <h2 style="margin:0 0 8px;font-size:1.3rem;">Sign in to ${escapeHtml(appName)}</h2>
-    <p style="margin:0 0 24px;color:${muted};font-size:0.9rem;">Choose how you want to sign in. Your keys never leave your control.</p>
-    <div style="display:flex;flex-direction:column;">
-      ${showNip07 ? `<button data-choice="nip07" style="${buttonStyle(dark, true)}"><span style="font-size:1.2rem;">🌐</span><span><strong>Browser extension</strong><br><span style="font-size:0.8rem;opacity:0.8;">bark, Alby, nos2x</span></span></button>` : ''}
-      ${showAmber ? `<button data-choice="amber" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🤖</span><span><strong>Sign in with Amber</strong><br><span style="font-size:0.8rem;color:${muted};">Android signer (NIP-55)</span></span></button>` : ''}
-      <button data-choice="redirect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🪪</span><span><strong>Sign in with Signet</strong><br><span style="font-size:0.8rem;color:${muted};">Open Signet on this device</span></span></button>
-      <button data-choice="qr" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📱</span><span><strong>Signet on another device</strong><br><span style="font-size:0.8rem;color:${muted};">Scan QR with your phone</span></span></button>
-      <button data-choice="bunker" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">🔑</span><span><strong>Paste bunker URI</strong><br><span style="font-size:0.8rem;color:${muted};">For NIP-46 power users</span></span></button>
-      <button data-choice="nostrconnect" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">📡</span><span><strong>Connect a Nostr signer</strong><br><span style="font-size:0.8rem;color:${muted};">Scan with nsec.app, Amber, Keychat…</span></span></button>
-      <button data-choice="nsec" style="${buttonStyle(dark)}"><span style="font-size:1.2rem;">⚠️</span><span><strong>Paste private key</strong><br><span style="font-size:0.8rem;color:${muted};">In-memory only — risky, last resort</span></span></button>
-    </div>
-    <button data-choice="cancel" style="background:transparent;color:${dark ? '#e0e0e0' : '#1a1a2e'};border:1px solid ${dark ? '#3a3a4e' : '#d0d0d0'};border-radius:8px;padding:12px;cursor:pointer;font-size:0.95rem;width:100%;margin-top:12px;text-align:center;">Cancel</button>
-  `;
     return new Promise(resolve => {
-        refs.dialog.querySelectorAll('button[data-choice]').forEach(btn => {
-            btn.addEventListener('click', () => {
-                const choice = btn.dataset.choice;
-                resolve(choice);
+        let advancedOpen = false;
+        const availableMethods = opts.methods.filter(isMethodAvailable);
+        const advancedSet = new Set(opts.advancedMethods);
+        const primaryMethods = availableMethods.filter(method => !advancedSet.has(method));
+        const advancedMethods = availableMethods.filter(method => advancedSet.has(method));
+        const attachChoiceHandlers = () => {
+            refs.dialog.querySelectorAll('button[data-choice]').forEach(btn => {
+                btn.addEventListener('click', () => {
+                    const choice = btn.dataset.choice;
+                    resolve(choice);
+                });
             });
-        });
+            refs.dialog.querySelector('[data-action="advanced"]')?.addEventListener('click', () => {
+                advancedOpen = true;
+                paint();
+            });
+        };
+        const paint = () => {
+            const showAdvanced = advancedOpen || primaryMethods.length === 0;
+            const primaryHtml = primaryMethods.map((method, index) => methodButtonHtml(method, dark, muted, index === 0)).join('');
+            const advancedHtml = showAdvanced
+                ? advancedMethods.map((method, index) => methodButtonHtml(method, dark, muted, primaryMethods.length === 0 && index === 0)).join('')
+                : '';
+            const advancedToggle = advancedMethods.length > 0 && !showAdvanced
+                ? `<button data-action="advanced" style="${buttonStyle(dark)}justify-content:center;text-align:center;">Advanced</button>`
+                : '';
+            const empty = availableMethods.length === 0
+                ? `<p style="margin:0 0 12px;color:${muted};font-size:0.85rem;">No configured sign-in methods are available on this device.</p>`
+                : '';
+            refs.dialog.innerHTML = `
+        <h2 style="margin:0 0 8px;font-size:1.3rem;">Sign in to ${escapeHtml(opts.appName)}</h2>
+        <p style="margin:0 0 24px;color:${muted};font-size:0.9rem;">Choose how you want to sign in. Your keys never leave your control.</p>
+        <div style="display:flex;flex-direction:column;">
+          ${empty}
+          ${primaryHtml}
+          ${advancedToggle}
+          ${advancedHtml}
+        </div>
+        <button data-choice="cancel" style="background:transparent;color:${dark ? '#e0e0e0' : '#1a1a2e'};border:1px solid ${dark ? '#3a3a4e' : '#d0d0d0'};border-radius:8px;padding:12px;cursor:pointer;font-size:0.95rem;width:100%;margin-top:12px;text-align:center;">Cancel</button>
+      `;
+            attachChoiceHandlers();
+        };
+        paint();
     });
 }
 /**
@@ -424,30 +571,71 @@ async function runBunkerFlow(refs, opts) {
     const muted = dark ? '#888' : '#666';
     const inputBg = dark ? '#0f0f1f' : '#f5f5f8';
     const inputFg = dark ? '#e0e0e0' : '#1a1a2e';
+    const scanButton = canUseCameraQrScanner()
+        ? `<button data-action="scan" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">Scan QR</button>`
+        : '';
     refs.dialog.innerHTML = `
     <h2 style="margin:0 0 8px;font-size:1.2rem;">Paste bunker URI</h2>
-    <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Connect to your NIP-46 bunker (Heartwood, nsecBunker, or any compatible signer).</p>
+    <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Connect to your NIP-46 bunker (Heartwood, nsecBunker, Amber, or any compatible signer).</p>
     <textarea id="signet-login-bunker-input" placeholder="bunker://..." rows="3" style="width:100%;background:${inputBg};color:${inputFg};border:1px solid ${dark ? '#3a3a4e' : '#d0d0d0'};border-radius:8px;padding:10px;font-size:0.85rem;font-family:ui-monospace,monospace;box-sizing:border-box;resize:vertical;margin-bottom:12px;"></textarea>
+    <div id="signet-login-bunker-scan" hidden style="margin:0 0 12px;"></div>
     <p id="signet-login-bunker-status" style="margin:0 0 12px;color:${muted};font-size:0.85rem;min-height:1.2em;"></p>
     <div style="display:flex;gap:8px;justify-content:space-between;">
       <button data-action="back" style="${buttonStyle(dark)}width:auto;flex:0 0 auto;padding:8px 16px;">← Back</button>
+      ${scanButton}
       <button data-action="connect" style="${buttonStyle(dark, true)}width:auto;flex:1;padding:8px 16px;text-align:center;">Connect</button>
     </div>
   `;
     return new Promise(resolve => {
         let settled = false;
+        let scanGeneration = 0;
         const settle = (v) => {
             if (settled)
                 return;
             settled = true;
+            scanGeneration++;
+            scanner?.stop();
             resolve(v);
         };
         const input = refs.dialog.querySelector('#signet-login-bunker-input');
         const status = refs.dialog.querySelector('#signet-login-bunker-status');
+        const scanContainer = refs.dialog.querySelector('#signet-login-bunker-scan');
         const connectBtn = refs.dialog.querySelector('[data-action="connect"]');
+        const scanBtn = refs.dialog.querySelector('[data-action="scan"]');
+        let scanner = null;
         refs.dialog.querySelector('[data-action="back"]')?.addEventListener('click', () => {
+            scanner?.stop();
             settle(null);
         });
+        scanBtn?.addEventListener('click', () => {
+            if (!input || !scanContainer)
+                return;
+            scanner?.stop();
+            scanner = null;
+            const generation = ++scanGeneration;
+            void startCameraQrScanner({
+                container: scanContainer,
+                status,
+                acceptedPrefixes: ['bunker://'],
+                onValue: value => {
+                    input.value = value;
+                    input.focus();
+                },
+            }).then(handle => {
+                if (settled || generation !== scanGeneration) {
+                    handle.stop();
+                    return;
+                }
+                scanner = handle;
+            }).catch(err => {
+                if (settled || generation !== scanGeneration)
+                    return;
+                if (status) {
+                    status.textContent = `✗ ${err instanceof Error ? err.message : String(err)}`;
+                    status.style.color = '#d04848';
+                }
+            });
+        });
         connectBtn?.addEventListener('click', async () => {
             const uri = input?.value.trim() ?? '';
             if (!uri) {
@@ -492,15 +680,15 @@ async function runNostrConnectFlow(refs, opts) {
     const secret = bytesToHex(schnorr.utils.randomPrivateKey()).slice(0, 32);
     const uri = buildNostrConnectUri({
         clientPubkeyHex: clientPubkey,
-        relayUrl: opts.relayUrl,
+        relayUrls: opts.relayUrls,
         secret,
-        perms: ['sign_event', 'nip44_encrypt', 'nip44_decrypt'],
+        perms: opts.nostrConnectPerms,
         appName: opts.appName,
         appUrl: opts.origin,
     });
     refs.dialog.innerHTML = `
     <h2 style="margin:0 0 8px;font-size:1.2rem;">Connect a Nostr signer</h2>
-    <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Scan or paste this into your signer (nsec.app, Amber, Keychat…). The connection happens over your relay.</p>
+    <p style="margin:0 0 16px;color:${muted};font-size:0.85rem;">Scan or paste this into your signer (nsec.app, Amber, Keychat...). The connection happens over your configured relay${opts.relayUrls.length > 1 ? 's' : ''}.</p>
     <div style="background:${dark ? '#0f0f1f' : '#f5f5f8'};border-radius:8px;padding:16px;margin-bottom:16px;">
       <canvas id="signet-login-nc-qr" width="200" height="200" style="display:block;width:200px;height:200px;margin:0 auto 12px;background:#ffffff;border-radius:6px;box-sizing:border-box;"></canvas>
       <button data-action="copy" style="${buttonStyle(dark)}width:auto;font-size:0.75rem;padding:6px 10px;margin:0 auto;display:block;">Copy URI</button>
@@ -613,17 +801,46 @@ async function runNsecFlow(refs, opts) {
         });
     });
 }
+function uniquePickerMethods(input, fallback) {
+    const source = input ?? fallback;
+    const allowed = new Set(DEFAULT_PICKER_METHODS);
+    const out = [];
+    for (const method of source) {
+        if (!allowed.has(method))
+            continue;
+        if (!out.includes(method))
+            out.push(method);
+    }
+    return input === undefined && out.length === 0 ? [...fallback] : out;
+}
+function resolveMethodConfig(opts) {
+    const methods = uniquePickerMethods(opts.methods, DEFAULT_PICKER_METHODS);
+    const advancedMethods = uniquePickerMethods(opts.advancedMethods, DEFAULT_ADVANCED_METHODS)
+        .filter(method => methods.includes(method));
+    return { methods, advancedMethods };
+}
+function resolveRelayUrls(opts) {
+    const relayUrls = opts.relayUrls ?? (opts.relayUrl ? [opts.relayUrl] : [DEFAULTS.relayUrl]);
+    const cleanRelayUrls = relayUrls.map(relay => relay.trim()).filter(Boolean);
+    return cleanRelayUrls.length > 0 ? cleanRelayUrls : [DEFAULTS.relayUrl];
+}
 function resolveOptions(opts) {
     const challenge = opts.challenge ?? generateChallenge();
     if (!/^[0-9a-f]{64}$/i.test(challenge))
         throw new Error('challenge-must-be-64-hex');
     const origin = typeof window !== 'undefined' ? window.location.origin : 'http://localhost';
     const timeout = Math.max(5000, Math.min(opts.timeout ?? DEFAULTS.timeout, 600000));
+    const relayUrls = resolveRelayUrls(opts);
+    const methodConfig = resolveMethodConfig(opts);
     const result = {
         appName: opts.appName,
         challenge: challenge.toLowerCase(),
         origin,
-        relayUrl: opts.relayUrl ?? DEFAULTS.relayUrl,
+        methods: methodConfig.methods,
+        advancedMethods: methodConfig.advancedMethods,
+        relayUrl: relayUrls[0],
+        relayUrls,
+        nostrConnectPerms: opts.nostrConnectPerms ?? DEFAULT_NOSTR_CONNECT_PERMS,
         theme: opts.theme ?? DEFAULTS.theme,
         timeout,
         signetAppOrigin: opts.signetAppOrigin ?? DEFAULTS.signetAppOrigin,
@@ -672,7 +889,7 @@ async function runLoginModal(opts) {
         while (true) {
             const choice = resolved.preferredMethod
                 ? resolved.preferredMethod
-                : await Promise.race([renderPicker(refs, resolved.appName, resolved.theme), aborted]);
+                : await Promise.race([renderPicker(refs, resolved), aborted]);
             if (userAborted)
                 return null;
             if (choice === null || choice === 'cancel')

package/dist/signers.d.ts

@@ -77,7 +77,8 @@ export declare function createBunkerSignerFromNostrConnect(input: {
  */
 export declare function buildNostrConnectUri(input: {
     clientPubkeyHex: string;
-    relayUrl: string;
+    relayUrl?: string;
+    relayUrls?: string[];
     secret: string;
     perms?: string[];
     appName?: string;

package/dist/signers.js

@@ -126,12 +126,21 @@ export async function createBunkerSignerFromNostrConnect(input) {
  * it's talking to the right peer; it must be unguessable.
  */
 export function buildNostrConnectUri(input) {
-    const { clientPubkeyHex, relayUrl, secret } = input;
+    const { clientPubkeyHex, secret } = input;
     if (!/^[0-9a-f]{64}$/i.test(clientPubkeyHex))
         throw new Error('invalid-client-pubkey');
-    if (!/^wss?:\/\//.test(relayUrl))
-        throw new Error('invalid-relay-url');
-    const params = new URLSearchParams({ relay: relayUrl, secret });
+    const relayUrls = input.relayUrls ?? (input.relayUrl ? [input.relayUrl] : []);
+    const cleanRelayUrls = relayUrls.map(relay => relay.trim()).filter(Boolean);
+    if (cleanRelayUrls.length === 0)
+        throw new Error('relay-url-required');
+    for (const relayUrl of cleanRelayUrls) {
+        if (!/^wss?:\/\//.test(relayUrl))
+            throw new Error('invalid-relay-url');
+    }
+    const params = new URLSearchParams();
+    for (const relayUrl of cleanRelayUrls)
+        params.append('relay', relayUrl);
+    params.set('secret', secret);
     if (input.perms && input.perms.length > 0)
         params.set('perms', input.perms.join(','));
     if (input.appName)