CHANGELOG.md

1.2.1 (2026-04-12)

Bug Fixes

• deps: bump vite, picomatch, and esbuild across manifests (security) (0d3db23)

1.2.0 (2026-04-12)

1.6.0 (2026-04-18)

Features

• cross-device Sign-in-with-Signet via relay delivery

Bug Fixes

• validate sessionPubkey and enforce pairing with relay (qr-router)

1.5.0 (2026-04-18)

Features

• cross-device Sign-in-with-Signet via relay delivery

1.4.0 (2026-04-18)

Features

• cross-device Sign-in-with-Signet via relay delivery

1.3.0 (2026-04-18)

Features

• cross-device Sign-in-with-Signet via relay delivery

1.2.3 (2026-04-16)

Bug Fixes

• deterministic tamper in ring-signature test to eliminate 1/256 flake

1.2.2 (2026-04-16)

Bug Fixes

• pass identifier to createAttestation for verifier and identity-bridge events

Bug Fixes

• resolve development dependency vulnerabilities (544bacd)
• verify: noble imports and test script (869ac82)

Features

• add personas field to ContactInfo for multi-persona QR sharing (0e7d0fd)
• spec: lock attestation kind 31000 as canonical (1ab041a)

1.2.0 (2026-04-12)

Bug Fixes

• resolve development dependency vulnerabilities (544bacd)
• verify: noble imports and test script (869ac82)

Features

• add personas field to ContactInfo for multi-persona QR sharing (0e7d0fd)
• spec: lock attestation kind 31000 as canonical (1ab041a)

1.2.0 (2026-04-12)

Bug Fixes

• verify: noble imports and test script (869ac82)

Features

• add personas field to ContactInfo for multi-persona QR sharing (0e7d0fd)
• spec: lock attestation kind 31000 as canonical (1ab041a)

1.2.0 (2026-04-11)

Bug Fixes

• verify: noble imports and test script (869ac82)

Features

• add personas field to ContactInfo for multi-persona QR sharing (0e7d0fd)
• spec: lock attestation kind 31000 as canonical (1ab041a)

1.2.0 (2026-04-10)

Bug Fixes

• verify: noble imports and test script (869ac82)

Features

• spec: lock attestation kind 31000 as canonical (1ab041a)

1.2.0 (2026-04-10)

Bug Fixes

• verify: noble imports and test script (869ac82)

Features

• spec: lock attestation kind 31000 as canonical (1ab041a)

1.2.0 (2026-04-10)

Features

• spec: lock attestation kind 31000 as canonical (1ab041a)

1.1.0 (2026-04-10)

Bug Fixes

• add per-signal-type caps to IQ score computation (2bc22bb), closes hi#score forgesworn/signet-app-internal#80

Features

• accept .well-known/signet.json version 2 (fbe7a07), closes signet-app-internal#79
• export presentation, QR router, URL auth, relay events, and computeAge (5a02514), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73 signet-app-internal#58
• export SigningBackend interface and SigningMode type (19229bd), closes signet-app-internal#74
• extract presentation, QR router, URL auth, and relay event builders (620fdb0), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73
• extract signet-me directional words and venue entry builder (cb8f601), closes signet-app-internal#72 signet-app-internal#76
• include entityType in computeBadge return value (5b572fc), closes signet-app-internal#75
• migration event type for cross-keypair identity continuity (43882b6), closes signet-app-internal#83
• wire ZK age range proofs into all credential builders (2e9420f), closes signet-app-internal#58

1.0.0 (2026-04-09)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add per-signal-type caps to IQ score computation (2bc22bb), closes hi#score forgesworn/signet-app-internal#80
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• accept .well-known/signet.json version 2 (fbe7a07), closes signet-app-internal#79
• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• export presentation, QR router, URL auth, relay events, and computeAge (5a02514), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73 signet-app-internal#58
• export SigningBackend interface and SigningMode type (19229bd), closes signet-app-internal#74
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• extract presentation, QR router, URL auth, and relay event builders (620fdb0), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73
• extract signet-me directional words and venue entry builder (cb8f601), closes signet-app-internal#72 signet-app-internal#76
• family-app: complete My Signet family app (87ce613)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• include entityType in computeBadge return value (5b572fc), closes signet-app-internal#75
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• migration event type for cross-keypair identity continuity (43882b6), closes signet-app-internal#83
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)
• wire ZK age range proofs into all credential builders (2e9420f), closes signet-app-internal#58

1.0.0 (2026-04-09)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add per-signal-type caps to IQ score computation (2bc22bb), closes hi#score forgesworn/signet-app-internal#80
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• accept .well-known/signet.json version 2 (fbe7a07), closes signet-app-internal#79
• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• export presentation, QR router, URL auth, relay events, and computeAge (5a02514), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73 signet-app-internal#58
• export SigningBackend interface and SigningMode type (19229bd), closes signet-app-internal#74
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• extract presentation, QR router, URL auth, and relay event builders (620fdb0), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73
• extract signet-me directional words and venue entry builder (cb8f601), closes signet-app-internal#72 signet-app-internal#76
• family-app: complete My Signet family app (87ce613)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• include entityType in computeBadge return value (5b572fc), closes signet-app-internal#75
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)
• wire ZK age range proofs into all credential builders (2e9420f), closes signet-app-internal#58

1.0.0 (2026-04-08)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add per-signal-type caps to IQ score computation (2bc22bb), closes hi#score forgesworn/signet-app-internal#80
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• accept .well-known/signet.json version 2 (fbe7a07), closes signet-app-internal#79
• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• export presentation, QR router, URL auth, relay events, and computeAge (5a02514), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73 signet-app-internal#58
• export SigningBackend interface and SigningMode type (19229bd), closes signet-app-internal#74
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• extract presentation, QR router, URL auth, and relay event builders (620fdb0), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73
• extract signet-me directional words and venue entry builder (cb8f601), closes signet-app-internal#72 signet-app-internal#76
• family-app: complete My Signet family app (87ce613)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• include entityType in computeBadge return value (5b572fc), closes signet-app-internal#75
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)
• wire ZK age range proofs into all credential builders (2e9420f), closes signet-app-internal#58

1.0.0 (2026-04-08)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add per-signal-type caps to IQ score computation (2bc22bb), closes hi#score forgesworn/signet-app-internal#80
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• accept .well-known/signet.json version 2 (fbe7a07), closes signet-app-internal#79
• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• export presentation, QR router, URL auth, relay events, and computeAge (5a02514), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73 signet-app-internal#58
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• extract presentation, QR router, URL auth, and relay event builders (620fdb0), closes signet-app-internal#70 signet-app-internal#71 signet-app-internal#73
• family-app: complete My Signet family app (87ce613)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)
• wire ZK age range proofs into all credential builders (2e9420f), closes signet-app-internal#58

1.0.0 (2026-04-08)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add per-signal-type caps to IQ score computation (2bc22bb), closes hi#score forgesworn/signet-app-internal#80
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)

1.0.0 (2026-04-07)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• family-app: complete My Signet family app (87ce613)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)

1.0.0 (2026-04-07)

Bug Fixes

• add algorithm field to voting parsed interfaces (bce4d9f)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e583138)
• add ECDH identity-point check to computeSharedSecret for consistency (1768095)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (70bd492)
• add prepare script for git URL installs (bae2352)
• add prepare script for git URL installs (41ceaa5)
• add signet-lsag-v1 domain separator to LSAG signatures (4049319)
• address re-review findings — bounds checks, constant-time comparisons, type guards (06ca900)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (127e13e)
• app build — bump spoken-token to v2, shim node:crypto for browser (3c87e12)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (2fb1c8c)
• bind signet age proof verification to credential policy (592cd37)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (7dadc45)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (4903723)
• compact QR format for auth + combined flow warning (8eb7e2d)
• compliance off-by-one in consent age check, merkle key colon guard (c1f7f53)
• comprehensive security and production readiness hardening (d1075ba), closes Hi#severity
• correct copyright holder in licence (4e6ae9d)
• correct nsec-tree file: path for main repo root (2d71943)
• correct repository URL and remove NPM_TOKEN from CI (f548185)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (3f0636a)
• fifth security pass — auth, SDK, and presentation hardening (7d3d780)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (d169ac7)
• low-severity security hardening (62ced89)
• modulo bias, pubkey validation, trim API surface, add engines (1497e09)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (e527d6f)
• NaN guards on parseInt for untrusted tag values (3d827d0)
• nullifier separator ambiguity and relay event verification (e72e4bf)
• pass 7 belt-and-braces — 24 findings, all fixed (148044e)
• pass 8 — onboarding encryption window + double-encryption bug (be715ad)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cea67aa)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (af5320e)
• QR scanner — remove forced aspect ratio causing duplicate view (ccaf9b7)
• QR scanner — split image, jerkiness, and auto-stop on scan (1ca0b71)
• remaining security and production readiness issues (99ccc27)
• remove manual L/l tags from builders (nip-va auto-generates) (f18601d)
• remove unused deriveNostrKeyPair import (re-review finding) (5ab1b6a)
• rename expires → expiration (NIP-40 standard) across all files (f026bda)
• replace html5-qrcode camera with native getUserMedia + jsQR (e4ba61f)
• resolve all LOW-severity security findings from audit passes 1-3 (1b5ebad)
• resolve app build issues and install dependencies (315e0ca)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (b6a1616)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (8491709)
• resolve Uint8Array type compatibility with crypto.subtle (dc2aa60)
• restore correct repository URL to signet-protocol (2bb9399)
• restore HTTPS certs for app after dev-app retirement (8f2404c)
• second-pass security hardening (c350262)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a97bf76)
• security and production readiness hardening (iteration 1) (967b5b0)
• security audit — HIGH and MEDIUM severity fixes (c6e8578)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (0791250)
• security hardening — input validation, type guards, error classes (c603c41)
• security hardening — NaN guards, assertValidity, input bounds (84a57bc)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (42932db)
• security hardening, credential chain fix, kind number reservation (d85e6b4)
• security review findings - binding, validation, replay resistance (a4ae8b1)
• simplify HTTPS setup, remove redirect ports (e224b73)
• switch canary-kit dependency from file: to npm ^0.9.0 (d47148e)
• tests: add algorithm field to voting and policy test objects (54a466f)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (cda4fd5)
• update kind 30999 references in comments to 31000 (cf8cdb3)
• update repository URL to forgesworn/signet (23d92e5)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (8f73552)
• update verify SDK URLs and repo to forgesworn (b549510)
• update voting spec kind numbers, signing description, and cipher (92e8967)
• use constant-time comparisons for all verification checks (81a99ae)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (377681d)
• use originDisplay in both approval screen branches (fc6209c)
• validate accountIndex bounds in deriveChildAccount (74c934a)
• zero key material after use in key derivation (9aa7793)
• zero Shamir coefficients and private key bytes after use (cd09a81)

Features

• add 60s visibility lock grace period during active verification (5366be0)
• add adversarial resilience (§18) and civic identity (§19) to core spec (bdd825e)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (839439f)
• add cold-call verification types and constants (6674670)
• add demo age-gated website for MVP (1a6aa6c)
• add identity-tree module with SignetIdentity factory functions (0da1a88)
• add minimal QR SVG generator for verify SDK modal (5012455)
• add NIP-04 encrypt/decrypt to Signet SDK (95496ab)
• add NIP-46 Nostr Connect signer for app-to-website login (abbc679)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (652a0b6)
• add occurredAt to vouches, challenges, delegations, identity-bridge (0be7ced)
• add origin field to verification request for approval screen context (86958bd)
• add persona helpers, linkage proofs, and destroyIdentity (bddd659)
• add proof-of-reserve bond attestation for verifiers (f16dc97)
• add RenegAid admin key + bootstrap verifier (6d5b01e)
• add semantic-release for npm publication (0d290ea)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (308e326)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (9a11a00)
• add voting extension specification (spec/voting.md) (fea75da)
• add voting types, constants, and entity type i18n labels (1c9a0f8)
• add voting validation, exports, and integration test (d2f8bc8)
• add zeroBytes and constantTimeEqual crypto helpers (631aa84)
• app: "Verify on a website" — camera scan + photo picker (8f9e8ad)
• app: add badge refresh hook with staleness check (934fd1e)
• app: add follow button and badge display in connections list (ab782e9)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (5deba72)
• app: complete ship requirements — full normie-ready product (82c47e5)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (f971907)
• app: implement nsec import — single-keypair identity (1f9f611)
• app: implement v2 app model from Holodeck session (0b54daf)
• app: merge dev-app features into main app (b183163)
• app: show badge data in contact detail, conditional Signet Words (93f9dd1)
• assertion-first hybrid pattern for Tier 2-4 credentials (840e36a)
• ceremony crypto, relay publish, verification bot (9ad287a)
• complete Signet IQ rename + audit fixes across entire codebase (8278456)
• complete Signet protocol library and reference web app (183ee26)
• configure known verifier keypair for MVP demo (03e4bb6)
• delegate word derivation to canary-kit for protocol alignment (8c6cd11)
• entity type classification system (6084bc7)
• expose cold-call verification API from index (83ef349)
• extend deriveWords to accept custom context parameter (559e99e)
• family-app: complete My Signet family app (87ce613)
• HTTPS redirect, cert download in both apps, spinup guide (f9aebbe)
• implement LSAG ring signatures with key images (64edc8a)
• implement voting protocol (election, ballot, tally) (72aa7a6)
• integrate new protocol functions into app, update onboarding (2660959)
• make signet words configurable (word count, epoch, tolerance) (30f3197), closes hi#security
• migrate app wrapper and example to nsec-tree API (f166a46)
• migrate challenges and revocations to nostr-attestations (kind 31000) (509a071)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (632c57b)
• migrate guardian delegation and remaining credential helpers (030e7ac)
• migrate identity-bridge to nostr-attestations (kind 31000) (0c5c09f)
• migrate validation to delegate to nostr-attestations (39aebb4)
• migrate verifiers to nostr-attestations (kind 31000) (306b9ed)
• migrate vouches to nostr-attestations (kind 31000) (08470d0)
• multi-account, local relay, and anonymous identity bridge (0a586df)
• new tagline — "Verified. Not identified." (487bdb3)
• production readiness — deps, occurredAt, bot migration, kind sweep (f83824c)
• protocol spec fixes, document registry, real Shamir backup (da7e2b3)
• publish rejection event on deny for immediate SDK feedback (2794261)
• quantum readiness — algo tag on all Signet events (e99f250)
• replace key-derivation with nsec-tree identity-tree exports (d618791)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (b319f9a)
• rewrite relay-publish to send properly signed NIP-01 events (b0fc27f)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (4467c37)
• sdk: add verifier confirmation checking — safe defaults against fake rings (78d3781)
• spec: add agent-type tag to Kind 30477 delegation events (988759f), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (c540bdb)
• two-credential ceremony UI, guardian controls, entity type display (304ff58)
• universal QR scanner — auth, verify, and combined login (120659f)
• website age verification SDK + NIP-46 signer + presentation protocol (1839d66)

1.0.0 (2026-03-31)

Bug Fixes

• add algorithm field to voting parsed interfaces (227c5a5)
• add ArrayBuffer cast for crypto.subtle.importKey type compat (e9408e4)
• add ECDH identity-point check to computeSharedSecret for consistency (9842bfc)
• add length bounds to callbackUrl and relayUrl in VerifyRequest validation (7b1234e)
• add prepare script for git URL installs (c0d55a6)
• add prepare script for git URL installs (ce306e8)
• add signet-lsag-v1 domain separator to LSAG signatures (ea68b6b)
• address re-review findings — bounds checks, constant-time comparisons, type guards (e0a4621)
• allow ws:// on local network IPs (10.x, 192.168.x, 172.16-31.x) (a66efcf)
• app build — bump spoken-token to v2, shim node:crypto for browser (e0066cf)
• app security — remove console.log, raise PBKDF2, clipboard expiry, QR validation (d5d71b3)
• bind signet age proof verification to credential policy (f1c51e9)
• bump @forgesworn/ring-sig to ^3.0.0 and @forgesworn/range-proof to ^2.0.0 (042af30)
• bump canary-kit to ^0.10.0 (spoken-token extraction) (5ae99df)
• compact QR format for auth + combined flow warning (d6702b3)
• compliance off-by-one in consent age check, merkle key colon guard (a732133)
• comprehensive security and production readiness hardening (8e6ccbc), closes Hi#severity
• correct copyright holder in licence (6416431)
• correct nsec-tree file: path for main repo root (1918279)
• correct repository URL and remove NPM_TOKEN from CI (e5c6f22)
• enforce wss:// for non-localhost relays, cap fetch events, complete SignetError migration (85dfcd1)
• fifth security pass — auth, SDK, and presentation hardening (445d1cb)
• fourth security pass — undici fix, nsec single-keypair safety, encryption prep (2bce01a)
• low-severity security hardening (9315c1f)
• modulo bias, pubkey validation, trim API surface, add engines (af7689b)
• NaN guard in compliance age-range, tag validation in store import, zero-scalar check in ECDH (177795e)
• NaN guards on parseInt for untrusted tag values (2c365fc)
• nullifier separator ambiguity and relay event verification (4590b0d)
• pass 7 belt-and-braces — 24 findings, all fixed (330fb61)
• pass 8 — onboarding encryption window + double-encryption bug (36a231a)
• pin GitHub Actions to SHA, add workflow permissions, pin ubuntu (cc9d2f4)
• QR scanner — remove all sizing overrides, let html5-qrcode manage layout (95a210f)
• QR scanner — remove forced aspect ratio causing duplicate view (37d4128)
• QR scanner — split image, jerkiness, and auto-stop on scan (ab828e2)
• remaining security and production readiness issues (e1dd8f8)
• remove manual L/l tags from builders (nip-va auto-generates) (a056287)
• remove unused deriveNostrKeyPair import (re-review finding) (b04306a)
• rename expires → expiration (NIP-40 standard) across all files (277f586)
• replace html5-qrcode camera with native getUserMedia + jsQR (edeee32)
• resolve all LOW-severity security findings from audit passes 1-3 (8368196)
• resolve app build issues and install dependencies (e72f32c)
• resolve final two CRITICALs — real Schnorr in SDK, PRF biometric key (64908c0)
• resolve remaining tracked security findings (MED-3, MED-6, LOW-2, LOW-3) (120d9ec)
• resolve Uint8Array type compatibility with crypto.subtle (d8cb466)
• restore correct repository URL to signet-protocol (5f629fd)
• restore HTTPS certs for app after dev-app retirement (b38b5dd)
• second-pass security hardening (2274db2)
• second-pass security review — tag bounds, relay guards, range-proof hardening (a3b88cf)
• security and production readiness hardening (iteration 1) (d8963cb)
• security audit — HIGH and MEDIUM severity fixes (512a978)
• security hardening — expiry checks, type guards, fetch timeout, key cleanup (b516b21)
• security hardening — input validation, type guards, error classes (7085af8)
• security hardening — NaN guards, assertValidity, input bounds (073d394)
• security hardening pass 2 — ring encoding, key image validation, store/relay guards (0ba8268)
• security hardening, credential chain fix, kind number reservation (96e0974)
• security review findings - binding, validation, replay resistance (67e0202)
• simplify HTTPS setup, remove redirect ports (d6acaa1)
• switch canary-kit dependency from file: to npm ^0.9.0 (24f02cc)
• tests: add algorithm field to voting and policy test objects (d6955cb)
• update app domain to forgesworn.dev, replace local path aliases with npm deps (232339d)
• update kind 30999 references in comments to 31000 (ac21899)
• update repository URL to forgesworn/signet (8c01baf)
• update shamir-words to ^1.0.0 and repo URL to forgesworn (c43a0cf)
• update verify SDK URLs and repo to forgesworn (55f487f)
• update voting spec kind numbers, signing description, and cipher (cfb8b50)
• use constant-time comparisons for all verification checks (16b5b07)
• use deriveChildAccount instead of deriveNostrKeyPair for two-keypair model (7abc048)
• use originDisplay in both approval screen branches (5f23eed)
• validate accountIndex bounds in deriveChildAccount (7f53282)
• zero key material after use in key derivation (e4ad61c)
• zero Shamir coefficients and private key bytes after use (6033414)

Features

• add 60s visibility lock grace period during active verification (6cfe0bb)
• add adversarial resilience (§18) and civic identity (§19) to core spec (f6db5a4)
• add cold-call verification — .well-known fetch, session codes, ECDH word derivation (f4efdbb)
• add cold-call verification types and constants (25050f3)
• add demo age-gated website for MVP (22538f0)
• add identity-tree module with SignetIdentity factory functions (7a230a3)
• add minimal QR SVG generator for verify SDK modal (bb63516)
• add NIP-04 encrypt/decrypt to Signet SDK (27381ff)
• add NIP-46 Nostr Connect signer for app-to-website login (7344930)
• add nostr-attestations dependency, import ATTESTATION_KIND (31000) (f926910)
• add occurredAt to vouches, challenges, delegations, identity-bridge (2e170f5)
• add origin field to verification request for approval screen context (47cd6b9)
• add persona helpers, linkage proofs, and destroyIdentity (1417171)
• add proof-of-reserve bond attestation for verifiers (fda2120)
• add RenegAid admin key + bootstrap verifier (15a03b4)
• add semantic-release for npm publication (eaae57d)
• add two-credential ceremony, nullifiers, guardian tags, credential chains (4b18250)
• add two-credential verification, lifecycle, child safety, inclusivity to spec (§20-§23) (d4de578)
• add voting extension specification (spec/voting.md) (454bdf3)
• add voting types, constants, and entity type i18n labels (1d92b8f)
• add voting validation, exports, and integration test (fa00f70)
• add zeroBytes and constantTimeEqual crypto helpers (44ad4ed)
• app: "Verify on a website" — camera scan + photo picker (5382452)
• app: add badge refresh hook with staleness check (0b196f3)
• app: add follow button and badge display in connections list (7e7ca2d)
• app: biometric auth with PIN fallback — encrypted storage (C2 fix) (0e30a1b)
• app: complete ship requirements — full normie-ready product (f915375)
• app: contact enrichment foundation (DB schema, badge fetch, Follow page) (323d4dc)
• app: implement nsec import — single-keypair identity (7bc6ed4)
• app: implement v2 app model from Holodeck session (c743edc)
• app: merge dev-app features into main app (3cf8b61)
• app: show badge data in contact detail, conditional Signet Words (607c7fa)
• assertion-first hybrid pattern for Tier 2-4 credentials (cd24db1)
• ceremony crypto, relay publish, verification bot (2cb607d)
• complete Signet IQ rename + audit fixes across entire codebase (052a90a)
• complete Signet protocol library and reference web app (74a1296)
• configure known verifier keypair for MVP demo (bf4f7af)
• delegate word derivation to canary-kit for protocol alignment (6457627)
• entity type classification system (7dba8e7)
• expose cold-call verification API from index (bd99670)
• extend deriveWords to accept custom context parameter (e78a137)
• family-app: complete My Signet family app (1445484)
• HTTPS redirect, cert download in both apps, spinup guide (16d8018)
• implement LSAG ring signatures with key images (b0c48db)
• implement voting protocol (election, ballot, tally) (9b7fa71)
• integrate new protocol functions into app, update onboarding (5ad83c0)
• make signet words configurable (word count, epoch, tolerance) (4288b69), closes hi#security
• migrate app wrapper and example to nsec-tree API (0a54ed7)
• migrate challenges and revocations to nostr-attestations (kind 31000) (3b32c50)
• migrate credentials to nostr-attestations (kind 31000, expires → expiration) (15a539a)
• migrate guardian delegation and remaining credential helpers (7648b2c)
• migrate identity-bridge to nostr-attestations (kind 31000) (a253227)
• migrate validation to delegate to nostr-attestations (504af83)
• migrate verifiers to nostr-attestations (kind 31000) (26563ea)
• migrate vouches to nostr-attestations (kind 31000) (7748380)
• multi-account, local relay, and anonymous identity bridge (781de2e)
• new tagline — "Verified. Not identified." (bbd42cf)
• production readiness — deps, occurredAt, bot migration, kind sweep (2359114)
• protocol spec fixes, document registry, real Shamir backup (0157fed)
• publish rejection event on deny for immediate SDK feedback (8f6f100)
• quantum readiness — algo tag on all Signet events (c8e1499)
• replace key-derivation with nsec-tree identity-tree exports (dbdff07)
• replace trust score % with Signet IQ (0-200 scale, 100 = government standard) (239776a)
• rewrite relay-publish to send properly signed NIP-01 events (d26ebe1)
• rewrite verify SDK with relay subscription, QR rendering, and acceptedVerifiers (ab696e1)
• sdk: add verifier confirmation checking — safe defaults against fake rings (d0af1a9)
• spec: add agent-type tag to Kind 30477 delegation events (3619322), closes #2226 #2253
• strategic weaknesses implementation + My Signet family app design (ec897f5)
• two-credential ceremony UI, guardian controls, entity type display (4d8bf99)
• universal QR scanner — auth, verify, and combined login (8faf593)
• website age verification SDK + NIP-46 signer + presentation protocol (c55c0df)