v0.4.9

Highlights

This release lands the NIP-55 / NIP-46 signer policy surface in the audited Rust core (mobile platforms previously duplicated this in Kotlin), plus NIP-55 interop features and the NIP-44 v3 cipher.

• Signer policy moved into Rust (RMP): permission decision + sensitive-kind duration clamp + expiry (#594), keyed-HMAC tamper-evident audit chain + verification (#595), caller trust-on-first-use decision + challenge-nonce store (#596), persistent SigningRateLimiter over a storage callback with monotonic/wall-clock survival (#598), front-door rate limiter + request-count velocity policy (#599), and the NIP-46 bunker rate limiter — global + per-client + exponential backoff (#600).
• NIP-55 interop: Amber-compatible batch / multi-event results wire format (#601), get_public_key permissions-array parsing into declared grants (#602), and NIP-42 (kind 22242) relay-host extraction + relay-auth whitelist gate (#603).
• NIP-44 v3: kind/scope-aware (context-bound) encrypt/decrypt cipher in keep-core, verified byte-for-byte against the nostr-land/nip44v3 draft test vectors (#605).
• NIP-46 grants: persist bunker remember-grants with the engine as the single source of truth (#593); drop the silent NIP-98 grant in favor of prompt-on-first-use with a remember-duration (#592).
• Security fixes: enclave fail-closed PCR matching — ExpectedPcrs required by construction (#590), FROST refuses a partial refresh_shares to prevent silent share orphaning (#589), and password rotation verifies the old password when unlocked + audits every failure path (#588).

Install

• CLI / Desktop: download the asset for your platform from the Assets section below.
• StartOS: bundled via keep-startos.
• Build from source: see the README.

Verify

sha256sum -c SHA256SUMS

Full changelog

v0.4.8...v0.4.9