Bark

July 1, 2026 · View on GitHub

GitHub Sponsors

The protective outer layer of Heartwood.

Bark is a minimal NIP-07 browser extension that signs Nostr events through a remote signer via NIP-46. No keys in the browser. No accounts. No bloat.

What it does

  • Signs Nostr events via NIP-46 remote signing (NIP-07 interface for web apps)
  • Works with any NIP-46 bunker — nsecBunker, Amber, or your own signer
  • Switches Heartwood identities — imports Heartwood's per-identity bunker URIs and switches by selecting the right bunker instance
  • Bridge-friendly — works with Wi-Fi devices, Heartwood daemons, or relay-to-serial bridges for tethered low-cost hardware
  • Self-sovereign — keys live on your signer hardware, never touch the browser

What it doesn't do

  • No wallet, no Lightning, no zaps
  • No local key storage
  • NIP-44 encrypt/decrypt forwarded to remote signer

Install

  1. Download the package for your browser from the latest GitHub release
  2. Extract the zip
  3. Open chrome://extensions/, enable Developer mode
  4. Click "Load unpacked", select the extracted directory
  5. Click the Bark icon, enter a Heartwood/bridge address or paste your bunker URI

Build from source

git clone https://github.com/forgesworn/bark.git
cd bark && npm install && npm run build:all

Then load the relevant output:

  • Chromium, Chrome, Brave, Edge: dist/
  • Firefox: dist-firefox/
  • Safari: dist-safari/ through Apple's Safari Web Extension conversion flow

Package all browser builds with:

npm run package:all

Run the release checks with:

npm run verify
npm run e2e:chromium
npm run e2e:deterministic
npm run e2e:approval

npm run e2e:chromium includes the deterministic local NIP-46 relay/signer smoke and approval popup flow. npm run e2e:deterministic runs only that CI-friendly signer path. npm run e2e:approval runs only the deny, allow-once, trust-site, and protected-kind approval checks.

Run an optional live relay/signer smoke with a real approved bunker URI:

BARK_LIVE_BUNKER_URI='bunker://...' npm run e2e:live

That test seeds Bark with the bunker URI directly, trusts only its temporary localhost test origin, then verifies getPublicKey, relay visibility, and a real signEvent through the connected signer. Set BARK_LIVE_CLIENT_SECRET=<64-hex-secret> as well if you want the signer to remember the same Bark test client across runs.

Full setup guide

For a complete walkthrough — firmware, bridge, provisioning, and Bark together — see the Heartwood + Bark setup guide.

For the release hardening test matrix, see E2E hardening.

Works with any NIP-46 bunker

Bark works as a standard NIP-07 provider with any NIP-46 bunker. Paste a bunker:// URI from nsecBunker, Amber, or any compliant signer. The signing flow (getPublicKey, signEvent, nip44.encrypt, nip44.decrypt) works identically regardless of the backend.

Identity features (derive and list) require Heartwood. When you pair by a Heartwood HTTP address, Bark also imports the per-identity bunker URI manifest from /api/identities. That endpoint can be a Wi-Fi Heartwood appliance, a Pi daemon, or another Heartwood-compatible host sitting in front of cheap tethered hardware. The current Heartwood model is that each identity has its own bunker URI, and selecting a persona in Bark selects the matching bunker instance.

Sapwood-created bunker slots work by pasting their bunker:// URI into Bark. Heartwood remains the signer source of truth; Bark only stores the approved connection strings and the Bark client auth secret.

Cheap hardware and bridge mode

For hardware without Wi-Fi, Bark should not talk to the board directly. The heartwood-bridge daemon is the network-facing NIP-46 component: it connects to relays, pumps encrypted requests over USB/serial, and republishes the signed responses. The bunker URI can point at public wss:// relays or a loopback ws://localhost relay exposed by the host daemon. Sapwood provisions and manages that hardware path; Bark consumes the resulting bunker:// URI or the HTTP pairing API exposed by the host daemon.

That keeps the boundary clean:

  • Cheap board: holds keys and signs.
  • Bridge daemon: relay-to-serial transport, no signing key material.
  • Sapwood: provisioning, slots, policies, and management.
  • Bark: browser NIP-07 provider and bunker selector.

Site trust and approvals

Bark asks before sharing identity, signing, or encrypting/decrypting for an unknown site. The approval popup can allow a request once or trust the site for routine future requests. Protected event kinds such as profile metadata, contacts, and relay lists continue to ask unless you add an explicit site kind override in the popup policy settings.

Heartwood RPC extensions

When connected to a Heartwood signer, Bark uses custom NIP-46 RPC methods for persona management. These are sent via BunkerSigner.sendRequest() over standard NIP-46 relay communication.

heartwood_list_identities

Returns all derived identities on the device.

  • Params: none
  • Returns: Array<{ pubkey: string, name?: string, purpose?: string }>

heartwood_derive

Derive a new identity from the device's mnemonic.

  • Params: [purpose: string, index: string]
    • purpose — alphanumeric label, 1-64 chars (e.g. "nostr", "twitter")
    • index — derivation index as string, "0" to "1000"
  • Returns: { pubkey: string, purpose: string, index: number }

heartwood_switch (legacy)

Latest Heartwood treats identity selection as per-connection, based on the bunker://<pubkey> target. Bark keeps this RPC available for older Heartwood builds and third-party callers, but the extension UI switches identities by switching Bark instances.

  • Params: [pubkey: string] — 64-char lowercase hex public key
  • Returns: Heartwood-specific status for the current connection

Comparison with other NIP-07 signers

BarkAlbynos2xRemote NIP-07
Key storageNone (remote signer)Browser or Alby HubBrowserNone (Amber)
NIP-46 backendAny bunkerNoNoAmber only
Derived identitiesUnlimited (Heartwood)NoneNoneNone
Self-sovereign signingYesSoftware onlySoftware onlyPhone (Amber)
SizeFocused, 1 runtime dependencyLarge extension + hubSmall extensionSmall extension
LightningNoYesNoNo

Bark is not an Alby replacement. It is a focused tool for people who want self-sovereign Nostr signing with optional derived identity management.

Privacy

See PRIVACY.md. TL;DR: Bark stores connection, instance, signer health, and policy state locally. No analytics, no tracking, and your signing keys never leave your signer.

Part of ForgeSworn

For internal architecture details, see ARCHITECTURE.md.

Bark is part of the ForgeSworn open-source ecosystem for sovereign identity and commerce on Nostr and Lightning.

Part of the ForgeSworn Toolkit

ForgeSworn builds open-source cryptographic identity, payments, and coordination tools for Nostr.

LibraryWhat it does
nsec-treeDeterministic sub-identity derivation
ring-sigSAG/LSAG ring signatures on secp256k1
range-proofPedersen commitment range proofs
canary-kitCoercion-resistant spoken verification
spoken-tokenHuman-speakable verification tokens
toll-boothL402 payment middleware
geohash-kitGeohash toolkit with polygon coverage
nostr-attestationsNIP-VA verifiable attestations
dominionEpoch-based encrypted access control
nostr-veilPrivacy-preserving Web of Trust

Licence

MIT