Added admin event logging to track key lock/unlock, app suspend/resume, etc. Improved pool tracking to prevent stale SSE connections from not restarting during long sleep/wake cycles. Replaced relays widget with system status widget. Added option kill switch to send daemon commands via NIP-04 and NIP-17 DMs from user-defined admin npub. Updated documentation.

Author: Letdown2491

CHANGELOG.md

@@ -1,10 +1,65 @@
 # Changelog
 
-## [Unreleased]
+## [1.4.0]
+
+### Added
+- Admin activity logging: Track key lock/unlock, app suspend/resume, and daemon start events
+  - New "Admin" tab in Activity page to view admin-only events
+  - Admin events appear in Recent activity widget on Home page
+  - Admin events included in "All" filter on Activity page
+  - Events show source: "via Signet UI", "via Kill Switch", or "via Signet Android"
+- Kill switch command audit logging: All DM commands are now logged
+  - New `command_executed` event type records every command and its result
+  - Commands logged even when no state change occurs (e.g., locking already-locked key)
+  - Provides full audit trail for security review
+- Kill switch status command: Send `status` DM to check daemon state
+  - Returns active/locked keys, suspended apps count
+  - Logged as `status_checked` admin event
+- Web UI: System Status widget replaces Relays widget on dashboard
+  - Shows daemon uptime with health status label (Healthy/Degraded/Offline)
+  - HeartPulse icon color indicates status (green/yellow/red)
+  - Click opens System Status modal with full details:
+    - Status badge, uptime, memory usage, active listeners, connected clients, last pool reset, key stats
+    - Expandable relay section showing per-relay connection status
+- Android: System Status widget replaces Relays widget on dashboard (matches web UI)
+  - Shows daemon uptime with health status label (Healthy/Degraded/Offline)
+  - Heart icon color indicates status (green/yellow/red)
+  - Tap opens System Status sheet with full health details and expandable relay section
+- Android: X-Signet-Client header sent with all API requests for client identification
+
+### Improved
+- SSE real-time updates: Activity feeds now update instantly without API refresh
+  - `request:approved`, `request:denied`, and `request:auto_approved` events now include `activity` field
+  - Web UI Recent activity widget updates in real-time for all approval types
+  - Android Home screen Recent activity updates via SSE data (no API refresh needed)
+  - New `ping` event type for SSE heartbeat (fixes reconnection issues)
+- Daemon: Enhanced health monitoring
+  - Health status now logged every 30 minutes (was 1 hour)
+  - Event-triggered logging after pool reset and key lock/unlock
+  - Rich `/health` endpoint returns full JSON status for programmatic monitoring
+  - Response includes: uptime, memory, relay connections, key counts, subscriptions, SSE clients, last pool reset
+- Uptime display: More compact formatting with 2 significant units max
+  - Short uptimes: `45s`, `5m`, `2h 30m`, `3d 12h`
+  - Long uptimes switch to months/years: `2mo 15d`, `1y 3mo`
+  - Consistent across web UI and Android
+- Added KILLSWITCH.md to document new killswitch by DM feature
+
+### Fixed
+- Daemon: NIP-46 requests now work correctly after system suspend/resume
+  - RelayPool detects sleep/wake cycles (30s heartbeat, >90s gap triggers reset)
+  - SubscriptionManager has fallback detection (60s health check, >3min gap triggers reset)
+  - Two-layer detection ensures recovery even after very long sleep periods
+  - Pool reset creates fresh SimplePool and emits events for dependent services
+  - SubscriptionManager recreates NIP-46 subscriptions on pool reset
+  - AdminCommandService (kill switch) refreshes its WebSocket connections on wake
+- Docker: Custom SIGNET_PORT now works correctly (#27)
+  - Fixed port mapping to use dynamic port on both sides
+  - Fixed healthcheck to use configured port
+  - Fixed DAEMON_URL to use configured port for UI→daemon communication
 
 ---
 
-## [1.3.0] - 2026-01-05
+## [1.3.0]
 
 ### Security
 - Bunker URIs now use one-time connection tokens instead of persistent secrets

README.md

@@ -2,7 +2,7 @@
 
 A modern NIP-46 remote signer for Nostr. Manages multiple keys securely with a web dashboard for administration. This project was originally forked from [nsecbunkerd](https://github.com/kind-0/nsecbunkerd), but has since received an extensive rewrite. 
 
-An Android app is [available on ZapStore](https://zapstore.dev/apps/naddr1qvzqqqr7pvpzpk4yr0kmdpv3xcalgsrldp7tj7yuc4p76qjtka7z95kgfky02s2nqq2hgetrdqhxwet9dd6x7umgdyh8x6t8dejhgck8a3z). This app is just a frontend, so running the daemon is still required. DO NOT run the daemon on a public machine. The preferred method is to run it on a machine sitting on a private network. Tailscale is preferred and documented in [docs/DEPLOYMENT.md](docs/DEPLOYMENT.md). 
+An Android app is [available on ZapStore](https://zapstore.dev/apps/naddr1qvzqqqr7pvpzpk4yr0kmdpv3xcalgsrldp7tj7yuc4p76qjtka7z95kgfky02s2nqq2hgetrdqhxwet9dd6x7umgdyh8x6t8dejhgck8a3z). The Android app is a frontend only, so running the daemon is required. DO NOT run the daemon on a public machine. The preferred method is to run it on a machine sitting on a private network. Tailscale is preferred and documented in [docs/DEPLOYMENT.md](docs/DEPLOYMENT.md). 
 
 ## Web UI Screenshots
 
@@ -134,5 +134,6 @@ See [docs/SECURITY.md](docs/SECURITY.md) for the full security model.
 - [Configuration Reference](docs/CONFIGURATION.md) - All config options
 - [Deployment Guide](docs/DEPLOYMENT.md) - Tailscale, reverse proxies, etc.
 - [Security Model](docs/SECURITY.md) - Security architecture and threat model
+- [Kill Switch Guide](docs/KILLSWITCH.md) - Emergency remote control via Nostr DMs
 - [API Reference](docs/API.md) - REST API endpoints
 - [Android App](docs/ANDROID.md) - Setup and building the mobile app

VERSION

@@ -1 +1 @@
-1.3.0
+1.4.0

apps/signet-android/app/build.gradle.kts

@@ -30,7 +30,7 @@ android {
         applicationId = "tech.geektoshi.signet"
         minSdk = 26
         targetSdk = 35
-        versionCode = 5
+        versionCode = 6
         versionName = appVersion
 
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"

apps/signet-android/app/src/main/kotlin/tech/geektoshi/signet/data/api/SignetApiClient.kt

@@ -1,10 +1,13 @@
 package tech.geektoshi.signet.data.api
 
+import tech.geektoshi.signet.data.model.AdminActivityEntry
+import tech.geektoshi.signet.data.model.AdminActivityResponse
 import tech.geektoshi.signet.data.model.ApproveRequestBody
 import tech.geektoshi.signet.data.model.AppsResponse
 import tech.geektoshi.signet.data.model.ConnectionTokenResponse
 import tech.geektoshi.signet.data.model.SuspendAppBody
 import tech.geektoshi.signet.data.model.DashboardResponse
+import tech.geektoshi.signet.data.model.HealthStatus
 import tech.geektoshi.signet.data.model.KeysResponse
 import tech.geektoshi.signet.data.model.OperationResponse
 import tech.geektoshi.signet.data.model.RelaysResponse
@@ -20,11 +23,13 @@ import io.ktor.client.request.get
 import io.ktor.client.request.parameter
 import io.ktor.client.request.patch
 import io.ktor.client.request.post
+import io.ktor.client.request.header
 import io.ktor.client.request.setBody
 import io.ktor.http.ContentType
 import io.ktor.http.contentType
 import io.ktor.serialization.kotlinx.json.json
 import kotlinx.serialization.json.Json
+import tech.geektoshi.signet.BuildConfig
 
 class SignetApiClient(
     private val baseUrl: String
@@ -42,6 +47,8 @@ class SignetApiClient(
             contentType(ContentType.Application.Json)
             // Bearer auth skips CSRF checks (token value doesn't matter when requireAuth=false)
             bearerAuth("android-client")
+            // Identify client for admin activity logging
+            header("X-Signet-Client", "Signet Android/${BuildConfig.VERSION_NAME}")
         }
     }
 
@@ -54,16 +61,21 @@ class SignetApiClient(
 
     /**
      * Get list of requests
+     * @param excludeAdmin When true with status="all", excludes admin events from response
      */
     suspend fun getRequests(
         status: String = "pending",
         limit: Int = 50,
-        offset: Int = 0
+        offset: Int = 0,
+        excludeAdmin: Boolean = false
     ): RequestsResponse {
         return client.get("/requests") {
             parameter("status", status)
             parameter("limit", limit)
             parameter("offset", offset)
+            if (excludeAdmin) {
+                parameter("excludeAdmin", "true")
+            }
         }.body()
     }
 
@@ -222,6 +234,27 @@ class SignetApiClient(
         return client.get("/relays").body()
     }
 
+    /**
+     * Get full health status from daemon
+     */
+    suspend fun getHealth(): HealthStatus {
+        return client.get("/health").body()
+    }
+
+    /**
+     * Get admin activity (key lock/unlock, app suspend/resume, daemon start events)
+     */
+    suspend fun getAdminActivity(
+        limit: Int = 50,
+        offset: Int = 0
+    ): List<AdminActivityEntry> {
+        return client.get("/requests") {
+            parameter("status", "admin")
+            parameter("limit", limit)
+            parameter("offset", offset)
+        }.body<AdminActivityResponse>().requests
+    }
+
     /**
      * Check if the daemon is reachable
      */

apps/signet-android/app/src/main/kotlin/tech/geektoshi/signet/data/api/SignetSSEClient.kt

@@ -1,11 +1,15 @@
 package tech.geektoshi.signet.data.api
 
+import tech.geektoshi.signet.data.model.ActivityEntry
 import tech.geektoshi.signet.data.model.DashboardStats
+import tech.geektoshi.signet.data.model.MixedActivityEntry
 import tech.geektoshi.signet.data.model.PendingRequest
 import io.ktor.client.HttpClient
 import io.ktor.client.engine.okhttp.OkHttp
 import io.ktor.client.plugins.defaultRequest
+import io.ktor.client.request.header
 import io.ktor.client.request.prepareGet
+import tech.geektoshi.signet.BuildConfig
 import io.ktor.client.statement.bodyAsChannel
 import io.ktor.utils.io.readUTF8Line
 import kotlinx.coroutines.CancellationException
@@ -35,13 +39,15 @@ sealed class ServerEvent {
     @Serializable
     data class RequestApproved(
         val type: String = "request:approved",
-        val requestId: String
+        val requestId: String,
+        val activity: ActivityEntry
     ) : ServerEvent()
 
     @Serializable
     data class RequestDenied(
         val type: String = "request:denied",
-        val requestId: String
+        val requestId: String,
+        val activity: ActivityEntry
     ) : ServerEvent()
 
     @Serializable
@@ -52,7 +58,13 @@ sealed class ServerEvent {
 
     @Serializable
     data class RequestAutoApproved(
-        val type: String = "request:auto_approved"
+        val type: String = "request:auto_approved",
+        val activity: ActivityEntry
+    ) : ServerEvent()
+
+    @Serializable
+    data class Ping(
+        val type: String = "ping"
     ) : ServerEvent()
 
     @Serializable
@@ -101,6 +113,12 @@ sealed class ServerEvent {
         val keyName: String
     ) : ServerEvent()
 
+    @Serializable
+    data class AdminEvent(
+        val type: String = "admin:event",
+        val activity: MixedActivityEntry
+    ) : ServerEvent()
+
     @Serializable
     data class Unknown(val type: String) : ServerEvent()
 }
@@ -130,6 +148,8 @@ class SignetSSEClient(
     private val client = HttpClient(OkHttp) {
         defaultRequest {
             url(baseUrl)
+            // Identify client for admin activity logging
+            header("X-Signet-Client", "Signet Android/${BuildConfig.VERSION_NAME}")
         }
     }
 
@@ -203,7 +223,7 @@ class SignetSSEClient(
                 "request:approved" -> json.decodeFromString<ServerEvent.RequestApproved>(data)
                 "request:denied" -> json.decodeFromString<ServerEvent.RequestDenied>(data)
                 "request:expired" -> json.decodeFromString<ServerEvent.RequestExpired>(data)
-                "request:auto_approved" -> ServerEvent.RequestAutoApproved()
+                "request:auto_approved" -> json.decodeFromString<ServerEvent.RequestAutoApproved>(data)
                 "stats:updated" -> json.decodeFromString<ServerEvent.StatsUpdated>(data)
                 "app:connected" -> ServerEvent.AppConnected()
                 "app:revoked" -> json.decodeFromString<ServerEvent.AppRevoked>(data)
@@ -213,6 +233,8 @@ class SignetSSEClient(
                 "key:deleted" -> json.decodeFromString<ServerEvent.KeyDeleted>(data)
                 "key:renamed" -> json.decodeFromString<ServerEvent.KeyRenamed>(data)
                 "key:updated" -> json.decodeFromString<ServerEvent.KeyUpdated>(data)
+                "admin:event" -> json.decodeFromString<ServerEvent.AdminEvent>(data)
+                "ping" -> ServerEvent.Ping()
                 else -> ServerEvent.Unknown(type)
             }
         } catch (e: Exception) {