From 8278fed2fbf45f2f580f8d798c11895c77c18a7e Mon Sep 17 00:00:00 2001
From: Gigi <dergigi@pm.me>
Date: Thu, 16 Oct 2025 21:47:59 +0200
Subject: [PATCH] fix: request NIP-46 permissions for bunker signing

- Add explicit signing permissions for event kinds: 5, 7, 17, 9802, 30078, 39701, 0
- Add encryption/decryption permissions: nip04_encrypt/decrypt, nip44_encrypt/decrypt
- Improve error messages when bunker permissions are missing or denied
- Add debug logging hint for bunker permission issues in write service
- This ensures highlights, reactions, settings, reading positions, and web bookmarks all work with bunker
---
 src/components/LoginOptions.tsx | 24 +++++++++++++++++++++---
 src/services/writeService.ts    |  5 +++++
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/src/components/LoginOptions.tsx b/src/components/LoginOptions.tsx
index d5a72990..dd588138 100644
--- a/src/components/LoginOptions.tsx
+++ b/src/components/LoginOptions.tsx
@@ -40,8 +40,19 @@ const LoginOptions: React.FC = () => {
       setIsLoading(true)
       setError(null)
       
-      // Create signer from bunker URI
-      const signer = await NostrConnectSigner.fromBunkerURI(bunkerUri)
+      // Build permissions for signing and encryption
+      const permissions = [
+        // Signing permissions for event kinds we create
+        ...NostrConnectSigner.buildSigningPermissions([5, 7, 17, 9802, 30078, 39701, 0]),
+        // Encryption/decryption for hidden content and NIP-04/NIP-44
+        'nip04_encrypt',
+        'nip04_decrypt',
+        'nip44_encrypt',
+        'nip44_decrypt'
+      ]
+      
+      // Create signer from bunker URI with permissions
+      const signer = await NostrConnectSigner.fromBunkerURI(bunkerUri, { permissions })
       
       // Get pubkey from signer
       const pubkey = await signer.getPublicKey()
@@ -58,7 +69,14 @@ const LoginOptions: React.FC = () => {
       setShowBunkerInput(false)
     } catch (err) {
       console.error('Bunker login failed:', err)
-      setError(err instanceof Error ? err.message : 'Failed to connect to bunker')
+      const errorMessage = err instanceof Error ? err.message : 'Failed to connect to bunker'
+      
+      // Check for permission-related errors
+      if (errorMessage.toLowerCase().includes('permission') || errorMessage.toLowerCase().includes('unauthorized')) {
+        setError('Your bunker connection is missing signing permissions. Reconnect and approve signing.')
+      } else {
+        setError(errorMessage)
+      }
     } finally {
       setIsLoading(false)
     }
diff --git a/src/services/writeService.ts b/src/services/writeService.ts
index 7ef6aa67..d67bc4c3 100644
--- a/src/services/writeService.ts
+++ b/src/services/writeService.ts
@@ -52,6 +52,11 @@ export async function publishEvent(
     })
     .catch((error) => {
       console.warn('⚠️ Failed to publish event to relays (event still saved locally):', error)
+      
+      // Surface common bunker signing errors for debugging
+      if (error instanceof Error && error.message.includes('permission')) {
+        console.warn('💡 Hint: This may be a bunker permission issue. Ensure your bunker connection has signing permissions.')
+      }
     })
 }