nsec-tree-cli is the standalone command-line application for hierarchical
Nostr identity workflows.
This repo owns:
- command grammar
- help and onboarding UX
- human-readable and
--jsonoutput - profile storage
- filesystem input and output
- safety warnings for sensitive material
This repo does not own the core cryptographic primitives.
Those belong in sibling libraries:
nsec-treeshamir-words
- Keep
nsec-tree-clias the application layer. - Reuse
nsec-treefor derivation, export, proofs, and identity semantics. - Reuse
shamir-wordsfor Shamir splitting and recovery workflows. - Do not re-implement cryptographic logic in the CLI when it can live in a library.
- If logic becomes broadly reusable, move it into the appropriate library instead.
- The CLI must stay offline-first.
- Human mode should be concise and explanatory.
--jsonoutput should be stable and scriptable.- Sensitive commands must warn clearly in TTY mode.
- Always preserve the distinction between:
nsec-backed rootmnemonic-backed root
The CLI should consistently teach:
- both root types can derive the tree
- only mnemonic-backed roots support phrase / Shamir recovery
- derived children are standalone Nostr identities
- proofs are optional and selective
Prefer these phrases in user-facing text:
private prooffull proofnsec-backed rootmnemonic-backed root
- Keep dependencies minimal.
- Prefer simple Node.js and library reuse over framework-heavy abstractions.
- Keep commands deterministic where possible.
- Avoid hidden global state; explicit input beats magic.
- Profile storage is a convenience layer, not a required mode.