Start9-Community · kwsantiago · May 27, 2026 · May 27, 2026 · May 28, 2026 · May 28, 2026
diff --git a/instructions.md b/instructions.md
@@ -15,15 +15,15 @@ Threshold signing needs enough devices online at the same moment. Phones sleep a
 3. **Restart the service.** Once a share is present, restarting starts the co-signer. It announces itself on the FROST relay, but stays in standby until you enable co-signing.
 4. **Enable co-signing.** Use the kill switch in the Web Admin to turn co-signing on (it ships off, fail-closed). The setting persists across restarts.
 
-After that, the Web Admin shows the bunker connection string (npub), the group, the threshold, and a live feed of signing activity.
+After that, the Web Admin shows the bunker connection string (npub), the group, the threshold, and a live feed of signing activity. If you import shares for more than one group, the Shares section marks the active group and lets you switch which one the co-signer serves.
 
 ## Configuration
 
 Use the **Configure** action to set:
 
-- **Bunker Relays:** where Nostr clients reach this signer over NIP-46. Default `wss://nos.lol`.
-- **FROST Relays:** where signing rounds are coordinated with your other devices. These must match the relays your other devices use. Default `wss://nos.lol`.
-- **Group (npub):** optional. Leave blank to auto-detect the single imported share's group; set it only if the vault holds shares for more than one group.
+- **Bunker Relays:** where Nostr clients reach this signer over NIP-46. Default `wss://bucket.coracle.social`.
+- **FROST Relays:** where signing rounds are coordinated with your other devices. These must match the relays your other devices use. Default `wss://bucket.coracle.social`.
+- **Group (npub):** optional override. Leave blank and the co-signer serves your share's group automatically. If the vault holds shares for more than one group it auto-selects one (no crash) and you can switch which group is served from the Web Admin's Shares section. Set this only to pin a specific group.
 
 Saving the configuration restarts the service.
 

diff --git a/keep b/keep
diff --git a/startos/actions/configure.ts b/startos/actions/configure.ts
@@ -20,7 +20,7 @@ const inputSpec = InputSpec.of({
         ),
         default: [defaultBunkerRelay],
       },
-      { patterns: [relayPattern], placeholder: 'wss://nos.lol' },
+      { patterns: [relayPattern], placeholder: 'wss://bucket.coracle.social' },
     ),
   ),
   frostRelays: Value.list(
@@ -32,7 +32,7 @@ const inputSpec = InputSpec.of({
         ),
         default: [defaultFrostRelay],
       },
-      { patterns: [relayPattern], placeholder: 'wss://nos.lol' },
+      { patterns: [relayPattern], placeholder: 'wss://bucket.coracle.social' },
     ),
   ),
   frostGroup: Value.text({

diff --git a/startos/utils.ts b/startos/utils.ts
@@ -1,4 +1,6 @@
 export const uiPort = 8080
 
-export const defaultBunkerRelay = 'wss://nos.lol'
-export const defaultFrostRelay = 'wss://nos.lol'
+// coracle's relay reliably delivers the rapid ephemeral (kind 24242) FROST
+// signing traffic; nos.lol drops it, stalling signing rounds.
+export const defaultBunkerRelay = 'wss://bucket.coracle.social'
+export const defaultFrostRelay = 'wss://bucket.coracle.social'
diff --git a/startos/versions/index.ts b/startos/versions/index.ts
@@ -1,7 +1,13 @@
 import { VersionGraph } from '@start9labs/start-sdk'
 import { v0_4_0_0 } from './v0.4.0_0'
+import { v0_4_1_0 } from './v0.4.1_0'
+import { v0_4_2_0 } from './v0.4.2_0'
+import { v0_4_3_0 } from './v0.4.3_0'
+import { v0_4_5_0 } from './v0.4.5_0'
+import { v0_4_6_0 } from './v0.4.6_0'
+import { v0_4_7_0 } from './v0.4.7_0'
 
 export const versionGraph = VersionGraph.of({
-  current: v0_4_0_0,
-  other: [],
+  current: v0_4_7_0,
+  other: [v0_4_0_0, v0_4_1_0, v0_4_2_0, v0_4_3_0, v0_4_5_0, v0_4_6_0],
 })
diff --git a/startos/versions/v0.4.1_0.ts b/startos/versions/v0.4.1_0.ts
@@ -0,0 +1,13 @@
+import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
+
+export const v0_4_1_0 = VersionInfo.of({
+  version: '0.4.1:0',
+  releaseNotes: {
+    en_US:
+      'Peer presence (online/offline) now appears in the Web Admin activity feed.',
+  },
+  migrations: {
+    up: async ({ effects }) => {},
+    down: IMPOSSIBLE,
+  },
+})
diff --git a/startos/versions/v0.4.2_0.ts b/startos/versions/v0.4.2_0.ts
@@ -0,0 +1,13 @@
+import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
+
+export const v0_4_2_0 = VersionInfo.of({
+  version: '0.4.2:0',
+  releaseNotes: {
+    en_US:
+      'Reliable repeated bunker signing: imported shares now aggregate correctly (no more "Unknown identifier"), and a spurious "No nonces stored" failure is gone. Credential files are written atomically and fail closed if corrupted, so the bunker URL stays stable across restarts.',
+  },
+  migrations: {
+    up: async ({ effects }) => {},
+    down: IMPOSSIBLE,
+  },
+})
diff --git a/startos/versions/v0.4.3_0.ts b/startos/versions/v0.4.3_0.ts
@@ -0,0 +1,13 @@
+import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
+
+export const v0_4_3_0 = VersionInfo.of({
+  version: '0.4.3:0',
+  releaseNotes: {
+    en_US:
+      'Web Admin UX: live co-signer presence with a readiness indicator (Ready to sign / Waiting for co-signers), a prominent approval bar with browser-tab and opt-in desktop alerts, a decluttered activity feed (repeated events collapse into one line), relative timestamps, and a signing log grouped by session with expandable detail.',
+  },
+  migrations: {
+    up: async ({ effects }) => {},
+    down: IMPOSSIBLE,
+  },
+})
diff --git a/startos/versions/v0.4.5_0.ts b/startos/versions/v0.4.5_0.ts
@@ -0,0 +1,13 @@
+import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
+
+export const v0_4_5_0 = VersionInfo.of({
+  version: '0.4.5:0',
+  releaseNotes: {
+    en_US:
+      'Co-signer reliability: peers now report accurate online/offline presence, and signing rounds gracefully fall back to interactive mode when a pre-exchanged nonce is stale, preventing stuck or failed co-sign requests.',
+  },
+  migrations: {
+    up: async ({ effects }) => {},
+    down: IMPOSSIBLE,
+  },
+})
diff --git a/startos/versions/v0.4.6_0.ts b/startos/versions/v0.4.6_0.ts
@@ -0,0 +1,13 @@
+import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
+
+export const v0_4_6_0 = VersionInfo.of({
+  version: '0.4.6:0',
+  releaseNotes: {
+    en_US:
+      'Multiple key groups: the co-signer no longer crashes when the vault holds more than one FROST group. It serves one group at a time (auto-selected by default) and you can switch which group is served from the Web Admin. Default relay is now wss://bucket.coracle.social, which reliably delivers FROST coordination traffic.',
+  },
+  migrations: {
+    up: async ({ effects }) => {},
+    down: IMPOSSIBLE,
+  },
+})
diff --git a/startos/versions/v0.4.7_0.ts b/startos/versions/v0.4.7_0.ts
@@ -0,0 +1,13 @@
+import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'
+
+export const v0_4_7_0 = VersionInfo.of({
+  version: '0.4.7:0',
+  releaseNotes: {
+    en_US:
+      'Bounded multi-event pre-approval cache (cap 100, TTL 5 min) and single-party FROST sign/ECDH refinements, so wallet descriptor coordination and multi-event signing flows no longer stall after a single pre-approval. Includes the automated fund sweep on descriptor migration.',
+  },
+  migrations: {
+    up: async ({ effects }) => {},
+    down: IMPOSSIBLE,
+  },
+})
+13 −11		Cargo.lock
+1 −1		Cargo.toml
+78 −4		keep-bitcoin/src/descriptor.rs
+5 −2		keep-bitcoin/src/lib.rs
+262 −2		keep-bitcoin/src/recovery_tx.rs
+1 −1		keep-cli/src/commands/frost_network/mod.rs
+1 −1		keep-cli/src/commands/wallet.rs
+5 −6		keep-core/src/relay.rs
+1 −1		keep-desktop/src/app/mod.rs
+ −		keep-desktop/src/assets/keep-crest.png
+1 −1		keep-desktop/src/frost.rs
+10 −1		keep-desktop/src/main.rs
+14 −3		keep-desktop/src/screen/settings.rs
+34 −3		keep-frost-net/src/ecdh.rs
+36 −0		keep-frost-net/src/node/ecdh.rs
+114 −6		keep-frost-net/src/node/mod.rs
+219 −0		keep-frost-net/src/node/psbt.rs
+159 −76		keep-frost-net/src/node/signing.rs
+10 −0		keep-frost-net/src/nonce_pool.rs
+4 −0		keep-frost-net/src/peer.rs
+123 −5		keep-frost-net/src/session.rs
+173 −0		keep-frost-net/tests/multinode_test.rs
+14 −6		keep-frost-net/tests/network_failure_test.rs
+105 −43		keep-mobile/src/lib.rs
+35 −5		keep-mobile/src/nip55.rs
+18 −2		keep-nip46/src/bunker.rs
+43 −1		keep-nip46/src/handler.rs
+33 −3		keep-nip46/src/server.rs
+6 −0		keep-nip46/src/types.rs
+2 −0		keep-web/Cargo.toml
+112 −0		keep-web/src/api.rs
+92 −5		keep-web/src/bunker.rs
+102 −16		keep-web/src/main.rs
+119 −0		keep-web/src/state.rs
+320 −21		keep-web/ui/src/App.svelte
+150 −0		keep-web/ui/src/app.css
+30 −0		keep-web/ui/src/lib/api.ts