đź“– Unfamiliar terms? See the glossary for definitions.
Set it and forget it. Post your listing once. The bot handles everything else—24/7.
The notification bot is a background process running on the seller’s device. It continuously monitors three data streams:
When a sender pays, the bot automatically funds the covenant, signs it, and broadcasts it to the BCH network. The seller never touches the app.
Without the bot: Manual checking, 5–10 transactions/day max, seller must be awake and attentive.
With the bot: Sub‑second response, 100+ transactions/day, zero cognitive load.
Listens on 3–5 Nostr relays for messages addressed to the seller’s public key. Decrypts with the seller’s private key. Validates the covenant exists on‑chain and the amount is within the seller’s limits. Generates a unique payment reference using the recipient’s Cash Account. Replies with encrypted bank details in under one second.
Uses the Android Notification Listener Service to intercept banking app notifications. Extracts payment amount, sender info, and the reference code. Matches the reference to a pending covenant. Verifies the amount (within a small tolerance). Triggers covenant funding.
Key insight: The bank notification is the payment proof. No API scraping, no login credentials stored, no polling required. The bot only reads notification summaries, which contain non‑sensitive data like “You received €100 from MarĂa, ref: Elena#142.”
Compatibility: Works with any online banking app that notifies the customer within minutes.
Queries Electrum for covenant state, creates funding transactions (locking the seller’s BCH per the covenant terms), signs with pre‑authorised keys limited to covenant UTXOs only, and broadcasts to the BCH network. Monitors for confirmation and reclaims if the covenant expires unfunded.
What the bot can access:
What the bot CANNOT access:
If the bot is compromised: The attacker can read recent notification summaries and attempt to fund unpaid covenants (losing BCH), but cannot drain the wallet, redirect covenants, fake bank notifications, or access the bank account. Loss is limited to covenants in progress—typically 1–3 at a time, maximum ~€300 exposure.
Key storage: The Nostr private key is encrypted via Android Keystore. Covenant signing keys are derived from the wallet but segregated (HD path m/44'/145'/0'/2/). The main wallet keys remain separate.
One‑time setup (2–3 minutes): Enable the bot, grant notification access and background execution, select the banking app to monitor, test with a €2 self‑payment.
Daily operation (zero effort): The seller checks earnings and buys BCH again to fund more covenants when convenient. The bot processes transactions while the seller works, sleeps, or ignores the phone. Optional push notifications (“Covenant funded: +€0.50 earned”) can be silenced.
When something goes wrong:
| Scenario | Bot Response | Seller Impact |
|---|---|---|
| Bot offline (phone dead) | No Nostr response within 2 min | Sender picks different seller; no loss |
| Payment amount mismatch | Bot detects, does NOT fund | Manual resolution needed (rare) |
| Bank notification delayed | Bot funds when notification arrives | 5‑minute delay for sender; acceptable |
| False positive (phantom notification) | Bot attempts fund, finds no covenant | Logged error; no financial loss |
Without automation, sellers are constrained by attention: 8–12 hours of availability, 5–10 transactions per day, high fees needed to earn a decent hourly rate, limited to one city. With the bot, a single seller can serve an entire country, 24/7, processing 100+ transactions daily. The required seller count drops by 10×, and response times improve by 300×.
A sender at 2:00 AM finds three bots awake and responsive. She picks the cheapest, pays, and the covenant is funded in under a minute. Without bots, she’d wait until morning or pay Western Union €5.
Complete automated flow:
Steps 2–5 are fully automated. The seller only touches steps 1 and 6.
Android: Foreground service with a persistent notification, partial wake lock, WiFi‑preferred with mobile data fallback. Battery impact: ~5–10 % per day.
Nostr: rust‑nostr via JNI, 3–5 public relays with exponential backoff reconnection. Messages use NIP‑04 encryption. A 30‑second keepalive detects dead connections.
Bank parsing: Pattern matching on notification text (e.g., “Has recibido 100,00 € de MarĂa GarcĂa. Concepto: Elena#142”). Extracts amount and reference. Multiple regex patterns per bank handle format variations. If all patterns fail, the bot alerts the seller for manual verification.
Covenant matching: Resolves the Cash Account on‑chain, queries Electrum for unfunded covenants where recipient matches and amount is within tolerance, creates the funding transaction (107 % of face value), signs with the covenant‑specific key, and broadcasts.
Ready: Nostr message handler, bank notification parser (Spanish banks), covenant manager, multi‑relay failover, reconciliation logs, limited key permissions, error handling.
Phase 1+: VPS deployment option, multi‑currency support, dispute mediation interface, advanced accounting exports, concurrent multi‑corridor support.
| 🏠Home | ↑ The Mechanism | 📖 Glossary |
Related: Wallet · Bulletin Board · Nostr · Stability Layer