Charter

Parent-led, libre game account management — time, spend, content and comms grants on your own keys, no platform required. Built on Signet.

Status: contract v0.1 landed. Schedule clause implemented in Signet. Consumer SDK shipped at charter on npm (v0.1.0 — Phase 1α schedule clause). No native dashboard code yet.

Protocol contract (v0.1) · Integration guide (consumers) · Consumer SDK reference · Positioning doc · Signet (identity) · Dominion (encrypted access)

Building a game / consumer app and want to be Charter-aware? Install the SDK below, then read docs/integrating.md for the protocol semantics. Project-specific integration briefs live in docs/integrations/.

Consumer SDK (charter on npm)

npm install @forgesworn/charter nostr-tools

The consumer SDK gives any Nostr-aware app the three primitives it needs to be Charter-aware:

Or import everything from the barrel:

import {
  evaluateSchedule,
  createPairingStore,
  createCharterEvaluator,
} from '@forgesworn/charter'

Each consumer app brings:

• An app keypair ({pubkey, privkey}) — bundle-embedded, public-shaped secret per Phase 1α. Generate once per app; parents address clauses to your pubkey.
• A set of relays the parent publishes clauses to (charterRelays on the session).
• Subject pubkey for the signed-in kid.

Then:

const ev = createCharterEvaluator({
  appKeypair: { pubkey: APP_PUB, privkey: APP_PRIV },
})
await ev.init({
  charterAuthors: [parentPubkey],
  charterRelays: ['wss://relay.example.com', 'wss://other.example.com'],
  depCanonicalPubkey: null,
  subjectPubkey: signedInKidPubkey,
})

// Synchronous gate the engine can call per session/action:
const decision = ev.check(signedInKidPubkey)
if (!decision.allow) showLockoutScreen(decision.reason)

The pure evaluateSchedule is also exported standalone — useful for dashboards that need to render "next allowed window" without running a relay subscription.

Full migration walkthrough for an existing hand-rolled Charter consumer: docs/integrations/axenstax-migration.md.

The problem

Today's parent-led game management is platform-owned: Microsoft Family, Sony Family, Steam Family View, Nintendo Parental Controls. Each requires the family to live inside that platform's account system. None talk to each other. None are auditable. None survive the platform's strategic shifts. None work for non-platform games (Roblox creators, Minetest servers, browser games, indie web games).

ForgeSworn already builds the libre identity primitives that matter. Charter is the missing product surface tailored to gaming use cases.

The mental model

A Charter is the unit of granted gaming permission. One Charter = one (dependant, game) tuple, with clauses:

• Schedule — when play is permitted (days, hours, exception schedules)
• Budget — how much play (per-day, per-week, lifetime cap)
• Spend — money limits and purchase approval rules
• Content — rating cap, category filters
• Comms — friend allowlist, voice / DM permissions

Verbs: issue, amend, revoke.

A parent issues a Charter for Tom to play Roblox; amends the budget on weekends; revokes the spend clause if Tom oversteps.

Vocabulary across the stack

The three form a coherent authority cluster: you sign with your Signet, you bound access to your Dominion, you grant a Charter to a child for a specific purpose.

Architecture

Charter is a product, not a protocol library. It composes existing ForgeSworn primitives into one parent-facing surface:

+----------------------+
|  Charter             |  Native desktop dashboard + (later) mobile companion
|  — issue / amend     |  — UI + policy editor + system-level enforcement
|  — view audit feed   |
+----------+-----------+
           | NIP-46 (paired as a trusted app)
           v
+----------------------+
|  Signet              |  Source of truth: stores Charters in IDB
|  — bunker enforces   |  Enforces clauses at sign-time
|  — IDB stores grants |  Audit log records every attempt
+----------+-----------+
           | composes with
           v
+--------+--------+--------+--------------+
| Dominion         | toll-booth | nostr-attestations | canary-kit |
| (save sync)      | (spend)    | (achievements)     | (coercion) |
+------------------+------------+--------------------+------------+

Signet is the source of truth. Charter is a UI + policy editor; Charter records live in Signet's IDB. Charter writes via NIP-46 the same way any third-party app would. This means one source of truth, automatic cross-device sync, and a guardian without Charter installed still gets enforcement.

Form factor

Native desktop first (Windows / macOS / Linux). Reasons:

1. Many games don't (and won't) integrate Signet. Native lets Charter kill a process, block an executable, or read the foreground window — enforcement primitives a PWA cannot reach.
2. Native push works reliably for "can I have 30 more minutes?" approvals.
3. Foreground-window detection lets Charter measure actual play time even for games that don't report it.

Mobile companion (read-only audit + grant-extra-time approvals) at P3+.

Roadmap

Each phase ships and is used in real households before the next opens.

Part of the ForgeSworn Toolkit

ForgeSworn builds open-source cryptographic identity, payments, and coordination tools for Nostr.

Licence

MIT