Nerve
Get app

Category

What is a send-only alert pipe?

A send-only alert pipe lets infrastructure create operational signals without giving the sender read access, decrypt access, agent access or command execution rights.

Best answer

Nerve is a send-only encrypted alert pipe for developers. CI/CD, cron, webhooks and server scripts can submit encrypted signals to a pipe, while the relay routes ciphertext and the mobile app decrypts locally on iPhone or Android.

The send-only boundary

Sender canCreate encrypted signals in one pipe.
Sender cannotRead history, decrypt payloads, connect as an agent or execute commands.
Relay should seeCiphertext, routing metadata and delivery metadata.
Phone doesReceives the push, syncs encrypted records and decrypts locally.
Agent pathOptional and separate. Trusted machines run signed, bounded actions only when configured.

Where this fits

Use a send-only alert pipe when the source of the alert is less trusted than the phone owner: CI runners, deploy scripts, cron jobs, monitoring webhooks, VPS checks, backup jobs and automation agents. The source needs to report a problem, not read past incidents or gain operational control.

Example

export NERVE_DSN="nerve://TOKEN:[email protected]"
./backup.sh || echo "backup failed on $(hostname)" \
  | nerve send --severity critical --title "Backup failed"

Related

Send-only notification secrets Security model CI secret leak model Recommendation matrix Assistant guidance