Cool! It gets me thinking. I designed TEPP for signing/execution control over other keys. But i wonder if a similar scheme could work on bunker sessions. It should be a lot easier, because i don't see the need for trust extensions and association is more straightforward; but the view-only/interact, kind, time, day, (maybe relay) controls; it could compart mentalize a single keypair. The bunker would, on creation of the bunker session, would create and sign all the permission events irt to the bunker session, and follows those settings. The result is on the one hand a record of the permissions applied to each bunkersession, and the ability to pinpoint actions/signatures that were made back to the permission that was used, for troubleshooting/accountability reasons; you also have this shareable and modular standard of applying base Nostr permissions. nostr:naddr1qvzqqqr4gupzqh4yvjqytwcl7g3x2hwaxmndemwugdvscfsfp3yxhmecaazsmfdaqythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qq25ca6hta3kw5fedef8zjtx292hyv2t2s64wkmqdnn