diff --git a/src/lib/api/lnbits.ts b/src/lib/api/lnbits.ts
index bdd2e18..700df9a 100644
--- a/src/lib/api/lnbits.ts
+++ b/src/lib/api/lnbits.ts
@@ -40,8 +40,12 @@ interface User {
   username?: string
   email?: string
   pubkey?: string
-  // pragma: allowlist secret
-  prvkey?: string  // Nostr signing key for user
+  // The `prvkey` field was removed from this interface as the final step of
+  // phase-1 per aiolabs/lnbits#9 / design-questions Q1.2 Option (b). LNbits
+  // signs server-side via the NostrSigner abstraction (PR #26) and exposes
+  // `signer_type` instead of raw key material on /api/v1/auth. Bucket-B
+  // sign-sites (kind 1 / 4 / 5 / 7 / 31925 / 10003 / 1111 etc.) migrate to
+  // POST /api/v1/auth/sign-event (PR #29) in phase 2.
   external_id?: string
   extensions: string[]
   wallets: Wallet[]
@@ -174,20 +178,22 @@ export class LnbitsAPI extends BaseService {
   async getCurrentUser(): Promise<User> {
     // First get basic user info from /auth
     const basicUser = await this.request<User>('/auth')
-    
-    // Then get Nostr keys from /auth/nostr/me (this was working in main branch)
+
+    // /auth/nostr/me used to return the user's prvkey for client-side signing;
+    // post-aiolabs/lnbits#9 phase-1 the server signs and the endpoint returns
+    // only the pubkey. We keep the call to merge the pubkey (which the basic
+    // /auth response also includes on the post-cascade server; this is the
+    // belt-and-suspenders fallback for older lnbits revisions until we ship a
+    // signer_type-aware client).
     try {
       const nostrUser = await this.request<User>('/auth/nostr/me')
-      
-      // Merge the data - basic user info + Nostr keys
+
       return {
         ...basicUser,
         pubkey: nostrUser.pubkey,
-        prvkey: nostrUser.prvkey
       }
     } catch (error) {
-      console.warn('Failed to fetch Nostr keys, returning basic user info:', error)
-      // Return basic user info without Nostr keys if the endpoint fails
+      console.warn('Failed to fetch Nostr pubkey from /auth/nostr/me, returning basic user info:', error)
       return basicUser
     }
   }
diff --git a/src/modules/base/auth/auth-service.ts b/src/modules/base/auth/auth-service.ts
index 4cc9523..3e728c7 100644
--- a/src/modules/base/auth/auth-service.ts
+++ b/src/modules/base/auth/auth-service.ts
@@ -180,17 +180,14 @@ export class AuthService extends BaseService {
       this.isLoading.value = true
       const updatedUser = await this.lnbitsAPI.updateProfile(data)
 
-      // Preserve prvkey and pubkey from existing user since /auth/update doesn't return them
+      // Preserve pubkey from existing user since /auth/update doesn't return it.
+      // Kind-0 metadata is published server-side by lnbits's PATCH /auth handler
+      // (aiolabs/lnbits commit 869f67c3); no webapp-side broadcast path remains.
       this.user.value = {
         ...updatedUser,
         pubkey: this.user.value?.pubkey || updatedUser.pubkey,
-        prvkey: this.user.value?.prvkey || updatedUser.prvkey
       }
 
-      // Kind-0 metadata is published server-side by lnbits's PATCH /auth handler
-      // (aiolabs/lnbits commit 869f67c3) once the cascade is deployed. The webapp
-      // no longer maintains its own broadcast path.
-
     } catch (error) {
       const err = this.handleError(error, 'updateProfile')
       throw err