The vision for this is that you have a dedicated "Client Key" that you can paste into whichever clients you enjoy using. You also have 1 or many "Bunker Keys" that are stored on servers listening for events from your client key. Only when both the client and bunker keys contribute their signatures will the signature for the event be valid, and a valid signature will be indistinguishable from one produced by your root key in cold storage somewhere.

What this allows for is even if a client or bunker attempts to rug you, you can just rotate to new key shares and "kick out" the dishonest party. And the best part is that you still have the same npub! Rotating keys doesn't mean you lose your identity.

This is somewhat flexible as well, in the demo I show a 2-of-2 setup. But you can easily increase the participants and threshold needed to produce a valid signature, thus further decreasing the trust assumptions. I could imagine having multiple bunkers with distinct key shares so you'd need all of them to conspire against you in order to get rugged.