Open-source building blocks for sovereign commerce, identity, and trust.
- Machine-payable APIs and Lightning payment gating
- Deterministic Nostr identities and encrypted access control
- Privacy-preserving trust and anonymous reputation
- Spoken verification, anti-deepfake, and coercion resistance
- Fair meeting points and spatial coordination
- AI agent tooling for sovereign Nostr interaction
- Cryptographic primitives: ring signatures, range proofs, Shamir secret sharing
- Nostr protocol extensions and conformance testing
- Build infrastructure: reproducible, hardened npm publishing
Built on Nostr, Lightning, and zero-trust cryptography. Every repo works standalone or as a composable part of the ecosystem.
Visual guides: Ecosystem overview | L402 pipeline | Identity stack
- toll-booth : Gate any HTTP API behind Lightning payments. Add toll-booth-announce , 402-announce , 402-indexer , and 402-pub for discovery. Add toll-booth-mcp for analytics and toll-booth-dvm for NIP-90 exposure. Use toll-booth-rs for Rust.
- 402-mcp : Let AI agents discover, pay for, and consume paid APIs. Pair with toll-booth and 402-pub .
- bray : Give AI agents a sovereign Nostr identity. 235 tools across 27 groups covering identity, social, payments, dispatch, trust, moderation, privacy, spells, and encrypted access. Built on nsec-tree for identity derivation and dominion for encrypted access.
- nostr-veil : Privacy-preserving Web of Trust. Anonymous trust assertions using LSAG ring signatures over NIP-85. Built on ring-sig .
- rendezvous-kit : Build fair meeting-point or spatial apps. Add geohash-kit and rendezvous-mcp .
- spoken-token : Add human-speakable rotating verification codes. Pair with canary-kit .
- nsec-tree : Derive deterministic, unlinkable Nostr sub-identities from one master secret. Use it when one seed needs separate identities for roles, apps, bots, or privacy boundaries. Add nsec-tree-cli for an offline-first CLI. Used by bray , heartwood , and signet .
- heartwood : Nostr signing software for Raspberry Pi.
NIP-46 remote signing with Tor, AES-256-GCM encrypted storage, per-client kind permissions, and unlimited unlinkable personas from one mnemonic via nsec-tree . Flash an SD card, boot, scan QR.
Rust - bark : NIP-07 Nostr signer backed by NIP-46 remote signing. Self-sovereign keys, derived personas with heartwood .
- canary-kit : Build spoken verification, duress detection, or privacy-preserving identity flows. Add ring-sig , range-proof , and shamir-words .
- signet : Decentralised identity verification for Nostr. 4 verification tiers, ZKP age proofs, Signet IQ scoring. Built on nostr-attestations and range-proof . Drop it into a website with signet-verify (one script tag, one function call).
- dominion : Encrypted access control with epoch-based key rotation. Tiered audiences, HKDF content keys, Shamir secret sharing. Used by bray .
- nostr-attestations : One Nostr event kind for all attestations (NIP-VA, kind 31000). Credentials, endorsements, vouches, provenance, licensing, and trust.
- jurisdiction-kit : Work with jurisdiction and professional-registry data. Pair with canary-kit or signet for identity-sensitive flows.
- nip-drafts : 30 Nostr protocol extensions covering service coordination, trust, payments, disputes, key hierarchy, resource curation, and encrypted access. Classified as upstream, ecosystem, or incubating.
- anvil : Ship JS/TS libraries with reproducible, hardened npm releases. Multi-runner byte-identical build attestation, OIDC trusted publishing, SLSA provenance, secret scanning, exports-map checks. Pure bash, auditable in under thirty minutes. Used by 24+ repos in this org.
toll-booth -> toll-booth-announce -> 402-announce -> 402-indexer -> 402-pub -> 402-mcp: Gate an API, announce it on Nostr, index it, publish a directory, let AI agents consume it.toll-booth -> toll-booth-mcp: Monitor a toll-booth with analytics dashboards and widget UIs.geohash-kit -> rendezvous-kit -> rendezvous-mcp: Encode spatial data, compute fair meeting points, expose to AI agents.nsec-tree -> heartwood -> bark: Derive sub-identities on a dedicated Pi, sign remotely via NIP-46 over Tor, use from the browser via NIP-07.nsec-tree -> heartwood-esp32 -> sapwood: Experimental microcontroller signing token on ESP32-S3, configured via a web management UI.nsec-tree -> bray -> dominion: Derive sub-identities, give them to an AI agent, gate content access by tier and epoch.nsec-tree -> spoken-token / canary-kit: Derive purpose-specific Nostr identities, attach spoken verification or higher-trust identity flows.ring-sig -> nostr-veil: Anonymous trust assertions -- prove group membership without revealing who endorsed.ring-sig -> nostr-anon-vote: Anonymous voting with double-vote prevention, without revealing voters.nostr-attestations -> signet -> signet-verify: Protocol plus drop-in SDK so any website can age-gate or identity-gate in one script tag.nostr-attestations -> signet -> canary-kit / jurisdiction-kit: Issue verifiable attestations, verify identities with tiers and ZKP age proofs, add jurisdiction context.spoken-token -> canary-kit -> ring-sig / range-proof / shamir-words: Spoken verification, privacy-preserving proofs, human-recoverable secret handling.shamir-core -> shamir-words -> nsec-tree-cli: Core secret sharing, BIP-39 word output, offline identity recovery.
Make APIs payable, discoverable, and consumable by people and agents.
Start with toll-booth to put a Lightning paywall in front of an API. Add announcement and indexing repos for discovery, then 402-mcp when the client is an AI agent.
| Repository | What it does |
|---|---|
| toll-booth | Any API becomes a Lightning toll booth in one line. L402 middleware for Express, Hono, Deno, Bun, and Workers. |
| toll-booth-rs | L402 payment middleware for Rust. Gates any HTTP API behind Lightning payments. Rust |
| 402-announce | Announce HTTP 402 services on Nostr for decentralised discovery using kind 31402 parameterised replaceable events. |
| 402-mcp | MCP client for AI agents to discover, pay for, and consume L402 and x402 APIs. |
| 402-pub | 402.pub ecosystem landing page and live directory for Lightning-paid APIs. |
| toll-booth-announce | Bridge between toll-booth and 402-announce so a toll-booth service can be announced on Nostr. |
| toll-booth-dvm | Expose any toll-booth-gated API as a NIP-90 Data Vending Machine on Nostr. |
| toll-booth-mcp | MCP server with read-only analytics and widget UIs for toll-booth deployments. |
| 402-indexer | Nostr-native crawler that discovers L402 and x402 paid APIs and publishes kind 31402 events. |
| payment-methods | Specifications for HTTP Payment Authentication methods (Lightning, Cashu, Session). |
| aperture-phoenixd | Use Phoenixd as the Lightning backend for Aperture, with no LND required. Go |
| aperture-announce | Announce Aperture L402 services on Nostr for decentralised discovery. Go |
Build location-aware workflows and fair meeting-point tools.
Start with rendezvous-kit for meeting-point logic. Use geohash-kit for geospatial primitives and Nostr location filters. Use rendezvous-mcp when you want that flow exposed to agents.
| Repository | What it does |
|---|---|
| geohash-kit | Zero-dependency geohash toolkit for encoding, decoding, polygon coverage, and Nostr location filters. |
| rendezvous-kit | Find fair meeting points for N participants with isochrone intersection, venue search, and fairness scoring. |
| rendezvous-mcp | MCP server for AI-driven fair meeting-point discovery. |
Composable libraries for deterministic identity derivation, spoken verification, and encrypted access control.
Start with nsec-tree for deterministic unlinkable Nostr identities, spoken-token for human-speakable rotating codes, dominion for tiered encrypted access, or canary-kit for full spoken-verification flows with duress detection and group sync.
| Repository | What it does |
|---|---|
| nsec-tree | Deterministic Nostr sub-identity derivation. One master secret, unlimited unlinkable identities. |
| nsec-tree-cli | Offline-first CLI for nsec-tree with derivation, proofs, and Shamir recovery. |
| spoken-token | TOTP, but you say it out loud. Derive time-rotating, human-speakable verification tokens from a shared secret. |
| canary-kit | Deepfake-proof identity verification with per-member spoken words, silent duress detection, encrypted group sync, and an open protocol. |
| dominion | Epoch-based encrypted access control. Your content. Your keys. Your rules. HKDF content keys per tier/epoch, AES-256-GCM, Shamir secret sharing, tiered audiences. |
Running signers, hardware variants, and decentralised-identity applications built on the primitives above.
Signer stack -- heartwood is a Raspberry Pi signing appliance, bark is the NIP-07 browser client that speaks to it, and heartwood-esp32 + sapwood are an experimental microcontroller variant with a web management UI.
Signet stack -- signet is the verification protocol, signet-app is the reference user app, signet-verify is the drop-in SDK for any website, and signet-verification-bot is a reference verifier-credential checker.
| Repository | What it does |
|---|---|
| heartwood | Nostr signing software for Raspberry Pi. NIP-46 remote signing, Tor by default, AES-256-GCM encrypted storage, per-client permissions, unlimited unlinkable personas via nsec-tree. Rust |
| bark | NIP-07 Nostr signer backed by NIP-46 remote signing. Self-sovereign keys, derived personas with Heartwood. |
| heartwood-esp32 | Experimental nsec-tree signing token for Heltec WiFi LoRa 32 V4 (ESP32-S3). Rust |
| sapwood | Web management UI for the Heartwood ESP32 signer. |
| signet | Decentralised identity verification for Nostr. 4 verification tiers, ZKP age proofs, Signet IQ (0-200), professional verifier anti-corruption, verifier delegation. |
| signet-app | My Signet -- the reference identity verification app. React + Vite. |
| signet-verify | Drop-in age verification SDK for websites. One script tag, one function call. |
| signet-verification-bot | Reference verifier-credential checker bot for Signet. |
Give AI agents sovereign Nostr identities with trust-aware tooling.
| Repository | What it does |
|---|---|
| bray | Trust-aware Nostr MCP for AI and humans. 235 tools across 27 groups: identity, social, trust, dispatch, relay, marketplace, safety, privacy, and encrypted access. NIP-A7 Spell casting. Three trust dimensions: Verification (Signet), Proximity (WoT), and Access (Dominion). |
Privacy-preserving trust and verifiable attestations.
| Repository | What it does |
|---|---|
| nostr-veil | Anonymous trust assertions for Nostr. LSAG ring signatures over NIP-85 so endorsements are verifiable but contributors are unidentifiable. Solves the Trust Trilemma. |
| nostr-anon-vote | Anonymous voting on Nostr with LSAG ring signatures. Double-vote prevention without revealing voter identity. |
| nostr-attestations | One Nostr event kind for all attestations -- credentials, endorsements, vouches, provenance, licensing, and trust. NIP-VA (kind 31000). |
Standalone cryptographic building blocks used across the ecosystem.
| Repository | What it does |
|---|---|
| ring-sig | SAG and LSAG ring signatures on secp256k1 for proving group membership without revealing identity. |
| range-proof | Pedersen commitment range proofs on secp256k1 for proving a value is in range without revealing it. |
| shamir-core | Shamir's Secret Sharing over GF(256) with core utilities. Backend for shamir-words. |
| shamir-words | Split secrets into human-readable BIP-39 word shares using Shamir's Secret Sharing. Built on shamir-core. |
Work with jurisdiction and professional-registry intelligence for regulated or identity-sensitive flows.
| Repository | What it does |
|---|---|
| jurisdiction-kit | Professional body registries and jurisdiction intelligence for 30+ countries, including compliance, data protection, and mutual recognition contexts. |
Nostr protocol extensions and conformance testing.
| Repository | What it does |
|---|---|
| nip-drafts | 30 Nostr protocol extensions: service coordination, trust, payments, disputes, key hierarchy, resource curation, paid APIs, and encrypted access. Classified as upstream, ecosystem, or incubating. Each NIP is independent. |
| trott-conformance | Protocol conformance test suite. Lifecycle fixtures for TROTT task kinds. |
Infrastructure that underpins how the other repos are built and published.
| Repository | What it does |
|---|---|
| anvil | Hardened npm publishing GitHub Action. Multi-runner byte-identical build attestation, OIDC trusted publishing, SLSA provenance, secret scanning, exports-map checks, frozen-vector gates. Pure bash, auditable in under thirty minutes. Used by 24+ repos in this org. |