Open-source building blocks for sovereign commerce, identity, and trust.
- Machine-payable APIs and Lightning payment gating
- Deterministic Nostr identities and encrypted access control
- Privacy-preserving trust and anonymous reputation
- Spoken verification, anti-deepfake, and coercion resistance
- Fair meeting points and spatial coordination
- AI agent tooling for sovereign Nostr interaction
- Cryptographic primitives: ring signatures, range proofs, Shamir secret sharing
- Nostr protocol extensions and conformance testing
Built on Nostr, Lightning, and zero-trust cryptography. Every repo works standalone or as a composable part of the ecosystem.
Visual guides: Ecosystem overview | L402 pipeline | Identity stack
- toll-booth: Gate any HTTP API behind Lightning payments. Add toll-booth-announce, 402-announce, 402-indexer, and 402-pub for discovery. Add toll-booth-mcp for analytics and toll-booth-dvm for NIP-90 exposure.
- 402-mcp: Let AI agents discover, pay for, and consume paid APIs. Pair with toll-booth and 402-pub.
- bray: Give AI agents a sovereign Nostr identity. 106 tools across identity, social, payments, moderation, and privacy. Built on nsec-tree for identity derivation and dominion for encrypted access.
- nostr-veil: Privacy-preserving Web of Trust. Anonymous trust assertions using LSAG ring signatures over NIP-85. Built on ring-sig.
- rendezvous-kit: Build fair meeting-point or spatial apps. Add geohash-kit and rendezvous-mcp.
- spoken-token: Add human-speakable rotating verification codes. Pair with canary-kit.
- nsec-tree: Derive deterministic, unlinkable Nostr sub-identities from one master secret. Use it when one seed needs separate identities for roles, apps, bots, or privacy boundaries. Add nsec-tree-cli for an offline-first CLI. Used by bray and signet.
- canary-kit: Build spoken verification, duress detection, or privacy-preserving identity flows. Add ring-sig, range-proof, and shamir-words.
- signet: Decentralised identity verification for Nostr. 4 verification tiers, ZKP age proofs, Signet IQ scoring. Built on nostr-attestations and range-proof.
- dominion: Encrypted access control with epoch-based key rotation. Tiered audiences, HKDF content keys, Shamir secret sharing. Used by bray.
- nostr-attestations: One Nostr event kind for all attestations (NIP-VA, kind 31000). Credentials, endorsements, vouches, provenance, licensing, and trust.
- jurisdiction-kit: Work with jurisdiction and professional-registry data. Pair with canary-kit or signet for identity-sensitive flows.
- nip-drafts: 30 Nostr protocol extensions covering service coordination, trust, payments, disputes, key hierarchy, and encrypted access.
toll-booth -> toll-booth-announce -> 402-announce -> 402-indexer -> 402-pub -> 402-mcp: Gate an API, announce it on Nostr, index it, publish a directory, let AI agents consume it.toll-booth -> toll-booth-mcp: Monitor a toll-booth with analytics dashboards and widget UIs.geohash-kit -> rendezvous-kit -> rendezvous-mcp: Encode spatial data, compute fair meeting points, expose to AI agents.nsec-tree -> bray -> dominion: Derive sub-identities, give them to an AI agent, gate content access by tier and epoch.nsec-tree -> spoken-token / canary-kit: Derive purpose-specific Nostr identities, attach spoken verification or higher-trust identity flows.ring-sig -> nostr-veil: Anonymous trust assertions -- prove group membership without revealing who endorsed.nostr-attestations -> signet -> canary-kit / jurisdiction-kit: Issue verifiable attestations, verify identities with tiers and ZKP age proofs, add jurisdiction context.spoken-token -> canary-kit -> ring-sig / range-proof / shamir-words: Spoken verification, privacy-preserving proofs, human-recoverable secret handling.shamir-core -> shamir-words -> nsec-tree-cli: Core secret sharing, BIP-39 word output, offline identity recovery.
Make APIs payable, discoverable, and consumable by people and agents.
Start with toll-booth to put a Lightning paywall in front of an API. Add announcement and indexing repos for discovery, then 402-mcp when the client is an AI agent.
| Repository | What it does |
|---|---|
| toll-booth | Any API becomes a Lightning toll booth in one line. L402 middleware for Express, Hono, Deno, Bun, and Workers. |
| 402-announce | Announce HTTP 402 services on Nostr for decentralised discovery using kind 31402 parameterised replaceable events. |
| 402-mcp | MCP client for AI agents to discover, pay for, and consume L402 and x402 APIs. |
| 402-pub | 402.pub ecosystem landing page and live directory for Lightning-paid APIs. |
| toll-booth-announce | Bridge between toll-booth and 402-announce so a toll-booth service can be announced on Nostr. |
| toll-booth-dvm | Expose any toll-booth-gated API as a NIP-90 Data Vending Machine on Nostr. |
| toll-booth-mcp | MCP server with read-only analytics and widget UIs for toll-booth deployments. |
| 402-indexer | Nostr-native crawler that discovers L402 and x402 paid APIs and publishes kind 31402 events. |
| payment-methods | Specifications for HTTP Payment Authentication methods (Lightning, Cashu, Session). |
| aperture-phoenixd | Use Phoenixd as the Lightning backend for Aperture, with no LND required. Go |
| aperture-announce | Announce Aperture L402 services on Nostr for decentralised discovery. Go |
Build location-aware workflows and fair meeting-point tools.
Start with rendezvous-kit for meeting-point logic. Use geohash-kit for geospatial primitives and Nostr location filters. Use rendezvous-mcp when you want that flow exposed to agents.
| Repository | What it does |
|---|---|
| geohash-kit | Zero-dependency geohash toolkit for encoding, decoding, polygon coverage, and Nostr location filters. |
| rendezvous-kit | Find fair meeting points for N participants with isochrone intersection, venue search, and fairness scoring. |
| rendezvous-mcp | MCP server for AI-driven fair meeting-point discovery. |
Build spoken verification, anti-deepfake, deterministic Nostr identity trees, encrypted access control, and decentralised identity verification.
Start with spoken-token for human-speakable rotating codes, nsec-tree for deterministic unlinkable Nostr identities, signet for multi-tier identity verification, or canary-kit for full spoken-verification flows with duress detection and group sync.
| Repository | What it does |
|---|---|
| spoken-token | TOTP, but you say it out loud. Derive time-rotating, human-speakable verification tokens from a shared secret. |
| nsec-tree | Deterministic Nostr sub-identity derivation. One master secret, unlimited unlinkable identities. |
| nsec-tree-cli | Offline-first CLI for nsec-tree with derivation, proofs, and Shamir recovery. |
| canary-kit | Deepfake-proof identity verification with per-member spoken words, silent duress detection, encrypted group sync, and an open protocol. |
| signet | Decentralised identity verification for Nostr. 4 verification tiers, ZKP age proofs, Signet IQ (0-200), professional verifier anti-corruption, verifier delegation. |
| dominion | Epoch-based encrypted access control. Your content. Your keys. Your rules. HKDF content keys per tier/epoch, AES-256-GCM, Shamir secret sharing, tiered audiences. |
Give AI agents sovereign Nostr identities with trust-aware tooling.
| Repository | What it does |
|---|---|
| bray | Trust-aware Nostr MCP for AI and humans. 106 tools across 13 groups: identity (nsec-tree derivation, personas), social (DMs, notifications, Blossom), payments, moderation, privacy (NIP-17), and encrypted access (Dominion). Three trust dimensions: Verification, Proximity, and Access. |
Privacy-preserving trust and verifiable attestations.
| Repository | What it does |
|---|---|
| nostr-veil | Anonymous trust assertions for Nostr. LSAG ring signatures over NIP-85 so endorsements are verifiable but contributors are unidentifiable. Solves the Trust Trilemma. |
| nostr-attestations | One Nostr event kind for all attestations -- credentials, endorsements, vouches, provenance, licensing, and trust. NIP-VA (kind 31000). |
Standalone cryptographic building blocks used across the ecosystem.
| Repository | What it does |
|---|---|
| ring-sig | SAG and LSAG ring signatures on secp256k1 for proving group membership without revealing identity. |
| range-proof | Pedersen commitment range proofs on secp256k1 for proving a value is in range without revealing it. |
| shamir-core | Shamir's Secret Sharing over GF(256) with core utilities. Backend for shamir-words. |
| shamir-words | Split secrets into human-readable BIP-39 word shares using Shamir's Secret Sharing. Built on shamir-core. |
Work with jurisdiction and professional-registry intelligence for regulated or identity-sensitive flows.
| Repository | What it does |
|---|---|
| jurisdiction-kit | Professional body registries and jurisdiction intelligence for 30+ countries, including compliance, data protection, and mutual recognition contexts. |
Nostr protocol extensions and conformance testing.
| Repository | What it does |
|---|---|
| nip-drafts | 30 Nostr protocol extensions: service coordination, trust, payments, disputes, key hierarchy, resource curation, paid APIs, and encrypted access. Each NIP is independent. |
| trott-conformance | Protocol conformance test suite. Lifecycle fixtures for TROTT task kinds. |