NUT-XX: Non-Interactive Mint Delegation on Liveness Failure (Nimdolf)#390
NUT-XX: Non-Interactive Mint Delegation on Liveness Failure (Nimdolf)#390KvngMikey wants to merge 3 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds a new NUT specification describing non-interactive delegation/failover for custodial mints to improve redemption liveness, and wires it into the repository’s index + error code registry.
Changes:
- Introduces
xx.mdwith the NUT-XX spec for delegated failover redemption and a spent-proof “firehose”. - Registers new 33xxx error codes for the spec in
error_codes.md. - Adds the spec to the NUT list in
README.md.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| xx.md | New NUT spec describing delegation advertisement, spent-proof feed, and failover redemption flow. |
| error_codes.md | Adds error codes (33001–33005) referencing the new delegation NUT. |
| README.md | Adds the new NUT entry to the repository’s NUT index table. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| > [!IMPORTANT] | ||
| > The original mint MUST publish exactly one `SpentEvent` for every proof it transitions to `SPENT` ([NUT-07][07]), and MUST do so durably (an event, once published, is never removed). The feed reflects only `SPENT` proofs; `PENDING` proofs are not published. | ||
|
|
||
| ### Real-time stream (WebSocket) |
There was a problem hiding this comment.
I strongly believe SSEs are the better choice for a uni-directional firehose.
- Better reconnect behaviour
- Plain HTTP
- Less app layer complexity
There was a problem hiding this comment.
good call, i was torn between both options.
|
|
||
| If a subscriber detects a gap (a received `seq` is greater than the last seen `seq` plus one), it MUST backfill the missing range via the catch-up endpoint below before treating its mirror as complete. | ||
|
|
||
| ### Catch-up (HTTP) |
There was a problem hiding this comment.
I think we should consider a bucket-like API where clients can requests multiple batches or single events from different indexes.
The current API shape is built for blocks of consecutive IDs
There was a problem hiding this comment.
reworked this into a POST /firehose/batch taking ranges + indexes.
Summary
Based on this proposal: https://gist.github.com/lukechilds/302e7fa04b09d6e4568bdcd64cb43356
This PR adds a new optional spec, NUT-XX: Non-Interactive Mint Delegation on Liveness Failure (aka "Nimdolf"), which improves liveness guarantees for custodial mints that hold on-chain reserves. This NUT lets a mint nominate ordered delegate mints that can take over redemptions if it goes dark, non-interactively: the delegate never holds the original mint's signing key and the two mints never interact at failover time.
If a set of mints delegate to each other, they collectively gain a 1-of-n liveness property, as long as one mint in the set stays online, users of every mint in the set can redeem.
Files
xx.mdREADME.mderror_codes.md