docs: security pathway write-up + printable PDF

Adds the bitSpire ↔ LNbits security pathway document drafted at the start of v2 hardening — state-of-the-union, threat model, audit findings, and the layered Nostr-native defence proposal (S0–S8). Markdown source + printable A4 PDF + the CSS used by pandoc to render. Linked from MEMORY index for future sessions to consult when reviewing security work. Carries the original Sprint-1 plan (NIP-26 delegation, NIP-40 expiration, NIP-78 fleet roster, etc.); subsequent work pivoted NIP-26 → NIP-46 (bunker) per lnbits#18 and ripped out the public NIP-78 publishing per the privacy-by-default operator preference. Treat the doc as a frozen snapshot of the design at v1 — the architectural framing remains useful even where individual sub-issues have moved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 23:30:36 +02:00 · 2026-05-26 23:30:36 +02:00 · cf6c0b4b7a
commit cf6c0b4b7a
parent ecf432c6a0
3 changed files with 517 additions and 0 deletions
--- a/docs/security-pathway.css
+++ b/docs/security-pathway.css
@ -0,0 +1,114 @@
+@page {
+  margin: 14mm 12mm 14mm 12mm;
+}
+
+html {
+  font-size: 10.5pt;
+}
+
+body {
+  font-family: "DejaVu Sans", "Helvetica", sans-serif;
+  line-height: 1.45;
+  color: #1a1a1a;
+}
+
+h1 { font-size: 18pt; margin-top: 1.4em; }
+h2 { font-size: 15pt; margin-top: 1.2em; border-bottom: 1px solid #ccc; padding-bottom: 0.2em; }
+h3 { font-size: 12.5pt; margin-top: 1em; }
+h4 { font-size: 11pt; }
+
+/* Code blocks — the big offender. ASCII diagrams are ~100 chars wide;
+   shrink hard and don't allow horizontal overflow. */
+pre {
+  font-family: "DejaVu Sans Mono", monospace;
+  font-size: 6.8pt;
+  line-height: 1.15;
+  background: #f6f8fa;
+  border: 1px solid #d0d7de;
+  border-radius: 4px;
+  padding: 0.6em 0.7em;
+  white-space: pre;
+  overflow: hidden;
+  page-break-inside: avoid;
+}
+
+pre code {
+  white-space: pre;
+  word-wrap: normal;
+  background: transparent;
+  padding: 0;
+  font-size: inherit;
+}
+
+/* Inline code */
+code {
+  font-family: "DejaVu Sans Mono", monospace;
+  font-size: 9pt;
+  background: #f0f2f5;
+  padding: 0.05em 0.3em;
+  border-radius: 3px;
+  word-break: break-word;
+}
+
+/* Tables — keep within page width by fixed layout + wrapping cells. */
+table {
+  width: 100%;
+  border-collapse: collapse;
+  table-layout: fixed;
+  font-size: 8.5pt;
+  margin: 0.8em 0;
+  page-break-inside: avoid;
+}
+
+th, td {
+  border: 1px solid #c0c6cf;
+  padding: 4px 6px;
+  vertical-align: top;
+  word-wrap: break-word;
+  overflow-wrap: break-word;
+  word-break: normal;
+  hyphens: auto;
+}
+
+th {
+  background: #eef2f6;
+  text-align: left;
+  font-weight: 600;
+}
+
+tr:nth-child(even) td {
+  background: #fafbfc;
+}
+
+/* Make code inside table cells smaller still */
+td code, th code {
+  font-size: 7.8pt;
+  background: transparent;
+  padding: 0;
+}
+
+/* Blockquotes for the trust narrative pull-quotes */
+blockquote {
+  border-left: 4px solid #888;
+  margin: 0.8em 0;
+  padding: 0.3em 0.9em;
+  color: #444;
+  background: #f6f8fa;
+  font-size: 10pt;
+}
+
+hr {
+  border: 0;
+  border-top: 1px solid #c0c6cf;
+  margin: 1.4em 0;
+}
+
+a { color: #0858a8; text-decoration: none; }
+
+ul, ol { padding-left: 1.4em; }
+li { margin: 0.15em 0; }
+
+/* TOC styling */
+#TOC ul { list-style: none; padding-left: 1em; }
+#TOC > ul { padding-left: 0; }
+#TOC a { color: #1a1a1a; }