revert(v2): drop NIP-78 fleet publishing (privacy by default)
Pulls the kind:30078 per-machine config + fleet roster publish path
introduced at 131ff92. The default-public posture leaked operator
fleet composition (which npubs they run, where they're located, fiat
codes) to whatever relays nostrclient was configured with — a robbery
/ competitor-intel / extortion target surface the operator never
opted into.
Privacy by default is the operator's stated preference: nothing about
the fleet goes on relays unless the operator explicitly opts in via a
future toggle. Roster lookups now read from satmachineadmin's local
DB only (the S6 LNbits-side roster-gating becomes a local-DB-read
story, not a public-relay subscription).
Pre-launch — no external consumer to coordinate with, so the rip-out
is clean. Future opt-in publishing tracked in follow-up issue.
Removed:
- nostr_publish.py (publish_machine_config / publish_fleet_roster /
tombstone_machine_config / _sign_as_operator hybrid)
- The three publish call sites in api_create_machine /
api_update_machine / api_delete_machine.
Heartbeat-style public metadata (the kind of info bitSpire already
emits about machine liveness, location, active state) is still a
legitimate publish target — but that's the ATM's job, not the
operator's. Designed in the follow-up issue.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
e13178d3ac
commit
dcd08748a7
2 changed files with 0 additions and 310 deletions
22
views_api.py
22
views_api.py
|
|
@ -53,11 +53,6 @@ from .distribution import (
|
|||
process_settlement,
|
||||
settle_lp_balance,
|
||||
)
|
||||
from .nostr_publish import (
|
||||
publish_fleet_roster,
|
||||
publish_machine_config,
|
||||
tombstone_machine_config,
|
||||
)
|
||||
from .models import (
|
||||
AppendSettlementNoteData,
|
||||
ClientBalanceSummary,
|
||||
|
|
@ -109,12 +104,6 @@ async def api_create_machine(
|
|||
) -> Machine:
|
||||
await _assert_wallet_owned_by(data.wallet_id, user.id)
|
||||
machine = await create_machine(user.id, data)
|
||||
# NIP-78 (kind:30078) publish — operator-signed per-machine config +
|
||||
# refreshed fleet roster so external observers see the new machine.
|
||||
# Soft-failure: best-effort, log + skip if nostrclient or operator key
|
||||
# not available (see nostr_publish module docstring).
|
||||
await publish_machine_config(machine)
|
||||
await publish_fleet_roster(user.id)
|
||||
return machine
|
||||
|
||||
|
||||
|
|
@ -153,11 +142,6 @@ async def api_update_machine(
|
|||
updated = await update_machine(machine_id, data)
|
||||
if updated is None:
|
||||
raise HTTPException(HTTPStatus.NOT_FOUND, "Machine not found")
|
||||
# Re-publish: per-machine config picks up the changed fields, fleet
|
||||
# roster picks up any is_active flip (deactivated machines drop out
|
||||
# of the roster but their per-machine config stays — replaceable).
|
||||
await publish_machine_config(updated)
|
||||
await publish_fleet_roster(user.id)
|
||||
return updated
|
||||
|
||||
|
||||
|
|
@ -171,12 +155,6 @@ async def api_delete_machine(
|
|||
if machine is None or machine.operator_user_id != user.id:
|
||||
raise HTTPException(HTTPStatus.NOT_FOUND, "Machine not found")
|
||||
await delete_machine(machine_id)
|
||||
# Tombstone the per-machine config (replaceable event with
|
||||
# `content.deleted=true`) + refresh the roster without the machine.
|
||||
# External readers see the tombstone OR the absence from the roster
|
||||
# and treat it as gone.
|
||||
await tombstone_machine_config(user.id, machine_id, machine.machine_npub)
|
||||
await publish_fleet_roster(user.id)
|
||||
|
||||
|
||||
# =============================================================================
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue