aiolabs/spirekeeper
8
0
Fork 0
Code Issues 23 Pull requests Projects Releases Packages Wiki Activity Actions

feat(pairing): authorize kind-22242 (NIP-42 AUTH) in spire policy (#52) #26

Merged
padreug merged 1 commit from feat/policy-nip42-auth into main 2026-06-18 17:30:12 +00:00
Conversation 0 Commits 1 Files changed 2 +22 -6
padreug commented 2026-06-18 17:28:06 +00:00
Owner
Copy link

Acts on the bitspire#52 consumer review (2026-06-18): the spire signs kind-22242 (NIP-42 relay AUTH) as its own identity, which was missing from SPIRE_POLICY_RULES → silent bunker reject on any AUTH-gated relay. It must be bunker-signed (AUTH proves control of spire_pubkey; can't use the local client_nsec).

  • Adds 22242 to the spirekeeper-spire policy.
  • Records the confirmed kind set in the comment: live = 21000 + 30078 + 22242; CLINK 21001-21003 dormant but kept; nip04 unused (v1 path is dead code per #52).
  • New test_policy_authorizes_required_signing_kinds locks the contract so 22242 can't silently regress.

211 tests green. Requires lnbits ≥ #55 at runtime (unchanged). CI red is the known upstream-lnbits-template mismatch (#24).

Acts on the bitspire#52 consumer review (2026-06-18): the spire signs **kind-22242 (NIP-42 relay AUTH)** as its own identity, which was missing from `SPIRE_POLICY_RULES` → silent bunker reject on any AUTH-gated relay. It must be bunker-signed (AUTH proves control of `spire_pubkey`; can't use the local `client_nsec`). - Adds `22242` to the `spirekeeper-spire` policy. - Records the confirmed kind set in the comment: live = `21000` + `30078` + `22242`; CLINK `21001-21003` dormant but kept; `nip04` unused (v1 path is dead code per #52). - New `test_policy_authorizes_required_signing_kinds` locks the contract so 22242 can't silently regress. 211 tests green. Requires lnbits ≥ #55 at runtime (unchanged). CI red is the known upstream-lnbits-template mismatch (#24).
feat(pairing): authorize kind-22242 (NIP-42 AUTH) in spire policy (#52)
Some checks failed
ci.yml / feat(pairing): authorize kind-22242 (NIP-42 AUTH) in spire policy (#52) (pull_request) Failing after 0s
Details
37b46e354a 
bitspire#52 consumer review (2026-06-18) enumerated the kinds the spire
signs as its OWN identity and found NIP-42 relay AUTH (kind 22242) missing
from SPIRE_POLICY_RULES — a silent bunker reject the moment a relay
challenges with AUTH. It must be bunker-signed (AUTH proves control of
spire_pubkey, which only the bunker holds; can't use the local client_nsec).

Adds 22242. Records the confirmed set in the policy comment: live = 21000 +
30078 + 22242; CLINK 21001-21003 dormant but kept; nip04 unused (v1 path is
dead code). New test locks the required-kinds contract so 22242 can't
silently regress.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
padreug force-pushed feat/policy-nip42-auth from 37b46e354a
Some checks failed
ci.yml / feat(pairing): authorize kind-22242 (NIP-42 AUTH) in spire policy (#52) (pull_request) Failing after 0s
Details
to 22678dfb4f
Some checks failed
ci.yml / feat(pairing): authorize kind-22242 (NIP-42 AUTH) in spire policy (#52) (pull_request) Failing after 0s
Details
ci.yml / feat(pairing): authorize kind-22242 (NIP-42 AUTH) in spire policy (#52) (push) Failing after 0s
Details
2026-06-18 17:29:45 +00:00 Compare
padreug deleted branch feat/policy-nip42-auth 2026-06-18 17:30:13 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
aiolabs/spirekeeper!26
No description provided.