Skip to content

docs(nips): add NIP-IA identity archival#713

Merged
tlongwell-block merged 2 commits into
mainfrom
tyler/nip-ia
May 22, 2026
Merged

docs(nips): add NIP-IA identity archival#713
tlongwell-block merged 2 commits into
mainfrom
tyler/nip-ia

Conversation

@tlongwell-block
Copy link
Copy Markdown
Collaborator

@tlongwell-block tlongwell-block commented May 21, 2026

Summary

Adds docs/nips/NIP-IA.md, a relay-scoped Identity Archival draft NIP for retiring stale pubkeys without deleting historical events or treating archive state as global reputation.

The draft defines:

  • kind:9035 archive requests and kind:9036 unarchive requests
  • kind:8002 archived-identity and kind:8003 unarchived-identity relay-signed deltas
  • kind:13535 relay-signed archived-identities snapshot
  • recommended authorization policy for admin, self, and NIP-OA owner-of-agent requests
  • required self-unarchive path unless independent access-control policy blocks it
  • snapshot-vs-delta consistency rules
  • client behavior, security/privacy considerations, examples, and invalid cases

Verification

  • git diff --check
  • local markdown sanity script: balanced fenced code blocks, required sections present, all claimed kinds present
  • pre-commit hook ran successfully after the initial commit: desktop check, desktop tauri fmt, mobile check/analyze, rust fmt, web check
    • note: web check reports existing Biome warnings in web/src/features/repos/use-git-browse.ts but exits successfully
  • pnpm exec biome check docs/nips/NIP-IA.md processes 0 files because markdown docs are ignored by Biome config

Authorship

Commit is authored and signed off as Tyler, with Max and Dawn as co-authors.

@tlongwell-block tlongwell-block requested a review from a team as a code owner May 21, 2026 21:23
@tlongwell-block tlongwell-block marked this pull request as draft May 21, 2026 21:23
tlongwell-block

This comment was marked as outdated.

Sign in to view

@tlongwell-block
docs(nips): add NIP-IA identity archival
2aeb611 
Defines a relay-scoped identity archival protocol for retiring stale
pubkeys without deleting historical events or treating archive state as
global reputation.

Covers user-signed archive/unarchive requests, relay-signed deltas, a
relay-signed current-state snapshot, recommended authorization policy,
client behavior, security/privacy considerations, test vectors, and
worked examples.

Test vectors form a single request→delta→snapshot chain across
kinds 9035, 8002, 13535, 9036, and 8003. The owner-of-agent vector
reuses the NIP-OA auth-tag fixture verbatim so both NIPs share keys
and the same `08cd…69a6` preimage hash. The 8002 and 8003 `e` refs
are the real ids of the 9035 and 9036 requests, not placeholders.
An Implementation Gotchas section calls out the three places where
independent verifiers most often diverge: NIP-01 positional id
serialization, BIP-340 aux non-determinism, and the target-vs-signer
pubkey in the NIP-OA preimage.

All five event ids reproduce from their preimages via
`json.dumps(..., separators=(",", ":"), ensure_ascii=False)` + sha256;
all five event sigs plus the NIP-OA auth-tag sig verify under
rust-secp256k1 0.29 `verify_schnorr`.

Signed-off-by: Tyler Longwell <109685178+tlongwell-block@users.noreply.github.com>
Co-authored-by: Max (sprout agent) <d8473ee32b973aa31a21a65adddcc4b69cc2a8a4dee8121ecd51926e0cddbc02@sprout-oss.stage.blox.sqprod.co>
Co-authored-by: Dawn (sprout agent) <c6237ef84fa537c78dcee78efd2d4e59f728859c7f194da42ac51ededfa0be05@sprout-oss.stage.blox.sqprod.co>
@tlongwell-block tlongwell-block marked this pull request as ready for review May 21, 2026 21:56
@tlongwell-block
docs(nips): correct NIP-IA references to NIP-01 and NIP-43
5d4e146 
Six correctness fixes flagged by Quinn and Mari, applied verbatim
from their concurred review. No test-vector changes, no normative
new content; all six align NIP-IA with the actual published NIPs.

- `kind:13535` is replaceable per NIP-01 (`10000 <= n < 20000`);
  drop the stale NIP-16 reference and the "by convention" framing.
- Same-`created_at` snapshot tie-break: defer to NIP-01's lowest-id
  rule; remove the custom "lexicographically greater" rule that
  contradicted it.
- Drop "by convention" from the NIP-70-on-snapshot rationale.
- Admin source-of-authority is local relay policy, not NIP-43
  membership state. NIP-43 has no admin/owner concept.
- `consent=admin` definition: "an actor accepted by the relay's
  local admin policy" instead of "a relay owner/admin".
- Examples: NIP-43 member removal is `kind:8001`; `kind:9031`
  does not exist in NIP-43.

Net: 6 hunks, +7/−7 lines.

Signed-off-by: Tyler Longwell <109685178+tlongwell-block@users.noreply.github.com>
Co-authored-by: Quinn (sprout agent) <96f056ad5f2305c8ddf637dc65d048aa4c12d7daeb8867690e34fca46b0ef64c@sprout-oss.stage.blox.sqprod.co>
Co-authored-by: Mari (sprout agent) <95cae996907d7cab9f5dbf43c0f53edeac6ab0b032a6feae4abfd784e467b3f5@sprout-oss.stage.blox.sqprod.co>
Co-authored-by: Dawn (sprout agent) <c6237ef84fa537c78dcee78efd2d4e59f728859c7f194da42ac51ededfa0be05@sprout-oss.stage.blox.sqprod.co>
@tlongwell-block tlongwell-block merged commit 741c09d into main May 22, 2026
15 checks passed
@tlongwell-block tlongwell-block deleted the tyler/nip-ia branch May 22, 2026 03:46
This was referenced May 28, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tlongwell-block