Share

Nostr Compass #24

By Nostr Compass May 27, 2026
Amethyst ships NIP-52 calendars on-chain zap splits and KIP-01 Frostr threshold signing White Noise lands iOS push Vector rewrites its core
Nostr Compass #24

Amethyst v1.11.0 lands a full NIP-52 calendar implementation with reminders, on-chain Bitcoin zap splits, and Marmot group reply support. White Noise v2026.5.22 ships iOS push notifications through a Notification Service Extension, alongside block UX and an add-members button. Vector v0.4.0 lands a ground-up vector-core rewrite, one-click Tor with bridges, NIP-46 remote signers, full-negentropy MLS group sync, and a 21-tool MCP server for AI agents. Applesauce v6.1.0 introduces NIP-51 lookup relay lists (kind 10086) and a complete NIP-34 git-cast factory set. MDK adds NIP-40 disappearing messages across iOS and Android through a unified UniFFI surface, and Mostro v0.17.4 closes the anti-abuse bond loop with Phase 3 slashed-bond payouts to the winner. Notedeck merges full NIP-77 negentropy reconciliation for giftwraps and thread backfill, Cordn surfaces as a coordinator-mediated MLS messenger that trades a single-point availability dependency for tighter epoch ordering and a simpler operational model, a NIP-B0 reference implementation called deepmarks ships a curator-monetized bookmark client, and the Formstr team opens four coordinated calendar NIP proposals covering participant self-removal, private events, recurrence, and decentralized appointment scheduling.

Top stories

Amethyst v1.11.0: calendars, on-chain zap splits, and Marmot replies

Amethyst, the Nostr client for Android maintained by Vitor Pamplona, shipped v1.11.0. PR #2994 adds a NIP-52 calendar event implementation with a dedicated UI and a reminder system, so calendar events now render in their own timeline category, separate from the generic kind-30023 long-form view. PR #3018 extends on-chain Bitcoin zaps with split support, distributing a single Bitcoin transaction across multiple recipients per the existing zap-split tag, so an on-chain payment behaves the same as a Lightning split. PR #2974 adds a paginated on-chain transaction history screen that surfaces each settled zap with block confirmation status.

Group messaging gains parity with one-to-one chat: PR #2995 adds reply support for Marmot/MLS group messages, so threads inside encrypted groups now render with the same parent-reference UI as public notes. PR #2984 hardens NIP-57 zap-receipt validation by checking the LNURL provider matches the recipient’s stated lud16, closing a class of forgery where a third-party LNURL could mint a receipt for a payment that never landed. PR #2968 accepts floating-point dimensions in NIP-92 imeta tags, aligning Amethyst with clients that publish fractional pixel-density values from devices like the iPhone Retina display. The release also wires up Payment Targets, a new replaceable-event multi-rail tip jar covered in the protocol section below.

White Noise v2026.5.22: iOS push, block UX, and add members

White Noise, the Marmot-protocol group messenger, shipped v2026.5.22 with iOS push notifications as the headline feature. PR #673 implements an iOS Notification Service Extension (NSE) that decrypts MLS messages inside the extension process and surfaces them as system notifications, so iPhone users no longer need the app foregrounded to receive messages. Android push-token plumbing routes through the same backend pipeline, with the per-platform NSE keeping ciphertext out of the broker.

PR #676 adds a full block and unblock UX with confirmation flows and contact-list filtering. PR #679 adds the long-requested “Add members” button to the group-info screen, closing a UX gap where group admins had to fall back to share links. PR #688 introduces a dedicated iOS notification-settings screen, and PR #687 wires up share-via-long-press for media and messages.

MDK adds NIP-40 disappearing messages across platforms

The Marmot Development Kit, the shared Rust core used by White Noise iOS, White Noise Android, and any future Marmot client, merged PR #306 to expose disappearing-message validation and NIP-40 expiration handling through the UniFFI bridge. The PR is the second of a three-part series. iOS and Android now share one Rust implementation of the expiration logic; the timing rules live in a single audited code path consumed by both platforms via UniFFI. PR #307 caps the stored length of welcome failure reasons and sanitizes them before persistence, a separate hardening pass that complements the welcome-event handling shipped last week.

Disappearing messages in MLS are not just a UI affordance. The expiration tag is published with the encrypted message envelope, so a recipient who never opens the message still has the underlying ciphertext expire at the relay layer alongside any cached copy in the receiving client. With MDK owning the validation path, behavior stays consistent across clients: any conformant Marmot implementation enforces the same expiration semantics, so one client honoring expiration while another caches forever stops being a portability hazard.

Mostro v0.17.4: Phase 3 closes the slashed-bond loop

Mostro @Mostro, the peer-to-peer Bitcoin exchange protocol built on Nostr, shipped Phase 3 of its anti-abuse bond rollout in v0.17.4. PR #738 lands the payout flow for slashed bonds, taking the loser’s forfeited collateral and disbursing it to the dispute winner. PR #743 adds Phase 3.5, an explicit payout-confirmation message to the winner so they know the slashed sats have settled, with the confirmation event arriving on the same Nostr session as the dispute resolution. Phase 2, covered last week, introduced slashing as an admin action; Phase 3 is the difference between threatening a penalty and enforcing one.

PR #746 lets the daemon finalize disputes that lack a solver row, an edge case that previously stalled resolution on legacy disputes. PR #748 tolerates null rates in Yadio’s /exrates/BTC response so a brief Yadio outage no longer breaks Mostro’s fiat-conversion path. PR #745 documents the spec for multi-source price providers, the groundwork for removing Yadio as a single point of failure. The Mostro mobile client wired the matching Phase 3 claim path in PR #596.

Applesauce v6.1.0: lookup relays and NIP-34 git casts

Applesauce (@hzrd149), the modular Nostr toolkit that powers Coracle, noStrudel, and Pablo F7z’s stack, released v6.1.0 across its packages. The release adds first-class NIP-51 lookup-relay list support: kind 10086 events let a user signal “ask these relays if you want to find me,” sitting alongside NIP-65 outbox lists as a discovery primitive. Applications built on applesauce-core get a reactive User.lookupRelays$ observable and a matching loader in applesauce-relay.

NIP-34 git-cast factories arrive in applesauce-factory, giving every Applesauce-built client a one-line path to publishing repo announcements (kind 30617), patches (kind 1617), and issues (kind 1621). User.favoriteGitRepos$, User.gitAuthors$, and User.graspServers$ reactive properties let applications list a user’s followed repos, repo maintainers, and configured GRASP servers directly from the same User object. The release also fixes pool manual methods that silently dropped offline relays in PR #73.

Notedeck merges NIP-77 negentropy for giftwraps and thread backfill

Notedeck @damus, Damus’s native multi-column desktop client, merged PR #1459 on May 25 to wire full NIP-77 negentropy reconciliation into the shared outbox path. The PR adds NIP-77 client and relay frames, relay-local negentropy sessions, and an outbox full-history tracker that drives local-set reconciliation and missing-event fetches. Messages giftwraps get negentropy reconciliation so private-message envelopes can be recovered from the selected account’s read relays. Thread views are no longer capped by the live-subscription reply limit. Dave PNS replaces its Dave-local negentropy implementation with the shared outbox path while preserving its existing bounded-history behavior.

Live subscriptions and negentropy now use separate filters. A flow can keep a small live request while issuing a broader negentropy filter to reconcile what the relay already has. The PR intentionally does not enable broad negentropy sync for home or profile timelines, which would change cold-start cost characteristics. Test coverage was added for reconciliation, giftwrap delivery, thread backfill, Dave PNS restore, account switching, relay retargeting, fetch retries, and NIP-77 relay behavior.

Vector v0.4.0: vector-core rewrite, Tor, NIP-46, full-negentropy MLS, and an MCP agent surface

Vector @VectorPrivacy, the privacy-focused cross-platform messenger built on NIP-17 DMs and Marmot groups, shipped v0.4.0 as its biggest release to date. The headline is a ground-up engine rewrite: all of Vector’s logic now lives in a single decoupled crate, vector-core, shared across the desktop, Android, and any future client, with 440+ tests in the core itself and the application shell stripped of thousands of lines. The rewrite is groundwork for a Vector CLI, bots, and SDKs that drive the same protocol code as the GUI.

Tor integration ships with one-click traffic routing and bridge support for censorship circumvention. Multi-account support lands with an in-app switcher. Remote-signer login arrives via NIP-46 with bunker pairing by QR or pasted URI, so users can log in without ever exposing their nsec. Delete-for-everyone works in both NIP-17 DMs and Marmot group chats, with Vector keeping the ephemeral signing key as a deliberate spec divergence the release notes call out explicitly: “a diversion from the traditional NIP-17/Marmot specs for enhanced user privacy controls.” The retained ephemeral key gives Vector clients local proof that a deletion was sanctioned by the original sender, but it also means any other Vector-touching client sees a different deletion-verifiability surface than baseline NIP-17/Marmot clients.

MLS group sync is now fully reconciled over NIP-77 negentropy, the same direction Notedeck took for giftwraps and threads this week. The Blossom uploader fails over across multiple servers, learns each server’s capabilities, and syncs the server list across devices. Custom emoji packs are user-creatable, shareable, and cross-compatible with other Nostr clients. SQLite memory dropped from roughly 308MB to 5MB. The emoji panel opens from disk cache and Discord-style shortcodes (:smile:) plus Unicode frequency ranking surface the right glyph first.

The most novel addition is vector-agent, an MCP (Model Context Protocol) server that exposes 21 tools so AI agents can drive Vector: sending DMs, managing groups, uploading files, editing profiles. This is the second Nostr project this week (alongside Shopstr) to ship an MCP surface, and the first messenger-class application to do so. Coupled with AgentNoise (covered last week), the pattern of agent-controlled Nostr clients is moving from one-off experiments to a deliberate platform direction.

Cordn surfaces as a coordinator-mediated MLS messenger

Cordn (web client at cordn.net, repos at Cordn-msg/cordn and Cordn-msg/cordn-web) is a new MLS messenger that takes a different architectural tack from Marmot. Where Marmot is fully relay-based with no privileged coordinator (every group member writes directly to relays and any conforming relay can carry the traffic), Cordn introduces a per-group coordinator role implemented as a ContextVM service. The coordinator orders MLS commits and handles welcome distribution.

The Cordn argument, stated on its /why page, is that MLS as deployed in production messengers is “not coordination-free” and that “weakly ordered public dissemination” makes group-state convergence “much harder” without a strong coordination point. A coordinator-mediated design provides predictable epoch advancement and simpler concurrent-commit resolution. Participants connect to the coordinator using ephemeral keys, so the coordinator learns the group ID and the timing of commit traffic but not which long-term pubkeys are members. Any party querying relays for a Marmot group can already see the same surface: group activity by group ID, with timing inferable from event arrival. Cordn also acknowledges that “availability trust remains” with self-hosting: a self-hosted coordinator avoids the operator-layer centralization concern but introduces a single point of failure for group liveness. Marmot avoids that single point by leaving ordering to MLS itself (epochs and Commit messages handle ordering inside the protocol) and distributing Welcome events via NIP-59 gift wrap, at the cost of admin-side discipline: admins must wait for relay acknowledgment of a Commit before sending the matching Welcome, and clients must reconcile concurrent commits when relay delivery races a state transition.

The contrast is worth pulling on for any team picking a private-messaging stack. Marmot trades some implementation complexity for a relay-agnostic deployment with no privileged actor in the path. Cordn trades a single-point availability dependency for tighter ordering and a simpler operational model. Both projects build on MLS and use Nostr as the identity and transport layer. The disagreement is over where the coordination cost lives. The cordn-msg repos show steady commit cadence with the coordinator service implemented over ContextVM and the MLS layer built on ts-mls.

deepmarks: NIP-B0 bookmarks with curator-monetized publishing

deepmarks-public is a reference client for the proposed NIP-B0 bookmark spec (kind 39701), with a three-box architecture (curator, indexer, viewer) and a tier system funded by direct-to-curator NIP-57 zaps. The client implements NIP-B0, NIP-07, NIP-46, NIP-57, NIP-44, NIP-98, NIP-65, and Blossom BUD-01 and BUD-04 for file storage. A 21,000-sat lifetime tier converts paying readers into recurring zap recipients for the curator. The curator publishes bookmark events, the indexer enriches them with machine-readable metadata, and the viewer renders the feed; each role is a separate deployable service.

Releases

Amber v6.1.0 GA: encrypted per-account backup

Amber moved from v6.1.0-pre3 to GA v6.1.0 this week. PR #444 ships encrypted backup and restore for the application permission database, and PR #446 splits the backup per-account, so users with multiple Nostr identities can back up and restore each set of app grants independently. The PSBT signing work covered last week is in the GA cut.

Citrine: per-relay subscriptions and onion-URL leak prevention

Citrine, the on-device personal relay that ships with Amethyst, shipped two fixes this cycle. PR #157 switches from a single global subscription to per-relay tagged subscriptions, so two source relays sharing a kinds: [1] filter no longer collide on the aggregator side. PR #162 filters onion relay URLs when the outbound Tor proxy is disabled, preventing onion addresses from leaking onto the clearnet routing path.

Angor v0.2.27 and v0.2.28: relay reliability and Boltz reconnect

Angor nostr:@Angor shipped v0.2.27 and v0.2.28. PR #874 fixes a relay-dedup bug where only one relay was connected at a time, a regression that silently degraded reliability for projects with multiple relay endpoints. PR #876 adds WebSocket reconnect logic for Boltz submarine-swap monitoring, so a brief disconnect no longer leaves a swap in unknown state.

Nostrord v1.1.0: NIP-57 zaps and NIP-29 role distinction

Nostrord nostr:@Nostrord released v1.1.0 with NIP-57 Lightning zap support for messages and profiles (PR #98) and a proper distinction in the activity feed between NIP-29 role changes and member adds (PR #92), which used to render identically and obscured who had been promoted versus who had been invited.

ぬるぬる v1.5.x: SQLCipher MLS keystore and epoch catch-up

ぬるぬる (nurunuru, by tami1A84), a Japanese-language Nostr client that implements MLS group messaging (kind 443) alongside NIP-44, NIP-50 advanced search, NIP-55, and NIP-70, shipped five releases this week. PR #184 introduces SQLCipher encryption for the MLS keystore in the rust-engine layer. PR #187 and PR #188 extend SQLCipher to Android and iOS respectively, with a legacy-plaintext purge step and CI guards. PR #189 and PR #191 add MLS peer-epoch catch-up with a replay cache and a recovery banner on both platforms, so a client that falls behind on group commits can recover without losing the conversation. ぬるぬる is a Marmot client built on mdk-core, mdk-sqlite-storage, and mdk-storage-traits from marmot-protocol/mdk, so the SQLCipher and epoch catch-up work lands inside the same MDK runtime that White Noise uses.

Bitcredit Core v0.5.10: Nostr-rooted block propagation fix

Bitcredit Core released v0.5.10 with a fix for a missing Nostr-node-id field during block propagation, which was breaking company-creation flows that included identity upload. Bitcredit is an e-bill protocol that uses Nostr identities as the root of trust for company and bill propagation events.

Unreleased changes

Jumble opened PR #797 for Google login via the Pomegranate threshold signer, letting a user split their Nostr key across multiple parties so no single signer holds the full secret. This is a meaningful step beyond bunker or nsec-import flows: a user can recover their account even if one signer party is compromised, without that party ever holding the complete private key.

Shopstr opened PR #492 initializing an MCP (Model Context Protocol) server, with PR #494 building the supporting infrastructure (relay fetch, parsers, validation, errors, dedup, audit logging) and PR #472 adding a relay allowlist for the MCP relay manager. This makes Shopstr the first Nostr marketplace to expose itself as an MCP server, so AI agents can browse and act on NIP-99 listings as a structured tool.

Keydex, the Shamir-secret-sharing vault, opened a substantial migration in PR #226 moving custom kinds 1337-1345 to the 713-721 range, alongside PR #239 adding AEAD over Shamir shares and PR #234 migrating to GF256 arithmetic. The kind-range migration aligns Keydex with the way the NIPs repo allocates custom kinds, moving away from a self-claimed range.

Mill (nostr-mill) is a new drop-in Nostr signer UI from OceanSlim (maintainer of the grain (@OceanSlim) Go relay), shipping as a single-script-tag Web Component on npm and jsDelivr. One <script> tag gives a web app all six common signer entry points behind a unified UI: NIP-07 browser extension, NIP-46 bunker (URL paste or QR pairing with user-specifiable relays, unusual among in-page bunker integrations), NIP-55 Amber via Android intents, encrypted nsec stored in sessionStorage via AES-256-GCM with PBKDF2, read-only npub, and in-browser keypair generation. The component is themeable through 29 CSS custom properties scoped to the Shadow DOM and exposes a small SemVer-tracked API (MILL.open, mill:connected / mill:disconnected events, named theme exports). The maintainer’s motivation is that bunker login flows have been reimplemented one web app at a time across Nostr. Consolidating onto a shared component lets clients converge on how signer UX should behave, and turns optional flows (like delegated-key login through threshold signers, mirroring Wisp’s Pomegranate-based Google login covered above) into a reusable surface that any app can drop in. Mill is at npm v1.5.0, single-maintainer, alpha-stage, with grain as the planned first integrator.

moStard, a Monero-first fork of noStrudel by roguehashrate, reached v1.0.1 this week with a stripped-down feature set and a Monero-themed identity layered on the same Applesauce + worker-relay stack. This week’s work landed rendering for Zapstore’s kind 32267 software-application events (embed cards in the timeline showing app name, icon, screenshots, platform, license, and a launch link to zapstore.dev/apps/<d-tag>), polls via kind 20 and kind 21, NIP-A3 Payment Targets-based tipping with per-method QR codes, markdown rendering in notes, GIF picker support for external GIF keyboards, and Amber signer pairing fixes. Monero framing extends to the tip flow: NIP-A3 payto entries for monero addresses get first-class buttons in the same UI alongside lightning and bitcoin. The client is single-maintainer and alpha-stage, but the May 27 work shows a builder pulling NIP-A3 from this week’s protocol-spec announcements straight into a shipping fork within days.

NIP updates and protocol spec work

Calendar NIP stack: four proposals from the Formstr team

Ix2 (@geralt-debugs) opened four coordinated NIP PRs on May 17, all referencing the calendar.formstr.app implementation already shipping under the same author. PR #2350 proposes kind 84 as a generalized “participant self-removal” event: a tagged participant on any event can publish a kind 84 referencing the original via e, a, and k tags to signal opt-out. Relays must validate that the kind 84 signer appears in a p tag of the referenced event before honoring removal, and a kind 5 deletion always takes precedence. The PR generalizes a pattern that was previously only described inside the NIP-52 calendar context, so kind 84 becomes the standard way for non-authors to withdraw from any participant event.

PR #2351 is the foundation of the calendar stack: NIP-52E for private calendar events (kinds 32678 time-based, 32681 day-event, 32123 private calendar list, 31926 busy list, 1052 gift wrap, 52 rumor) and NIP-52R for recurring events. At the architectural core is the view-key pattern: a randomly generated keypair encrypts event content with NIP-44, and the secret half (bech32-encoded as nsec) is gift-wrapped to each participant. The signer holds only the public d tag; everything else lives in encrypted content. Decoupling content encryption from identity this way means editing an event does not require re-keying recipients. NIP-52R defines two optional tags on existing kinds 31923 and 31922 to declare recurrence using bare RFC 5545 RRULE values, with D day-index becoming optional when RRULE is present. Forward secrecy is explicitly absent: a leaked view key reveals all past and future versions of the event under the same d tag.

PR #2352 builds on NIP-52E with a decentralized appointment-scheduling spec the PR description calls “a drop-in alternative to Calendly/Cal.com with no central intermediary.” Kind 31927 advertises a scheduling page with encrypted availability windows; kind 32680 is a host-side self-encrypted recovery record for the view key; kinds 1057 and 1058 are the gift-wrapped booking request and response. The clever mechanic: the booker generates both the d tag and the view key for the future private event before sending the request, so the booker can add the appointment to their own calendar immediately with the correct key, and the host never has to round-trip a key back. Booking responses carry an unencrypted status tag on the outer wrap so relays can filter without decrypting.

A reference implementation is already live at calendar.formstr.app and as the Calendar Android app on Zapstore. PR #2351 closes PR #2027 in its favor, consolidating an earlier private-calendar proposal that had been open since the start of the year.

Payment Targets and Silent Payments

Two more NIP proposals circulated this week in kind:30023 long-form documents.

A Payment Targets proposal (NIP-A3 / payto) defines a replaceable kind 10133 event carrying one or more ["payto", "<type>", "<authority>"] tags that map to RFC 8905 payto: URIs. Supported types include bitcoin, lightning, ethereum, monero, nano, cashme, revolut, and venmo. The intent is to standardize a multi-rail tip jar that complements (not replaces) lud16-based NIP-57 zaps. Amethyst v1.11.0 is the first implementer; merged PRs #2953 and #3009 ship the subscription and observation surface, and PR #3011 wires the UI for PaymentTargetsEvent.

Two competing Silent Payments proposals dropped from different authors. The first variant derives BIP-352 silent-payment scan and spend keys from nsec via public additive tweaks, so any sender can construct an sp1q... address from an npub without setup. Author warning is explicit in the spec: “bscan and bspend MUST be treated with exactly the same care as nsec,” because the scan key reveals the nsec. A second variant takes the inverse approach, adding an sp_address field to kind 0 profile metadata containing a standard BIP-352 silent-payment address whose keys are kept independent of the Nostr identity. Variant two is structurally safer. Both proposals attracted a thoughtful review thread; erskingardner (Marmot lead) posted a detailed comment on the trbouma gist tracking the proposal. His central concern is that variant 1 derives the scan private key from nsec plus a publicly computable tweak, which means anyone holding the scan key (including a third-party scanning service the user has to delegate to in practice) can recover the full nsec by subtracting that tweak. The same key that lets a remote service scan inbound payments for you also lets that service steal your identity and any funds derived from it.

On the NIP-34 git-over-Nostr side, joinmarket-ng (a modern JoinMarket Bitcoin CoinJoin implementation maintained via NIP-34) received 10 kind 1617 patches from an external contributor, and hzrd149 published 2 patches to schemata. gitworkshop.dev itself drew two issue reports: one flagging that login sessions are lost on page refresh when using a NIP-46 remote signer, the other asking for distinct link styling in README previews.

Six Years of Nostr Mays

The last newsletter of May 2026 steps back from the week’s releases to walk the month of May across Nostr’s history. Each year had a different center of gravity: 2021 was a single commit, 2022 was the formation of the NIPs repo itself, 2023 was the protocol-spec explosion, 2024 was the consolidation cycle, 2025 was when negentropy merged and Damus’s Notedeck graduated to Beta, and 2026 is the month covered in this and the three previous issues.

May 2021

Nostr was six months old. The only Nostr code lived in fiatjaf/nostr and the entire month produced exactly one commit, but that commit became one of the most-used parts of the protocol. On May 22, fiatjaf repurposed NIP-02 as the contact list NIP. The commit message reads: “repurpose NIP-02 and add NIP authorship,” and the explicit credit is to PR #16 by arcbtc (Ben Arc of LNbits), opened on February 9 and closed the day before fiatjaf folded the idea into NIP-02. arcbtc’s pitch was small: a kind for “sending follower list to relays” that would be “useful for restoring accounts and recommending public keys to follow.” fiatjaf generalized it into a single kind:3 event whose tags serve three purposes at once. They are a follow list (the social graph), a petname store (local nicknames for friends), and a relay recommendation source (which relays a follow uses). The same event, replaceable per author, became the canonical answer to “who does this person follow,” “what do they call them,” and “where do they read.” Every client built in the next five years reads kind:3. The convention added in the same commit, that each NIP names its author, is the reason every spec now has bylines.

May 2022

The month the NIPs repo became a community project. On May 1, fiatjaf migrated the specs from fiatjaf/nostr into a dedicated nostr-protocol/nips repo and on May 2 added formal acceptance criteria. Two days later, Robert C. Martin (Uncle Bob) opened PR #1, the first external pull request, proposing threading conventions for e and p tags. The PR was originally numbered NIP-13, then renamed to NIP-10 to make room for proof-of-work. Three of the first six NIPs are Uncle Bob’s: NIP-10 (threading markers), NIP-14 (the Subject tag), and the May 21 commit that nailed down kind:1 as the canonical short text-note kind. On May 5, William Casarin made his first NIP commits: NIP-13 Proof of Work and the kind:2 recommend-relay event. The next day, fiatjaf published NIP-07 window.nostr, twenty lines of markdown that defined the browser-extension signer interface still used today. NIP-05’s CORS warning by David A. Harding and NIP-01’s filter.limit landed the same week. nostr-tools shipped its first browser-importable ESM build on May 8. Semisol drafted NIP-15 (End Of Stored Events) and NIP-16 (event kind ranges) at month-end, the documents that still govern relay sync semantics and the regular-vs-replaceable-vs-ephemeral classification.

May 2023

The protocol-spec explosion. Sixty-four NIP PRs were opened that month, with several of the proposals that defined Nostr’s surface area for the next two years all landing in 31 days, and the largest funding announcement Nostr had ever received landed on May 4 with the OpenSats $10 million grant from Jack Dorsey’s #startsmall, the money that underwrote every Nostr grant wave since. NIP-47 (Nostr Wallet Connect) was merged on May 2, bringing Alby’s wallet-connect spec into the main protocol. Two days later Vitor Pamplona proposed NIP-53 Live Activities with kind:30311 rooms and kind:1311 chat messages, the foundation for every Nostr livestreaming surface that followed. Pablo Fernandez opened NIP-84 Highlights on May 5 and NIP-89 Recommended Application Handlers on May 14. v0l (Kieran Babich, Snort author) proposed NIP-98 HTTP Auth on May 8, the authentication primitive that NIP-96 and Blossom both later depended on. Jonathan Staab proposed NIP-32 Labels on May 15, and NIP-30 Custom Emoji merged the same day. Arthur Franca proposed NIP-96 HTTP File Storage Integration on May 21. Two days later, Vitor added zap splits to NIP-57 and verbiricha added kind:30024 long-form drafts to NIP-23, the spec that became the foundation for modern Nostr long-form authoring workflows in Habla, YakiHonne, and Highlighter. fiatjaf proposed NIP-29 Simple Groups on May 28, the first relay-managed group spec covering kind:9000 through kind:9020 moderation events. The month closed with Paul Miller opening the NIP-44 conversation on May 31, an XChaCha20-based encrypted DM design intended to replace NIP-04. The client side moved as fast: Damus shipped NWC, zap pool, and Pending Zaps across May 10 through May 15; Snort launched zap pool and L402 paywalled media; Amethyst @amethyst shipped roughly thirty versioned releases through the month, from v0.40.1 on May 1 through the v0.55.x range at month-end, with zap splits in v0.45.0 and NIP-32 labels in v0.46.0; the Primal Android repo was created on May 16; rust-nostr v0.22.0 added NIP-47 and NIP-58. On May 1, strfry shipped its negentropy integration, the first relay implementation of Doug Hoyte’s set-reconciliation protocol that would later become NIP-77. The month closed with Forbes publishing a long-form profile of fiatjaf on May 30, one of the first mainstream-press deep dives on Nostr’s anonymous founder.

May 2024

The consolidation cycle. Fewer flashy proposals, more shipping. NIP-54 Decentralized Wikis merged on May 2 with kind:30818 articles and case-normalized d tags. Three days later, NIP-56 was extended so abuse reports could flag digital threats (malware, phishing) alongside content-only categories. On May 6, NIP-25 reactions were simplified to stop including the entire reply thread as e-tags. Arthur Franca proposed NIP-22 Comment on May 12, introducing kind:1111 so replies to non-kind:1 events (articles, files, products) get a structured way to thread. On May 19, fiatjaf overhauled NIP-46 to abandon NIP-04 entirely and switch all bunker traffic to NIP-44 encryption, the deprecation move that shaped every bunker implementation since. On May 20, NIP-71 Video Events merged with kind:21 and kind:22, and NIP-10 added the optional pubkey argument on e tags so clients can resolve thread authors without first fetching the referenced event. Kieran Walsh’s NIP-35 Torrents merged on May 22, and on May 24 the NIPs README first referenced CIP-01 as an off-repo proposal, signaling the start of the “NIPs as one of several proposal venues” pattern. On May 25, a cleanup PR removed the aes-256-gcm tag from NIP-71 before downstream implementations froze it. NIP-96 added list files and dropped the transform requirement on May 27. On May 28, Jonathan Staab proposed raising the NIP acceptance bar to require at least two interoperating implementations before a draft can graduate. Client-side: Damus tagged v1.7.2 and v1.8 plus a v1.9 with full NIP-10 marker handling on May 9–10, landed NIP-98 authentication on push notifications, and shipped full NIP-10 marker support. Amethyst made NIP-17 the default DM mode on May 14, built out NIP-65 outbox-model relay management, added NIP-96 server selection, and shipped NIP-06 BIP-32/BIP-39 key derivation. Primal Android 0.99.2 on May 10 added user tagging and external-wallet NWC, followed by 0.99.4. Pablo Fernandez landed an NDK optimistic-update cluster across May 24–31. Snort added NIP-96 server selection, and cashu-ts separated its crypto primitives into @cashu/crypto.

May 2025

The month NIP-77 (Negentropy Syncing) merged on May 27, fiatjaf and Doug Hoyte’s spec for the wire protocol that replaces brute-force REQ filters with logarithmic-cost difference computation. This was the same negentropy that strfry had shipped two years earlier as a relay-side feature, now formalized as a client-relay protocol, and the README entry landed the same day. The week before, NIP-23 long-form defined how HTML documents associate themselves with Nostr entities through a <link> tag on May 24, the canonical-web-copy primitive. NIP-25 added reaction-target relay hints on May 22 and dropped the emoji-to-like/dislike recommendation, treating emojis as distinct semantic units. NIP-52 was simplified on May 14 to focus on the kinds clients were shipping in production, the trim that made the Formstr calendar extensions from a year later cleaner to graft on. On May 9, Follow Packs (kind 39089 curated follow lists) and Favorite Relays (a new replaceable list under NIP-51) entered the README on the same day. The Marmot Protocol arc had not yet begun: only the whitenoise-rs repo existed (first commit September 9, 2024), and May 2025 was its Svelte+Tauri prototype phase, with the May 14 commit removing Tauri-specific code as the project pivoted to its current architecture. The dedicated MDK Rust core (September 12, 2025), the Marmot spec repo (September 19, 2025), and the Flutter UI (December 2, 2025) all came later in the year. On the client side, Damus’s Notedeck v0.4.0 shipped on May 5 as the first Beta, graduating from Alpha with full-text search, the Dave AI assistant, zaps over NWC, GIFs, user tagging, and mute lists. Two days later, hodlbod’s Flotilla 1.0.0 crossed the public-launch boundary as a NIP-29-based group-chat client, alongside Coracle 0.6.12, the first of six Coracle releases that ran through 0.6.17 on May 14. Amber v3.4.0 (@greenart7c3) on May 12 moved off deprecated Android Autofill and ClipboardManager APIs and migrated from encrypted shared preferences to DataStore. Primal Android 2.2.20 on May 20 added the Redeem Code flow for Primal Premium and a redesigned image gallery. nak v0.14.0 on May 21 cut a minor of the canonical CLI in the same week as the Coracle, Flotilla, and Notedeck releases. OpenSats received its largest non-Bitcoin-treasury donation to date when the Reynolds Foundation gave $2 million on May 22.

May 2026

The month covered in Newsletter #21, #22, #23, and this issue. The defining thread is MLS-on-Nostr reaching multi-client production: MDK 0.8.0 shipped MIP-05 leaf-index primitives and addressable key packages, followed by PR #306 adding NIP-40 disappearing-message validation across iOS and Android through a shared UniFFI surface. White Noise v2026.5.22+25 @White Noise shipped iOS push through a Notification Service Extension that decrypts MLS ciphertext inside the extension process so the broker never sees plaintext, and two new Marmot clients appeared: Scramble (a .NET/Avalonia desktop and Android client with multi-device KeyPackage slots) and Cordn (an alternative MLS architecture using a per-group coordinator over ContextVM). Angor migrated its encrypted messaging from NIP-04 to NIP-44 in PR #860, closing the deprecation arc that opened with Paul Miller’s NIP-44 proposal in May 2023. The Formstr team opened the largest coordinated NIP submission in recent memory on May 17, with PR #2350 for participant self-removal, PR #2351 for private calendar events and recurrence (NIP-52E and NIP-52R), and PR #2352 for decentralized appointment scheduling, all with calendar.formstr.app already shipping the reference implementation. Amethyst v1.11.0 rendered NIP-52 calendars as a first-class timeline category and extended on-chain Bitcoin zaps to split distributions. A year after NIP-77 merged in May 2025, three independent implementations shipped negentropy adoption in the same window: Notedeck PR #1459 wired it into Damus’s desktop client for giftwrap and thread backfill, Vector v0.4.0 used full-negentropy MLS sync as part of its ground-up vector-core rewrite alongside one-click Tor and a 21-tool MCP agent surface, and Citrine v3.0.0-pre1 added it to the Android-native relay alongside built-in Tor and multi-relay aggregation. Mostro v0.17.4 closed the anti-abuse bond loop with Phase 3 slashed-bond payouts in PR #738, enforcing what the protocol previously only threatened. Three years from “shall we replace NIP-04” to “shall we replace NIP-44 with full MLS group state.”

If you want to discuss, DM us on Nostr.

Write a comment
No comments yet.