Forging and sharing the tools to reclaim your freedom.

Open-source building blocks for sovereign identity, data, money, connection, and trust — built on Nostr, Lightning, and zero-trust cryptography. Use one, use many, or use them all together.

npx @forgesworn/toll-booth demo

A full Lightning-paywalled API on localhost in one command — or pay 21 sats for a joke on the live demo.

45open-source projects
9focus areas
26npm packages

Freedom isn’t ours to grant — it’s already yours. We forge the tools to help you reclaim what you’ve lost, keep what you hold, and share them openly: a commons that belongs to everyone. Each is a real alternative to what you use now — as good or better, and free in every sense: free of cost, free of capture, free to use without permission.

  • Permissionless by design

    No one needs our approval, or anyone’s, to run what we make. Walk away any time and take everything — it was always yours.

  • A real alternative, not a lecture

    We win by making something you’d choose anyway. If it only appeals to people who already care about freedom, we built it badly.

  • Serve the person, not the platform

    Every tool answers to the human using it. Safety without surveillance; ownership without a landlord.

  • Value for value

    Your time, talent, or treasure keeps us building. No strings, no backers, no state — no one owns our direction.

Nine stacks, one architecture

Each stack solves one problem well. Together they form a composable toolkit for sovereign commerce, identity, and trust.

L402 / Machine Payments 12

Make APIs payable, discoverable, and consumable by people and agents

Spatial / Meeting 3

Build location-aware workflows and fair meeting-point tools

Identity / Access 17

Hardware-backed Nostr signing, deterministic identities, spoken verification, encrypted access control, and decentralised identity verification

AI Agents 1

Give AI agents sovereign Nostr identities with trust-aware tooling

Trust / Privacy 2

Privacy-preserving trust and verifiable attestations

Cryptographic Primitives 5

Standalone cryptographic building blocks used across the ecosystem

Compliance 1

Work with jurisdiction and professional-registry intelligence

Protocol / Standards 2

Nostr protocol extensions and conformance testing

Tooling / Demos 2

Ship, harden, and demonstrate ForgeSworn libraries

Make APIs payable, discoverable, and consumable by people and agents.

toll-booth

Any API becomes a Lightning toll booth in one line. L402 middleware for Express, Hono, Deno, Bun, and Workers.

npm install @forgesworn/toll-booth

toll-booth-rs

L402 payment middleware for Rust. Gates any HTTP API behind Lightning payments.

402-announce

Announce HTTP 402 services on Nostr for decentralised discovery using kind 31402.

402-mcp

MCP client for AI agents to discover, pay for, and consume L402 and x402 APIs.

402-pub

Live directory at 402.pub for Lightning-paid APIs.

toll-booth-announce

Bridge between toll-booth and 402-announce for Nostr service announcements.

toll-booth-dvm

Expose any toll-booth-gated API as a NIP-90 Data Vending Machine on Nostr.

toll-booth-mcp

MCP server with read-only analytics and widget UIs for toll-booth deployments.

402-indexer

Nostr-native crawler that discovers L402 and x402 paid APIs.

payment-methods

Specifications for HTTP Payment Authentication methods (Lightning, Cashu, Session).

aperture-phoenixd

Phoenixd backend for Aperture. No LND required.

aperture-announce

Announce Aperture L402 services on Nostr for decentralised discovery.

toll-booth toll-booth-announce

Build location-aware workflows and fair meeting-point tools.

rendezvous-kit

Find fair meeting points for N participants with isochrone intersection, venue search, and fairness scoring.

npm install rendezvous-kit

geohash-kit

Zero-dependency geohash toolkit for encoding, decoding, polygon coverage, and Nostr location filters.

rendezvous-mcp

MCP server for AI-driven fair meeting-point discovery.

geohash-kit rendezvous-kit rendezvous-mcp

Hardware-backed Nostr signing, deterministic identities, spoken verification, encrypted access control, and decentralised identity verification.

nsec-tree

Deterministic Nostr sub-identity derivation. One master secret, unlimited unlinkable identities.

npm install nsec-tree

heartwood

Keyless NIP-46 bridge daemon for hardware Nostr signers (ESP32 or Ledger). Keys live on the device and never touch the networked computer.

heartwood-esp32

nsec-tree signing token for Heltec WiFi LoRa 32 V3/V4 (ESP32-S3). On-device button approval, up to 8 master identities.

heartwood-ledger

Heartwood signer as a Ledger embedded app. NIP-46, NIP-44, and nsec-tree personas on the secure element — emulator-proven prototype.

bark

NIP-07 browser extension backed by NIP-46 remote signing. No user keys stored; derived personas with Heartwood.

cambium

Android NIP-55 signer that holds no keys. Every request is proxied to a Heartwood hardware signer over NIP-46.

sapwood

Browser-based device manager for Heartwood. Web Serial and HTTP bridge, firmware updates, policy management.

nsec-tree-cli

Offline-first CLI for nsec-tree with derivation, proofs, and Shamir recovery.

nsec-tree-py

Python port of nsec-tree. Conformant deterministic sub-identity derivation, interop-tested against the TypeScript implementation.

spoken-token

Derive time-rotating, human-speakable verification tokens from a shared secret.

canary-kit

Deepfake-proof identity verification with per-member spoken words, silent duress detection, encrypted group sync.

signet

Decentralised identity verification for Nostr. 4 verification tiers, ZKP age proofs, Signet Score (0-200).

signet-credentials

Publish, fetch, parse, and validate Signet credential events on Nostr.

signet-login

Drop-in login SDK for Nostr-aware websites with NIP-07, bunker URI, and Signet redirect/QR flows.

signet-protocol-rs

Rust implementation of the Signet identity protocol on Nostr.

signet-verify

Drop-in age verification SDK for websites. One script tag, one function call.

dominion

Epoch-based encrypted access control. HKDF content keys, AES-256-GCM, Shamir secret sharing, tiered audiences.

nsec-tree heartwood bark

Give AI agents sovereign Nostr identities with trust-aware tooling.

bray

Trust-aware Nostr MCP server for AI agents and humans. Verification, proximity, and access woven into every interaction.

npm install nostr-bray

Privacy-preserving trust and verifiable attestations.

nostr-attestations

One Nostr event kind for all attestations. NIP-VA (kind 31000).

npm install nostr-attestations

nostr-veil

Anonymous trust assertions for Nostr. LSAG ring signatures over NIP-85.

Standalone cryptographic building blocks used across the ecosystem.

ring-sig

SAG and LSAG ring signatures on secp256k1 for anonymous group membership proofs.

npm install @forgesworn/ring-sig

range-proof

Pedersen commitment range proofs on secp256k1 for proving a value is in range without revealing it.

private-equality

Socialist Millionaires' Protocol over Ristretto255 — decide whether two parties hold the same secret, revealing only one bit.

shamir-core

Shamir's Secret Sharing over GF(256) with core utilities.

shamir-words

Split secrets into human-readable BIP-39 word shares using Shamir's Secret Sharing.

shamir-core shamir-words

Work with jurisdiction and professional-registry intelligence.

jurisdiction-kit

Professional body registries and jurisdiction intelligence for 28 countries.

npm install jurisdiction-kit

Nostr protocol extensions and conformance testing.

nip-drafts

36 Nostr protocol extensions for service coordination, trust, payments, disputes, key hierarchy, resource curation, and paid API discovery.

trott-conformance

Protocol conformance test suite. Lifecycle fixtures for TROTT task kinds.

Ship, harden, and demonstrate ForgeSworn libraries.

anvil

Supply-chain-hardened release tool for JS/TS libraries with reproducible-build attestation and OIDC trusted publishing.

forgesworn-demos

Interactive demos for the ForgeSworn crypto toolkit, including range-proof, shamir-words, and ring-sig.

See it all come together

Bray is a CLI and MCP server that gives AI agents a sovereign Nostr identity — trust-aware tooling across identity, social, payments, moderation, privacy, and encrypted access.

Explore Bray