Step One — Lay the Groundwork
Step 1 We begin by giving the project a single spine: codebases in concert, cryptography that passes the squint test, and infrastructure that doesn’t flinch.
What we ship
- — A monorepo that houses program, mint service, and clients with shared linting and CI
- — Blind signature and BDHKE primitives on secp256k1, complete with canonical test vectors
- — An Anchor-based mint program capable of initializing state, registering keysets, and stewarding reserves
- — Postgres migrations for keysets, quotes, spent secrets, and an audit log fit for courtroom lighting
How we know it works
- — The cryptography matches external vectors, byte for byte
- — The mint program breathes on devnet without manual coaxing
- — Database migrations roll forward and back with no loose screws
Step Two — Give the Mint a Voice
Step 2 The mint server learns to speak plainly about itself, to accept value, and to answer every knock with a signed note.
What we ship
- — Public endpoints for metadata, key material, and quote creation that speak the same language as our wallets
- — A keyset forge that encrypts private keys at rest, rotates them gracefully, and registers each move on-chain
- — Solana payment watchers that mark quotes paid, expired, or suspect without human intervention
- — Security hardening from rate limits to CORS, so the only thing permissive is the user experience
How we know it works
- — Test clients mint offline digital cash end-to-end
- — Quote ledgers reflect payments in the span of a confirmation
- — Spent-secret tables reject every attempt to replay a note
Step Three — Teach Notes to Move
Step 3 Once a note exists, it must split, merge, and disappear into redemption without leaving fingerprints.
What we ship
- — A swap pipeline that invalidates inputs and whispers out fresh signatures in a single atomic move
- — A state-check endpoint for batch verification so wallets can assure users the ink is still wet
- — A redemption flow that returns SOL or stable-value tokens while retiring proofs beyond resurrection
- — Reserve dashboards that watch liquidity the way a night guard watches a vault
How we know it works
- — Wallets split notes for exact change and recombine them without leaking metadata
- — Redemptions settle promptly and every spent proof is marked for good
- — Reserve alerts fire well before the cupboard looks bare
Step Four — Place It in People’s Hands
Step 4 Library, CLI, and web wallet arrive together so offline digital cash feels like a conversation, not a science project.
What we ship
- — A TypeScript wallet kit that stores proofs securely, serializes notes, and hugs the mint API
- — A CLI companion for power users, complete with QR generation, scanning, and scripting hooks
- — A polished web wallet that mints, exchanges, redeems, and tracks history across multiple mints
- — Transfer payloads—QRs, deep links, clipboard snippets—that anyone can pass across a table
How we know it works
- — Two devices can swap notes offline and stay in sync when the network returns
- — Users complete mint→pay→redeem loops without touching raw JSON
- — Regression suites guard the wallet kit like a newsroom editor guarding copy
Step Five — Temper and Extend
Step 5 The final cadence adds the luxuries: advanced token formats, operational drills, and the quiet confidence of a system ready for scrutiny.
What we ship
- — Optional bearer enhancements such as pay-to-public-key notes and richly signed split transactions
- — Backup and recovery rituals so a lost device costs nothing more than a sigh
- — Streaming updates—via WebSocket or SSE—that keep wallets aware of quote status and reserve posture
- — Runbooks for key rotation, spent-secret pruning, and incident disclosure that treat transparency as habit
How we know it works
- — Wallets prompt users through rotations without panic or ambiguity
- — Operational fire drills prove we can rotate keys and prune histories without downtime
- — Security reviews sign off on the advanced features with only marginalia in the margins
