Cold Root Identity v0.1.0 is live.

Nostr was never meant to run long term identities off a hot private key sitting inside a mobile app.

This repo ships a clean model that fixes it without changing the protocol:

offline root key

-> deterministic epoch keys

-> signed lineage event

-> clients follow rotations safely

All using standard NIP-01 events and ed25519 signatures.

No relay changes. No NIP changes. Just better key hygiene.

Spec, docs, test vectors, and a working Python CLI are here: