architecture & trust model
system components
the postfun platform is built with a clear separation of concerns:
- clients (website/extension): the "presentation layer" that displays data and requests signatures. they are trust-minimized and never handle private keys directly
- backend (fastapi): the "coordination layer" that authenticates, validates, and queues tasks
- workers: the "execution layer" that process financial transactions asynchronously
- database (postgresql): the "source of truth" for all balances and reserves
trust assumptions
what you don't trust us with:
- your nostr private key (
nsec) - this is why the extension is critical
what you do trust us with:
- fair execution: that our backend and workers will execute the cpmm formula correctly and without manipulation (mitigated with a public swap history for auditing)
- custody of lightning funds: that the satoshis you deposit into the integrated lightning wallet are held securely by us
- platform uptime: that our servers will be online to process transactions