Batch Minting Implementation (NUT-XX) #1414

vnprc · 2025-12-13T21:49:59Z

Summary

This PR implements batch minting functionality as specified in NUT-XX, allowing clients to mint multiple quotes in a single request. The implementation supports both bolt11 and bolt12 payment methods with comprehensive validation and spending condition support.

Key Changes:

Added batch minting endpoints: POST /v1/mint/{method}/batch and POST /v1/mint/{method}/check
Implemented payment method validation ensuring all quotes in a batch use the same payment method
Added NUT-20 spending condition support for batch minting with signature validation
Extended protocol types with new batch-specific structs and error codes
Implemented bolt12 batch minting with signature validation and lifecycle validation

Implementation Details

Protocol Extensions (NUT-XX)

New Types:

BatchMintSettings in NUT-06 for capability advertisement
BatchMintRequest / BatchQuoteStatusRequest / BatchQuoteStatusResponse for batch operations
Added MintBolt11Batch and MintBolt12Batch to NUT-19 path enumeration

Error Codes:

BatchEmpty - empty quote array
BatchSizeExceeded - exceeds 100 quote limit
DuplicateQuoteIds - duplicate quotes in single request
PaymentMethodMismatch - quotes use different payment methods
EndpointMethodMismatch - quote method doesn't match URL path
SignatureInvalid / SignatureMissing / SignatureUnexpected - NUT-20 validation errors
BatchUnitMismatch - quotes use different currency units

API Endpoints

Batch Mint:

POST /v1/mint/{method}/batch

Mints multiple quotes atomically
Validates all quotes use same payment method as URL path
Supports bolt11 and bolt12 with spending conditions
Returns unified MintResponse with all blind signatures

Batch Quote Status:

POST /v1/mint/{method}/check

Checks status of multiple quotes in one call
Omits unknown quotes from response (per spec)
Returns heterogeneous response array supporting both bolt11 and bolt12

Validation Rules

Request Validation:

Quotes array must not be empty
Maximum 100 quotes per batch
No duplicate quote IDs within a batch
All quotes must use same payment method
All quotes must use same currency unit
Payment method must match URL path ({method})
Signature array (if present) must match quote count

Quote Lifecycle Validation:

All quotes must be in PAID state
Quotes must not be expired
Quotes must not already be issued
For bolt12: validates pubkey ownership through signature verification

Spending Condition Support (NUT-20):

Validates signatures when quotes have pubkey locks
Rejects signatures on unlocked quotes
Requires signatures for all locked quotes in batch
Verifies each signature against corresponding quote's pubkey

Bolt12 Specifics

The bolt12 implementation includes:

Signature validation for quotes with pubkey locks (NUT-20)
Support for multiple quotes locked to different pubkeys in a single batch
Proper route validation (quotes with pubkeys must come through /mint/bolt12/batch)

Database Changes

Wallet Database:

Added add_mint_quote() method for persisting quotes

Mint Database:

Quote retrieval by quote ID (standard get_mint_quote())
Batch operations retrieve multiple quotes sequentially within a transaction

Architecture

The implementation follows a unified pattern:

Request validation (size, duplicates, payment method)
Quote retrieval and lifecycle validation
Signature verification (if NUT-20 conditions present)
Atomic minting through existing single-mint infrastructure
Unified response construction

Core logic is shared between bolt11 and bolt12 through process_batch_mint_request(), with payment-method-specific validation extracted into helpers.

Testing

All tests passing:

# Integration tests (pure)
OPENSSL_LIB_DIR=$(pkg-config --variable=libdir openssl) \
  RUSTFLAGS="-C link-arg=-Wl,-rpath,$OPENSSL_LIB_DIR" \
  CDK_TEST_DB_TYPE=memory \
  cargo test -p cdk-integration-tests --test integration_tests_pure -- --test-threads 1 batch_mint

# Wallet batch mint tests
cargo test -p cdk --tests wallet_batch_mint

Test Coverage:

Basic batch minting with bolt11 quotes
Batch minting with spending conditions (NUT-20)
Multiple spending conditions in single batch
Quote status checking
Error cases: empty batch, oversized batch, duplicate quotes, payment method mismatches
Bolt12 signature validation for locked quotes
Double-spend prevention (quote reuse)

Migration Guide

For Mint Operators:

Batch minting is opt-in via NUT-XX capability advertisement
Maximum batch size is currently hardcoded to 100 quotes (TODO: make configurable)
Specify supported payment methods in BatchMintSettings.methods
No database migrations required

For Wallet Developers:

Use POST /v1/mint/{method}/batch instead of multiple single-mint calls
Maximum 100 quotes per batch request (currently hardcoded)
Handle new error codes for batch validation failures
For bolt12: include signatures for all quotes with pubkeys

Breaking Changes

None. This is a purely additive feature behind new endpoints.

- change batch mint endpoint from `/mint/bolt11/batch` to `/mint/{method}/batch` - add `post_cache_wrapper_with_path` macro to support path params in cached handlers - update `post_batch_mint` handler to validate payment method from URL path - add validation that batch quotes match the endpoint's payment method - add batch-specific error types - update test suite with handler validation and protocol parsing tests

- refactor helper function to creat configurable number of quotes - update all batch mint test calls to work with new signature - add integration test: try to batch mint a quote twice

P2PK, HTLC, and combined

…lper - normalize single mint requests into batch shape and delegate through shared helper - collapse process_batch_mint_request body into common engine while keeping metrics wrappers - add process_mint_workload with origin flag plus regression test for the single path

…ocally - reuse batch status polling for bolt12 to reject unpaid quotes - update bolt12 quote bookkeeping to persist issued state without warnings - add unit tests for bolt12 finalization and mint connector routing paths

- extend cdk-common batch status types to cover bolt11 and bolt12 states - wire cdk-axum handler for /v1/mint/{method}/check with auth and swagger - update wallet connectors to send payment method when polling quote status

- change route path parameter syntax from :method to {method} - remove incorrect outputs count validation in batch mint handler - add requires_signature logic for bolt12 batch minting - enforce signature requirement for bolt12 in batch origin mode

- add batch error codes and optional quote field, map to 400 responses - enable bolt12 batch endpoint with spec validations and swagger tweaks - enforce nut20 signature semantics and bolt12 partial issuance in mint logic - advertise batch support via nuts.xx and update builder/ffi conversions - adjust wallet bolt12 batch finalization to apportion minted amounts per quote

thesimplekid · 2025-12-14T19:12:10Z

crates/cdk-common/src/mint.rs

+/// Batch Mint Request [NUT-XX]
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[cfg_attr(feature = "swagger", derive(utoipa::ToSchema))]
+pub struct BatchMintRequest {
+    /// Quote IDs
+    pub quote: Vec<String>,
+    /// Blinded messages
+    pub outputs: Vec<cashu::nuts::nut00::BlindedMessage>,
+    /// Signatures for NUT-20 locked quotes (optional)
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub signature: Option<Vec<Option<String>>>,
+}
+
+impl BatchMintRequest {
+    /// Total amount of outputs
+    pub fn total_amount(&self) -> Result<Amount, cashu::nuts::nut04::Error> {
+        Amount::try_sum(self.outputs.iter().map(|msg| msg.amount))
+            .map_err(|_| cashu::nuts::nut04::Error::AmountOverflow)
+    }
+}
+
+/// Batch Quote Status Request [NUT-XX]
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[cfg_attr(feature = "swagger", derive(utoipa::ToSchema))]
+pub struct BatchQuoteStatusRequest {
+    /// Quote IDs
+    pub quote: Vec<String>,
+}
+
+/// Bolt12 batch status payload extends the standard Bolt12 quote with a derived state.
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[cfg_attr(feature = "swagger", derive(utoipa::ToSchema))]
+#[serde(bound = "Q: Serialize + for<'a> Deserialize<'a>")]
+pub struct MintQuoteBolt12BatchStatusResponse<Q> {
+    /// Underlying Bolt12 quote payload
+    #[serde(flatten)]
+    pub quote: MintQuoteBolt12Response<Q>,
+    /// Derived quote state (UNPAID, PAID, ISSUED)
+    pub state: MintQuoteState,
+}
+
+impl<Q> MintQuoteBolt12BatchStatusResponse<Q> {
+    fn from_quote(quote: MintQuoteBolt12Response<Q>) -> Self {
+        let state = derive_quote_state(quote.amount_paid, quote.amount_issued);
+        Self { quote, state }
+    }
+
+    /// Current quote state
+    pub fn state(&self) -> MintQuoteState {
+        self.state
+    }
+}
+
+impl<Q> From<MintQuoteBolt12Response<Q>> for MintQuoteBolt12BatchStatusResponse<Q> {
+    fn from(value: MintQuoteBolt12Response<Q>) -> Self {
+        Self::from_quote(value)
+    }
+}


Requests and responses defined in the nuts should be in the cashu crate in a mod for the nut, nutxx for now.

thesimplekid · 2025-12-14T19:15:53Z

crates/cashu/src/nuts/nut06.rs

+/// Batch minting settings (NUT-XX)
+#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
+#[cfg_attr(feature = "swagger", derive(utoipa::ToSchema))]
+pub struct BatchMintSettings {
+    /// Maximum quotes allowed in a batch request
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub max_batch_size: Option<u16>,
+    /// Supported payment methods for batch minting
+    #[serde(default)]
+    pub methods: Vec<PaymentMethod>,
+}
+
+impl Default for BatchMintSettings {
+    fn default() -> Self {
+        Self {
+            max_batch_size: Some(100),
+            methods: Vec::new(),
+        }
+    }
+}
+
+impl BatchMintSettings {
+    /// Returns true when no batch capabilities should be advertised
+    pub fn is_empty(&self) -> bool {
+        self.methods.is_empty()
+    }
+}


Move this to its own mod nutxx.

thesimplekid · 2025-12-14T19:23:14Z

crates/cdk-axum/src/router_handlers.rs

+        let route = match payment_method {
+            PaymentMethod::Bolt11 => RoutePath::MintBolt11,
+            PaymentMethod::Bolt12 => RoutePath::MintBolt12,
+            PaymentMethod::Custom(_) => unreachable!(),


Would rather just return an error here then use unreachable.

thesimplekid · 2025-12-14T19:23:42Z

crates/cdk-axum/src/router_handlers.rs

+    // Validation: empty quotes
+    if payload.quote.is_empty() {
+        return Err(into_response(cdk::error::Error::BatchEmpty));
+    }
+
+    // Validation: max 100 quotes per batch
+    if payload.quote.len() > MAX_BATCH_SIZE {
+        return Err(into_response(cdk::error::Error::BatchSizeExceeded));
+    }
+
+    // Validation: no duplicate quotes
+    let mut unique_quotes = std::collections::HashSet::new();
+    for quote_id in &payload.quote {
+        if !unique_quotes.insert(quote_id.clone()) {
+            return Err(into_response(cdk::error::Error::DuplicateQuoteIdInBatch));
+        }
+    }


We should not do this verification here in axum. We should let cdk handle it.

thesimplekid · 2025-12-14T19:30:52Z

crates/cdk-axum/src/router_handlers.rs

+
+    // Validation: empty quotes
+    if payload.quote.is_empty() {
+        return Err(into_response(cdk::error::Error::BatchEmpty));
+    }
+
+    // Validation: max 100 quotes per batch
+    if payload.quote.len() > MAX_BATCH_SIZE {
+        return Err(into_response(cdk::error::Error::BatchSizeExceeded));
+    }
+
+    // Validation: no duplicate quotes
+    let mut unique_quotes = std::collections::HashSet::new();
+    for quote_id in &payload.quote {
+        if !unique_quotes.insert(quote_id.clone()) {
+            return Err(into_response(cdk::error::Error::DuplicateQuoteIdInBatch));
+        }
+    }
+
+    // Validation: signature array (if present) matches quotes length
+    if let Some(ref signatures) = payload.signature {
+        if signatures.len() != payload.quote.len() {
+            return Err(into_response(
+                cdk::error::Error::BatchSignatureCountMismatch,
+            ));
+        }
+    }


The axum layer should be very thin just passing the request to cdk where it is validated.

thesimplekid · 2025-12-14T19:49:46Z

crates/cdk-common/src/database/wallet.rs

+    /// Add mint quote to storage
+    async fn add_mint_quote(&self, quote: WalletMintQuote) -> Result<(), Self::Err>;
+


This should not be added here we already have it on the tx. Line 59

thesimplekid · 2025-12-14T19:52:27Z

crates/cdk-sql-common/src/wallet/mod.rs

+    (id, mint_url, amount, unit, request, state, expiry, secret_key, payment_method, amount_issued, amount_paid, spending_condition)
    VALUES
-    (:id, :mint_url, :amount, :unit, :request, :state, :expiry, :secret_key, :payment_method, :amount_issued, :amount_paid)
+    (:id, :mint_url, :amount, :unit, :request, :state, :expiry, :secret_key, :payment_method, :amount_issued, :amount_paid, :spending_condition)


Why do we need to store the spending condition? The existing method it gets passed at runtime as an argument to the mint fn.

good catch, i was not suspicious enough of the llm output

thesimplekid · 2025-12-14T20:19:54Z

crates/cdk/src/mint/issue/mod.rs

+
+                per_quote
+            }
+            _ => unreachable!(),


Use a real error.

thesimplekid · 2025-12-14T20:27:16Z

crates/cdk/src/mint/issue/mod.rs

+        let associated_quote = if origin == MintRequestOrigin::Single {
+            quote_ids.first().cloned()
+        } else {
+            None
+        };


We should still add the quote, we know how much each quote is for so we can split the message up per quote.

thesimplekid · 2025-12-14T20:40:01Z

crates/cdk/src/mint/issue/mod.rs

+            PaymentMethod::Bolt12 => {
+                let mut remaining = outputs_amount;
+                let mut per_quote = Vec::with_capacity(mintable_per_quote.len());
+
+                for available in &mintable_per_quote {
+                    let minted = std::cmp::min(*available, remaining);
+                    per_quote.push(minted);
+                    remaining = remaining.checked_sub(minted).ok_or(Error::AmountOverflow)?;
+                }
+
+                per_quote


I think this could be problematic if a large payment came in while the wallet is making the request it did not account for and that is the first quote in the list then all the outputs would be allocated minting for that quote and leaving none for the rest of the quotes. Worse the wallet has no way of knowing this even happened without further checks of mint quotes.

Should the wallet state in the request how much it expects for each quote.

yep. good idea

- add batch_check_mint_quotes method in cdk for batch check endpoint - remove duplicate validation from post_batch_mint axum handler

use From impls instead

- drop add_mint_quote from wallet database trait and backends - update ffi bridge and adapters to rely on transactional add_mint_quote - refactor wallet batch and integration tests to insert quotes via transactions

- partition blinded messages/signatures per quote and persist with quote ids - replace unreachable payment-method arm with a real error path - add inline comments clarifying process_mint_workload flow

- extend BatchMintRequest with quote_amounts and populate in wallet/mint paths - enforce bolt12 batch allocations against provided per-quote amounts server-side - adjust tests/requests to include expected per-quote totals

- rename batch payload fields to quotes/signatures - propagate through wallet, client, handlers, and tests - enforce per-quote bolt11/bolt12 amount validation with flexible output grouping - emit spec string error codes and accept spec-format requests only - update batch mint fixtures and remove unused serde aliases

- add signature validation tests (reordered outputs, missing msgs) - add amount validation tests (mismatch, length errors) - add currency unit mismatch tests - add bolt12 edge case tests (missing amounts, over-request) - test invalid quote id filtering in batch status - fix batch status to skip unparseable quote ids - refactor helpers to use transaction payment tracking

update batch quote amounts to demonstrate that amounts are summed together to produce the output vector

- add test for atomic batch failure with unknown quote (vector 3) - add test for valid nut-20 signature using spec test vector (vector 4) - use exact test vector values for nut-20 signature validation

- add tests for empty outputs and amount validation - add bolt11 quote amount mismatch validation tests - add test for unlocked quotes with explicit null signatures - add bolt12 incremental minting test for partial withdrawals - add batch check endpoint tests for quote status queries - add tests for unknown, empty, and duplicate quote handling - add mixed paid/unpaid state and size limit tests - simplify happy path test to use single output instead of split - reorganize test coverage documentation by category

vnprc added 15 commits December 8, 2025 19:47

feat: implement batched quote minting

529d1f7

docs: second code review

0716b1b

fix: batch mint integration tests

edd724e

test: add integration test to batch mint a quote twice

dec03ed

- refactor helper function to creat configurable number of quotes - update all batch mint test calls to work with new signature - add integration test: try to batch mint a quote twice

docs: clean up docs

8665656

docs: batch minting bolt12 development plan

c6005e9

test: add three spending condition batch mint integration tests

c051703

P2PK, HTLC, and combined

docs: update bolt12 batch minting dev plan

a66a54d

docs: remove llm markdown docs

afcaf86

vnprc force-pushed the batched-minting-pr-branch branch from dc17e90 to 55e2281 Compare December 13, 2025 21:51

thesimplekid reviewed Dec 14, 2025

View reviewed changes

vnprc added 13 commits December 15, 2025 15:58

refactor: move batch mint structs and impls to nutxx.rs

bd60504

refactor: move BatchMintSettings struct and impls to nutxx.rs

2df18c1

fix: replace unreachable! with Error::UnsupportedPaymentMethod

22fe290

refactor: move batch mint validation from axum to cdk layer

1fb1c65

- add batch_check_mint_quotes method in cdk for batch check endpoint - remove duplicate validation from post_batch_mint axum handler

refactor: remove duplicate batch mint errors

bde3f9b

refactor: remove MintQuoteBolt11Response.from_* fns

ddc422f

use From impls instead

refactor: remove redundant create_test_mint function

8a13f44

refactor: remove duplicated logic in redb wallet add_mint_quote fn

ffc2118

refactor: remove non-transactional add_mint_quote API

b04ea07

- drop add_mint_quote from wallet database trait and backends - update ffi bridge and adapters to rely on transactional add_mint_quote - refactor wallet batch and integration tests to insert quotes via transactions

fix: remove spending_condition field from mint quotes

c5594cf

fix: replace unreachable! with a proper error

b7bb6a5

refactor: associate batch mint outputs with specific quotes

9055adb

- partition blinded messages/signatures per quote and persist with quote ids - replace unreachable payment-method arm with a real error path - add inline comments clarifying process_mint_workload flow

refactor: require per-quote amounts in batch mint requests

4fe1704

- extend BatchMintRequest with quote_amounts and populate in wallet/mint paths - enforce bolt12 batch allocations against provided per-quote amounts server-side - adjust tests/requests to include expected per-quote totals

vnprc added 7 commits December 16, 2025 22:17

fix: add openssl dependency

202f880

test: add happy path batched mint test

b035b7c

test: improve happy path test vector

e50aea1

update batch quote amounts to demonstrate that amounts are summed together to produce the output vector

test: add test vectors for atomic failure and nut-20 happy path

f233ec6

- add test for atomic batch failure with unknown quote (vector 3) - add test for valid nut-20 signature using spec test vector (vector 4) - use exact test vector values for nut-20 signature validation

ye0man added this to CDK Jan 15, 2026

github-project-automation bot moved this to Backlog in CDK Jan 15, 2026

		/// Add mint quote to storage
		async fn add_mint_quote(&self, quote: WalletMintQuote) -> Result<(), Self::Err>;

Batch Minting Implementation (NUT-XX) #1414

Are you sure you want to change the base?

Batch Minting Implementation (NUT-XX) #1414

Uh oh!

Conversation

vnprc commented Dec 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Implementation Details

Protocol Extensions (NUT-XX)

API Endpoints

Validation Rules

Bolt12 Specifics

Database Changes

Architecture

Testing

Migration Guide

Breaking Changes

Related

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

vnprc commented Dec 13, 2025 •

edited

Loading