Writing

Notes on slashing, signing, and the trust boundary.

Technical deep-dives grounded in what nklave actually does. No hype, no roadmaps disguised as features.

EIP-3076 import/export, and why it matters during validator migration
May 22, 2026

The EIP-3076 interchange format is the only thing standing between a clean validator-client migration and a slashing event. Here is how nklave's import works, what bounds it sets, and what to verify before you flip the signer URL.

eip-3076slashing-protectionmigration
Designing the append-only decision log for forensic auditability
May 8, 2026

Every signing decision nklave makes lands in a tamper-evident append-only log. Here is the format, the checkpoint chain, the operator-key custody model, and how to actually use the log when you need to reconstruct what happened.

audit-logforensicscheckpoints
Policy as a first-class concept: what nklave's policy engine enforces — and what it doesn't
Apr 24, 2026

nklave's policy engine is the layer between a signing request and the signing key. Here is what 'policy' actually means in the architecture, what the four built-in policies do, how custom policies plug in, and where the abstraction stops.

policy-enginearchitecturedesign