mesh-llm v6.1: relay-hosted compute sharing — discovery + admission (dial deferred)

[tlongwell-block]

Mesh-LLM plan v6.1 — relay-hosted compute sharing (discovery + admission)

Closes the relay-side, desktop-side, and frontend pieces of Plan v6.1 so a
user can:

1. Download Sprout, join a relay — no extra setup.
2. Open Settings → Share compute, toggle on, dial in their VRAM /
   RAM / concurrent-peer caps.
3. See live, in the same panel, who else on the relay is offering
   compute.

This PR is "mesh discovery + secure relay admission + contribution UX",
not "remote inference works". The actual iroh dial that runs an
inference request on the offered peer is deferred to upstream mesh-llm
PR A — see "Deferred" below.

Scope guardrails (read this first)

• Run on mesh is preview/discovery until upstream mesh-llm PR A
  defines the stream protocol. The settings panel shows live offers
  from other members; the agent runner doesn't yet route to mesh peers.
• Offers are claims/UI hints, not authority. The publisher-side caps
  (max_vram_mb, max_ram_mb, max_concurrency) are advertised limits;
  the provider runtime must enforce its own caps locally once the dial
  protocol exists.
• v1 is same-relay only. Consumers filter offers whose
  iroh_relay_url doesn't match the current relay's NIP-11
  iroh_relay_url; cross-relay membership is reserved for a future
  explicit design.
• Nostr key never leaves AppState.keys. The iroh endpoint key is a
  separate ed25519 keypair under {app_data_dir}/mesh_iroh.key; the
  frontend only sees the endpoint id (public key) and never the secret.

Plan v6.1 step-by-step

• Step 1 — KIND_MESH_LLM_DISCOVERY = 31990 in sprout-core, hooked
  into required_scope_for_kind (MessagesWrite) and is_global_only_kind
  in sprout-relay. NIP-43 fan-out gates read+write.
• Step 2 — Transport-neutral check_relay_membership returning
  MembershipDecision. HTTP wrapper preserves identical behaviour for all
  existing callers; non-HTTP gates (Step 3) call the core directly.
• Step 3 — Embedded iroh-relay (crates/sprout-relay/src/iroh_relay.rs)
  with NIP-98 admission. 64 KiB bearer length cap, fail-closed on
  missing/invalid token, calls membership check only after NIP-98
  verification of the pubkey. Wired into fn main with graceful shutdown
  through the existing shutdown_tx. patched-iroh-relay feature
  reserved for upstream PR C's per-client lifetime hook
  (TODO(patched-iroh-relay) marker at the insertion site).
• Step 4 — NIP-11 advertises iroh_relay_url from
  SPROUT_IROH_RELAY_PUBLIC_URL. Also added SPROUT_IROH_RELAY_BIND_ADDR
  for the main-wiring.
• Step 5 — sprout_auth::nip98_canonical_url helper. Single source of
  truth for the NIP-98 u-tag, used by signer (desktop) and verifier
  (iroh-relay access callback). Round-trip test pins the helper to
  verify_nip98_event.

Offer envelope schema (crates/sprout-core/src/mesh_llm.rs)

MeshLlmOffer is the JSON content of a kind:31990 event:

pub struct MeshLlmOffer {
    pub v: u32,                  // schema version, currently 1
    pub d_tag: String,           // ≤64 chars [A-Za-z0-9_-]; also the NIP-33 d tag
    pub endpoint_id: String,     // iroh EndpointId/PublicKey
    pub iroh_relay_url: String,  // iroh-relay the consumer dials through
    pub expires_at: u64,         // unix seconds; consumers MUST ignore <= now
    pub caps: ResourceCaps,      // claims, not authority — see scope guardrails
    pub models: Vec<ModelOffer>,
    pub extra: Option<Value>,    // freeform; top-level is deny_unknown_fields
}

Key shape decisions:

• endpoint_id is String in core to avoid pulling iroh-base into
  sprout-core; parsed into iroh_base::EndpointId at the desktop edge.
• expires_at is required (no serde default). Crashed publishers
  cannot send the NIP-33 delete-by-replace tombstone, so the TTL is the
  only thing that reaps stale offers. Consumer filter:
  MeshLlmOffer::is_expired(now) returns true when expires_at <= now.
• Publisher TTL is OFFER_TTL_SECS = 15min; frontend heartbeats every
  OFFER_TTL_SECS / 3 = 5min so one missed heartbeat still leaves the
  offer visible.
• Top level is deny_unknown_fields to lock the schema; extra is the
  freeform escape hatch for future experiments.

Desktop sidecar (desktop/src-tauri/src/mesh_llm/)

• endpoint.rs — iroh endpoint keypair persisted to
  {app_data_dir}/mesh_iroh.key. Atomic write, corrupt-file quarantine.
  Not derived from the Nostr key (see doc comment: rotation
  coupling).
• nip98.rs — build_nip98_bearer(keys, iroh_relay_public_url) signs
  kind:27235 over the canonical relay URL using the same
  sprout_auth::nip98_canonical_url helper as the verifier.
• nip11.rs — fetch_iroh_relay_url(ws_url) probes the relay's NIP-11
  doc. Returns Ok(None) gracefully when the relay doesn't advertise
  mesh-LLM.
• offer.rs — persisted ComputeSharingPrefs (default disabled, 1
  concurrent peer); OFFER_TTL_SECS = 15min; build_offer(endpoint, url, expires_at).

Tauri commands (desktop/src-tauri/src/commands/mesh_llm.rs)

• mesh_get_endpoint_id / mesh_get_sharing_prefs /
  mesh_set_sharing_prefs / mesh_relay_iroh_url.
• mesh_publish_offer(iroh_relay_url) — signs + POSTs a kind:31990
  event via the existing submit_event pipeline. On toggle off,
  publishes empty content at the same address (NIP-33
  delete-by-replace).

Frontend (desktop/src/features/settings/)

• MeshComputeSettingsCard.tsx — toggle, three numeric inputs (VRAM /
  RAM / concurrency), live offers list, identity footer. On every save,
  probes the relay's iroh_relay_url and publishes; surfaces a clear
  message when the relay doesn't advertise mesh-LLM.
• hooks/useMeshLlmOffers.ts — subscribes to kind:31990, dedups by
  (pubkey, d_tag) (NIP-33), drops on empty content (delete-by-replace),
  filters iroh_relay_url != local relay's NIP-11 iroh_relay_url
  (v1 same-relay invariant), filters expires_at <= now (TTL reaper),
  30s periodic re-tick so newly-expired offers drop without a fresh
  event.
• hooks/useMeshOfferHeartbeat.ts — re-invokes mesh_publish_offer
  every 5 min while enabled, so the offer's expires_at stays
  ahead of consumer expiry.
• relayClientSession.ts — subscribeToMeshLlmOffers.
• SettingsPanels.tsx — new "Share compute" section between "Agents"
  and "Templates", reached through avatar-menu → Settings.

Tests + checks

cargo test -p sprout-core --lib	178 pass (+13 mesh_llm: schema, TTL, same-relay filter, publishable rules)
cargo test -p sprout-auth --lib	48 pass (+12 nip98_url)
cargo test -p sprout-relay --lib	208 pass (+18 kind/iroh_relay_url/iroh-relay admission)
cargo test --lib mesh_llm (desktop)	11 pass
cargo clippy --workspace --all-targets -- -D warnings	clean
cargo fmt --all -- --check	clean
pnpm typecheck	clean
pnpm check (biome + file-sizes)	clean

MSRV bump: 1.88 → 1.91

Required by iroh-relay 1.0.0-rc.0. The repo's rust-toolchain.toml
pins 1.95.0, so CI is unaffected; this only constrains downstream
consumers building with an older rustc. README updated.

Deferred to follow-up

The actual iroh dial that runs an inference request on the offered
peer. Plan v6.1 explicitly gates this on upstream mesh-llm PR A
(request/response protocol over iroh streams). Inventing a
Sprout-only protocol now would be wasted work the moment upstream lands.

This PR intentionally does not send prompts, model weights, or inference
payloads over iroh yet. The only traffic on the wire is the kind:31990
discovery events (which describe capabilities, not data) and the
NIP-98-gated iroh-relay admission handshake (which authenticates but
carries no payload). The data plane stays inside the consuming desktop's
local agent runtime until the dial protocol lands.

What slots in cleanly once PR A lands, in this codebase:

• MeshLlmProvider in managed_agents/backend.rs selects an offer
  from useMeshLlmOffers and dials it,
• server-side handler in the desktop accepts incoming iroh streams,
• the existing NIP-98 bearer signer in mesh_llm/nip98.rs plugs
  unchanged into the iroh client config,
• the patched-iroh-relay cfg flag (insertion site already marked with
  TODO(patched-iroh-relay)) gains the per-client lifetime hook from
  upstream PR C.

How to demo locally

1. Run sprout-relay with: SPROUT_REQUIRE_RELAY_MEMBERSHIP=true,
   SPROUT_IROH_RELAY_PUBLIC_URL=http://localhost:3000/iroh,
   SPROUT_IROH_RELAY_BIND_ADDR=0.0.0.0:3478, a stable relay key, and
   yourself in RELAY_OWNER_PUBKEY.
2. just dev desktop; sign in as the relay-member.
3. Settings → Share compute → toggle on, set caps.
4. A kind:31990 event hits the relay (visible in logs).
5. Second desktop with a different member identity sees the offer in its
   Share compute panel. Toggling off in user A's panel makes the offer
   disappear from user B's view within a few seconds.

Review history

Iterative in-channel review by Max and Mari. Thread root
48856e13…. Concrete reviewer asks folded:

• Max — access-callback ordering, MSRV bump, TODO(patched-iroh-relay)
  marker, distinct SPROUT_IROH_RELAY_BIND_ADDR, schema additions
  (expires_at, EndpointAddr wording, same-relay filter).
• Mari — separate iroh key (not derived from Nostr key), 64 KiB bearer
  length cap + no-internal-whitespace + no-token-in-logs, NIP-98
  canonicaliser drift prevention, explicit "preview / claims / v1
  same-relay / key-custody" labeling in this description.

[michaelneale]

really cool: Mesh-LLM/mesh-llm#641 is some mesh side stuff I started to work with the auth'd relay (will do api too). Probably could strip down this PR here too as don't need too much once sprout tells mesh about it, but very cool.

Longer term want to make sure it can work with N relays, and perhaps use another gating mechanism if warranted.