Why it’s cool
• Privacy actually means privacy. /ots/timestamp SHA-256s whatever you send in memory, drops your raw bytes instantly, and only keeps the 64-char hash + the .ots proof. If you’re the “trust but verify” type, check src/routes/ots.js and SECURITY.md.
• Day-one production-safe. Helmet, JSON body limits, separate rate limits for read/write routes, clean error messages, and optional Swagger docs if you drop a spec in. No weird surprises.
• Full REST workflow done right. Timestamp → verify → download proof → inspect info → upgrade when Bitcoin confirms. Routes: /ots/timestamp, /ots/verify, /ots/proof/:hash, /ots/info/:hash, /ots/upgrade/:hash.
• Survives flaky calendars. It fans out to Alice/Bob/Finney (or whatever you put in OTS_CALENDAR_URLS), wraps both stamp + upgrade calls with timeouts + retries, and overwrites proofs when stronger attestations come in.
• Developer life = painless. npm run dev (nodemon), npm run e2e / scripts/e2e-smoke.ps1, Dockerfile + docker-compose, everything tunable via .env (JSON limits, rate limits, proof dir, OTS timeouts, etc.).
Usage examples are all in the GitHub repo.
Next ideas
Docker!!!!!!!!
Maybe a little dashboard
MIT-licensed, docs included, SECURITY guide included. Happy to answer questions — always down to nerd out on timestamping.