Add periodic key health check pings #274
Description
Problem
Treasury wallets may sit idle for months. If a participant's hardware wallet breaks or their signing device is lost, the group won't discover this until they need to sign — potentially during an urgent situation where recovery tiers and timelocks add significant delay.
Solution
Add a periodic key liveness check using the existing Nostr keepalive infrastructure in keep-frost-net. Each participant periodically proves they can still sign by responding to a challenge.
Design
- Coordinator (or any member) sends a
HealthCheckRequestwith a random nonce - Participant signs the nonce with their FROST signing share and returns
HealthCheckResponse - Track last-seen timestamps per share index
- Configurable check interval (default: weekly)
- Alert when a participant hasn't responded within 2x the interval
New message types
HealthCheckRequest { group_pubkey: [u8; 32], nonce: [u8; 32] }
HealthCheckResponse { group_pubkey: [u8; 32], nonce: [u8; 32], signature: Vec<u8> }Changes needed
- Add message types to
KfpMessageinprotocol.rs - Add handler in
node/(can be a newnode/health.rs) - Store last-check timestamps in keep-core (per group + share index)
- CLI:
keep frost health-check --group <hex> - Events:
HealthCheckPassed,HealthCheckFailed
Context
For company treasury and family vaults, early detection of key unavailability allows orderly recovery (re-sharing, activating backup devices) rather than emergency recovery under time pressure.