The Brewer's
Journal.

All five curves operate on normalised time t ∈ [0,1]. The function f(t) ∈ [0,1] describes the cumulative fraction of tokens unlocked at a given moment.

Linear: f(t) = t. A steady pour across the entire term.

Cliff: f(t) = 0 for t < c, then (t − c) / (1 − c). The cask stays sealed until the cliff, then releases in a straight line.

Logarithmic: f(t) = ln(1 + t · (e − 1)). Fast early, slow late.

S-Curve: normalised sigmoid 1 / (1 + exp(−k · (t − 0.5))). Slow start, accelerated middle, gentle finish.

Exponential: f(t) = t^n, n ≥ 2. The cask holds back until the very end.

Every cask is minted with the Streamflow protocol. Phase 1 approximates each curve using Streamflow's cliff + release-rate schedule, optionally split into multi-segment unlocks for s-curves and exponentials.

Phase 2 will ship a Brwry-native Anchor program that expresses arbitrary curves as on-chain functions. Until then, the five preset approximations cover the common cases with < 1% deviation from the mathematical curve at daily granularity.

Brwry never custodies tokens. Creating a stream requires a wallet signature; claims require the recipient's signature. The UI is a thin shell over the protocol — if Brwry disappears tomorrow, every cask can still be redeemed directly from Streamflow.

Brwry uses the Token-2022 program for all new casks where the mint has extensions enabled. ATAs are derived with getAssociatedTokenAddressSync(..., TOKEN_2022_PROGRAM_ID).

Transfer fees, confidential transfers, transfer hooks, and permanent delegate extensions are acknowledged: if a mint uses them, the UI warns the creator and blocks incompatible configurations (e.g., permanent delegate + cliff unlock).

Legacy SPL mints continue to work transparently; the client picks the right program id at runtime.

No custody. Brwry stores no private keys and never sees your seed phrase. Vesting is enforced entirely by Solana programs.

Input validation. Start/end/cliff windows and steepness are bound-checked client- and server-side using Zod schemas.

Notifications. Telegram alerts registered via /notify/register require a wallet-signed nonce so nobody else can subscribe you.

Index caching. Helius RPC results are cached in Redis for 60 seconds — long enough to spare the quota, short enough to stay honest about the ledger.