fix(rwallet): fix stuck loading, auth, and add Sepolia ERC20 tokens

- Add /encryptid/ to subdomain routing passthrough (was 404 on demo.rspace.online)
- Replace rwallet's custom JWT verify with SDK's verifyEncryptIDToken (supports
  remote fallback when JWT_SECRET unavailable in rspace container)
- Fix CRDT balance loading stuck spinner (early return skipped crdtLoading=false)
- Add Sepolia testnet ERC20 tokens (USDC, WETH, LINK)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

modules/rwallet/components/folk-wallet-viewer.ts

@@ -247,9 +247,10 @@ class FolkWalletViewer extends HTMLElement {
 			const res = await fetch(`${base}/api/crdt-tokens/my-balances`, {
 				headers: { "Authorization": `Bearer ${token}` },
 			});
-			if (!res.ok) return;
-			const data = await res.json();
-			this.crdtBalances = data.balances || [];
+			if (res.ok) {
+				const data = await res.json();
+				this.crdtBalances = data.balances || [];
+			}
 		} catch {}
 		this.crdtLoading = false;
 		this.render();

modules/rwallet/mod.ts

@@ -10,6 +10,7 @@ import { renderShell } from "../../server/shell";
 import { getModuleInfoList } from "../../shared/module";
 import type { RSpaceModule } from "../../shared/module";
 import { renderLanding } from "./landing";
+import { verifyEncryptIDToken, extractToken } from "@encryptid/sdk/server";
 
 const routes = new Hono();
 
@@ -220,15 +221,11 @@ async function rpcCall(rpcUrl: string, method: string, params: any[]): Promise<a
 
 // Helper: extract and verify JWT from request
 async function verifyWalletAuth(c: any): Promise<{ sub: string; did?: string; username?: string; eid?: any } | null> {
-	const authorization = c.req.header("Authorization");
-	if (!authorization?.startsWith("Bearer ")) return null;
+	const token = extractToken(c.req.raw.headers);
+	if (!token) return null;
 	try {
-		// Import verify dynamically to avoid adding hono/jwt as a module-level dep
-		const { verify } = await import("hono/jwt");
-		const secret = process.env.JWT_SECRET;
-		if (!secret) return null;
-		const payload = await verify(authorization.slice(7), secret, "HS256");
-		return payload as any;
+		const claims = await verifyEncryptIDToken(token);
+		return claims as any;
 	} catch {
 		return null;
 	}
@@ -435,6 +432,11 @@ const POPULAR_TOKENS: Record<string, Array<{ address: string; name: string; symb
 		{ address: "0xDDAfbb505ad214D7b80b1f830fcCc89B60fb7A83", name: "USD Coin", symbol: "USDC", decimals: 6 },
 		{ address: "0x6A023CCd1ff6F2045C3309768eAd9E68F978f6e1", name: "Wrapped Ether", symbol: "WETH", decimals: 18 },
 	],
+	"11155111": [
+		{ address: "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238", name: "USD Coin", symbol: "USDC", decimals: 6 },
+		{ address: "0xfFf9976782d46CC05630D1f6eBAb18b2324d6B14", name: "Wrapped Ether", symbol: "WETH", decimals: 18 },
+		{ address: "0x779877A7B0D9E8603169DdbD7836e478b4624789", name: "Chainlink Token", symbol: "LINK", decimals: 18 },
+	],
 	"84532": [
 		{ address: "0x036CbD53842c5426634e7929541eC2318f3dCF7e", name: "USD Coin", symbol: "USDC", decimals: 6 },
 	],

server/index.ts

@@ -2249,6 +2249,7 @@ const server = Bun.serve<WSData>({
 			if (
 				url.pathname.startsWith("/api/") ||
 				url.pathname.startsWith("/data/") ||
+				url.pathname.startsWith("/encryptid/") ||
 				url.pathname.startsWith("/.well-known/") ||
 				url.pathname === "/about" ||
 				url.pathname === "/admin" ||