From 9ffd5de10a9153a523ea0e84ebd1a4770636c0c6 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Mon, 2 Mar 2026 16:05:24 -0800
Subject: [PATCH] chore: add backlog task files (task-77, task-78)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 ...crypted-VPS-backup-for-client-side-data.md | 41 +++++++++++++++++++
 ...ing-tsc-noEmit-errors-10-errors-5-files.md | 39 ++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 backlog/tasks/task-77 - EncryptID-Optional-encrypted-VPS-backup-for-client-side-data.md
 create mode 100644 backlog/tasks/task-78 - Fix-all-pre-existing-tsc-noEmit-errors-10-errors-5-files.md

diff --git a/backlog/tasks/task-77 - EncryptID-Optional-encrypted-VPS-backup-for-client-side-data.md b/backlog/tasks/task-77 - EncryptID-Optional-encrypted-VPS-backup-for-client-side-data.md
new file mode 100644
index 0000000..045c32e
--- /dev/null
+++ b/backlog/tasks/task-77 - EncryptID-Optional-encrypted-VPS-backup-for-client-side-data.md	
@@ -0,0 +1,41 @@
+---
+id: TASK-77
+title: 'EncryptID: Optional encrypted VPS backup for client-side data'
+status: To Do
+assignee: []
+created_date: '2026-03-02 20:19'
+labels:
+  - encryptid
+  - privacy
+  - feature
+dependencies: []
+references:
+  - src/encryptid/wallet-store.ts
+  - src/encryptid/key-derivation.ts
+  - src/encryptid/server.ts
+priority: medium
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Add an EncryptID settings option for users to backup their encrypted client-side data (wallet associations, etc.) to a VPS. Default is client-side only (maximum privacy). Optional backup enables device-loss recovery and cross-device sync.
+
+Architecture:
+- Client-side encrypted localStorage is the default (current wallet-store.ts pattern)
+- Settings toggle: "Backup encrypted data to server"
+- When enabled, encrypted blobs (already AES-256-GCM) are synced to the EncryptID server or a user-specified VPS
+- Server stores opaque ciphertext — same zero-knowledge pattern as encrypted_addresses
+- On new device login, user can restore from backup after passkey authentication
+
+Consider extending this to all client-side data (wallet associations, preferences) and potentially migrating encrypted_addresses to the same pattern (client-first, optional server backup).
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 Settings UI toggle for encrypted backup (default: off)
+- [ ] #2 Encrypted blobs sync to EncryptID server when enabled
+- [ ] #3 Restore flow on new device after passkey auth
+- [ ] #4 Server never sees plaintext — only stores opaque ciphertext + IV
+- [ ] #5 User can optionally specify a custom VPS endpoint for backup
+<!-- AC:END -->
diff --git a/backlog/tasks/task-78 - Fix-all-pre-existing-tsc-noEmit-errors-10-errors-5-files.md b/backlog/tasks/task-78 - Fix-all-pre-existing-tsc-noEmit-errors-10-errors-5-files.md
new file mode 100644
index 0000000..1527b91
--- /dev/null
+++ b/backlog/tasks/task-78 - Fix-all-pre-existing-tsc-noEmit-errors-10-errors-5-files.md	
@@ -0,0 +1,39 @@
+---
+id: TASK-78
+title: 'Fix all pre-existing tsc --noEmit errors (10 errors, 5 files)'
+status: Done
+assignee: []
+created_date: '2026-03-02 22:52'
+labels:
+  - dx
+  - typescript
+dependencies: []
+priority: medium
+---
+
+## Description
+
+<!-- SECTION:DESCRIPTION:BEGIN -->
+Resolve all 10 TypeScript strict type-check errors reported by `tsc --noEmit`. These were pre-existing issues (not caught by vite build) across 5 files: folk-map-viewer.ts, test-x402.ts, key-derivation.ts, wallet-store.ts, and webauthn.ts. Mostly TS 5.7+ strictness around Uint8Array.buffer returning ArrayBufferLike vs ArrayBuffer at WebCrypto API boundaries.
+<!-- SECTION:DESCRIPTION:END -->
+
+## Acceptance Criteria
+<!-- AC:BEGIN -->
+- [ ] #1 tsc --noEmit reports 0 errors
+- [ ] #2 vite build still passes
+- [ ] #3 No runtime behavior changes
+<!-- AC:END -->
+
+## Final Summary
+
+<!-- SECTION:FINAL_SUMMARY:BEGIN -->
+Fixed all 10 pre-existing `tsc --noEmit` errors across 5 files:
+
+- **folk-map-viewer.ts** (1): Removed explicit return type annotation, let TS infer
+- **test-x402.ts** (1): Cast `account as any` (test script, `readContract` not called at runtime)
+- **key-derivation.ts** (5): Cast `as BufferSource` / `as ArrayBuffer` at WebCrypto API boundaries (TS 5.7+ Uint8Array.buffer strictness)
+- **wallet-store.ts** (1): Cast `.buffer as ArrayBuffer`
+- **webauthn.ts** (2): Cast PRF output `as ArrayBuffer | undefined`
+
+Commit: 33156cc. Deployed to production.
+<!-- SECTION:FINAL_SUMMARY:END -->